projects / linux-2.6-block.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
security: make security_file_set_fowner, f_setown and __f_setown void return
[linux-2.6-block.git] / net / socket.c
CommitLineData
1da177e4
LT		 1/*
2 * NET An implementation of the SOCKET network access protocol.
3 *
4 * Version: @(#)socket.c 1.1.93 18/02/95
5 *
6 * Authors: Orest Zborowski, <obz@Kodak.COM>
02c30a84 7 * Ross Biro
1da177e4
LT		 8 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
9 *
10 * Fixes:
11 * Anonymous : NOTSOCK/BADF cleanup. Error fix in
12 * shutdown()
13 * Alan Cox : verify_area() fixes
14 * Alan Cox : Removed DDI
15 * Jonathan Kamens : SOCK_DGRAM reconnect bug
16 * Alan Cox : Moved a load of checks to the very
17 * top level.
18 * Alan Cox : Move address structures to/from user
19 * mode above the protocol layers.
20 * Rob Janssen : Allow 0 length sends.
21 * Alan Cox : Asynchronous I/O support (cribbed from the
22 * tty drivers).
23 * Niibe Yutaka : Asynchronous I/O for writes (4.4BSD style)
24 * Jeff Uphoff : Made max number of sockets command-line
25 * configurable.
26 * Matti Aarnio : Made the number of sockets dynamic,
27 * to be allocated when needed, and mr.
28 * Uphoff's max is used as max to be
29 * allowed to allocate.
30 * Linus : Argh. removed all the socket allocation
31 * altogether: it's in the inode now.
32 * Alan Cox : Made sock_alloc()/sock_release() public
33 * for NetROM and future kernel nfsd type
34 * stuff.
35 * Alan Cox : sendmsg/recvmsg basics.
36 * Tom Dyas : Export net symbols.
37 * Marcin Dalecki : Fixed problems with CONFIG_NET="n".
38 * Alan Cox : Added thread locking to sys_* calls
39 * for sockets. May have errors at the
40 * moment.
41 * Kevin Buhr : Fixed the dumb errors in the above.
42 * Andi Kleen : Some small cleanups, optimizations,
43 * and fixed a copy_from_user() bug.
44 * Tigran Aivazian : sys_send(args) calls sys_sendto(args, NULL, 0)
89bddce5 45 * Tigran Aivazian : Made listen(2) backlog sanity checks
1da177e4
LT		 46 * protocol-independent
47 *
48 *
49 * This program is free software; you can redistribute it and/or
50 * modify it under the terms of the GNU General Public License
51 * as published by the Free Software Foundation; either version
52 * 2 of the License, or (at your option) any later version.
53 *
54 *
55 * This module is effectively the top level interface to the BSD socket
89bddce5 56 * paradigm.
1da177e4
LT		 57 *
58 * Based upon Swansea University Computer Society NET3.039
59 */
60
1da177e4 61#include <linux/mm.h>
1da177e4
LT		 62#include <linux/socket.h>
63#include <linux/file.h>
64#include <linux/net.h>
65#include <linux/interrupt.h>
aaca0bdc 66#include <linux/thread_info.h>
55737fda 67#include <linux/rcupdate.h>
1da177e4
LT		 68#include <linux/netdevice.h>
69#include <linux/proc_fs.h>
70#include <linux/seq_file.h>
4a3e2f71 71#include <linux/mutex.h>
1da177e4 72#include <linux/if_bridge.h>
20380731
ACM		 73#include <linux/if_frad.h>
74#include <linux/if_vlan.h>
408eccce 75#include <linux/ptp_classify.h>
1da177e4
LT		 76#include <linux/init.h>
77#include <linux/poll.h>
78#include <linux/cache.h>
79#include <linux/module.h>
80#include <linux/highmem.h>
1da177e4
LT		 81#include <linux/mount.h>
82#include <linux/security.h>
83#include <linux/syscalls.h>
84#include <linux/compat.h>
85#include <linux/kmod.h>
3ec3b2fb 86#include <linux/audit.h>
d86b5e0e 87#include <linux/wireless.h>
1b8d7ae4 88#include <linux/nsproxy.h>
1fd7317d 89#include <linux/magic.h>
5a0e3ad6 90#include <linux/slab.h>
600e1779 91#include <linux/xattr.h>
1da177e4
LT		 92
93#include <asm/uaccess.h>
94#include <asm/unistd.h>
95
96#include <net/compat.h>
87de87d5 97#include <net/wext.h>
