linux/net/socket.c
<<
>>
Prefs
   1// SPDX-License-Identifier: GPL-2.0-or-later
   2/*
   3 * NET          An implementation of the SOCKET network access protocol.
   4 *
   5 * Version:     @(#)socket.c    1.1.93  18/02/95
   6 *
   7 * Authors:     Orest Zborowski, <obz@Kodak.COM>
   8 *              Ross Biro
   9 *              Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
  10 *
  11 * Fixes:
  12 *              Anonymous       :       NOTSOCK/BADF cleanup. Error fix in
  13 *                                      shutdown()
  14 *              Alan Cox        :       verify_area() fixes
  15 *              Alan Cox        :       Removed DDI
  16 *              Jonathan Kamens :       SOCK_DGRAM reconnect bug
  17 *              Alan Cox        :       Moved a load of checks to the very
  18 *                                      top level.
  19 *              Alan Cox        :       Move address structures to/from user
  20 *                                      mode above the protocol layers.
  21 *              Rob Janssen     :       Allow 0 length sends.
  22 *              Alan Cox        :       Asynchronous I/O support (cribbed from the
  23 *                                      tty drivers).
  24 *              Niibe Yutaka    :       Asynchronous I/O for writes (4.4BSD style)
  25 *              Jeff Uphoff     :       Made max number of sockets command-line
  26 *                                      configurable.
  27 *              Matti Aarnio    :       Made the number of sockets dynamic,
  28 *                                      to be allocated when needed, and mr.
  29 *                                      Uphoff's max is used as max to be
  30 *                                      allowed to allocate.
  31 *              Linus           :       Argh. removed all the socket allocation
  32 *                                      altogether: it's in the inode now.
  33 *              Alan Cox        :       Made sock_alloc()/sock_release() public
  34 *                                      for NetROM and future kernel nfsd type
  35 *                                      stuff.
  36 *              Alan Cox        :       sendmsg/recvmsg basics.
  37 *              Tom Dyas        :       Export net symbols.
  38 *              Marcin Dalecki  :       Fixed problems with CONFIG_NET="n".
  39 *              Alan Cox        :       Added thread locking to sys_* calls
  40 *                                      for sockets. May have errors at the
  41 *                                      moment.
  42 *              Kevin Buhr      :       Fixed the dumb errors in the above.
  43 *              Andi Kleen      :       Some small cleanups, optimizations,
  44 *                                      and fixed a copy_from_user() bug.
  45 *              Tigran Aivazian :       sys_send(args) calls sys_sendto(args, NULL, 0)
  46 *              Tigran Aivazian :       Made listen(2) backlog sanity checks
  47 *                                      protocol-independent
  48 *
  49 *      This module is effectively the top level interface to the BSD socket
  50 *      paradigm.
  51 *
  52 *      Based upon Swansea University Computer Society NET3.039
  53 */
  54
  55#include <linux/mm.h>
  56#include <linux/socket.h>
  57#include <linux/file.h>
  58#include <linux/net.h>
  59#include <linux/interrupt.h>
  60#include <linux/thread_info.h>
  61#include <linux/rcupdate.h>
  62#include <linux/netdevice.h>
  63#include <linux/proc_fs.h>
  64#include <linux/seq_file.h>
  65#include <linux/mutex.h>
  66#include <linux/if_bridge.h>
  67#include <linux/if_frad.h>
  68#include <linux/if_vlan.h>
  69#include <linux/ptp_classify.h>
  70#include <linux/init.h>
  71#include <linux/poll.h>
  72#include <linux/cache.h>
  73#include <linux/module.h>
  74#include <linux/highmem.h>
  75#include <linux/mount.h>
  76#include <linux/pseudo_fs.h>
  77#include <linux/security.h>
  78#include <linux/syscalls.h>
  79#include <linux/compat.h>
  80#include <linux/kmod.h>
  81#include <linux/audit.h>
  82#include <linux/wireless.h>
  83#include <linux/nsproxy.h>
  84#include <linux/magic.h>
  85#include <linux/slab.h>
  86#include <linux/xattr.h>
  87#include <linux/nospec.h>
  88#include <linux/indirect_call_wrapper.h>
  89
  90#include <linux/uaccess.h>
  91#include <asm/unistd.h>
  92
  93#include <net/compat.h>
  94#include <net/wext.h>
  95#include <net/cls_cgroup.h>
  96
  97#include <net/sock.h>
  98#include <linux/netfilter.h>
  99
 100#include <linux/if_tun.h>
 101#include <linux/ipv6_route.h>
 102#include <linux/route.h>
 103#include <linux/termios.h>
 104#include <linux/sockios.h>
 105#include <net/busy_poll.h>
 106#include <linux/errqueue.h>
 107
 108#ifdef CONFIG_NET_RX_BUSY_POLL
 109unsigned int sysctl_net_busy_read __read_mostly;
 110unsigned int sysctl_net_busy_poll __read_mostly;
 111#endif
 112
 113static ssize_t sock_read_iter(struct kiocb *iocb, struct iov_iter *to);
 114static ssize_t sock_write_iter(struct kiocb *iocb, struct iov_iter *from);
 115static int sock_mmap(struct file *file, struct vm_area_struct *vma);
 116
 117static int sock_close(struct inode *inode, struct file *file);
 118static __poll_t sock_poll(struct file *file,
 119                              struct poll_table_struct *wait);
 120static long sock_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
 121#ifdef CONFIG_COMPAT
 122static long compat_sock_ioctl(struct file *file,
 123                              unsigned int cmd, unsigned long arg);
 124#endif
 125static int sock_fasync(int fd, struct file *filp, int on);
 126static ssize_t sock_sendpage(struct file *file, struct page *page,
 127                             int offset, size_t size, loff_t *ppos, int more);
 128static ssize_t sock_splice_read(struct file *file, loff_t *ppos,
 129                                struct pipe_inode_info *pipe, size_t len,
 130                                unsigned int flags);
 131
 132#ifdef CONFIG_PROC_FS
 133static void sock_show_fdinfo(struct seq_file *m, struct file *f)
 134{
 135        struct socket *sock = f->private_data;
 136
 137        if (sock->ops->show_fdinfo)
 138                sock->ops->show_fdinfo(m, sock);
 139}
 140#else
 141#define sock_show_fdinfo NULL
 142#endif
 143
 144/*
 145 *      Socket files have a set of 'special' operations as well as the generic file ones. These don't appear
 146 *      in the operation structures but are done directly via the socketcall() multiplexor.
 147 */
 148
 149static const struct file_operations socket_file_ops = {
 150        .owner =        THIS_MODULE,
 151        .llseek =       no_llseek,
 152        .read_iter =    sock_read_iter,
 153        .write_iter =   sock_write_iter,
 154        .poll =         sock_poll,
 155        .unlocked_ioctl = sock_ioctl,
 156#ifdef CONFIG_COMPAT
 157        .compat_ioctl = compat_sock_ioctl,
 158#endif
 159        .mmap =         sock_mmap,
 160        .release =      sock_close,
 161        .fasync =       sock_fasync,
 162        .sendpage =     sock_sendpage,
 163        .splice_write = generic_splice_sendpage,
 164        .splice_read =  sock_splice_read,
 165        .show_fdinfo =  sock_show_fdinfo,
 166};
 167
 168/*
 169 *      The protocol list. Each protocol is registered in here.
 170 */
 171
 172static DEFINE_SPINLOCK(net_family_lock);
 173static const struct net_proto_family __rcu *net_families[NPROTO] __read_mostly;
 174
 175/*
 176 * Support routines.
 177 * Move socket addresses back and forth across the kernel/user
 178 * divide and look after the messy bits.
 179 */
 180
 181/**
 182 *      move_addr_to_kernel     -       copy a socket address into kernel space
 183 *      @uaddr: Address in user space
 184 *      @kaddr: Address in kernel space
 185 *      @ulen: Length in user space
 186 *
 187 *      The address is copied into kernel space. If the provided address is
 188 *      too long an error code of -EINVAL is returned. If the copy gives
 189 *      invalid addresses -EFAULT is returned. On a success 0 is returned.
 190 */
 191
 192int move_addr_to_kernel(void __user *uaddr, int ulen, struct sockaddr_storage *kaddr)
 193{
 194        if (ulen < 0 || ulen > sizeof(struct sockaddr_storage))
 195                return -EINVAL;
 196        if (ulen == 0)
 197                return 0;
 198        if (copy_from_user(kaddr, uaddr, ulen))
 199                return -EFAULT;
 200        return audit_sockaddr(ulen, kaddr);
 201}
 202
 203/**
 204 *      move_addr_to_user       -       copy an address to user space
 205 *      @kaddr: kernel space address
 206 *      @klen: length of address in kernel
 207 *      @uaddr: user space address
 208 *      @ulen: pointer to user length field
 209 *
 210 *      The value pointed to by ulen on entry is the buffer length available.
 211 *      This is overwritten with the buffer space used. -EINVAL is returned
 212 *      if an overlong buffer is specified or a negative buffer size. -EFAULT
 213 *      is returned if either the buffer or the length field are not
 214 *      accessible.
 215 *      After copying the data up to the limit the user specifies, the true
 216 *      length of the data is written over the length limit the user
 217 *      specified. Zero is returned for a success.
 218 */
 219
 220static int move_addr_to_user(struct sockaddr_storage *kaddr, int klen,
 221                             void __user *uaddr, int __user *ulen)
 222{
 223        int err;
 224        int len;
 225
 226        BUG_ON(klen > sizeof(struct sockaddr_storage));
 227        err = get_user(len, ulen);
 228        if (err)
 229                return err;
 230        if (len > klen)
 231                len = klen;
 232        if (len < 0)
 233                return -EINVAL;
 234        if (len) {
 235                if (audit_sockaddr(klen, kaddr))
 236                        return -ENOMEM;
 237                if (copy_to_user(uaddr, kaddr, len))
 238                        return -EFAULT;
 239        }
 240        /*
 241         *      "fromlen shall refer to the value before truncation.."
 242         *                      1003.1g
 243         */
 244        return __put_user(klen, ulen);
 245}
 246
 247static struct kmem_cache *sock_inode_cachep __ro_after_init;
 248
 249static struct inode *sock_alloc_inode(struct super_block *sb)
 250{
 251        struct socket_alloc *ei;
 252
 253        ei = kmem_cache_alloc(sock_inode_cachep, GFP_KERNEL);
 254        if (!ei)
 255                return NULL;
 256        init_waitqueue_head(&ei->socket.wq.wait);
 257        ei->socket.wq.fasync_list = NULL;
 258        ei->socket.wq.flags = 0;
 259
 260        ei->socket.state = SS_UNCONNECTED;
 261        ei->socket.flags = 0;
 262        ei->socket.ops = NULL;
 263        ei->socket.sk = NULL;
 264        ei->socket.file = NULL;
 265
 266        return &ei->vfs_inode;
 267}
 268
 269static void sock_free_inode(struct inode *inode)
 270{
 271        struct socket_alloc *ei;
 272
 273        ei = container_of(inode, struct socket_alloc, vfs_inode);
 274        kmem_cache_free(sock_inode_cachep, ei);
 275}
 276
 277static void init_once(void *foo)
 278{
 279        struct socket_alloc *ei = (struct socket_alloc *)foo;
 280
 281        inode_init_once(&ei->vfs_inode);
 282}
 283
 284static void init_inodecache(void)
 285{
 286        sock_inode_cachep = kmem_cache_create("sock_inode_cache",
 287                                              sizeof(struct socket_alloc),
 288                                              0,
 289                                              (SLAB_HWCACHE_ALIGN |
 290                                               SLAB_RECLAIM_ACCOUNT |
 291                                               SLAB_MEM_SPREAD | SLAB_ACCOUNT),
 292                                              init_once);
 293        BUG_ON(sock_inode_cachep == NULL);
 294}
 295
 296static const struct super_operations sockfs_ops = {
 297        .alloc_inode    = sock_alloc_inode,
 298        .free_inode     = sock_free_inode,
 299        .statfs         = simple_statfs,
 300};
 301
 302/*
 303 * sockfs_dname() is called from d_path().
 304 */
 305static char *sockfs_dname(struct dentry *dentry, char *buffer, int buflen)
 306{
 307        return dynamic_dname(dentry, buffer, buflen, "socket:[%lu]",
 308                                d_inode(dentry)->i_ino);
 309}
 310
 311static const struct dentry_operations sockfs_dentry_operations = {
 312        .d_dname  = sockfs_dname,
 313};
 314
 315static int sockfs_xattr_get(const struct xattr_handler *handler,
 316                            struct dentry *dentry, struct inode *inode,
 317                            const char *suffix, void *value, size_t size)
 318{
 319        if (value) {
 320                if (dentry->d_name.len + 1 > size)
 321                        return -ERANGE;
 322                memcpy(value, dentry->d_name.name, dentry->d_name.len + 1);
 323        }
 324        return dentry->d_name.len + 1;
 325}
 326
 327#define XATTR_SOCKPROTONAME_SUFFIX "sockprotoname"
 328#define XATTR_NAME_SOCKPROTONAME (XATTR_SYSTEM_PREFIX XATTR_SOCKPROTONAME_SUFFIX)
 329#define XATTR_NAME_SOCKPROTONAME_LEN (sizeof(XATTR_NAME_SOCKPROTONAME)-1)
 330
 331static const struct xattr_handler sockfs_xattr_handler = {
 332        .name = XATTR_NAME_SOCKPROTONAME,
 333        .get = sockfs_xattr_get,
 334};
 335
 336static int sockfs_security_xattr_set(const struct xattr_handler *handler,
 337                                     struct dentry *dentry, struct inode *inode,
 338                                     const char *suffix, const void *value,
 339                                     size_t size, int flags)
 340{
 341        /* Handled by LSM. */
 342        return -EAGAIN;
 343}
 344
 345static const struct xattr_handler sockfs_security_xattr_handler = {
 346        .prefix = XATTR_SECURITY_PREFIX,
 347        .set = sockfs_security_xattr_set,
 348};
 349
 350static const struct xattr_handler *sockfs_xattr_handlers[] = {
 351        &sockfs_xattr_handler,
 352        &sockfs_security_xattr_handler,
 353        NULL
 354};
 355
 356static int sockfs_init_fs_context(struct fs_context *fc)
 357{
 358        struct pseudo_fs_context *ctx = init_pseudo(fc, SOCKFS_MAGIC);
 359        if (!ctx)
 360                return -ENOMEM;
 361        ctx->ops = &sockfs_ops;
 362        ctx->dops = &sockfs_dentry_operations;
 363        ctx->xattr = sockfs_xattr_handlers;
 364        return 0;
 365}
 366
 367static struct vfsmount *sock_mnt __read_mostly;
 368
 369static struct file_system_type sock_fs_type = {
 370        .name =         "sockfs",
 371        .init_fs_context = sockfs_init_fs_context,
 372        .kill_sb =      kill_anon_super,
 373};
 374
 375/*
 376 *      Obtains the first available file descriptor and sets it up for use.
 377 *
 378 *      These functions create file structures and maps them to fd space
 379 *      of the current process. On success it returns file descriptor
 380 *      and file struct implicitly stored in sock->file.
 381 *      Note that another thread may close file descriptor before we return
 382 *      from this function. We use the fact that now we do not refer
 383 *      to socket after mapping. If one day we will need it, this
 384 *      function will increment ref. count on file by 1.
 385 *
 386 *      In any case returned fd MAY BE not valid!
 387 *      This race condition is unavoidable
 388 *      with shared fd spaces, we cannot solve it inside kernel,
 389 *      but we take care of internal coherence yet.
 390 */
 391
 392/**
 393 *      sock_alloc_file - Bind a &socket to a &file
 394 *      @sock: socket
 395 *      @flags: file status flags
 396 *      @dname: protocol name
 397 *
 398 *      Returns the &file bound with @sock, implicitly storing it
 399 *      in sock->file. If dname is %NULL, sets to "".
 400 *      On failure the return is a ERR pointer (see linux/err.h).
 401 *      This function uses GFP_KERNEL internally.
 402 */
 403
 404struct file *sock_alloc_file(struct socket *sock, int flags, const char *dname)
 405{
 406        struct file *file;
 407
 408        if (!dname)
 409                dname = sock->sk ? sock->sk->sk_prot_creator->name : "";
 410
 411        file = alloc_file_pseudo(SOCK_INODE(sock), sock_mnt, dname,
 412                                O_RDWR | (flags & O_NONBLOCK),
 413                                &socket_file_ops);
 414        if (IS_ERR(file)) {
 415                sock_release(sock);
 416                return file;
 417        }
 418
 419        sock->file = file;
 420        file->private_data = sock;
 421        stream_open(SOCK_INODE(sock), file);
 422        return file;
 423}
 424EXPORT_SYMBOL(sock_alloc_file);
 425
 426static int sock_map_fd(struct socket *sock, int flags)
 427{
 428        struct file *newfile;
 429        int fd = get_unused_fd_flags(flags);
 430        if (unlikely(fd < 0)) {
 431                sock_release(sock);
 432                return fd;
 433        }
 434
 435        newfile = sock_alloc_file(sock, flags, NULL);
 436        if (!IS_ERR(newfile)) {
 437                fd_install(fd, newfile);
 438                return fd;
 439        }
 440
 441        put_unused_fd(fd);
 442        return PTR_ERR(newfile);
 443}
 444
 445/**
 446 *      sock_from_file - Return the &socket bounded to @file.