f8451725 98#include <net/cls_cgroup.h>
1da177e4
LT		 99
100#include <net/sock.h>
101#include <linux/netfilter.h>
102
6b96018b
AB		 103#include <linux/if_tun.h>
104#include <linux/ipv6_route.h>
105#include <linux/route.h>
6b96018b
AB		 106#include <linux/sockios.h>
107#include <linux/atalk.h>
076bb0c8 108#include <net/busy_poll.h>
f24b9be5 109#include <linux/errqueue.h>
06021292 110
e0d1095a 111#ifdef CONFIG_NET_RX_BUSY_POLL
64b0dc51
ET		 112unsigned int sysctl_net_busy_read __read_mostly;
113unsigned int sysctl_net_busy_poll __read_mostly;
06021292 114#endif
6b96018b 115
1da177e4 116static int sock_no_open(struct inode *irrelevant, struct file *dontcare);
027445c3
BP		 117static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov,
118 unsigned long nr_segs, loff_t pos);
119static ssize_t sock_aio_write(struct kiocb *iocb, const struct iovec *iov,
120 unsigned long nr_segs, loff_t pos);
89bddce5 121static int sock_mmap(struct file *file, struct vm_area_struct *vma);
1da177e4
LT		 122
123static int sock_close(struct inode *inode, struct file *file);
124static unsigned int sock_poll(struct file *file,
125 struct poll_table_struct *wait);
89bddce5 126static long sock_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
89bbfc95
SP		 127#ifdef CONFIG_COMPAT
128static long compat_sock_ioctl(struct file *file,
89bddce5 129 unsigned int cmd, unsigned long arg);
89bbfc95 130#endif
1da177e4 131static int sock_fasync(int fd, struct file *filp, int on);
1da177e4
LT		 132static ssize_t sock_sendpage(struct file *file, struct page *page,
133 int offset, size_t size, loff_t *ppos, int more);
9c55e01c 134static ssize_t sock_splice_read(struct file *file, loff_t *ppos,
c6d409cf 135 struct pipe_inode_info *pipe, size_t len,
9c55e01c 136 unsigned int flags);
1da177e4 137
1da177e4
LT		 138/*
139 * Socket files have a set of 'special' operations as well as the generic file ones. These don't appear
140 * in the operation structures but are done directly via the socketcall() multiplexor.
141 */
142
da7071d7 143static const struct file_operations socket_file_ops = {
1da177e4
LT		 144 .owner = THIS_MODULE,
145 .llseek = no_llseek,
146 .aio_read = sock_aio_read,
147 .aio_write = sock_aio_write,
148 .poll = sock_poll,
149 .unlocked_ioctl = sock_ioctl,
89bbfc95
SP		 150#ifdef CONFIG_COMPAT
151 .compat_ioctl = compat_sock_ioctl,
152#endif
1da177e4
LT		 153 .mmap = sock_mmap,
154 .open = sock_no_open, /* special open code to disallow open via /proc */
155 .release = sock_close,
156 .fasync = sock_fasync,
5274f052
JA		 157 .sendpage = sock_sendpage,
158 .splice_write = generic_splice_sendpage,
9c55e01c 159 .splice_read = sock_splice_read,
1da177e4
LT		 160};
161
162/*
163 * The protocol list. Each protocol is registered in here.
164 */
165
1da177e4 166static DEFINE_SPINLOCK(net_family_lock);
190683a9 167static const struct net_proto_family __rcu *net_families[NPROTO] __read_mostly;
1da177e4 168
1da177e4
LT		 169/*
170 * Statistics counters of the socket lists
171 */
172
c6d409cf 173static DEFINE_PER_CPU(int, sockets_in_use);
1da177e4
LT		 174
175/*
89bddce5
SH		 176 * Support routines.
177 * Move socket addresses back and forth across the kernel/user
178 * divide and look after the messy bits.
1da177e4
LT		 179 */
180
1da177e4
LT		 181/**
182 * move_addr_to_kernel - copy a socket address into kernel space
183 * @uaddr: Address in user space
184 * @kaddr: Address in kernel space
185 * @ulen: Length in user space
186 *
187 * The address is copied into kernel space. If the provided address is
188 * too long an error code of -EINVAL is returned. If the copy gives
189 * invalid addresses -EFAULT is returned. On a success 0 is returned.
190 */
191
43db362d 192int move_addr_to_kernel(void __user *uaddr, int ulen, struct sockaddr_storage *kaddr)
1da177e4 193{
230b1839 194 if (ulen < 0 || ulen > sizeof(struct sockaddr_storage))
1da177e4 195 return -EINVAL;
89bddce5 196 if (ulen == 0)
1da177e4 197 return 0;
89bddce5 198 if (copy_from_user(kaddr, uaddr, ulen))
1da177e4 199 return -EFAULT;
3ec3b2fb 200 return audit_sockaddr(ulen, kaddr);
1da177e4
LT		 201}
202
203/**
204 * move_addr_to_user - copy an address to user space
205 * @kaddr: kernel space address
206 * @klen: length of address in kernel
207 * @uaddr: user space address
208 * @ulen: pointer to user length field
209 *
210 * The value pointed to by ulen on entry is the buffer length available.
211 * This is overwritten with the buffer space used. -EINVAL is returned
212 * if an overlong buffer is specified or a negative buffer size. -EFAULT
213 * is returned if either the buffer or the length field are not
214 * accessible.
215 * After copying the data up to the limit the user specifies, the true
216 * length of the data is written over the length limit the user
217 * specified. Zero is returned for a success.
218 */
89bddce5 219
43db362d 220static int move_addr_to_user(struct sockaddr_storage *kaddr, int klen,
11165f14 221 void __user *uaddr, int __user *ulen)
1da177e4
LT		 222{
223 int err;
224 int len;
225
68c6beb3 226 BUG_ON(klen > sizeof(struct sockaddr_storage));
89bddce5
SH		 227 err = get_user(len, ulen);
228 if (err)
1da177e4 229 return err;
89bddce5
SH		 230 if (len > klen)
231 len = klen;
68c6beb3 232 if (len < 0)
1da177e4 233 return -EINVAL;
89bddce5 234 if (len) {
d6fe3945
SG		 235 if (audit_sockaddr(klen, kaddr))
236 return -ENOMEM;
89bddce5 237 if (copy_to_user(uaddr, kaddr, len))
1da177e4
LT		 238 return -EFAULT;
239 }
240 /*
89bddce5
SH		 241 * "fromlen shall refer to the value before truncation.."
242 * 1003.1g
1da177e4
LT		 243 */
244 return __put_user(klen, ulen);
245}
246
e18b890b 247static struct kmem_cache *sock_inode_cachep __read_mostly;
1da177e4
LT		 248
249static struct inode *sock_alloc_inode(struct super_block *sb)
250{
251 struct socket_alloc *ei;
eaefd110 252 struct socket_wq *wq;
89bddce5 253
e94b1766 254 ei = kmem_cache_alloc(sock_inode_cachep, GFP_KERNEL);
1da177e4
LT		 255 if (!ei)
256 return NULL;
eaefd110
ED		 257 wq = kmalloc(sizeof(*wq), GFP_KERNEL);
258 if (!wq) {
43815482
ED		 259 kmem_cache_free(sock_inode_cachep, ei);
260 return NULL;
261 }
eaefd110
ED		 262 init_waitqueue_head(&wq->wait);
263 wq->fasync_list = NULL;
264 RCU_INIT_POINTER(ei->socket.wq, wq);
89bddce5 265
1da177e4
LT		 266 ei->socket.state = SS_UNCONNECTED;
267 ei->socket.flags = 0;
268 ei->socket.ops = NULL;
269 ei->socket.sk = NULL;
270 ei->socket.file = NULL;
1da177e4
LT		 271
272 return &ei->vfs_inode;
273}
274
275static void sock_destroy_inode(struct inode *inode)
276{
43815482 277 struct socket_alloc *ei;
eaefd110 278 struct socket_wq *wq;
43815482
ED		 279
280 ei = container_of(inode, struct socket_alloc, vfs_inode);
eaefd110 281 wq = rcu_dereference_protected(ei->socket.wq, 1);
61845220 282 kfree_rcu(wq, rcu);
43815482 283 kmem_cache_free(sock_inode_cachep, ei);
1da177e4
LT		 284}
285
51cc5068 286static void init_once(void *foo)
1da177e4 287{
89bddce5 288 struct socket_alloc *ei = (struct socket_alloc *)foo;
1da177e4 289
a35afb83 290 inode_init_once(&ei->vfs_inode);
1da177e4 291}
89bddce5 292
1da177e4
LT		 293static int init_inodecache(void)
294{
295 sock_inode_cachep = kmem_cache_create("sock_inode_cache",
89bddce5
SH		 296 sizeof(struct socket_alloc),
297 0,
298 (SLAB_HWCACHE_ALIGN |
299 SLAB_RECLAIM_ACCOUNT |
300 SLAB_MEM_SPREAD),
20c2df83 301 init_once);
1da177e4
LT		 302 if (sock_inode_cachep == NULL)
303 return -ENOMEM;
304 return 0;
305}
306
b87221de 307static const struct super_operations sockfs_ops = {
c6d409cf
ED		 308 .alloc_inode = sock_alloc_inode,
309 .destroy_inode = sock_destroy_inode,
310 .statfs = simple_statfs,
1da177e4
LT		 311};
312
c23fbb6b
ED		 313/*
314 * sockfs_dname() is called from d_path().