 447 *      @file: file
 448 *      @err: pointer to an error code return
 449 *
 450 *      On failure returns %NULL and assigns -ENOTSOCK to @err.
 451 */
 452
 453struct socket *sock_from_file(struct file *file, int *err)
 454{
 455        if (file->f_op == &socket_file_ops)
 456                return file->private_data;      /* set in sock_map_fd */
 457
 458        *err = -ENOTSOCK;
 459        return NULL;
 460}
 461EXPORT_SYMBOL(sock_from_file);
 462
 463/**
 464 *      sockfd_lookup - Go from a file number to its socket slot
 465 *      @fd: file handle
 466 *      @err: pointer to an error code return
 467 *
 468 *      The file handle passed in is locked and the socket it is bound
 469 *      to is returned. If an error occurs the err pointer is overwritten
 470 *      with a negative errno code and NULL is returned. The function checks
 471 *      for both invalid handles and passing a handle which is not a socket.
 472 *
 473 *      On a success the socket object pointer is returned.
 474 */
 475
 476struct socket *sockfd_lookup(int fd, int *err)
 477{
 478        struct file *file;
 479        struct socket *sock;
 480
 481        file = fget(fd);
 482        if (!file) {
 483                *err = -EBADF;
 484                return NULL;
 485        }
 486
 487        sock = sock_from_file(file, err);
 488        if (!sock)
 489                fput(file);
 490        return sock;
 491}
 492EXPORT_SYMBOL(sockfd_lookup);
 493
 494static struct socket *sockfd_lookup_light(int fd, int *err, int *fput_needed)
 495{
 496        struct fd f = fdget(fd);
 497        struct socket *sock;
 498
 499        *err = -EBADF;
 500        if (f.file) {
 501                sock = sock_from_file(f.file, err);
 502                if (likely(sock)) {
 503                        *fput_needed = f.flags & FDPUT_FPUT;
 504                        return sock;
 505                }
 506                fdput(f);
 507        }
 508        return NULL;
 509}
 510
 511static ssize_t sockfs_listxattr(struct dentry *dentry, char *buffer,
 512                                size_t size)
 513{
 514        ssize_t len;
 515        ssize_t used = 0;
 516
 517        len = security_inode_listsecurity(d_inode(dentry), buffer, size);
 518        if (len < 0)
 519                return len;
 520        used += len;
 521        if (buffer) {
 522                if (size < used)
 523                        return -ERANGE;
 524                buffer += len;
 525        }
 526
 527        len = (XATTR_NAME_SOCKPROTONAME_LEN + 1);
 528        used += len;
 529        if (buffer) {
 530                if (size < used)
 531                        return -ERANGE;
 532                memcpy(buffer, XATTR_NAME_SOCKPROTONAME, len);
 533                buffer += len;
 534        }
 535
 536        return used;
 537}
 538
 539static int sockfs_setattr(struct dentry *dentry, struct iattr *iattr)
 540{
 541        int err = simple_setattr(dentry, iattr);
 542
 543        if (!err && (iattr->ia_valid & ATTR_UID)) {
 544                struct socket *sock = SOCKET_I(d_inode(dentry));
 545
 546                if (sock->sk)
 547                        sock->sk->sk_uid = iattr->ia_uid;
 548                else
 549                        err = -ENOENT;
 550        }
 551
 552        return err;
 553}
 554
 555static const struct inode_operations sockfs_inode_ops = {
 556        .listxattr = sockfs_listxattr,
 557        .setattr = sockfs_setattr,
 558};
 559
 560/**
 561 *      sock_alloc - allocate a socket
 562 *
 563 *      Allocate a new inode and socket object. The two are bound together
 564 *      and initialised. The socket is then returned. If we are out of inodes
 565 *      NULL is returned. This functions uses GFP_KERNEL internally.
 566 */
 567
 568struct socket *sock_alloc(void)
 569{
 570        struct inode *inode;
 571        struct socket *sock;
 572
 573        inode = new_inode_pseudo(sock_mnt->mnt_sb);
 574        if (!inode)
 575                return NULL;
 576
 577        sock = SOCKET_I(inode);
 578
 579        inode->i_ino = get_next_ino();
 580        inode->i_mode = S_IFSOCK | S_IRWXUGO;
 581        inode->i_uid = current_fsuid();
 582        inode->i_gid = current_fsgid();
 583        inode->i_op = &sockfs_inode_ops;
 584
 585        return sock;
 586}
 587EXPORT_SYMBOL(sock_alloc);
 588
 589static void __sock_release(struct socket *sock, struct inode *inode)
 590{
 591        if (sock->ops) {
 592                struct module *owner = sock->ops->owner;
 593
 594                if (inode)
 595                        inode_lock(inode);
 596                sock->ops->release(sock);
 597                sock->sk = NULL;
 598                if (inode)
 599                        inode_unlock(inode);
 600                sock->ops = NULL;
 601                module_put(owner);
 602        }
 603
 604        if (sock->wq.fasync_list)
 605                pr_err("%s: fasync list not empty!\n", __func__);
 606
 607        if (!sock->file) {
 608                iput(SOCK_INODE(sock));
 609                return;
 610        }
 611        sock->file = NULL;
 612}
 613
 614/**
 615 *      sock_release - close a socket
 616 *      @sock: socket to close
 617 *
 618 *      The socket is released from the protocol stack if it has a release
 619 *      callback, and the inode is then released if the socket is bound to
 620 *      an inode not a file.
 621 */
 622void sock_release(struct socket *sock)
 623{
 624        __sock_release(sock, NULL);
 625}
 626EXPORT_SYMBOL(sock_release);
 627
 628void __sock_tx_timestamp(__u16 tsflags, __u8 *tx_flags)
 629{
 630        u8 flags = *tx_flags;
 631
 632        if (tsflags & SOF_TIMESTAMPING_TX_HARDWARE)
 633                flags |= SKBTX_HW_TSTAMP;
 634
 635        if (tsflags & SOF_TIMESTAMPING_TX_SOFTWARE)
 636                flags |= SKBTX_SW_TSTAMP;
 637
 638        if (tsflags & SOF_TIMESTAMPING_TX_SCHED)
 639                flags |= SKBTX_SCHED_TSTAMP;
 640
 641        *tx_flags = flags;
 642}
 643EXPORT_SYMBOL(__sock_tx_timestamp);
 644
 645INDIRECT_CALLABLE_DECLARE(int inet_sendmsg(struct socket *, struct msghdr *,
 646                                           size_t));
 647INDIRECT_CALLABLE_DECLARE(int inet6_sendmsg(struct socket *, struct msghdr *,
 648                                            size_t));
 649static inline int sock_sendmsg_nosec(struct socket *sock, struct msghdr *msg)
 650{
 651        int ret = INDIRECT_CALL_INET(sock->ops->sendmsg, inet6_sendmsg,
 652                                     inet_sendmsg, sock, msg,
 653                                     msg_data_left(msg));
 654        BUG_ON(ret == -EIOCBQUEUED);
 655        return ret;
 656}
 657
 658/**
 659 *      sock_sendmsg - send a message through @sock
 660 *      @sock: socket
 661 *      @msg: message to send
 662 *
 663 *      Sends @msg through @sock, passing through LSM.
 664 *      Returns the number of bytes sent, or an error code.
 665 */
 666int sock_sendmsg(struct socket *sock, struct msghdr *msg)
 667{
 668        int err = security_socket_sendmsg(sock, msg,
 669                                          msg_data_left(msg));
 670
 671        return err ?: sock_sendmsg_nosec(sock, msg);
 672}
 673EXPORT_SYMBOL(sock_sendmsg);
 674
 675/**
 676 *      kernel_sendmsg - send a message through @sock (kernel-space)
 677 *      @sock: socket
 678 *      @msg: message header
 679 *      @vec: kernel vec
 680 *      @num: vec array length
 681 *      @size: total message data size
 682 *
 683 *      Builds the message data with @vec and sends it through @sock.
 684 *      Returns the number of bytes sent, or an error code.
 685 */
 686
 687int kernel_sendmsg(struct socket *sock, struct msghdr *msg,
 688                   struct kvec *vec, size_t num, size_t size)
 689{
 690        iov_iter_kvec(&msg->msg_iter, WRITE, vec, num, size);
 691        return sock_sendmsg(sock, msg);
 692}
 693EXPORT_SYMBOL(kernel_sendmsg);
 694
 695/**
 696 *      kernel_sendmsg_locked - send a message through @sock (kernel-space)
 697 *      @sk: sock
 698 *      @msg: message header
 699 *      @vec: output s/g array
 700 *      @num: output s/g array length
 701 *      @size: total message data size
 702 *
 703 *      Builds the message data with @vec and sends it through @sock.
 704 *      Returns the number of bytes sent, or an error code.
 705 *      Caller must hold @sk.
 706 */
 707
 708int kernel_sendmsg_locked(struct sock *sk, struct msghdr *msg,
 709                          struct kvec *vec, size_t num, size_t size)
 710{
 711        struct socket *sock = sk->sk_socket;
 712
 713        if (!sock->ops->sendmsg_locked)
 714                return sock_no_sendmsg_locked(sk, msg, size);
 715
 716        iov_iter_kvec(&msg->msg_iter, WRITE, vec, num, size);
 717
 718        return sock->ops->sendmsg_locked(sk, msg, msg_data_left(msg));
 719}
 720EXPORT_SYMBOL(kernel_sendmsg_locked);
 721
 722static bool skb_is_err_queue(const struct sk_buff *skb)
 723{
 724        /* pkt_type of skbs enqueued on the error queue are set to
 725         * PACKET_OUTGOING in skb_set_err_queue(). This is only safe to do
 726         * in recvmsg, since skbs received on a local socket will never
 727         * have a pkt_type of PACKET_OUTGOING.
 728         */
 729        return skb->pkt_type == PACKET_OUTGOING;
 730}
 731
 732/* On transmit, software and hardware timestamps are returned independently.
 733 * As the two skb clones share the hardware timestamp, which may be updated
 734 * before the software timestamp is received, a hardware TX timestamp may be
 735 * returned only if there is no software TX timestamp. Ignore false software
 736 * timestamps, which may be made in the __sock_recv_timestamp() call when the
 737 * option SO_TIMESTAMP_OLD(NS) is enabled on the socket, even when the skb has a
 738 * hardware timestamp.
 739 */
 740static bool skb_is_swtx_tstamp(const struct sk_buff *skb, int false_tstamp)
 741{
 742        return skb->tstamp && !false_tstamp && skb_is_err_queue(skb);
 743}
 744
 745static void put_ts_pktinfo(struct msghdr *msg, struct sk_buff *skb)
 746{
 747        struct scm_ts_pktinfo ts_pktinfo;
 748        struct net_device *orig_dev;
 749
 750        if (!skb_mac_header_was_set(skb))
 751                return;
 752
 753        memset(&ts_pktinfo, 0, sizeof(ts_pktinfo));
 754
 755        rcu_read_lock();
 756        orig_dev = dev_get_by_napi_id(skb_napi_id(skb));
 757        if (orig_dev)
 758                ts_pktinfo.if_index = orig_dev->ifindex;
 759        rcu_read_unlock();
 760
 761        ts_pktinfo.pkt_length = skb->len - skb_mac_offset(skb);
 762        put_cmsg(msg, SOL_SOCKET, SCM_TIMESTAMPING_PKTINFO,
 763                 sizeof(ts_pktinfo), &ts_pktinfo);
 764}
 765
 766/*
 767 * called from sock_recv_timestamp() if sock_flag(sk, SOCK_RCVTSTAMP)
 768 */
 769void __sock_recv_timestamp(struct msghdr *msg, struct sock *sk,
 770        struct sk_buff *skb)
 771{
 772        int need_software_tstamp = sock_flag(sk, SOCK_RCVTSTAMP);
 773        int new_tstamp = sock_flag(sk, SOCK_TSTAMP_NEW);
 774        struct scm_timestamping_internal tss;
 775
 776        int empty = 1, false_tstamp = 0;
 777        struct skb_shared_hwtstamps *shhwtstamps =
 778                skb_hwtstamps(skb);
 779
 780        /* Race occurred between timestamp enabling and packet
 781           receiving.  Fill in the current time for now. */
 782        if (need_software_tstamp && skb->tstamp == 0) {
 783                __net_timestamp(skb);
 784                false_tstamp = 1;
 785        }
 786
 787        if (need_software_tstamp) {
 788                if (!sock_flag(sk, SOCK_RCVTSTAMPNS)) {
 789                        if (new_tstamp) {
 790                                struct __kernel_sock_timeval tv;
 791
 792                                skb_get_new_timestamp(skb, &tv);
 793                                put_cmsg(msg, SOL_SOCKET, SO_TIMESTAMP_NEW,
 794                                         sizeof(tv), &tv);
 795                        } else {
 796                                struct __kernel_old_timeval tv;
 797
 798                                skb_get_timestamp(skb, &tv);
 799                                put_cmsg(msg, SOL_SOCKET, SO_TIMESTAMP_OLD,
 800                                         sizeof(tv), &tv);
 801                        }
 802                } else {
 803                        if (new_tstamp) {
 804                                struct __kernel_timespec ts;
 805
 806                                skb_get_new_timestampns(skb, &ts);
 807                                put_cmsg(msg, SOL_SOCKET, SO_TIMESTAMPNS_NEW,
 808                                         sizeof(ts), &ts);
 809                        } else {
 810                                struct __kernel_old_timespec ts;
 811
 812                                skb_get_timestampns(skb, &ts);
 813                                put_cmsg(msg, SOL_SOCKET, SO_TIMESTAMPNS_OLD,
 814                                         sizeof(ts), &ts);
 815                        }
 816                }
 817        }
 818
 819        memset(&tss, 0, sizeof(tss));
 820        if ((sk->sk_tsflags & SOF_TIMESTAMPING_SOFTWARE) &&
 821            ktime_to_timespec64_cond(skb->tstamp, tss.ts + 0))
 822                empty = 0;
 823        if (shhwtstamps &&
 824            (sk->sk_tsflags & SOF_TIMESTAMPING_RAW_HARDWARE) &&
 825            !skb_is_swtx_tstamp(skb, false_tstamp) &&
 826            ktime_to_timespec64_cond(shhwtstamps->hwtstamp, tss.ts + 2)) {
 827                empty = 0;
 828                if ((sk->sk_tsflags & SOF_TIMESTAMPING_OPT_PKTINFO) &&
 829                    !skb_is_err_queue(skb))
 830                        put_ts_pktinfo(msg, skb);
 831        }
 832        if (!empty) {
 833                if (sock_flag(sk, SOCK_TSTAMP_NEW))
 834                        put_cmsg_scm_timestamping64(msg, &tss);
 835                else
 836                        put_cmsg_scm_timestamping(msg, &tss);
 837
 838                if (skb_is_err_queue(skb) && skb->len &&
 839                    SKB_EXT_ERR(skb)->opt_stats)
 840                        put_cmsg(msg, SOL_SOCKET, SCM_TIMESTAMPING_OPT_STATS,
 841                                 skb->len, skb->data);
 842        }
 843}
 844EXPORT_SYMBOL_GPL(__sock_recv_timestamp);
 845
 846void __sock_recv_wifi_status(struct msghdr *msg, struct sock *sk,
 847        struct sk_buff *skb)
 848{
 849        int ack;
 850
 851        if (!sock_flag(sk, SOCK_WIFI_STATUS))
 852                return;
 853        if (!skb->wifi_acked_valid)
 854                return;
 855
 856        ack = skb->wifi_acked;
 857
 858        put_cmsg(msg, SOL_SOCKET, SCM_WIFI_STATUS, sizeof(ack), &ack);
 859}
 860EXPORT_SYMBOL_GPL(__sock_recv_wifi_status);
 861
 862static inline void sock_recv_drops(struct msghdr *msg, struct sock *sk,
 863                                   struct sk_buff *skb)
 864{
 865        if (sock_flag(sk, SOCK_RXQ_OVFL) && skb && SOCK_SKB_CB(skb)->dropcount)
 866                put_cmsg(msg, SOL_SOCKET, SO_RXQ_OVFL,
 867                        sizeof(__u32), &SOCK_SKB_CB(skb)->dropcount);
 868}
 869
 870void __sock_recv_ts_and_drops(struct msghdr *msg, struct sock *sk,
 871        struct sk_buff *skb)
 872{
 873        sock_recv_timestamp(msg, sk, skb);
 874        sock_recv_drops(msg, sk, skb);
 875}
 876EXPORT_SYMBOL_GPL(__sock_recv_ts_and_drops);
 877
 878INDIRECT_CALLABLE_DECLARE(int inet_recvmsg(struct socket *, struct msghdr *,
 879                                           size_t, int));
 880INDIRECT_CALLABLE_DECLARE(int inet6_recvmsg(struct socket *, struct msghdr *,
 881                                            size_t, int));
 882static inline int sock_recvmsg_nosec(struct socket *sock, struct msghdr *msg,
 883                                     int flags)
 884{
 885        return INDIRECT_CALL_INET(sock->ops->recvmsg, inet6_recvmsg,
 886                                  inet_recvmsg, sock, msg, msg_data_left(msg),
 887                                  flags);
 888}
 889
 890/**
 891 *      sock_recvmsg - receive a message from @sock
 892 *      @sock: socket
 893 *      @msg: message to receive
 894 *      @flags: message flags
 895 *
 896 *      Receives @msg from @sock, passing through LSM. Returns the total number
 897 *      of bytes received, or an error.