315 */
316static char *sockfs_dname(struct dentry *dentry, char *buffer, int buflen)
317{
318 return dynamic_dname(dentry, buffer, buflen, "socket:[%lu]",
319 dentry->d_inode->i_ino);
320}
321
3ba13d17 322static const struct dentry_operations sockfs_dentry_operations = {
c23fbb6b 323 .d_dname = sockfs_dname,
1da177e4
LT		 324};
325
c74a1cbb
AV		 326static struct dentry *sockfs_mount(struct file_system_type *fs_type,
327 int flags, const char *dev_name, void *data)
328{
329 return mount_pseudo(fs_type, "socket:", &sockfs_ops,
330 &sockfs_dentry_operations, SOCKFS_MAGIC);
331}
332
333static struct vfsmount *sock_mnt __read_mostly;
334
335static struct file_system_type sock_fs_type = {
336 .name = "sockfs",
337 .mount = sockfs_mount,
338 .kill_sb = kill_anon_super,
339};
340
1da177e4
LT		 341/*
342 * Obtains the first available file descriptor and sets it up for use.
343 *
39d8c1b6
DM		 344 * These functions create file structures and maps them to fd space
345 * of the current process. On success it returns file descriptor
1da177e4
LT		 346 * and file struct implicitly stored in sock->file.
347 * Note that another thread may close file descriptor before we return
348 * from this function. We use the fact that now we do not refer
349 * to socket after mapping. If one day we will need it, this
350 * function will increment ref. count on file by 1.
351 *
352 * In any case returned fd MAY BE not valid!
353 * This race condition is unavoidable
354 * with shared fd spaces, we cannot solve it inside kernel,
355 * but we take care of internal coherence yet.
356 */
357
aab174f0 358struct file *sock_alloc_file(struct socket *sock, int flags, const char *dname)
1da177e4 359{
7cbe66b6 360 struct qstr name = { .name = "" };
2c48b9c4 361 struct path path;
7cbe66b6 362 struct file *file;
1da177e4 363
600e1779
MY		 364 if (dname) {
365 name.name = dname;
366 name.len = strlen(name.name);
367 } else if (sock->sk) {
368 name.name = sock->sk->sk_prot_creator->name;
369 name.len = strlen(name.name);
370 }
4b936885 371 path.dentry = d_alloc_pseudo(sock_mnt->mnt_sb, &name);
28407630
AV		 372 if (unlikely(!path.dentry))
373 return ERR_PTR(-ENOMEM);
2c48b9c4 374 path.mnt = mntget(sock_mnt);
39d8c1b6 375
2c48b9c4 376 d_instantiate(path.dentry, SOCK_INODE(sock));
cc3808f8 377 SOCK_INODE(sock)->i_fop = &socket_file_ops;
39d8c1b6 378
2c48b9c4 379 file = alloc_file(&path, FMODE_READ | FMODE_WRITE,
ce8d2cdf 380 &socket_file_ops);
39b65252 381 if (unlikely(IS_ERR(file))) {
cc3808f8 382 /* drop dentry, keep inode */
7de9c6ee 383 ihold(path.dentry->d_inode);
2c48b9c4 384 path_put(&path);
39b65252 385 return file;
cc3808f8
AV		 386 }
387
388 sock->file = file;
77d27200 389 file->f_flags = O_RDWR | (flags & O_NONBLOCK);
39d8c1b6 390 file->private_data = sock;
28407630 391 return file;
39d8c1b6 392}
56b31d1c 393EXPORT_SYMBOL(sock_alloc_file);
39d8c1b6 394
56b31d1c 395static int sock_map_fd(struct socket *sock, int flags)
39d8c1b6
DM		 396{
397 struct file *newfile;
28407630
AV		 398 int fd = get_unused_fd_flags(flags);
399 if (unlikely(fd < 0))
400 return fd;
39d8c1b6 401
aab174f0 402 newfile = sock_alloc_file(sock, flags, NULL);
28407630 403 if (likely(!IS_ERR(newfile))) {
39d8c1b6 404 fd_install(fd, newfile);
28407630
AV		 405 return fd;
406 }
7cbe66b6 407
28407630
AV		 408 put_unused_fd(fd);
409 return PTR_ERR(newfile);
1da177e4
LT		 410}
411
406a3c63 412struct socket *sock_from_file(struct file *file, int *err)
6cb153ca 413{
6cb153ca
BL		 414 if (file->f_op == &socket_file_ops)
415 return file->private_data; /* set in sock_map_fd */
416
23bb80d2
ED		 417 *err = -ENOTSOCK;
418 return NULL;
6cb153ca 419}
406a3c63 420EXPORT_SYMBOL(sock_from_file);
6cb153ca 421
1da177e4 422/**
c6d409cf 423 * sockfd_lookup - Go from a file number to its socket slot
1da177e4
LT		 424 * @fd: file handle
425 * @err: pointer to an error code return
426 *
427 * The file handle passed in is locked and the socket it is bound
428 * too is returned. If an error occurs the err pointer is overwritten
429 * with a negative errno code and NULL is returned. The function checks
430 * for both invalid handles and passing a handle which is not a socket.
431 *
432 * On a success the socket object pointer is returned.
433 */
434
435struct socket *sockfd_lookup(int fd, int *err)
436{
437 struct file *file;
1da177e4
LT		 438 struct socket *sock;
439
89bddce5
SH		 440 file = fget(fd);
441 if (!file) {
1da177e4
LT		 442 *err = -EBADF;
443 return NULL;
444 }
89bddce5 445
6cb153ca
BL		 446 sock = sock_from_file(file, err);
447 if (!sock)
1da177e4 448 fput(file);
6cb153ca
BL		 449 return sock;
450}
c6d409cf 451EXPORT_SYMBOL(sockfd_lookup);
1da177e4 452
6cb153ca
BL		 453static struct socket *sockfd_lookup_light(int fd, int *err, int *fput_needed)
454{
00e188ef 455 struct fd f = fdget(fd);
6cb153ca
BL		 456 struct socket *sock;
457
3672558c 458 *err = -EBADF;
00e188ef
AV		 459 if (f.file) {
460 sock = sock_from_file(f.file, err);
461 if (likely(sock)) {
462 *fput_needed = f.flags;
6cb153ca 463 return sock;
00e188ef
AV		 464 }
465 fdput(f);
1da177e4 466 }
6cb153ca 467 return NULL;
1da177e4
LT		 468}
469
600e1779
MY		 470#define XATTR_SOCKPROTONAME_SUFFIX "sockprotoname"
471#define XATTR_NAME_SOCKPROTONAME (XATTR_SYSTEM_PREFIX XATTR_SOCKPROTONAME_SUFFIX)
472#define XATTR_NAME_SOCKPROTONAME_LEN (sizeof(XATTR_NAME_SOCKPROTONAME)-1)
473static ssize_t sockfs_getxattr(struct dentry *dentry,
474 const char *name, void *value, size_t size)
475{
476 const char *proto_name;
477 size_t proto_size;
478 int error;
479
480 error = -ENODATA;