 898 */
 899int sock_recvmsg(struct socket *sock, struct msghdr *msg, int flags)
 900{
 901        int err = security_socket_recvmsg(sock, msg, msg_data_left(msg), flags);
 902
 903        return err ?: sock_recvmsg_nosec(sock, msg, flags);
 904}
 905EXPORT_SYMBOL(sock_recvmsg);
 906
 907/**
 908 *      kernel_recvmsg - Receive a message from a socket (kernel space)
 909 *      @sock: The socket to receive the message from
 910 *      @msg: Received message
 911 *      @vec: Input s/g array for message data
 912 *      @num: Size of input s/g array
 913 *      @size: Number of bytes to read
 914 *      @flags: Message flags (MSG_DONTWAIT, etc...)
 915 *
 916 *      On return the msg structure contains the scatter/gather array passed in the
 917 *      vec argument. The array is modified so that it consists of the unfilled
 918 *      portion of the original array.
 919 *
 920 *      The returned value is the total number of bytes received, or an error.
 921 */
 922
 923int kernel_recvmsg(struct socket *sock, struct msghdr *msg,
 924                   struct kvec *vec, size_t num, size_t size, int flags)
 925{
 926        msg->msg_control_is_user = false;
 927        iov_iter_kvec(&msg->msg_iter, READ, vec, num, size);
 928        return sock_recvmsg(sock, msg, flags);
 929}
 930EXPORT_SYMBOL(kernel_recvmsg);
 931
 932static ssize_t sock_sendpage(struct file *file, struct page *page,
 933                             int offset, size_t size, loff_t *ppos, int more)
 934{
 935        struct socket *sock;
 936        int flags;
 937
 938        sock = file->private_data;
 939
 940        flags = (file->f_flags & O_NONBLOCK) ? MSG_DONTWAIT : 0;
 941        /* more is a combination of MSG_MORE and MSG_SENDPAGE_NOTLAST */
 942        flags |= more;
 943
 944        return kernel_sendpage(sock, page, offset, size, flags);
 945}
 946
 947static ssize_t sock_splice_read(struct file *file, loff_t *ppos,
 948                                struct pipe_inode_info *pipe, size_t len,
 949                                unsigned int flags)
 950{
 951        struct socket *sock = file->private_data;
 952
 953        if (unlikely(!sock->ops->splice_read))
 954                return generic_file_splice_read(file, ppos, pipe, len, flags);
 955
 956        return sock->ops->splice_read(sock, ppos, pipe, len, flags);
 957}
 958
 959static ssize_t sock_read_iter(struct kiocb *iocb, struct iov_iter *to)
 960{
 961        struct file *file = iocb->ki_filp;
 962        struct socket *sock = file->private_data;
 963        struct msghdr msg = {.msg_iter = *to,
 964                             .msg_iocb = iocb};
 965        ssize_t res;
 966
 967        if (file->f_flags & O_NONBLOCK || (iocb->ki_flags & IOCB_NOWAIT))
 968                msg.msg_flags = MSG_DONTWAIT;
 969
 970        if (iocb->ki_pos != 0)
 971                return -ESPIPE;
 972
 973        if (!iov_iter_count(to))        /* Match SYS5 behaviour */
 974                return 0;
 975
 976        res = sock_recvmsg(sock, &msg, msg.msg_flags);
 977        *to = msg.msg_iter;
 978        return res;
 979}
 980
 981static ssize_t sock_write_iter(struct kiocb *iocb, struct iov_iter *from)
 982{
 983        struct file *file = iocb->ki_filp;
 984        struct socket *sock = file->private_data;
 985        struct msghdr msg = {.msg_iter = *from,
 986                             .msg_iocb = iocb};
 987        ssize_t res;
 988
 989        if (iocb->ki_pos != 0)
 990                return -ESPIPE;
 991
 992        if (file->f_flags & O_NONBLOCK || (iocb->ki_flags & IOCB_NOWAIT))
 993                msg.msg_flags = MSG_DONTWAIT;
 994
 995        if (sock->type == SOCK_SEQPACKET)
 996                msg.msg_flags |= MSG_EOR;
 997
 998        res = sock_sendmsg(sock, &msg);
 999        *from = msg.msg_iter;
1000        return res;
1001}
1002
1003/*
1004 * Atomic setting of ioctl hooks to avoid race
1005 * with module unload.
1006 */
1007
1008static DEFINE_MUTEX(br_ioctl_mutex);
1009static int (*br_ioctl_hook) (struct net *, unsigned int cmd, void __user *arg);
1010
1011void brioctl_set(int (*hook) (struct net *, unsigned int, void __user *))
1012{
1013        mutex_lock(&br_ioctl_mutex);
1014        br_ioctl_hook = hook;
1015        mutex_unlock(&br_ioctl_mutex);
1016}
1017EXPORT_SYMBOL(brioctl_set);
1018
1019static DEFINE_MUTEX(vlan_ioctl_mutex);
1020static int (*vlan_ioctl_hook) (struct net *, void __user *arg);
1021
1022void vlan_ioctl_set(int (*hook) (struct net *, void __user *))
1023{
1024        mutex_lock(&vlan_ioctl_mutex);
1025        vlan_ioctl_hook = hook;
1026        mutex_unlock(&vlan_ioctl_mutex);
1027}
1028EXPORT_SYMBOL(vlan_ioctl_set);
1029
1030static DEFINE_MUTEX(dlci_ioctl_mutex);
1031static int (*dlci_ioctl_hook) (unsigned int, void __user *);
1032
1033void dlci_ioctl_set(int (*hook) (unsigned int, void __user *))
1034{
1035        mutex_lock(&dlci_ioctl_mutex);
1036        dlci_ioctl_hook = hook;
1037        mutex_unlock(&dlci_ioctl_mutex);
1038}
1039EXPORT_SYMBOL(dlci_ioctl_set);
1040
1041static long sock_do_ioctl(struct net *net, struct socket *sock,
1042                          unsigned int cmd, unsigned long arg)
1043{
1044        int err;
1045        void __user *argp = (void __user *)arg;
1046
1047        err = sock->ops->ioctl(sock, cmd, arg);
1048
1049        /*
1050         * If this ioctl is unknown try to hand it down
1051         * to the NIC driver.
1052         */
1053        if (err != -ENOIOCTLCMD)
1054                return err;
1055
1056        if (cmd == SIOCGIFCONF) {
1057                struct ifconf ifc;
1058                if (copy_from_user(&ifc, argp, sizeof(struct ifconf)))
1059                        return -EFAULT;
1060                rtnl_lock();
1061                err = dev_ifconf(net, &ifc, sizeof(struct ifreq));
1062                rtnl_unlock();
1063                if (!err && copy_to_user(argp, &ifc, sizeof(struct ifconf)))
1064                        err = -EFAULT;
1065        } else {
1066                struct ifreq ifr;
1067                bool need_copyout;
1068                if (copy_from_user(&ifr, argp, sizeof(struct ifreq)))
1069                        return -EFAULT;
1070                err = dev_ioctl(net, cmd, &ifr, &need_copyout);
1071                if (!err && need_copyout)
1072                        if (copy_to_user(argp, &ifr, sizeof(struct ifreq)))
1073                                return -EFAULT;
1074        }
1075        return err;
1076}
1077
1078/*
1079 *      With an ioctl, arg may well be a user mode pointer, but we don't know
1080 *      what to do with it - that's up to the protocol still.
1081 */
1082
1083/**
1084 *      get_net_ns - increment the refcount of the network namespace
1085 *      @ns: common namespace (net)
1086 *
1087 *      Returns the net's common namespace.
1088 */
1089
1090struct ns_common *get_net_ns(struct ns_common *ns)
1091{
1092        return &get_net(container_of(ns, struct net, ns))->ns;
1093}
1094EXPORT_SYMBOL_GPL(get_net_ns);
1095
1096static long sock_ioctl(struct file *file, unsigned cmd, unsigned long arg)
1097{
1098        struct socket *sock;
1099        struct sock *sk;
1100        void __user *argp = (void __user *)arg;
1101        int pid, err;
1102        struct net *net;
1103
1104        sock = file->private_data;
1105        sk = sock->sk;
1106        net = sock_net(sk);
1107        if (unlikely(cmd >= SIOCDEVPRIVATE && cmd <= (SIOCDEVPRIVATE + 15))) {
1108                struct ifreq ifr;
1109                bool need_copyout;
1110                if (copy_from_user(&ifr, argp, sizeof(struct ifreq)))
1111                        return -EFAULT;
1112                err = dev_ioctl(net, cmd, &ifr, &need_copyout);
1113                if (!err && need_copyout)
1114                        if (copy_to_user(argp, &ifr, sizeof(struct ifreq)))
1115                                return -EFAULT;
1116        } else
1117#ifdef CONFIG_WEXT_CORE
1118        if (cmd >= SIOCIWFIRST && cmd <= SIOCIWLAST) {
1119                err = wext_handle_ioctl(net, cmd, argp);
1120        } else
1121#endif
1122                switch (cmd) {
1123                case FIOSETOWN:
1124                case SIOCSPGRP:
1125                        err = -EFAULT;
1126                        if (get_user(pid, (int __user *)argp))
1127                                break;
1128                        err = f_setown(sock->file, pid, 1);
1129                        break;
1130                case FIOGETOWN:
1131                case SIOCGPGRP:
1132                        err = put_user(f_getown(sock->file),
1133                                       (int __user *)argp);
1134                        break;
1135                case SIOCGIFBR:
1136                case SIOCSIFBR:
1137                case SIOCBRADDBR:
1138                case SIOCBRDELBR:
1139                        err = -ENOPKG;
1140                        if (!br_ioctl_hook)
1141                                request_module("bridge");
1142
1143                        mutex_lock(&br_ioctl_mutex);
1144                        if (br_ioctl_hook)
1145                                err = br_ioctl_hook(net, cmd, argp);
1146                        mutex_unlock(&br_ioctl_mutex);
1147                        break;
1148                case SIOCGIFVLAN:
1149                case SIOCSIFVLAN:
1150                        err = -ENOPKG;
1151                        if (!vlan_ioctl_hook)
1152                                request_module("8021q");
1153
1154                        mutex_lock(&vlan_ioctl_mutex);
1155                        if (vlan_ioctl_hook)
1156                                err = vlan_ioctl_hook(net, argp);
1157                        mutex_unlock(&vlan_ioctl_mutex);
1158                        break;
1159                case SIOCADDDLCI:
1160                case SIOCDELDLCI:
1161                        err = -ENOPKG;
1162                        if (!dlci_ioctl_hook)
1163                                request_module("dlci");
1164
1165                        mutex_lock(&dlci_ioctl_mutex);
1166                        if (dlci_ioctl_hook)
1167                                err = dlci_ioctl_hook(cmd, argp);
1168                        mutex_unlock(&dlci_ioctl_mutex);
1169                        break;
1170                case SIOCGSKNS:
1171                        err = -EPERM;
1172                        if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
1173                                break;
1174
1175                        err = open_related_ns(&net->ns, get_net_ns);
1176                        break;
1177                case SIOCGSTAMP_OLD:
1178                case SIOCGSTAMPNS_OLD:
1179                        if (!sock->ops->gettstamp) {
1180                                err = -ENOIOCTLCMD;
1181                                break;
1182                        }
1183                        err = sock->ops->gettstamp(sock, argp,
1184                                                   cmd == SIOCGSTAMP_OLD,
1185                                                   !IS_ENABLED(CONFIG_64BIT));
1186                        break;
1187                case SIOCGSTAMP_NEW:
1188                case SIOCGSTAMPNS_NEW:
1189                        if (!sock->ops->gettstamp) {
1190                                err = -ENOIOCTLCMD;
1191                                break;
1192                        }
1193                        err = sock->ops->gettstamp(sock, argp,
1194                                                   cmd == SIOCGSTAMP_NEW,
1195                                                   false);
1196                        break;
1197                default:
1198                        err = sock_do_ioctl(net, sock, cmd, arg);
1199                        break;
1200                }
1201        return err;
1202}
1203
1204/**
1205 *      sock_create_lite - creates a socket
1206 *      @family: protocol family (AF_INET, ...)
1207 *      @type: communication type (SOCK_STREAM, ...)
1208 *      @protocol: protocol (0, ...)
1209 *      @res: new socket
1210 *
1211 *      Creates a new socket and assigns it to @res, passing through LSM.
1212 *      The new socket initialization is not complete, see kernel_accept().
1213 *      Returns 0 or an error. On failure @res is set to %NULL.
1214 *      This function internally uses GFP_KERNEL.
1215 */
1216
1217int sock_create_lite(int family, int type, int protocol, struct socket **res)
1218{
1219        int err;
1220        struct socket *sock = NULL;
1221
1222        err = security_socket_create(family, type, protocol, 1);
1223        if (err)
1224                goto out;
1225
1226        sock = sock_alloc();
1227        if (!sock) {
1228                err = -ENOMEM;
1229                goto out;
1230        }
1231
1232        sock->type = type;
1233        err = security_socket_post_create(sock, family, type, protocol, 1);
1234        if (err)
1235                goto out_release;
1236
1237out:
1238        *res = sock;
1239        return err;
1240out_release:
1241        sock_release(sock);
1242        sock = NULL;
1243        goto out;
1244}
1245EXPORT_SYMBOL(sock_create_lite);
1246
1247/* No kernel lock held - perfect */
1248static __poll_t sock_poll(struct file *file, poll_table *wait)
1249{
1250        struct socket *sock = file->private_data;
1251        __poll_t events = poll_requested_events(wait), flag = 0;
1252
1253        if (!sock->ops->poll)
1254                return 0;
1255
1256        if (sk_can_busy_loop(sock->sk)) {
1257                /* poll once if requested by the syscall */
1258                if (events & POLL_BUSY_LOOP)
1259                        sk_busy_loop(sock->sk, 1);
1260
1261                /* if this socket can poll_ll, tell the system call */
1262                flag = POLL_BUSY_LOOP;
1263        }
1264
1265        return sock->ops->poll(file, sock, wait) | flag;
1266}
1267
1268static int sock_mmap(struct file *file, struct vm_area_struct *vma)
1269{
1270        struct socket *sock = file->private_data;
1271
1272        return sock->ops->mmap(file, sock, vma);
1273}
1274
1275static int sock_close(struct inode *inode, struct file *filp)
1276{
1277        __sock_release(SOCKET_I(inode), inode);
1278        return 0;
1279}
1280
1281/*
1282 *      Update the socket async list
1283 *
1284 *      Fasync_list locking strategy.
1285 *
1286 *      1. fasync_list is modified only under process context socket lock
1287 *         i.e. under semaphore.
1288 *      2. fasync_list is used under read_lock(&sk->sk_callback_lock)
1289 *         or under socket lock
1290 */
1291
1292static int sock_fasync(int fd, struct file *filp, int on)
1293{
1294        struct socket *sock = filp->private_data;
1295        struct sock *sk = sock->sk;
1296        struct socket_wq *wq = &sock->wq;
1297
1298        if (sk == NULL)
1299                return -EINVAL;
1300
1301        lock_sock(sk);
1302        fasync_helper(fd, filp, on, &wq->fasync_list);
1303
1304        if (!wq->fasync_list)
1305                sock_reset_flag(sk, SOCK_FASYNC);
1306        else
1307                sock_set_flag(sk, SOCK_FASYNC);
1308
1309        release_sock(sk);
1310        return 0;
1311}
1312
1313/* This function may be called only under rcu_lock */
1314
1315int sock_wake_async(struct socket_wq *wq, int how, int band)
1316{
1317        if (!wq || !wq->fasync_list)
1318                return -1;
1319
1320        switch (how) {
1321        case SOCK_WAKE_WAITD:
1322                if (test_bit(SOCKWQ_ASYNC_WAITDATA, &wq->flags))
1323                        break;
1324                goto call_kill;
1325        case SOCK_WAKE_SPACE:
1326                if (!test_and_clear_bit(SOCKWQ_ASYNC_NOSPACE, &wq->flags))
1327                        break;
1328                fallthrough;
1329        case SOCK_WAKE_IO:
1330call_kill:
1331                kill_fasync(&wq->fasync_list, SIGIO, band);
1332                break;
1333        case SOCK_WAKE_URG:
1334                kill_fasync(&wq->fasync_list, SIGURG, band);
1335        }
1336
1337        return 0;
1338}
1339EXPORT_SYMBOL(sock_wake_async);
1340
1341/**
1342 *      __sock_create - creates a socket
1343 *      @net: net namespace
1344 *      @family: protocol family (AF_INET, ...)
1345 *      @type: communication type (SOCK_STREAM, ...)
1346 *      @protocol: protocol (0, ...)
1347 *      @res: new socket
1348 *      @kern: boolean for kernel space sockets
1349 *
1350 *      Creates a new socket and assigns it to @res, passing through LSM.
1351 *      Returns 0 or an error. On failure @res is set to %NULL. @kern must
1352 *      be set to true if the socket resides in kernel space.
1353 *      This function internally uses GFP_KERNEL.