481 if (!strncmp(name, XATTR_NAME_SOCKPROTONAME, XATTR_NAME_SOCKPROTONAME_LEN)) {
482 proto_name = dentry->d_name.name;
483 proto_size = strlen(proto_name);
484
485 if (value) {
486 error = -ERANGE;
487 if (proto_size + 1 > size)
488 goto out;
489
490 strncpy(value, proto_name, proto_size + 1);
491 }
492 error = proto_size + 1;
493 }
494
495out:
496 return error;
497}
498
499static ssize_t sockfs_listxattr(struct dentry *dentry, char *buffer,
500 size_t size)
501{
502 ssize_t len;
503 ssize_t used = 0;
504
505 len = security_inode_listsecurity(dentry->d_inode, buffer, size);
506 if (len < 0)
507 return len;
508 used += len;
509 if (buffer) {
510 if (size < used)
511 return -ERANGE;
512 buffer += len;
513 }
514
515 len = (XATTR_NAME_SOCKPROTONAME_LEN + 1);
516 used += len;
517 if (buffer) {
518 if (size < used)
519 return -ERANGE;
520 memcpy(buffer, XATTR_NAME_SOCKPROTONAME, len);
521 buffer += len;
522 }
523
524 return used;
525}
526
527static const struct inode_operations sockfs_inode_ops = {
528 .getxattr = sockfs_getxattr,
529 .listxattr = sockfs_listxattr,
530};
531
1da177e4
LT		 532/**
533 * sock_alloc - allocate a socket
89bddce5 534 *
1da177e4
LT		 535 * Allocate a new inode and socket object. The two are bound together
536 * and initialised. The socket is then returned. If we are out of inodes
537 * NULL is returned.
538 */
539
540static struct socket *sock_alloc(void)
541{
89bddce5
SH		 542 struct inode *inode;
543 struct socket *sock;
1da177e4 544
a209dfc7 545 inode = new_inode_pseudo(sock_mnt->mnt_sb);
1da177e4
LT		 546 if (!inode)
547 return NULL;
548
549 sock = SOCKET_I(inode);
550
29a020d3 551 kmemcheck_annotate_bitfield(sock, type);
85fe4025 552 inode->i_ino = get_next_ino();
89bddce5 553 inode->i_mode = S_IFSOCK | S_IRWXUGO;
8192b0c4
DH		 554 inode->i_uid = current_fsuid();
555 inode->i_gid = current_fsgid();
600e1779 556 inode->i_op = &sockfs_inode_ops;
1da177e4 557
19e8d69c 558 this_cpu_add(sockets_in_use, 1);
1da177e4
LT		 559 return sock;
560}
561
562/*
563 * In theory you can't get an open on this inode, but /proc provides
564 * a back door. Remember to keep it shut otherwise you'll let the
565 * creepy crawlies in.
566 */
89bddce5 567
1da177e4
LT		 568static int sock_no_open(struct inode *irrelevant, struct file *dontcare)
569{
570 return -ENXIO;
571}
572
4b6f5d20 573const struct file_operations bad_sock_fops = {
1da177e4
LT		 574 .owner = THIS_MODULE,
575 .open = sock_no_open,
6038f373 576 .llseek = noop_llseek,
1da177e4
LT		 577};
578
579/**
580 * sock_release - close a socket
581 * @sock: socket to close
582 *
583 * The socket is released from the protocol stack if it has a release
584 * callback, and the inode is then released if the socket is bound to
89bddce5 585 * an inode not a file.