1354 */
1355
1356int __sock_create(struct net *net, int family, int type, int protocol,
1357                         struct socket **res, int kern)
1358{
1359        int err;
1360        struct socket *sock;
1361        const struct net_proto_family *pf;
1362
1363        /*
1364         *      Check protocol is in range
1365         */
1366        if (family < 0 || family >= NPROTO)
1367                return -EAFNOSUPPORT;
1368        if (type < 0 || type >= SOCK_MAX)
1369                return -EINVAL;
1370
1371        /* Compatibility.
1372
1373           This uglymoron is moved from INET layer to here to avoid
1374           deadlock in module load.
1375         */
1376        if (family == PF_INET && type == SOCK_PACKET) {
1377                pr_info_once("%s uses obsolete (PF_INET,SOCK_PACKET)\n",
1378                             current->comm);
1379                family = PF_PACKET;
1380        }
1381
1382        err = security_socket_create(family, type, protocol, kern);
1383        if (err)
1384                return err;
1385
1386        /*
1387         *      Allocate the socket and allow the family to set things up. if
1388         *      the protocol is 0, the family is instructed to select an appropriate
1389         *      default.
1390         */
1391        sock = sock_alloc();
1392        if (!sock) {
1393                net_warn_ratelimited("socket: no more sockets\n");
1394                return -ENFILE; /* Not exactly a match, but its the
1395                                   closest posix thing */
1396        }
1397
1398        sock->type = type;
1399
1400#ifdef CONFIG_MODULES
1401        /* Attempt to load a protocol module if the find failed.
1402         *
1403         * 12/09/1996 Marcin: But! this makes REALLY only sense, if the user
1404         * requested real, full-featured networking support upon configuration.
1405         * Otherwise module support will break!
1406         */
1407        if (rcu_access_pointer(net_families[family]) == NULL)
1408                request_module("net-pf-%d", family);
1409#endif
1410
1411        rcu_read_lock();
1412        pf = rcu_dereference(net_families[family]);
1413        err = -EAFNOSUPPORT;
1414        if (!pf)
1415                goto out_release;
1416
1417        /*
1418         * We will call the ->create function, that possibly is in a loadable
1419         * module, so we have to bump that loadable module refcnt first.
1420         */
1421        if (!try_module_get(pf->owner))
1422                goto out_release;
1423
1424        /* Now protected by module ref count */
1425        rcu_read_unlock();
1426
1427        err = pf->create(net, sock, protocol, kern);
1428        if (err < 0)
1429                goto out_module_put;
1430
1431        /*
1432         * Now to bump the refcnt of the [loadable] module that owns this
1433         * socket at sock_release time we decrement its refcnt.
1434         */
1435        if (!try_module_get(sock->ops->owner))
1436                goto out_module_busy;
1437
1438        /*
1439         * Now that we're done with the ->create function, the [loadable]
1440         * module can have its refcnt decremented
1441         */
1442        module_put(pf->owner);
1443        err = security_socket_post_create(sock, family, type, protocol, kern);
1444        if (err)
1445                goto out_sock_release;
1446        *res = sock;
1447
1448        return 0;
1449
1450out_module_busy:
1451        err = -EAFNOSUPPORT;
1452out_module_put:
1453        sock->ops = NULL;
1454        module_put(pf->owner);
1455out_sock_release:
1456        sock_release(sock);
1457        return err;
1458
1459out_release:
1460        rcu_read_unlock();
1461        goto out_sock_release;
1462}
1463EXPORT_SYMBOL(__sock_create);
1464
1465/**
1466 *      sock_create - creates a socket
1467 *      @family: protocol family (AF_INET, ...)
1468 *      @type: communication type (SOCK_STREAM, ...)
1469 *      @protocol: protocol (0, ...)
1470 *      @res: new socket
1471 *
1472 *      A wrapper around __sock_create().
1473 *      Returns 0 or an error. This function internally uses GFP_KERNEL.
1474 */
1475
1476int sock_create(int family, int type, int protocol, struct socket **res)
1477{
1478        return __sock_create(current->nsproxy->net_ns, family, type, protocol, res, 0);
1479}
1480EXPORT_SYMBOL(sock_create);
1481
1482/**
1483 *      sock_create_kern - creates a socket (kernel space)
1484 *      @net: net namespace
1485 *      @family: protocol family (AF_INET, ...)
1486 *      @type: communication type (SOCK_STREAM, ...)
1487 *      @protocol: protocol (0, ...)
1488 *      @res: new socket
1489 *
1490 *      A wrapper around __sock_create().
1491 *      Returns 0 or an error. This function internally uses GFP_KERNEL.
1492 */
1493
1494int sock_create_kern(struct net *net, int family, int type, int protocol, struct socket **res)
1495{
1496        return __sock_create(net, family, type, protocol, res, 1);
1497}
1498EXPORT_SYMBOL(sock_create_kern);
1499
1500int __sys_socket(int family, int type, int protocol)
1501{
1502        int retval;
1503        struct socket *sock;
1504        int flags;
1505
1506        /* Check the SOCK_* constants for consistency.  */
1507        BUILD_BUG_ON(SOCK_CLOEXEC != O_CLOEXEC);
1508        BUILD_BUG_ON((SOCK_MAX | SOCK_TYPE_MASK) != SOCK_TYPE_MASK);
1509        BUILD_BUG_ON(SOCK_CLOEXEC & SOCK_TYPE_MASK);
1510        BUILD_BUG_ON(SOCK_NONBLOCK & SOCK_TYPE_MASK);
1511
1512        flags = type & ~SOCK_TYPE_MASK;
1513        if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
1514                return -EINVAL;
1515        type &= SOCK_TYPE_MASK;
1516
1517        if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
1518                flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
1519
1520        retval = sock_create(family, type, protocol, &sock);
1521        if (retval < 0)
1522                return retval;
1523
1524        return sock_map_fd(sock, flags & (O_CLOEXEC | O_NONBLOCK));
1525}
1526
1527SYSCALL_DEFINE3(socket, int, family, int, type, int, protocol)
1528{
1529        return __sys_socket(family, type, protocol);
1530}
1531
1532/*
1533 *      Create a pair of connected sockets.
1534 */
1535
1536int __sys_socketpair(int family, int type, int protocol, int __user *usockvec)
1537{
1538        struct socket *sock1, *sock2;
1539        int fd1, fd2, err;
1540        struct file *newfile1, *newfile2;
1541        int flags;
1542
1543        flags = type & ~SOCK_TYPE_MASK;
1544        if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
1545                return -EINVAL;
1546        type &= SOCK_TYPE_MASK;
1547
1548        if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
1549                flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
1550
1551        /*
1552         * reserve descriptors and make sure we won't fail
1553         * to return them to userland.
1554         */
1555        fd1 = get_unused_fd_flags(flags);
1556        if (unlikely(fd1 < 0))
1557                return fd1;
1558
1559        fd2 = get_unused_fd_flags(flags);
1560        if (unlikely(fd2 < 0)) {
1561                put_unused_fd(fd1);
1562                return fd2;
1563        }
1564
1565        err = put_user(fd1, &usockvec[0]);
1566        if (err)
1567                goto out;
1568
1569        err = put_user(fd2, &usockvec[1]);
1570        if (err)
1571                goto out;
1572
1573        /*
1574         * Obtain the first socket and check if the underlying protocol
1575         * supports the socketpair call.
1576         */
1577
1578        err = sock_create(family, type, protocol, &sock1);
1579        if (unlikely(err < 0))
1580                goto out;
1581
1582        err = sock_create(family, type, protocol, &sock2);
1583        if (unlikely(err < 0)) {
1584                sock_release(sock1);
1585                goto out;
1586        }
1587
1588        err = security_socket_socketpair(sock1, sock2);
1589        if (unlikely(err)) {
1590                sock_release(sock2);
1591                sock_release(sock1);
1592                goto out;
1593        }
1594
1595        err = sock1->ops->socketpair(sock1, sock2);
1596        if (unlikely(err < 0)) {
1597                sock_release(sock2);
1598                sock_release(sock1);
1599                goto out;
1600        }
1601
1602        newfile1 = sock_alloc_file(sock1, flags, NULL);
1603        if (IS_ERR(newfile1)) {
1604                err = PTR_ERR(newfile1);
1605                sock_release(sock2);
1606                goto out;
1607        }
1608
1609        newfile2 = sock_alloc_file(sock2, flags, NULL);
1610        if (IS_ERR(newfile2)) {
1611                err = PTR_ERR(newfile2);
1612                fput(newfile1);
1613                goto out;
1614        }
1615
1616        audit_fd_pair(fd1, fd2);
1617
1618        fd_install(fd1, newfile1);
1619        fd_install(fd2, newfile2);
1620        return 0;
1621
1622out:
1623        put_unused_fd(fd2);
1624        put_unused_fd(fd1);
1625        return err;
1626}
1627
1628SYSCALL_DEFINE4(socketpair, int, family, int, type, int, protocol,
1629                int __user *, usockvec)
1630{
1631        return __sys_socketpair(family, type, protocol, usockvec);
1632}
1633
1634/*
1635 *      Bind a name to a socket. Nothing much to do here since it's
1636 *      the protocol's responsibility to handle the local address.
1637 *
1638 *      We move the socket address to kernel space before we call
1639 *      the protocol layer (having also checked the address is ok).
1640 */
1641
1642int __sys_bind(int fd, struct sockaddr __user *umyaddr, int addrlen)
1643{
1644        struct socket *sock;
1645        struct sockaddr_storage address;
1646        int err, fput_needed;
1647
1648        sock = sockfd_lookup_light(fd, &err, &fput_needed);
1649        if (sock) {
1650                err = move_addr_to_kernel(umyaddr, addrlen, &address);
1651                if (!err) {
1652                        err = security_socket_bind(sock,
1653                                                   (struct sockaddr *)&address,
1654                                                   addrlen);
1655                        if (!err)
1656                                err = sock->ops->bind(sock,
1657                                                      (struct sockaddr *)
1658                                                      &address, addrlen);
1659                }
1660                fput_light(sock->file, fput_needed);
1661        }
1662        return err;
1663}
1664
1665SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
1666{
1667        return __sys_bind(fd, umyaddr, addrlen);
1668}
1669
1670/*
1671 *      Perform a listen. Basically, we allow the protocol to do anything
1672 *      necessary for a listen, and if that works, we mark the socket as
1673 *      ready for listening.
1674 */
1675
1676int __sys_listen(int fd, int backlog)
1677{
1678        struct socket *sock;
1679        int err, fput_needed;
1680        int somaxconn;
1681
1682        sock = sockfd_lookup_light(fd, &err, &fput_needed);
1683        if (sock) {
1684                somaxconn = sock_net(sock->sk)->core.sysctl_somaxconn;
1685                if ((unsigned int)backlog > somaxconn)
1686                        backlog = somaxconn;
1687
1688                err = security_socket_listen(sock, backlog);
1689                if (!err)
1690                        err = sock->ops->listen(sock, backlog);
1691
1692                fput_light(sock->file, fput_needed);
1693        }
1694        return err;
1695}
1696
1697SYSCALL_DEFINE2(listen, int, fd, int, backlog)
1698{
1699        return __sys_listen(fd, backlog);
1700}
1701
1702int __sys_accept4_file(struct file *file, unsigned file_flags,
1703                       struct sockaddr __user *upeer_sockaddr,
1704                       int __user *upeer_addrlen, int flags,
1705                       unsigned long nofile)
1706{
1707        struct socket *sock, *newsock;
1708        struct file *newfile;
1709        int err, len, newfd;
1710        struct sockaddr_storage address;
1711
1712        if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
1713                return -EINVAL;
1714
1715        if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
1716                flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
1717
1718        sock = sock_from_file(file, &err);
1719        if (!sock)
1720                goto out;
1721
1722        err = -ENFILE;
1723        newsock = sock_alloc();
1724        if (!newsock)
1725                goto out;
1726
1727        newsock->type = sock->type;
1728        newsock->ops = sock->ops;
1729
1730        /*
1731         * We don't need try_module_get here, as the listening socket (sock)
1732         * has the protocol module (sock->ops->owner) held.
1733         */
1734        __module_get(newsock->ops->owner);
1735
1736        newfd = __get_unused_fd_flags(flags, nofile);
1737        if (unlikely(newfd < 0)) {
1738                err = newfd;
1739                sock_release(newsock);
1740                goto out;
1741        }
1742        newfile = sock_alloc_file(newsock, flags, sock->sk->sk_prot_creator->name);
1743        if (IS_ERR(newfile)) {
1744                err = PTR_ERR(newfile);
1745                put_unused_fd(newfd);
1746                goto out;
1747        }
1748
1749        err = security_socket_accept(sock, newsock);
1750        if (err)
1751                goto out_fd;
1752
1753        err = sock->ops->accept(sock, newsock, sock->file->f_flags | file_flags,
1754                                        false);
1755        if (err < 0)
1756                goto out_fd;
1757
1758        if (upeer_sockaddr) {
1759                len = newsock->ops->getname(newsock,
1760                                        (struct sockaddr *)&address, 2);
1761                if (len < 0) {
1762                        err = -ECONNABORTED;
1763                        goto out_fd;
1764                }
1765                err = move_addr_to_user(&address,
1766                                        len, upeer_sockaddr, upeer_addrlen);
1767                if (err < 0)
1768                        goto out_fd;
1769        }
1770
1771        /* File flags are not inherited via accept() unlike another OSes. */
1772
1773        fd_install(newfd, newfile);
1774        err = newfd;
1775out:
1776        return err;
1777out_fd:
1778        fput(newfile);
1779        put_unused_fd(newfd);
1780        goto out;
1781
1782}
1783
1784/*
1785 *      For accept, we attempt to create a new socket, set up the link
1786 *      with the client, wake up the client, then return the new
1787 *      connected fd. We collect the address of the connector in kernel
1788 *      space and move it to user at the very end. This is unclean because
1789 *      we open the socket then return an error.
1790 *
1791 *      1003.1g adds the ability to recvmsg() to query connection pending
1792 *      status to recvmsg. We need to add that support in a way thats
1793 *      clean when we restructure accept also.
1794 */
1795
1796int __sys_accept4(int fd, struct sockaddr __user *upeer_sockaddr,
1797                  int __user *upeer_addrlen, int flags)
1798{
1799        int ret = -EBADF;
1800        struct fd f;
1801
1802        f = fdget(fd);
1803        if (f.file) {
1804                ret = __sys_accept4_file(f.file, 0, upeer_sockaddr,
1805                                                upeer_addrlen, flags,
1806                                                rlimit(RLIMIT_NOFILE));
1807                fdput(f);
1808        }
1809
1810        return ret;
1811}
1812
1813SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
1814                int __user *, upeer_addrlen, int, flags)
1815{
1816        return __sys_accept4(fd, upeer_sockaddr, upeer_addrlen, flags);
1817}
1818
1819SYSCALL_DEFINE3(accept, int, fd, struct sockaddr __user *, upeer_sockaddr,
1820                int __user *, upeer_addrlen)
1821{
1822        return __sys_accept4(fd, upeer_sockaddr, upeer_addrlen, 0);
1823}
1824
1825/*
1826 *      Attempt to connect to a socket with the server address.  The address
1827 *      is in user space so we verify it is OK and move it to kernel space.
1828 *
1829 *      For 1003.1g we need to add clean support for a bind to AF_UNSPEC to
1830 *      break bindings
1831 *
1832 *      NOTE: 1003.1g draft 6.3 is broken with respect to AX.25/NetROM and
1833 *      other SEQPACKET protocols that take time to connect() as it doesn't
1834 *      include the -EINPROGRESS status for such sockets.
1835 */
1836
1837int __sys_connect_file(struct file *file, struct sockaddr_storage *address,
1838                       int addrlen, int file_flags)
1839{
1840        struct socket *sock;
1841        int err;
1842
1843        sock = sock_from_file(file, &err);
1844        if (!sock)
1845                goto out;
1846
1847        err =
1848            security_socket_connect(sock, (struct sockaddr *)address, addrlen);
1849        if (err)
1850                goto out;
1851
1852        err = sock->ops->connect(sock, (struct sockaddr *)address, addrlen,
1853                                 sock->file->f_flags | file_flags);
1854out:
1855        return err;
1856}
1857
1858int __sys_connect(int fd, struct sockaddr __user *uservaddr, int addrlen)
1859{
1860        int ret = -EBADF;
1861        struct fd f;
1862
1863        f = fdget(fd);
1864        if (f.file) {
1865                struct sockaddr_storage address;
1866
1867                ret = move_addr_to_kernel(uservaddr, addrlen, &address);
1868                if (!ret)
1869                        ret = __sys_connect_file(f.file, &address, addrlen, 0);
1870                fdput(f);
1871        }
1872
1873        return ret;
1874}
1875
1876SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
1877                int, addrlen)
1878{
1879        return __sys_connect(fd, uservaddr, addrlen);
1880}
1881
1882/*
1883 *      Get the local address ('name') of a socket object. Move the obtained
1884 *      name to user space.
1885 */
1886
1887int __sys_getsockname(int fd, struct sockaddr __user *usockaddr,
1888                      int __user *usockaddr_len)
1889{
1890        struct socket *sock;
1891        struct sockaddr_storage address;
1892        int err, fput_needed;
1893
1894        sock = sockfd_lookup_light(fd, &err, &fput_needed);
1895        if (!sock)
1896                goto out;
1897
1898        err = security_socket_getsockname(sock);
1899        if (err)
1900                goto out_put;
1901
1902        err = sock->ops->getname(sock, (struct sockaddr *)&address, 0);
1903        if (err < 0)
1904                goto out_put;
1905        /* "err" is actually length in this case */
1906        err = move_addr_to_user(&address, err, usockaddr, usockaddr_len);
1907
1908out_put:
1909        fput_light(sock->file, fput_needed);
1910out:
1911        return err;
1912}
1913
1914SYSCALL_DEFINE3(getsockname, int, fd, struct sockaddr __user *, usockaddr,
1915                int __user *, usockaddr_len)
1916{
1917        return __sys_getsockname(fd, usockaddr, usockaddr_len);
1918}
1919
1920/*
1921 *      Get the remote address ('name') of a socket object. Move the obtained
1922 *      name to user space.
1923 */
1924
1925int __sys_getpeername(int fd, struct sockaddr __user *usockaddr,
1926                      int __user *usockaddr_len)
1927{
1928        struct socket *sock;
1929        struct sockaddr_storage address;
1930        int err, fput_needed;
1931
1932        sock = sockfd_lookup_light(fd, &err, &fput_needed);
1933        if (sock != NULL) {
1934                err = security_socket_getpeername(sock);
1935                if (err) {
1936                        fput_light(sock->file, fput_needed);
1937                        return err;
1938                }
1939
1940                err = sock->ops->getname(sock, (struct sockaddr *)&address, 1);
1941                if (err >= 0)
1942                        /* "err" is actually length in this case */
1943                        err = move_addr_to_user(&address, err, usockaddr,
1944                                                usockaddr_len);
1945                fput_light(sock->file, fput_needed);
1946        }
1947        return err;
1948}
1949
1950SYSCALL_DEFINE3(getpeername, int, fd, struct sockaddr __user *, usockaddr,
1951                int __user *, usockaddr_len)
1952{
1953        return __sys_getpeername(fd, usockaddr, usockaddr_len);
1954}
1955
1956/*
1957 *      Send a datagram to a given address. We move the address into kernel
1958 *      space and check the user space data area is readable before invoking
1959 *      the protocol.
1960 */
1961int __sys_sendto(int fd, void __user *buff, size_t len, unsigned int flags,
1962                 struct sockaddr __user *addr,  int addr_len)
1963{
1964        struct socket *sock;
1965        struct sockaddr_storage address;
1966        int err;
1967        struct msghdr msg;
1968        struct iovec iov;
1969        int fput_needed;
1970
1971        err = import_single_range(WRITE, buff, len, &iov, &msg.msg_iter);
1972        if (unlikely(err))
1973                return err;
1974        sock = sockfd_lookup_light(fd, &err, &fput_needed);
1975        if (!sock)
1976                goto out;
1977
1978        msg.msg_name = NULL;
1979        msg.msg_control = NULL;
1980        msg.msg_controllen = 0;
1981        msg.msg_namelen = 0;
1982        if (addr) {
1983                err = move_addr_to_kernel(addr, addr_len, &address);
1984                if (err < 0)
1985                        goto out_put;
1986                msg.msg_name = (struct sockaddr *)&address;
1987                msg.msg_namelen = addr_len;
1988        }
1989        if (sock->file->f_flags & O_NONBLOCK)
1990                flags |= MSG_DONTWAIT;
1991        msg.msg_flags = flags;
1992        err = sock_sendmsg(sock, &msg);
1993
1994out_put:
1995        fput_light(sock->file, fput_needed);
1996out:
1997        return err;
1998}
1999
2000SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len,
2001                unsigned int, flags, struct sockaddr __user *, addr,
2002                int, addr_len)
2003{
2004        return __sys_sendto(fd, buff, len, flags, addr, addr_len);
2005}
2006
2007/*
2008 *      Send a datagram down a socket.
2009 */
2010
2011SYSCALL_DEFINE4(send, int, fd, void __user *, buff, size_t, len,
2012                unsigned int, flags)
2013{
2014        return __sys_sendto(fd, buff, len, flags, NULL, 0);
2015}
2016
2017/*
2018 *      Receive a frame from the socket and optionally record the address of the
2019 *      sender. We verify the buffers are writable and if needed move the
2020 *      sender address from kernel to user space.
2021 */
2022int __sys_recvfrom(int fd, void __user *ubuf, size_t size, unsigned int flags,
2023                   struct sockaddr __user *addr, int __user *addr_len)
2024{
2025        struct socket *sock;
2026        struct iovec iov;
2027        struct msghdr msg;
2028        struct sockaddr_storage address;
2029        int err, err2;
2030        int fput_needed;
2031
2032        err = import_single_range(READ, ubuf, size, &iov, &msg.msg_iter);
2033        if (unlikely(err))
2034                return err;
2035        sock = sockfd_lookup_light(fd, &err, &fput_needed);
2036        if (!sock)
2037                goto out;
2038
2039        msg.msg_control = NULL;
2040        msg.msg_controllen = 0;
2041        /* Save some cycles and don't copy the address if not needed */
2042        msg.msg_name = addr ? (struct sockaddr *)&address : NULL;
2043        /* We assume all kernel code knows the size of sockaddr_storage */
2044        msg.msg_namelen = 0;
2045        msg.msg_iocb = NULL;
2046        msg.msg_flags = 0;
2047        if (sock->file->f_flags & O_NONBLOCK)
2048                flags |= MSG_DONTWAIT;
2049        err = sock_recvmsg(sock, &msg, flags);
2050
2051        if (err >= 0 && addr != NULL) {
2052                err2 = move_addr_to_user(&address,
2053                                         msg.msg_namelen, addr, addr_len);
2054                if (err2 < 0)
2055                        err = err2;
2056        }
2057
2058        fput_light(sock->file, fput_needed);
2059out:
2060        return err;
2061}
2062
2063SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
2064                unsigned int, flags, struct sockaddr __user *, addr,
2065                int __user *, addr_len)
2066{
2067        return __sys_recvfrom(fd, ubuf, size, flags, addr, addr_len);
2068}
2069
2070/*
2071 *      Receive a datagram from a socket.
2072 */
2073
2074SYSCALL_DEFINE4(recv, int, fd, void __user *, ubuf, size_t, size,
2075                unsigned int, flags)
2076{
2077        return __sys_recvfrom(fd, ubuf, size, flags, NULL, NULL);
2078}
2079
2080static bool sock_use_custom_sol_socket(const struct socket *sock)
2081{
2082        const struct sock *sk = sock->sk;
2083
2084        /* Use sock->ops->setsockopt() for MPTCP */
2085        return IS_ENABLED(CONFIG_MPTCP) &&
2086               sk->sk_protocol == IPPROTO_MPTCP &&
2087               sk->sk_type == SOCK_STREAM &&
2088               (sk->sk_family == AF_INET || sk->sk_family == AF_INET6);
2089}
2090
2091/*
2092 *      Set a socket option. Because we don't know the option lengths we have
2093 *      to pass the user mode parameter for the protocols to sort out.
2094 */
2095int __sys_setsockopt(int fd, int level, int optname, char __user *user_optval,
2096                int optlen)
2097{
2098        sockptr_t optval = USER_SOCKPTR(user_optval);
2099        char *kernel_optval = NULL;
2100        int err, fput_needed;
2101        struct socket *sock;
2102
2103        if (optlen < 0)
2104                return -EINVAL;
2105
2106        sock = sockfd_lookup_light(fd, &err, &fput_needed);
2107        if (!sock)
2108                return err;
2109
2110        err = security_socket_setsockopt(sock, level, optname);
2111        if (err)
2112                goto out_put;
2113
2114        if (!in_compat_syscall())
2115                err = BPF_CGROUP_RUN_PROG_SETSOCKOPT(sock->sk, &level, &optname,
2116                                                     user_optval, &optlen,
2117                                                     &kernel_optval);
2118        if (err < 0)
2119                goto out_put;
2120        if (err > 0) {
2121                err = 0;
2122                goto out_put;
2123        }
2124
2125        if (kernel_optval)
2126                optval = KERNEL_SOCKPTR(kernel_optval);
2127        if (level == SOL_SOCKET && !sock_use_custom_sol_socket(sock))
2128                err = sock_setsockopt(sock, level, optname, optval, optlen);
2129        else if (unlikely(!sock->ops->setsockopt))
2130                err = -EOPNOTSUPP;
2131        else
2132                err = sock->ops->setsockopt(sock, level, optname, optval,
2133                                            optlen);
2134        kfree(kernel_optval);
2135out_put:
2136        fput_light(sock->file, fput_needed);
2137        return err;
2138}
2139
2140SYSCALL_DEFINE5(setsockopt, int, fd, int, level, int, optname,
2141                char __user *, optval, int, optlen)
2142{
2143        return __sys_setsockopt(fd, level, optname, optval, optlen);
2144}
2145
2146/*
2147 *      Get a socket option. Because we don't know the option lengths we have
2148 *      to pass a user mode parameter for the protocols to sort out.
2149 */
2150int __sys_getsockopt(int fd, int level, int optname, char __user *optval,
2151                int __user *optlen)
2152{
2153        int err, fput_needed;
2154        struct socket *sock;
2155        int max_optlen;
2156
2157        sock = sockfd_lookup_light(fd, &err, &fput_needed);
2158        if (!sock)
2159                return err;
2160
2161        err = security_socket_getsockopt(sock, level, optname);
2162        if (err)
2163                goto out_put;
2164
2165        if (!in_compat_syscall())
2166                max_optlen = BPF_CGROUP_GETSOCKOPT_MAX_OPTLEN(optlen);
2167
2168        if (level == SOL_SOCKET)
2169                err = sock_getsockopt(sock, level, optname, optval, optlen);
2170        else if (unlikely(!sock->ops->getsockopt))
2171                err = -EOPNOTSUPP;
2172        else
2173                err = sock->ops->getsockopt(sock, level, optname, optval,
2174                                            optlen);
2175
2176        if (!in_compat_syscall())
2177                err = BPF_CGROUP_RUN_PROG_GETSOCKOPT(sock->sk, level, optname,
2178                                                     optval, optlen, max_optlen,
2179                                                     err);
2180out_put:
2181        fput_light(sock->file, fput_needed);
2182        return err;
2183}
2184
2185SYSCALL_DEFINE5(getsockopt, int, fd, int, level, int, optname,
2186                char __user *, optval, int __user *, optlen)
2187{
2188        return __sys_getsockopt(fd, level, optname, optval, optlen);
2189}
2190
2191/*
2192 *      Shutdown a socket.
2193 */
2194
2195int __sys_shutdown(int fd, int how)
2196{
2197        int err, fput_needed;
2198        struct socket *sock;
2199
2200        sock = sockfd_lookup_light(fd, &err, &fput_needed);
2201        if (sock != NULL) {
2202                err = security_socket_shutdown(sock, how);
2203                if (!err)
2204                        err = sock->ops->shutdown(sock, how);
2205                fput_light(sock->file, fput_needed);
2206        }
2207        return err;
2208}
2209
2210SYSCALL_DEFINE2(shutdown, int, fd, int, how)
2211{
2212        return __sys_shutdown(fd, how);
2213}
2214
2215/* A couple of helpful macros for getting the address of the 32/64 bit
2216 * fields which are the same type (int / unsigned) on our platforms.
2217 */
2218#define COMPAT_MSG(msg, member) ((MSG_CMSG_COMPAT & flags) ? &msg##_compat->member : &msg->member)
2219#define COMPAT_NAMELEN(msg)     COMPAT_MSG(msg, msg_namelen)
2220#define COMPAT_FLAGS(msg)       COMPAT_MSG(msg, msg_flags)
2221
2222struct used_address {
2223        struct sockaddr_storage name;
2224        unsigned int name_len;
2225};
2226
2227int __copy_msghdr_from_user(struct msghdr *kmsg,
2228                            struct user_msghdr __user *umsg,
2229                            struct sockaddr __user **save_addr,
2230                            struct iovec __user **uiov, size_t *nsegs)
2231{
2232        struct user_msghdr msg;
2233        ssize_t err;
2234
2235        if (copy_from_user(&msg, umsg, sizeof(*umsg)))
2236                return -EFAULT;
2237
2238        kmsg->msg_control_is_user = true;
2239        kmsg->msg_control_user = msg.msg_control;
2240        kmsg->msg_controllen = msg.msg_controllen;
2241        kmsg->msg_flags = msg.msg_flags;
2242
2243        kmsg->msg_namelen = msg.msg_namelen;
2244        if (!msg.msg_name)
2245                kmsg->msg_namelen = 0;
2246
2247        if (kmsg->msg_namelen < 0)
2248                return -EINVAL;
2249
2250        if (kmsg->msg_namelen > sizeof(struct sockaddr_storage))
2251                kmsg->msg_namelen = sizeof(struct sockaddr_storage);
2252
2253        if (save_addr)
2254                *save_addr = msg.msg_name;
2255
2256        if (msg.msg_name && kmsg->msg_namelen) {
2257                if (!save_addr) {
2258                        err = move_addr_to_kernel(msg.msg_name,
2259                                                  kmsg->msg_namelen,
2260                                                  kmsg->msg_name);
2261                        if (err < 0)
2262                                return err;
2263                }
2264        } else {
2265                kmsg->msg_name = NULL;
2266                kmsg->msg_namelen = 0;
2267        }
2268
2269        if (msg.msg_iovlen > UIO_MAXIOV)
2270                return -EMSGSIZE;
2271
2272        kmsg->msg_iocb = NULL;
2273        *uiov = msg.msg_iov;
2274        *nsegs = msg.msg_iovlen;
2275        return 0;
2276}
2277
2278static int copy_msghdr_from_user(struct msghdr *kmsg,
2279                                 struct user_msghdr __user *umsg,
2280                                 struct sockaddr __user **save_addr,
2281                                 struct iovec **iov)
2282{
2283        struct user_msghdr msg;
2284        ssize_t err;
2285
2286        err = __copy_msghdr_from_user(kmsg, umsg, save_addr, &msg.msg_iov,
2287                                        &msg.msg_iovlen);
2288        if (err)
2289                return err;
2290
2291        err = import_iovec(save_addr ? READ : WRITE,
2292                            msg.msg_iov, msg.msg_iovlen,
2293                            UIO_FASTIOV, iov, &kmsg->msg_iter);
2294        return err < 0 ? err : 0;
2295}
2296
2297static int ____sys_sendmsg(struct socket *sock, struct msghdr *msg_sys,
2298                           unsigned int flags, struct used_address *used_address,
2299                           unsigned int allowed_msghdr_flags)
2300{
2301        unsigned char ctl[sizeof(struct cmsghdr) + 20]
2302                                __aligned(sizeof(__kernel_size_t));
2303        /* 20 is size of ipv6_pktinfo */
2304        unsigned char *ctl_buf = ctl;
2305        int ctl_len;
2306        ssize_t err;
2307
2308        err = -ENOBUFS;
2309
2310        if (msg_sys->msg_controllen > INT_MAX)
2311                goto out;
2312        flags |= (msg_sys->msg_flags & allowed_msghdr_flags);
2313        ctl_len = msg_sys->msg_controllen;
2314        if ((MSG_CMSG_COMPAT & flags) && ctl_len) {
2315                err =
2316                    cmsghdr_from_user_compat_to_kern(msg_sys, sock->sk, ctl,
2317                                                     sizeof(ctl));
2318                if (err)
2319                        goto out;
2320                ctl_buf = msg_sys->msg_control;
2321                ctl_len = msg_sys->msg_controllen;
2322        } else if (ctl_len) {
2323                BUILD_BUG_ON(sizeof(struct cmsghdr) !=
2324                             CMSG_ALIGN(sizeof(struct cmsghdr)));
2325                if (ctl_len > sizeof(ctl)) {
2326                        ctl_buf = sock_kmalloc(sock->sk, ctl_len, GFP_KERNEL);
2327                        if (ctl_buf == NULL)
2328                                goto out;
2329                }
2330                err = -EFAULT;
2331                if (copy_from_user(ctl_buf, msg_sys->msg_control_user, ctl_len))
2332                        goto out_freectl;
2333                msg_sys->msg_control = ctl_buf;
2334                msg_sys->msg_control_is_user = false;
2335        }
2336        msg_sys->msg_flags = flags;
2337
2338        if (sock->file->f_flags & O_NONBLOCK)
2339                msg_sys->msg_flags |= MSG_DONTWAIT;
2340        /*
2341         * If this is sendmmsg() and current destination address is same as
2342         * previously succeeded address, omit asking LSM's decision.
2343         * used_address->name_len is initialized to UINT_MAX so that the first
2344         * destination address never matches.
2345         */
2346        if (used_address && msg_sys->msg_name &&
2347            used_address->name_len == msg_sys->msg_namelen &&
2348            !memcmp(&used_address->name, msg_sys->msg_name,
2349                    used_address->name_len)) {
2350                err = sock_sendmsg_nosec(sock, msg_sys);
2351                goto out_freectl;
2352        }
2353        err = sock_sendmsg(sock, msg_sys);
2354        /*
2355         * If this is sendmmsg() and sending to current destination address was
2356         * successful, remember it.