1da177e4 586 */
89bddce5 587
1da177e4
LT		 588void sock_release(struct socket *sock)
589{
590 if (sock->ops) {
591 struct module *owner = sock->ops->owner;
592
593 sock->ops->release(sock);
594 sock->ops = NULL;
595 module_put(owner);
596 }
597
eaefd110 598 if (rcu_dereference_protected(sock->wq, 1)->fasync_list)
3410f22e 599 pr_err("%s: fasync list not empty!\n", __func__);
1da177e4 600
b09e786b
MP		 601 if (test_bit(SOCK_EXTERNALLY_ALLOCATED, &sock->flags))
602 return;
603
19e8d69c 604 this_cpu_sub(sockets_in_use, 1);
1da177e4
LT		 605 if (!sock->file) {
606 iput(SOCK_INODE(sock));
607 return;
608 }
89bddce5 609 sock->file = NULL;
1da177e4 610}
c6d409cf 611EXPORT_SYMBOL(sock_release);
1da177e4 612
140c55d4 613void sock_tx_timestamp(const struct sock *sk, __u8 *tx_flags)
20d49473 614{
140c55d4
ED		 615 u8 flags = *tx_flags;
616
b9f40e21 617 if (sk->sk_tsflags & SOF_TIMESTAMPING_TX_HARDWARE)
140c55d4
ED		 618 flags |= SKBTX_HW_TSTAMP;
619
b9f40e21 620 if (sk->sk_tsflags & SOF_TIMESTAMPING_TX_SOFTWARE)
140c55d4
ED		 621 flags |= SKBTX_SW_TSTAMP;
622
e7fd2885 623 if (sk->sk_tsflags & SOF_TIMESTAMPING_TX_SCHED)
140c55d4
ED		 624 flags |= SKBTX_SCHED_TSTAMP;
625
e1c8a607 626 if (sk->sk_tsflags & SOF_TIMESTAMPING_TX_ACK)
140c55d4 627 flags |= SKBTX_ACK_TSTAMP;
e7fd2885 628
6e3e939f 629 if (sock_flag(sk, SOCK_WIFI_STATUS))
140c55d4
ED		 630 flags |= SKBTX_WIFI_STATUS;
631
632 *tx_flags = flags;
20d49473
PO		 633}
634EXPORT_SYMBOL(sock_tx_timestamp);
635
228e548e
AB		 636static inline int __sock_sendmsg_nosec(struct kiocb *iocb, struct socket *sock,
637 struct msghdr *msg, size_t size)
1da177e4
LT		 638{
639 struct sock_iocb *si = kiocb_to_siocb(iocb);
1da177e4
LT		 640
641 si->sock = sock;
642 si->scm = NULL;
643 si->msg = msg;
644 si->size = size;
645
1da177e4
LT		 646 return sock->ops->sendmsg(iocb, sock, msg, size);
647}
648
228e548e
AB		 649static inline int __sock_sendmsg(struct kiocb *iocb, struct socket *sock,
650 struct msghdr *msg, size_t size)
651{
652 int err = security_socket_sendmsg(sock, msg, size);
653
654 return err ?: __sock_sendmsg_nosec(iocb, sock, msg, size);
655}
656
1da177e4
LT		 657int sock_sendmsg(struct socket *sock, struct msghdr *msg, size_t size)
658{
659 struct kiocb iocb;
660 struct sock_iocb siocb;
661 int ret;
662
663 init_sync_kiocb(&iocb, NULL);
664 iocb.private = &siocb;
665 ret = __sock_sendmsg(&iocb, sock, msg, size);
666 if (-EIOCBQUEUED == ret)
667 ret = wait_on_sync_kiocb(&iocb);
668 return ret;
669}
c6d409cf 670EXPORT_SYMBOL(sock_sendmsg);
1da177e4 671
894dc24c 672static int sock_sendmsg_nosec(struct socket *sock, struct msghdr *msg, size_t size)
228e548e
AB		 673{
674 struct kiocb iocb;
675 struct sock_iocb siocb;
676 int ret;
677
678 init_sync_kiocb(&iocb, NULL);
679 iocb.private = &siocb;
680 ret = __sock_sendmsg_nosec(&iocb, sock, msg, size);
681 if (-EIOCBQUEUED == ret)
682 ret = wait_on_sync_kiocb(&iocb);
683 return ret;
684}
685
1da177e4
LT		 686int kernel_sendmsg(struct socket *sock, struct msghdr *msg,
687 struct kvec *vec, size_t num, size_t size)
688{
689 mm_segment_t oldfs = get_fs();
690 int result;
691
692 set_fs(KERNEL_DS);
693 /*
694 * the following is safe, since for compiler definitions of kvec and
695 * iovec are identical, yielding the same in-core layout and alignment