2357         */
2358        if (used_address && err >= 0) {
2359                used_address->name_len = msg_sys->msg_namelen;
2360                if (msg_sys->msg_name)
2361                        memcpy(&used_address->name, msg_sys->msg_name,
2362                               used_address->name_len);
2363        }
2364
2365out_freectl:
2366        if (ctl_buf != ctl)
2367                sock_kfree_s(sock->sk, ctl_buf, ctl_len);
2368out:
2369        return err;
2370}
2371
2372int sendmsg_copy_msghdr(struct msghdr *msg,
2373                        struct user_msghdr __user *umsg, unsigned flags,
2374                        struct iovec **iov)
2375{
2376        int err;
2377
2378        if (flags & MSG_CMSG_COMPAT) {
2379                struct compat_msghdr __user *msg_compat;
2380
2381                msg_compat = (struct compat_msghdr __user *) umsg;
2382                err = get_compat_msghdr(msg, msg_compat, NULL, iov);
2383        } else {
2384                err = copy_msghdr_from_user(msg, umsg, NULL, iov);
2385        }
2386        if (err < 0)
2387                return err;
2388
2389        return 0;
2390}
2391
2392static int ___sys_sendmsg(struct socket *sock, struct user_msghdr __user *msg,
2393                         struct msghdr *msg_sys, unsigned int flags,
2394                         struct used_address *used_address,
2395                         unsigned int allowed_msghdr_flags)
2396{
2397        struct sockaddr_storage address;
2398        struct iovec iovstack[UIO_FASTIOV], *iov = iovstack;
2399        ssize_t err;
2400
2401        msg_sys->msg_name = &address;
2402
2403        err = sendmsg_copy_msghdr(msg_sys, msg, flags, &iov);
2404        if (err < 0)
2405                return err;
2406
2407        err = ____sys_sendmsg(sock, msg_sys, flags, used_address,
2408                                allowed_msghdr_flags);
2409        kfree(iov);
2410        return err;
2411}
2412
2413/*
2414 *      BSD sendmsg interface
2415 */
2416long __sys_sendmsg_sock(struct socket *sock, struct msghdr *msg,
2417                        unsigned int flags)
2418{
2419        /* disallow ancillary data requests from this path */
2420        if (msg->msg_control || msg->msg_controllen)
2421                return -EINVAL;
2422
2423        return ____sys_sendmsg(sock, msg, flags, NULL, 0);
2424}
2425
2426long __sys_sendmsg(int fd, struct user_msghdr __user *msg, unsigned int flags,
2427                   bool forbid_cmsg_compat)
2428{
2429        int fput_needed, err;
2430        struct msghdr msg_sys;
2431        struct socket *sock;
2432
2433        if (forbid_cmsg_compat && (flags & MSG_CMSG_COMPAT))
2434                return -EINVAL;
2435
2436        sock = sockfd_lookup_light(fd, &err, &fput_needed);
2437        if (!sock)
2438                goto out;
2439
2440        err = ___sys_sendmsg(sock, msg, &msg_sys, flags, NULL, 0);
2441
2442        fput_light(sock->file, fput_needed);
2443out:
2444        return err;
2445}
2446
2447SYSCALL_DEFINE3(sendmsg, int, fd, struct user_msghdr __user *, msg, unsigned int, flags)
2448{
2449        return __sys_sendmsg(fd, msg, flags, true);
2450}
2451
2452/*
2453 *      Linux sendmmsg interface
2454 */
2455
2456int __sys_sendmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen,
2457                   unsigned int flags, bool forbid_cmsg_compat)
2458{
2459        int fput_needed, err, datagrams;
2460        struct socket *sock;
2461        struct mmsghdr __user *entry;
2462        struct compat_mmsghdr __user *compat_entry;
2463        struct msghdr msg_sys;
2464        struct used_address used_address;
2465        unsigned int oflags = flags;
2466
2467        if (forbid_cmsg_compat && (flags & MSG_CMSG_COMPAT))
2468                return -EINVAL;
2469
2470        if (vlen > UIO_MAXIOV)
2471                vlen = UIO_MAXIOV;
2472
2473        datagrams = 0;
2474
2475        sock = sockfd_lookup_light(fd, &err, &fput_needed);
2476        if (!sock)
2477                return err;
2478
2479        used_address.name_len = UINT_MAX;
2480        entry = mmsg;
2481        compat_entry = (struct compat_mmsghdr __user *)mmsg;
2482        err = 0;
2483        flags |= MSG_BATCH;
2484
2485        while (datagrams < vlen) {
2486                if (datagrams == vlen - 1)
2487                        flags = oflags;
2488
2489                if (MSG_CMSG_COMPAT & flags) {
2490                        err = ___sys_sendmsg(sock, (struct user_msghdr __user *)compat_entry,
2491                                             &msg_sys, flags, &used_address, MSG_EOR);
2492                        if (err < 0)
2493                                break;
2494                        err = __put_user(err, &compat_entry->msg_len);
2495                        ++compat_entry;
2496                } else {
2497                        err = ___sys_sendmsg(sock,
2498                                             (struct user_msghdr __user *)entry,
2499                                             &msg_sys, flags, &used_address, MSG_EOR);
2500                        if (err < 0)
2501                                break;
2502                        err = put_user(err, &entry->msg_len);
2503                        ++entry;
2504                }
2505
2506                if (err)
2507                        break;
2508                ++datagrams;
2509                if (msg_data_left(&msg_sys))
2510                        break;
2511                cond_resched();
2512        }
2513
2514        fput_light(sock->file, fput_needed);
2515
2516        /* We only return an error if no datagrams were able to be sent */
2517        if (datagrams != 0)
2518                return datagrams;
2519
2520        return err;
2521}
2522
2523SYSCALL_DEFINE4(sendmmsg, int, fd, struct mmsghdr __user *, mmsg,
2524                unsigned int, vlen, unsigned int, flags)
2525{
2526        return __sys_sendmmsg(fd, mmsg, vlen, flags, true);
2527}
2528
2529int recvmsg_copy_msghdr(struct msghdr *msg,
2530                        struct user_msghdr __user *umsg, unsigned flags,
2531                        struct sockaddr __user **uaddr,
2532                        struct iovec **iov)
2533{
2534        ssize_t err;
2535
2536        if (MSG_CMSG_COMPAT & flags) {
2537                struct compat_msghdr __user *msg_compat;
2538
2539                msg_compat = (struct compat_msghdr __user *) umsg;
2540                err = get_compat_msghdr(msg, msg_compat, uaddr, iov);
2541        } else {
2542                err = copy_msghdr_from_user(msg, umsg, uaddr, iov);
2543        }
2544        if (err < 0)
2545                return err;
2546
2547        return 0;
2548}
2549
2550static int ____sys_recvmsg(struct socket *sock, struct msghdr *msg_sys,
2551                           struct user_msghdr __user *msg,
2552                           struct sockaddr __user *uaddr,
2553                           unsigned int flags, int nosec)
2554{
2555        struct compat_msghdr __user *msg_compat =
2556                                        (struct compat_msghdr __user *) msg;
2557        int __user *uaddr_len = COMPAT_NAMELEN(msg);
2558        struct sockaddr_storage addr;
2559        unsigned long cmsg_ptr;
2560        int len;
2561        ssize_t err;
2562
2563        msg_sys->msg_name = &addr;
2564        cmsg_ptr = (unsigned long)msg_sys->msg_control;
2565        msg_sys->msg_flags = flags & (MSG_CMSG_CLOEXEC|MSG_CMSG_COMPAT);
2566
2567        /* We assume all kernel code knows the size of sockaddr_storage */
2568        msg_sys->msg_namelen = 0;
2569
2570        if (sock->file->f_flags & O_NONBLOCK)
2571                flags |= MSG_DONTWAIT;
2572
2573        if (unlikely(nosec))
2574                err = sock_recvmsg_nosec(sock, msg_sys, flags);
2575        else
2576                err = sock_recvmsg(sock, msg_sys, flags);
2577
2578        if (err < 0)
2579                goto out;
2580        len = err;
2581
2582        if (uaddr != NULL) {
2583                err = move_addr_to_user(&addr,
2584                                        msg_sys->msg_namelen, uaddr,
2585                                        uaddr_len);
2586                if (err < 0)
2587                        goto out;
2588        }
2589        err = __put_user((msg_sys->msg_flags & ~MSG_CMSG_COMPAT),
2590                         COMPAT_FLAGS(msg));
2591        if (err)
2592                goto out;
2593        if (MSG_CMSG_COMPAT & flags)
2594                err = __put_user((unsigned long)msg_sys->msg_control - cmsg_ptr,
2595                                 &msg_compat->msg_controllen);
2596        else
2597                err = __put_user((unsigned long)msg_sys->msg_control - cmsg_ptr,
2598                                 &msg->msg_controllen);
2599        if (err)
2600                goto out;
2601        err = len;
2602out:
2603        return err;
2604}
2605
2606static int ___sys_recvmsg(struct socket *sock, struct user_msghdr __user *msg,
2607                         struct msghdr *msg_sys, unsigned int flags, int nosec)
2608{
2609        struct iovec iovstack[UIO_FASTIOV], *iov = iovstack;
2610        /* user mode address pointers */
2611        struct sockaddr __user *uaddr;
2612        ssize_t err;
2613
2614        err = recvmsg_copy_msghdr(msg_sys, msg, flags, &uaddr, &iov);
2615        if (err < 0)
2616                return err;
2617
2618        err = ____sys_recvmsg(sock, msg_sys, msg, uaddr, flags, nosec);
2619        kfree(iov);
2620        return err;
2621}
2622
2623/*
2624 *      BSD recvmsg interface
2625 */
2626
2627long __sys_recvmsg_sock(struct socket *sock, struct msghdr *msg,
2628                        struct user_msghdr __user *umsg,
2629                        struct sockaddr __user *uaddr, unsigned int flags)
2630{
2631        if (msg->msg_control || msg->msg_controllen) {
2632                /* disallow ancillary data reqs unless cmsg is plain data */
2633                if (!(sock->ops->flags & PROTO_CMSG_DATA_ONLY))
2634                        return -EINVAL;
2635        }
2636
2637        return ____sys_recvmsg(sock, msg, umsg, uaddr, flags, 0);
2638}
2639
2640long __sys_recvmsg(int fd, struct user_msghdr __user *msg, unsigned int flags,
2641                   bool forbid_cmsg_compat)
2642{
2643        int fput_needed, err;
2644        struct msghdr msg_sys;
2645        struct socket *sock;
2646
2647        if (forbid_cmsg_compat && (flags & MSG_CMSG_COMPAT))
2648                return -EINVAL;
2649
2650        sock = sockfd_lookup_light(fd, &err, &fput_needed);
2651        if (!sock)
2652                goto out;
2653
2654        err = ___sys_recvmsg(sock, msg, &msg_sys, flags, 0);
2655
2656        fput_light(sock->file, fput_needed);
2657out:
2658        return err;
2659}
2660
2661SYSCALL_DEFINE3(recvmsg, int, fd, struct user_msghdr __user *, msg,
2662                unsigned int, flags)
2663{
2664        return __sys_recvmsg(fd, msg, flags, true);
2665}
2666
2667/*
2668 *     Linux recvmmsg interface
2669 */
2670
2671static int do_recvmmsg(int fd, struct mmsghdr __user *mmsg,
2672                          unsigned int vlen, unsigned int flags,
2673                          struct timespec64 *timeout)
2674{
2675        int fput_needed, err, datagrams;
2676        struct socket *sock;
2677        struct mmsghdr __user *entry;
2678        struct compat_mmsghdr __user *compat_entry;
2679        struct msghdr msg_sys;
2680        struct timespec64 end_time;
2681        struct timespec64 timeout64;
2682
2683        if (timeout &&
2684            poll_select_set_timeout(&end_time, timeout->tv_sec,
2685                                    timeout->tv_nsec))
2686                return -EINVAL;
2687
2688        datagrams = 0;
2689
2690        sock = sockfd_lookup_light(fd, &err, &fput_needed);
2691        if (!sock)
2692                return err;
2693
2694        if (likely(!(flags & MSG_ERRQUEUE))) {
2695                err = sock_error(sock->sk);
2696                if (err) {
2697                        datagrams = err;
2698                        goto out_put;
2699                }
2700        }
2701
2702        entry = mmsg;
2703        compat_entry = (struct compat_mmsghdr __user *)mmsg;
2704
2705        while (datagrams < vlen) {
2706                /*
2707                 * No need to ask LSM for more than the first datagram.
2708                 */
2709                if (MSG_CMSG_COMPAT & flags) {
2710                        err = ___sys_recvmsg(sock, (struct user_msghdr __user *)compat_entry,
2711                                             &msg_sys, flags & ~MSG_WAITFORONE,
2712                                             datagrams);
2713                        if (err < 0)
2714                                break;
2715                        err = __put_user(err, &compat_entry->msg_len);
2716                        ++compat_entry;
2717                } else {
2718                        err = ___sys_recvmsg(sock,
2719                                             (struct user_msghdr __user *)entry,
2720                                             &msg_sys, flags & ~MSG_WAITFORONE,
2721                                             datagrams);
2722                        if (err < 0)
2723                                break;
2724                        err = put_user(err, &entry->msg_len);
2725                        ++entry;
2726                }
2727
2728                if (err)
2729                        break;
2730                ++datagrams;
2731
2732                /* MSG_WAITFORONE turns on MSG_DONTWAIT after one packet */
2733                if (flags & MSG_WAITFORONE)
2734                        flags |= MSG_DONTWAIT;
2735
2736                if (timeout) {
2737                        ktime_get_ts64(&timeout64);
2738                        *timeout = timespec64_sub(end_time, timeout64);
2739                        if (timeout->tv_sec < 0) {
2740                                timeout->tv_sec = timeout->tv_nsec = 0;
2741                                break;
2742                        }
2743
2744                        /* Timeout, return less than vlen datagrams */
2745                        if (timeout->tv_nsec == 0 && timeout->tv_sec == 0)
2746                                break;
2747                }
2748
2749                /* Out of band data, return right away */
2750                if (msg_sys.msg_flags & MSG_OOB)
2751                        break;
2752                cond_resched();
2753        }
2754
2755        if (err == 0)
2756                goto out_put;
2757
2758        if (datagrams == 0) {
2759                datagrams = err;
2760                goto out_put;
2761        }
2762
2763        /*
2764         * We may return less entries than requested (vlen) if the
2765         * sock is non block and there aren't enough datagrams...
2766         */
2767        if (err != -EAGAIN) {
2768                /*
2769                 * ... or  if recvmsg returns an error after we
2770                 * received some datagrams, where we record the
2771                 * error to return on the next call or if the
2772                 * app asks about it using getsockopt(SO_ERROR).
2773                 */
2774                sock->sk->sk_err = -err;
2775        }
2776out_put:
2777        fput_light(sock->file, fput_needed);
2778
2779        return datagrams;
2780}
2781
2782int __sys_recvmmsg(int fd, struct mmsghdr __user *mmsg,
2783                   unsigned int vlen, unsigned int flags,
2784                   struct __kernel_timespec __user *timeout,
2785                   struct old_timespec32 __user *timeout32)
2786{
2787        int datagrams;
2788        struct timespec64 timeout_sys;
2789
2790        if (timeout && get_timespec64(&timeout_sys, timeout))
2791                return -EFAULT;
2792
2793        if (timeout32 && get_old_timespec32(&timeout_sys, timeout32))
2794                return -EFAULT;
2795
2796        if (!timeout && !timeout32)
2797                return do_recvmmsg(fd, mmsg, vlen, flags, NULL);
2798
2799        datagrams = do_recvmmsg(fd, mmsg, vlen, flags, &timeout_sys);
2800
2801        if (datagrams <= 0)
2802                return datagrams;
2803
2804        if (timeout && put_timespec64(&timeout_sys, timeout))
2805                datagrams = -EFAULT;
2806
2807        if (timeout32 && put_old_timespec32(&timeout_sys, timeout32))
2808                datagrams = -EFAULT;
2809
2810        return datagrams;
2811}
2812
2813SYSCALL_DEFINE5(recvmmsg, int, fd, struct mmsghdr __user *, mmsg,
2814                unsigned int, vlen, unsigned int, flags,
2815                struct __kernel_timespec __user *, timeout)
2816{
2817        if (flags & MSG_CMSG_COMPAT)
2818                return -EINVAL;
2819
2820        return __sys_recvmmsg(fd, mmsg, vlen, flags, timeout, NULL);
2821}
2822
2823#ifdef CONFIG_COMPAT_32BIT_TIME
2824SYSCALL_DEFINE5(recvmmsg_time32, int, fd, struct mmsghdr __user *, mmsg,
2825                unsigned int, vlen, unsigned int, flags,
2826                struct old_timespec32 __user *, timeout)
2827{
2828        if (flags & MSG_CMSG_COMPAT)
2829                return -EINVAL;
2830
2831        return __sys_recvmmsg(fd, mmsg, vlen, flags, NULL, timeout);
2832}
2833#endif
2834
2835#ifdef __ARCH_WANT_SYS_SOCKETCALL
2836/* Argument list sizes for sys_socketcall */
2837#define AL(x) ((x) * sizeof(unsigned long))
2838static const unsigned char nargs[21] = {
2839        AL(0), AL(3), AL(3), AL(3), AL(2), AL(3),
2840        AL(3), AL(3), AL(4), AL(4), AL(4), AL(6),
2841        AL(6), AL(2), AL(5), AL(5), AL(3), AL(3),
2842        AL(4), AL(5), AL(4)
2843};
2844
2845#undef AL
2846
2847/*
2848 *      System call vectors.
2849 *
2850 *      Argument checking cleaned up. Saved 20% in size.
2851 *  This function doesn't need to set the kernel lock because
2852 *  it is set by the callees.
2853 */
2854
2855SYSCALL_DEFINE2(socketcall, int, call, unsigned long __user *, args)
2856{
2857        unsigned long a[AUDITSC_ARGS];
2858        unsigned long a0, a1;
2859        int err;
2860        unsigned int len;
2861
2862        if (call < 1 || call > SYS_SENDMMSG)
2863                return -EINVAL;
2864        call = array_index_nospec(call, SYS_SENDMMSG + 1);
2865
2866        len = nargs[call];
2867        if (len > sizeof(a))
2868                return -EINVAL;
2869
2870        /* copy_from_user should be SMP safe. */
2871        if (copy_from_user(a, args, len))
2872                return -EFAULT;
2873
2874        err = audit_socketcall(nargs[call] / sizeof(unsigned long), a);
2875        if (err)
2876                return err;
2877
2878        a0 = a[0];
2879        a1 = a[1];
2880
2881        switch (call) {
2882        case SYS_SOCKET:
2883                err = __sys_socket(a0, a1, a[2]);
2884                break;
2885        case SYS_BIND:
2886                err = __sys_bind(a0, (struct sockaddr __user *)a1, a[2]);
2887                break;
2888        case SYS_CONNECT:
2889                err = __sys_connect(a0, (struct sockaddr __user *)a1, a[2]);
2890                break;
2891        case SYS_LISTEN:
2892                err = __sys_listen(a0, a1);
2893                break;
2894        case SYS_ACCEPT:
2895                err = __sys_accept4(a0, (struct sockaddr __user *)a1,
2896                                    (int __user *)a[2], 0);
2897                break;
2898        case SYS_GETSOCKNAME:
2899                err =
2900                    __sys_getsockname(a0, (struct sockaddr __user *)a1,
2901                                      (int __user *)a[2]);
2902                break;
2903        case SYS_GETPEERNAME:
2904                err =
2905                    __sys_getpeername(a0, (struct sockaddr __user *)a1,
2906                                      (int __user *)a[2]);
2907                break;
2908        case SYS_SOCKETPAIR:
2909                err = __sys_socketpair(a0, a1, a[2], (int __user *)a[3]);
2910                break;
2911        case SYS_SEND:
2912                err = __sys_sendto(a0, (void __user *)a1, a[2], a[3],
2913                                   NULL, 0);
2914                break;
2915        case SYS_SENDTO:
2916                err = __sys_sendto(a0, (void __user *)a1, a[2], a[3],
2917                                   (struct sockaddr __user *)a[4], a[5]);
2918                break;
2919        case SYS_RECV:
2920                err = __sys_recvfrom(a0, (void __user *)a1, a[2], a[3],
2921                                     NULL, NULL);
2922                break;
2923        case SYS_RECVFROM:
2924                err = __sys_recvfrom(a0, (void __user *)a1, a[2], a[3],
2925                                     (struct sockaddr __user *)a[4],
2926                                     (int __user *)a[5]);
2927                break;
2928        case SYS_SHUTDOWN:
2929                err = __sys_shutdown(a0, a1);
2930                break;
2931        case SYS_SETSOCKOPT:
2932                err = __sys_setsockopt(a0, a1, a[2], (char __user *)a[3],
2933                                       a[4]);
2934                break;
2935        case SYS_GETSOCKOPT:
2936                err =
2937                    __sys_getsockopt(a0, a1, a[2], (char __user *)a[3],
2938                                     (int __user *)a[4]);
2939                break;
2940        case SYS_SENDMSG:
2941                err = __sys_sendmsg(a0, (struct user_msghdr __user *)a1,
2942                                    a[2], true);
2943                break;
2944        case SYS_SENDMMSG:
2945                err = __sys_sendmmsg(a0, (struct mmsghdr __user *)a1, a[2],
2946                                     a[3], true);
2947                break;
2948        case SYS_RECVMSG:
2949                err = __sys_recvmsg(a0, (struct user_msghdr __user *)a1,
2950                                    a[2], true);
2951                break;
2952        case SYS_RECVMMSG:
2953                if (IS_ENABLED(CONFIG_64BIT))
2954                        err = __sys_recvmmsg(a0, (struct mmsghdr __user *)a1,
2955                                             a[2], a[3],
2956                                             (struct __kernel_timespec __user *)a[4],
2957                                             NULL);
2958                else
2959                        err = __sys_recvmmsg(a0, (struct mmsghdr __user *)a1,
2960                                             a[2], a[3], NULL,
2961                                             (struct old_timespec32 __user *)a[4]);
2962                break;
2963        case SYS_ACCEPT4:
2964                err = __sys_accept4(a0, (struct sockaddr __user *)a1,
2965                                    (int __user *)a[2], a[3]);
2966                break;
2967        default:
2968                err = -EINVAL;
2969                break;
2970        }
2971        return err;
2972}
2973
2974#endif                          /* __ARCH_WANT_SYS_SOCKETCALL */
2975
2976/**
2977 *      sock_register - add a socket protocol handler
2978 *      @ops: description of protocol
2979 *
2980 *      This function is called by a protocol handler that wants to
2981 *      advertise its address family, and have it linked into the
2982 *      socket interface. The value ops->family corresponds to the
2983 *      socket system call protocol family.
2984 */
2985int sock_register(const struct net_proto_family *ops)
2986{
2987        int err;
2988
2989        if (ops->family >= NPROTO) {
2990                pr_crit("protocol %d >= NPROTO(%d)\n", ops->family, NPROTO);
2991                return -ENOBUFS;
2992        }
2993
2994        spin_lock(&net_family_lock);
2995        if (rcu_dereference_protected(net_families[ops->family],
2996                                      lockdep_is_held(&net_family_lock)))
2997                err = -EEXIST;
2998        else {
2999                rcu_assign_pointer(net_families[ops->family], ops);
3000                err = 0;
3001        }
3002        spin_unlock(&net_family_lock);
3003
3004        pr_info("NET: Registered protocol family %d\n", ops->family);
3005        return err;
3006}
3007EXPORT_SYMBOL(sock_register);
3008
3009/**
3010 *      sock_unregister - remove a protocol handler
3011 *      @family: protocol family to remove
3012 *
3013 *      This function is called by a protocol handler that wants to
3014 *      remove its address family, and have it unlinked from the
3015 *      new socket creation.
3016 *
3017 *      If protocol handler is a module, then it can use module reference
3018 *      counts to protect against new references. If protocol handler is not
3019 *      a module then it needs to provide its own protection in
3020 *      the ops->create routine.
3021 */
3022void sock_unregister(int family)
3023{
3024        BUG_ON(family < 0 || family >= NPROTO);
3025
3026        spin_lock(&net_family_lock);
3027        RCU_INIT_POINTER(net_families[family], NULL);
3028        spin_unlock(&net_family_lock);
3029
3030        synchronize_rcu();
3031
3032        pr_info("NET: Unregistered protocol family %d\n", family);
3033}
3034EXPORT_SYMBOL(sock_unregister);
3035
3036bool sock_is_registered(int family)
3037{
3038        return family < NPROTO && rcu_access_pointer(net_families[family]);
3039}
3040
3041static int __init sock_init(void)
3042{
3043        int err;
3044        /*
3045         *      Initialize the network sysctl infrastructure.
3046         */
3047        err = net_sysctl_init();
3048        if (err)
3049                goto out;
3050
3051        /*
3052         *      Initialize skbuff SLAB cache
3053         */
3054        skb_init();
3055
3056        /*
3057         *      Initialize the protocols module.
3058         */
3059
3060        init_inodecache();
3061
3062        err = register_filesystem(&sock_fs_type);
3063        if (err)
3064                goto out;
3065        sock_mnt = kern_mount(&sock_fs_type);
3066        if (IS_ERR(sock_mnt)) {
3067                err = PTR_ERR(sock_mnt);
3068                goto out_mount;
3069        }
3070
3071        /* The real protocol initialization is performed in later initcalls.
3072         */
3073
3074#ifdef CONFIG_NETFILTER
3075        err = netfilter_init();
3076        if (err)
3077                goto out;
3078#endif
3079
3080        ptp_classifier_init();
3081
3082out:
3083        return err;
3084
3085out_mount:
3086        unregister_filesystem(&sock_fs_type);
3087        goto out;
3088}
3089
3090core_initcall(sock_init);       /* early initcall */
3091
3092#ifdef CONFIG_PROC_FS
3093void socket_seq_show(struct seq_file *seq)
3094{
3095        seq_printf(seq, "sockets: used %d\n",
3096                   sock_inuse_get(seq->private));
3097}
3098#endif                          /* CONFIG_PROC_FS */
3099
3100#ifdef CONFIG_COMPAT
3101static int compat_dev_ifconf(struct net *net, struct compat_ifconf __user *uifc32)
3102{
3103        struct compat_ifconf ifc32;
3104        struct ifconf ifc;
3105        int err;
3106
3107        if (copy_from_user(&ifc32, uifc32, sizeof(struct compat_ifconf)))
3108                return -EFAULT;
3109
3110        ifc.ifc_len = ifc32.ifc_len;
3111        ifc.ifc_req = compat_ptr(ifc32.ifcbuf);
3112
3113        rtnl_lock();
3114        err = dev_ifconf(net, &ifc, sizeof(struct compat_ifreq));
3115        rtnl_unlock();
3116        if (err)
3117                return err;
3118
3119        ifc32.ifc_len = ifc.ifc_len;
3120        if (copy_to_user(uifc32, &ifc32, sizeof(struct compat_ifconf)))
3121                return -EFAULT;
3122
3123        return 0;
3124}
3125
3126static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
3127{
3128        struct compat_ethtool_rxnfc __user *compat_rxnfc;
3129        bool convert_in = false, convert_out = false;
3130        size_t buf_size = 0;
3131        struct ethtool_rxnfc __user *rxnfc = NULL;
3132        struct ifreq ifr;
3133        u32 rule_cnt = 0, actual_rule_cnt;
3134        u32 ethcmd;
3135        u32 data;
3136        int ret;
3137
3138        if (get_user(data, &ifr32->ifr_ifru.ifru_data))
3139                return -EFAULT;
3140
3141        compat_rxnfc = compat_ptr(data);
3142
3143        if (get_user(ethcmd, &compat_rxnfc->cmd))
3144                return -EFAULT;
3145
3146        /* Most ethtool structures are defined without padding.
3147         * Unfortunately struct ethtool_rxnfc is an exception.
3148         */
3149        switch (ethcmd) {
3150        default:
3151                break;
3152        case ETHTOOL_GRXCLSRLALL:
3153                /* Buffer size is variable */
3154                if (get_user(rule_cnt, &compat_rxnfc->rule_cnt))
3155                        return -EFAULT;
3156                if (rule_cnt > KMALLOC_MAX_SIZE / sizeof(u32))
3157                        return -ENOMEM;
3158                buf_size += rule_cnt * sizeof(u32);
3159                fallthrough;
3160        case ETHTOOL_GRXRINGS:
3161        case ETHTOOL_GRXCLSRLCNT:
3162        case ETHTOOL_GRXCLSRULE:
3163        case ETHTOOL_SRXCLSRLINS:
3164                convert_out = true;
3165                fallthrough;
3166        case ETHTOOL_SRXCLSRLDEL:
3167                buf_size += sizeof(struct ethtool_rxnfc);
3168                convert_in = true;
3169                rxnfc = compat_alloc_user_space(buf_size);
3170                break;
3171        }
3172
3173        if (copy_from_user(&ifr.ifr_name, &ifr32->ifr_name, IFNAMSIZ))
3174                return -EFAULT;
3175
3176        ifr.ifr_data = convert_in ? rxnfc : (void __user *)compat_rxnfc;
3177
3178        if (convert_in) {
3179                /* We expect there to be holes between fs.m_ext and
3180                 * fs.ring_cookie and at the end of fs, but nowhere else.
3181                 */
3182                BUILD_BUG_ON(offsetof(struct compat_ethtool_rxnfc, fs.m_ext) +
3183                             sizeof(compat_rxnfc->fs.m_ext) !=
3184                             offsetof(struct ethtool_rxnfc, fs.m_ext) +
3185                             sizeof(rxnfc->fs.m_ext));
3186                BUILD_BUG_ON(
3187                        offsetof(struct compat_ethtool_rxnfc, fs.location) -
3188                        offsetof(struct compat_ethtool_rxnfc, fs.ring_cookie) !=
3189                        offsetof(struct ethtool_rxnfc, fs.location) -
3190                        offsetof(struct ethtool_rxnfc, fs.ring_cookie));
3191
3192                if (copy_in_user(rxnfc, compat_rxnfc,
3193                                 (void __user *)(&rxnfc->fs.m_ext + 1) -
3194                                 (void __user *)rxnfc) ||
3195                    copy_in_user(&rxnfc->fs.ring_cookie,
3196                                 &compat_rxnfc->fs.ring_cookie,
3197                                 (void __user *)(&rxnfc->fs.location + 1) -
3198                                 (void __user *)&rxnfc->fs.ring_cookie))
3199                        return -EFAULT;
3200                if (ethcmd == ETHTOOL_GRXCLSRLALL) {
3201                        if (put_user(rule_cnt, &rxnfc->rule_cnt))
3202                                return -EFAULT;
3203                } else if (copy_in_user(&rxnfc->rule_cnt,
3204                                        &compat_rxnfc->rule_cnt,
3205                                        sizeof(rxnfc->rule_cnt)))
3206                        return -EFAULT;
3207        }
3208
3209        ret = dev_ioctl(net, SIOCETHTOOL, &ifr, NULL);
3210        if (ret)
3211                return ret;
3212
3213        if (convert_out) {
3214                if (copy_in_user(compat_rxnfc, rxnfc,
3215                                 (const void __user *)(&rxnfc->fs.m_ext + 1) -
3216                                 (const void __user *)rxnfc) ||
3217                    copy_in_user(&compat_rxnfc->fs.ring_cookie,
3218                                 &rxnfc->fs.ring_cookie,
3219                                 (const void __user *)(&rxnfc->fs.location + 1) -
3220                                 (const void __user *)&rxnfc->fs.ring_cookie) ||
3221                    copy_in_user(&compat_rxnfc->rule_cnt, &rxnfc->rule_cnt,
3222                                 sizeof(rxnfc->rule_cnt)))
3223                        return -EFAULT;
3224
3225                if (ethcmd == ETHTOOL_GRXCLSRLALL) {
3226                        /* As an optimisation, we only copy the actual
3227                         * number of rules that the underlying
3228                         * function returned.  Since Mallory might
3229                         * change the rule count in user memory, we
3230                         * check that it is less than the rule count
3231                         * originally given (as the user buffer size),
3232                         * which has been range-checked.
3233                         */
3234                        if (get_user(actual_rule_cnt, &rxnfc->rule_cnt))
3235                                return -EFAULT;
3236                        if (actual_rule_cnt < rule_cnt)
3237                                rule_cnt = actual_rule_cnt;
3238                        if (copy_in_user(&compat_rxnfc->rule_locs[0],
3239                                         &rxnfc->rule_locs[0],
3240                                         rule_cnt * sizeof(u32)))
3241                                return -EFAULT;
3242                }
3243        }
3244
3245        return 0;
3246}
3247
3248static int compat_siocwandev(struct net *net, struct compat_ifreq __user *uifr32)
3249{
3250        compat_uptr_t uptr32;
3251        struct ifreq ifr;
3252        void __user *saved;
3253        int err;
3254
3255        if (copy_from_user(&ifr, uifr32, sizeof(struct compat_ifreq)))
3256                return -EFAULT;
3257
3258        if (get_user(uptr32, &uifr32->ifr_settings.ifs_ifsu))
3259                return -EFAULT;
3260
3261        saved = ifr.ifr_settings.ifs_ifsu.raw_hdlc;
3262        ifr.ifr_settings.ifs_ifsu.raw_hdlc = compat_ptr(uptr32);
3263
3264        err = dev_ioctl(net, SIOCWANDEV, &ifr, NULL);
3265        if (!err) {
3266                ifr.ifr_settings.ifs_ifsu.raw_hdlc = saved;
3267                if (copy_to_user(uifr32, &ifr, sizeof(struct compat_ifreq)))
3268                        err = -EFAULT;
3269        }
3270        return err;
3271}
3272
3273/* Handle ioctls that use ifreq::ifr_data and just need struct ifreq converted */
3274static int compat_ifr_data_ioctl(struct net *net, unsigned int cmd,
3275                                 struct compat_ifreq __user *u_ifreq32)
3276{
3277        struct ifreq ifreq;
3278        u32 data32;
3279
3280        if (copy_from_user(ifreq.ifr_name, u_ifreq32->ifr_name, IFNAMSIZ))
3281                return -EFAULT;
3282        if (get_user(data32, &u_ifreq32->ifr_data))
3283                return -EFAULT;
3284        ifreq.ifr_data = compat_ptr(data32);
3285
3286        return dev_ioctl(net, cmd, &ifreq, NULL);
3287}
3288
3289static int compat_ifreq_ioctl(struct net *net, struct socket *sock,
3290                              unsigned int cmd,
3291                              struct compat_ifreq __user *uifr32)
3292{
3293        struct ifreq __user *uifr;
3294        int err;
3295
3296        /* Handle the fact that while struct ifreq has the same *layout* on
3297         * 32/64 for everything but ifreq::ifru_ifmap and ifreq::ifru_data,
3298         * which are handled elsewhere, it still has different *size* due to
3299         * ifreq::ifru_ifmap (which is 16 bytes on 32 bit, 24 bytes on 64-bit,
3300         * resulting in struct ifreq being 32 and 40 bytes respectively).
3301         * As a result, if the struct happens to be at the end of a page and
3302         * the next page isn't readable/writable, we get a fault. To prevent
3303         * that, copy back and forth to the full size.
3304         */
3305
3306        uifr = compat_alloc_user_space(sizeof(*uifr));
3307        if (copy_in_user(uifr, uifr32, sizeof(*uifr32)))
3308                return -EFAULT;
3309
3310        err = sock_do_ioctl(net, sock, cmd, (unsigned long)uifr);
3311
3312        if (!err) {
3313                switch (cmd) {
3314                case SIOCGIFFLAGS:
3315                case SIOCGIFMETRIC:
3316                case SIOCGIFMTU:
3317                case SIOCGIFMEM:
3318                case SIOCGIFHWADDR:
3319                case SIOCGIFINDEX:
3320                case SIOCGIFADDR:
3321                case SIOCGIFBRDADDR:
3322                case SIOCGIFDSTADDR:
3323                case SIOCGIFNETMASK:
3324                case SIOCGIFPFLAGS:
3325                case SIOCGIFTXQLEN:
3326                case SIOCGMIIPHY:
3327                case SIOCGMIIREG:
3328                case SIOCGIFNAME:
3329                        if (copy_in_user(uifr32, uifr, sizeof(*uifr32)))
3330                                err = -EFAULT;
3331                        break;
3332                }
3333        }
3334        return err;
3335}
3336
3337static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
3338                        struct compat_ifreq __user *uifr32)
3339{
3340        struct ifreq ifr;
3341        struct compat_ifmap __user *uifmap32;
3342        int err;
3343
3344        uifmap32 = &uifr32->ifr_ifru.ifru_map;
3345        err = copy_from_user(&ifr, uifr32, sizeof(ifr.ifr_name));
3346        err |= get_user(ifr.ifr_map.mem_start, &uifmap32->mem_start);
3347        err |= get_user(ifr.ifr_map.mem_end, &uifmap32->mem_end);
3348        err |= get_user(ifr.ifr_map.base_addr, &uifmap32->base_addr);
3349        err |= get_user(ifr.ifr_map.irq, &uifmap32->irq);
3350        err |= get_user(ifr.ifr_map.dma, &uifmap32->dma);
3351        err |= get_user(ifr.ifr_map.port, &uifmap32->port);
3352        if (err)
3353                return -EFAULT;
3354
3355        err = dev_ioctl(net, cmd, &ifr, NULL);
3356
3357        if (cmd == SIOCGIFMAP && !err) {
3358                err = copy_to_user(uifr32, &ifr, sizeof(ifr.ifr_name));
3359                err |= put_user(ifr.ifr_map.mem_start, &uifmap32->mem_start);
3360                err |= put_user(ifr.ifr_map.mem_end, &uifmap32->mem_end);
3361                err |= put_user(ifr.ifr_map.base_addr, &uifmap32->base_addr);
3362                err |= put_user(ifr.ifr_map.irq, &uifmap32->irq);
3363                err |= put_user(ifr.ifr_map.dma, &uifmap32->dma);
3364                err |= put_user(ifr.ifr_map.port, &uifmap32->port);
3365                if (err)
3366                        err = -EFAULT;
3367        }
3368        return err;
3369}
3370
3371/* Since old style bridge ioctl's endup using SIOCDEVPRIVATE
3372 * for some operations; this forces use of the newer bridge-utils that
3373 * use compatible ioctls
3374 */
3375static int old_bridge_ioctl(compat_ulong_t __user *argp)
3376{
3377        compat_ulong_t tmp;
3378
3379        if (get_user(tmp, argp))
3380                return -EFAULT;
3381        if (tmp == BRCTL_GET_VERSION)
3382                return BRCTL_VERSION + 1;
3383        return -EINVAL;
3384}
3385
3386static int compat_sock_ioctl_trans(struct file *file, struct socket *sock,
3387                         unsigned int cmd, unsigned long arg)
3388{
3389        void __user *argp = compat_ptr(arg);
3390        struct sock *sk = sock->sk;
3391        struct net *net = sock_net(sk);
3392
3393        if (cmd >= SIOCDEVPRIVATE && cmd <= (SIOCDEVPRIVATE + 15))
3394                return compat_ifr_data_ioctl(net, cmd, argp);
3395
3396        switch (cmd) {
3397        case SIOCSIFBR:
3398        case SIOCGIFBR:
3399                return old_bridge_ioctl(argp);
3400        case SIOCGIFCONF:
3401                return compat_dev_ifconf(net, argp);
3402        case SIOCETHTOOL:
3403                return ethtool_ioctl(net, argp);
3404        case SIOCWANDEV:
3405                return compat_siocwandev(net, argp);
3406        case SIOCGIFMAP:
3407        case SIOCSIFMAP:
3408                return compat_sioc_ifmap(net, cmd, argp);
3409        case SIOCGSTAMP_OLD:
3410        case SIOCGSTAMPNS_OLD:
3411                if (!sock->ops->gettstamp)
3412                        return -ENOIOCTLCMD;
3413                return sock->ops->gettstamp(sock, argp, cmd == SIOCGSTAMP_OLD,
3414                                            !COMPAT_USE_64BIT_TIME);
3415
3416        case SIOCBONDSLAVEINFOQUERY:
3417        case SIOCBONDINFOQUERY:
3418        case SIOCSHWTSTAMP:
3419        case SIOCGHWTSTAMP:
3420                return compat_ifr_data_ioctl(net, cmd, argp);
3421
3422        case FIOSETOWN:
3423        case SIOCSPGRP:
3424        case FIOGETOWN:
3425        case SIOCGPGRP:
3426        case SIOCBRADDBR:
3427        case SIOCBRDELBR:
3428        case SIOCGIFVLAN:
3429        case SIOCSIFVLAN:
3430        case SIOCADDDLCI:
3431        case SIOCDELDLCI:
3432        case SIOCGSKNS:
3433        case SIOCGSTAMP_NEW:
3434        case SIOCGSTAMPNS_NEW:
3435                return sock_ioctl(file, cmd, arg);
3436
3437        case SIOCGIFFLAGS:
3438        case SIOCSIFFLAGS:
3439        case SIOCGIFMETRIC:
3440        case SIOCSIFMETRIC:
3441        case SIOCGIFMTU:
3442        case SIOCSIFMTU:
3443        case SIOCGIFMEM:
3444        case SIOCSIFMEM:
3445        case SIOCGIFHWADDR:
3446        case SIOCSIFHWADDR:
3447        case SIOCADDMULTI:
3448        case SIOCDELMULTI:
3449        case SIOCGIFINDEX:
3450        case SIOCGIFADDR:
3451        case SIOCSIFADDR:
3452        case SIOCSIFHWBROADCAST:
3453        case SIOCDIFADDR:
3454        case SIOCGIFBRDADDR:
3455        case SIOCSIFBRDADDR:
3456        case SIOCGIFDSTADDR:
3457        case SIOCSIFDSTADDR:
3458        case SIOCGIFNETMASK:
3459        case SIOCSIFNETMASK:
3460        case SIOCSIFPFLAGS:
3461        case SIOCGIFPFLAGS:
3462        case SIOCGIFTXQLEN:
3463        case SIOCSIFTXQLEN:
3464        case SIOCBRADDIF:
3465        case SIOCBRDELIF:
3466        case SIOCGIFNAME:
3467        case SIOCSIFNAME:
3468        case SIOCGMIIPHY:
3469        case SIOCGMIIREG:
3470        case SIOCSMIIREG:
3471        case SIOCBONDENSLAVE:
3472        case SIOCBONDRELEASE:
3473        case SIOCBONDSETHWADDR:
3474        case SIOCBONDCHANGEACTIVE:
3475                return compat_ifreq_ioctl(net, sock, cmd, argp);
3476
3477        case SIOCSARP:
3478        case SIOCGARP:
3479        case SIOCDARP:
3480        case SIOCOUTQ:
3481        case SIOCOUTQNSD:
3482        case SIOCATMARK:
3483                return sock_do_ioctl(net, sock, cmd, arg);
3484        }
3485
3486        return -ENOIOCTLCMD;
3487}
3488
3489static long compat_sock_ioctl(struct file *file, unsigned int cmd,
3490                              unsigned long arg)
3491{
3492        struct socket *sock = file->private_data;
3493        int ret = -ENOIOCTLCMD;
3494        struct sock *sk;
3495        struct net *net;
3496
3497        sk = sock->sk;
3498        net = sock_net(sk);
3499
3500        if (sock->ops->compat_ioctl)
3501                ret = sock->ops->compat_ioctl(sock, cmd, arg);
3502
3503        if (ret == -ENOIOCTLCMD &&
3504            (cmd >= SIOCIWFIRST && cmd <= SIOCIWLAST))
3505                ret = compat_wext_handle_ioctl(net, cmd, arg);
3506
3507        if (ret == -ENOIOCTLCMD)
3508                ret = compat_sock_ioctl_trans(file, sock, cmd, arg);
3509
3510        return ret;
3511}
3512#endif
3513
3514/**
3515 *      kernel_bind - bind an address to a socket (kernel space)
3516 *      @sock: socket
3517 *      @addr: address
3518 *      @addrlen: length of address
3519 *
3520 *      Returns 0 or an error.
3521 */
3522
3523int kernel_bind(struct socket *sock, struct sockaddr *addr, int addrlen)
3524{
3525        return sock->ops->bind(sock, addr, addrlen);
3526}
3527EXPORT_SYMBOL(kernel_bind);
3528
3529/**
3530 *      kernel_listen - move socket to listening state (kernel space)
3531 *      @sock: socket
3532 *      @backlog: pending connections queue size
3533 *
3534 *      Returns 0 or an error.
3535 */
3536
3537int kernel_listen(struct socket *sock, int backlog)
3538{
3539        return sock->ops->listen(sock, backlog);
3540}
3541EXPORT_SYMBOL(kernel_listen);
3542
3543/**
3544 *      kernel_accept - accept a connection (kernel space)
3545 *      @sock: listening socket
3546 *      @newsock: new connected socket
3547 *      @flags: flags
3548 *
3549 *      @flags must be SOCK_CLOEXEC, SOCK_NONBLOCK or 0.
3550 *      If it fails, @newsock is guaranteed to be %NULL.
3551 *      Returns 0 or an error.
3552 */
3553
3554int kernel_accept(struct socket *sock, struct socket **newsock, int flags)
3555{
3556        struct sock *sk = sock->sk;
3557        int err;
3558
3559        err = sock_create_lite(sk->sk_family, sk->sk_type, sk->sk_protocol,
3560                               newsock);
3561        if (err < 0)
3562                goto done;
3563
3564        err = sock->ops->accept(sock, *newsock, flags, true);
3565        if (err < 0) {
3566                sock_release(*newsock);
3567                *newsock = NULL;
3568                goto done;
3569        }
3570
3571        (*newsock)->ops = sock->ops;
3572        __module_get((*newsock)->ops->owner);
3573
3574done:
3575        return err;
3576}
3577EXPORT_SYMBOL(kernel_accept);
3578
3579/**
3580 *      kernel_connect - connect a socket (kernel space)
3581 *      @sock: socket
3582 *      @addr: address
3583 *      @addrlen: address length
3584 *      @flags: flags (O_NONBLOCK, ...)
3585 *
3586 *      For datagram sockets, @addr is the addres to which datagrams are sent
3587 *      by default, and the only address from which datagrams are received.
3588 *      For stream sockets, attempts to connect to @addr.
3589 *      Returns 0 or an error code.
3590 */
3591
3592int kernel_connect(struct socket *sock, struct sockaddr *addr, int addrlen,
3593                   int flags)
3594{
3595        return sock->ops->connect(sock, addr, addrlen, flags);
3596}
3597EXPORT_SYMBOL(kernel_connect);
3598
3599/**
3600 *      kernel_getsockname - get the address which the socket is bound (kernel space)
3601 *      @sock: socket
3602 *      @addr: address holder
3603 *
3604 *      Fills the @addr pointer with the address which the socket is bound.
3605 *      Returns 0 or an error code.
3606 */
3607
3608int kernel_getsockname(struct socket *sock, struct sockaddr *addr)
3609{
3610        return sock->ops->getname(sock, addr, 0);
3611}
3612EXPORT_SYMBOL(kernel_getsockname);
3613
3614/**
3615 *      kernel_getpeername - get the address which the socket is connected (kernel space)
3616 *      @sock: socket
3617 *      @addr: address holder
3618 *
3619 *      Fills the @addr pointer with the address which the socket is connected.
3620 *      Returns 0 or an error code.
3621 */
3622
3623int kernel_getpeername(struct socket *sock, struct sockaddr *addr)
3624{
3625        return sock->ops->getname(sock, addr, 1);
3626}
3627EXPORT_SYMBOL(kernel_getpeername);
3628
3629/**
3630 *      kernel_sendpage - send a &page through a socket (kernel space)
3631 *      @sock: socket
3632 *      @page: page
3633 *      @offset: page offset
3634 *      @size: total size in bytes
3635 *      @flags: flags (MSG_DONTWAIT, ...)
3636 *
3637 *      Returns the total amount sent in bytes or an error.
3638 */
3639
3640int kernel_sendpage(struct socket *sock, struct page *page, int offset,
3641                    size_t size, int flags)
3642{
3643        if (sock->ops->sendpage) {
3644                /* Warn in case the improper page to zero-copy send */
3645                WARN_ONCE(!sendpage_ok(page), "improper page for zero-copy send");
3646                return sock->ops->sendpage(sock, page, offset, size, flags);
3647        }
3648        return sock_no_sendpage(sock, page, offset, size, flags);
3649}
3650EXPORT_SYMBOL(kernel_sendpage);
3651
3652/**
3653 *      kernel_sendpage_locked - send a &page through the locked sock (kernel space)
3654 *      @sk: sock
3655 *      @page: page
3656 *      @offset: page offset
3657 *      @size: total size in bytes
3658 *      @flags: flags (MSG_DONTWAIT, ...)
3659 *
3660 *      Returns the total amount sent in bytes or an error.
3661 *      Caller must hold @sk.
3662 */
3663
3664int kernel_sendpage_locked(struct sock *sk, struct page *page, int offset,
3665                           size_t size, int flags)
3666{
3667        struct socket *sock = sk->sk_socket;
3668
3669        if (sock->ops->sendpage_locked)
3670                return sock->ops->sendpage_locked(sk, page, offset, size,
3671                                                  flags);
3672
3673        return sock_no_sendpage_locked(sk, page, offset, size, flags);
3674}
3675EXPORT_SYMBOL(kernel_sendpage_locked);
3676
3677/**
3678 *      kernel_sock_shutdown - shut down part of a full-duplex connection (kernel space)
3679 *      @sock: socket
3680 *      @how: connection part
3681 *
3682 *      Returns 0 or an error.
3683 */
3684
3685int kernel_sock_shutdown(struct socket *sock, enum sock_shutdown_cmd how)
3686{
3687        return sock->ops->shutdown(sock, how);
3688}
3689EXPORT_SYMBOL(kernel_sock_shutdown);
3690
3691/**
3692 *      kernel_sock_ip_overhead - returns the IP overhead imposed by a socket
3693 *      @sk: socket
3694 *
3695 *      This routine returns the IP overhead imposed by a socket i.e.
3696 *      the length of the underlying IP header, depending on whether
3697 *      this is an IPv4 or IPv6 socket and the length from IP options turned
3698 *      on at the socket. Assumes that the caller has a lock on the socket.
3699 */
3700
3701u32 kernel_sock_ip_overhead(struct sock *sk)
3702{
3703        struct inet_sock *inet;
3704        struct ip_options_rcu *opt;
3705        u32 overhead = 0;
3706#if IS_ENABLED(CONFIG_IPV6)
3707        struct ipv6_pinfo *np;
3708        struct ipv6_txoptions *optv6 = NULL;
3709#endif /* IS_ENABLED(CONFIG_IPV6) */
3710
3711        if (!sk)
3712                return overhead;
3713
3714        switch (sk->sk_family) {
3715        case AF_INET:
3716                inet = inet_sk(sk);
3717                overhead += sizeof(struct iphdr);
3718                opt = rcu_dereference_protected(inet->inet_opt,
3719                                                sock_owned_by_user(sk));
3720                if (opt)
3721                        overhead += opt->opt.optlen;
3722                return overhead;
3723#if IS_ENABLED(CONFIG_IPV6)
3724        case AF_INET6:
3725                np = inet6_sk(sk);
3726                overhead += sizeof(struct ipv6hdr);
3727                if (np)
3728                        optv6 = rcu_dereference_protected(np->opt,
3729                                                          sock_owned_by_user(sk));
3730                if (optv6)
3731                        overhead += (optv6->opt_flen + optv6->opt_nflen);
3732                return overhead;
3733#endif /* IS_ENABLED(CONFIG_IPV6) */
3734        default: /* Returns 0 overhead if the socket is not ipv4 or ipv6 */
3735                return overhead;
3736        }
3737}
3738EXPORT_SYMBOL(kernel_sock_ip_overhead);
3739