696 */
89bddce5 697 msg->msg_iov = (struct iovec *)vec;
1da177e4
LT		 698 msg->msg_iovlen = num;
699 result = sock_sendmsg(sock, msg, size);
700 set_fs(oldfs);
701 return result;
702}
c6d409cf 703EXPORT_SYMBOL(kernel_sendmsg);
1da177e4 704
92f37fd2
ED		 705/*
706 * called from sock_recv_timestamp() if sock_flag(sk, SOCK_RCVTSTAMP)
707 */
708void __sock_recv_timestamp(struct msghdr *msg, struct sock *sk,
709 struct sk_buff *skb)
710{
20d49473 711 int need_software_tstamp = sock_flag(sk, SOCK_RCVTSTAMP);
f24b9be5 712 struct scm_timestamping tss;
20d49473
PO		 713 int empty = 1;
714 struct skb_shared_hwtstamps *shhwtstamps =
715 skb_hwtstamps(skb);
716
717 /* Race occurred between timestamp enabling and packet
718 receiving. Fill in the current time for now. */
719 if (need_software_tstamp && skb->tstamp.tv64 == 0)
720 __net_timestamp(skb);
721
722 if (need_software_tstamp) {
723 if (!sock_flag(sk, SOCK_RCVTSTAMPNS)) {
724 struct timeval tv;
725 skb_get_timestamp(skb, &tv);
726 put_cmsg(msg, SOL_SOCKET, SCM_TIMESTAMP,
727 sizeof(tv), &tv);
728 } else {
f24b9be5
WB		 729 struct timespec ts;
730 skb_get_timestampns(skb, &ts);
20d49473 731 put_cmsg(msg, SOL_SOCKET, SCM_TIMESTAMPNS,
f24b9be5 732 sizeof(ts), &ts);
20d49473
PO		 733 }
734 }
735
f24b9be5 736 memset(&tss, 0, sizeof(tss));
b9f40e21 737 if ((sk->sk_tsflags & SOF_TIMESTAMPING_SOFTWARE ||
f24b9be5
WB		 738 skb_shinfo(skb)->tx_flags & SKBTX_ANY_SW_TSTAMP) &&
739 ktime_to_timespec_cond(skb->tstamp, tss.ts + 0))
20d49473 740 empty = 0;
4d276eb6 741 if (shhwtstamps &&
b9f40e21 742 (sk->sk_tsflags & SOF_TIMESTAMPING_RAW_HARDWARE) &&
f24b9be5 743 ktime_to_timespec_cond(shhwtstamps->hwtstamp, tss.ts + 2))
4d276eb6 744 empty = 0;
20d49473
PO		 745 if (!empty)
746 put_cmsg(msg, SOL_SOCKET,
f24b9be5 747 SCM_TIMESTAMPING, sizeof(tss), &tss);
92f37fd2 748}
7c81fd8b
ACM		 749EXPORT_SYMBOL_GPL(__sock_recv_timestamp);
750
6e3e939f
JB		 751void __sock_recv_wifi_status(struct msghdr *msg, struct sock *sk,
752 struct sk_buff *skb)
753{
754 int ack;
755
756 if (!sock_flag(sk, SOCK_WIFI_STATUS))
757 return;
758 if (!skb->wifi_acked_valid)
759 return;
760
761 ack = skb->wifi_acked;
762
763 put_cmsg(msg, SOL_SOCKET, SCM_WIFI_STATUS, sizeof(ack), &ack);
764}
765EXPORT_SYMBOL_GPL(__sock_recv_wifi_status);
766
11165f14 767static inline void sock_recv_drops(struct msghdr *msg, struct sock *sk,
768 struct sk_buff *skb)
3b885787
NH		 769{
770 if (sock_flag(sk, SOCK_RXQ_OVFL) && skb && skb->dropcount)
771 put_cmsg(msg, SOL_SOCKET, SO_RXQ_OVFL,
772 sizeof(__u32), &skb->dropcount);
773}
774
767dd033 775void __sock_recv_ts_and_drops(struct msghdr *msg, struct sock *sk,
3b885787
NH		 776 struct sk_buff *skb)
777{
778 sock_recv_timestamp(msg, sk, skb);
779 sock_recv_drops(msg, sk, skb);
780}
767dd033 781EXPORT_SYMBOL_GPL(__sock_recv_ts_and_drops);
3b885787 782
a2e27255
ACM		 783static inline int __sock_recvmsg_nosec(struct kiocb *iocb, struct socket *sock,
784 struct msghdr *msg, size_t size, int flags)
1da177e4 785{
1da177e4
LT		 786 struct sock_iocb *si = kiocb_to_siocb(iocb);
787
788 si->sock = sock;
789 si->scm = NULL;
790 si->msg = msg;
791 si->size = size;
792 si->flags = flags;
793
1da177e4
LT		 794 return sock->ops->recvmsg(iocb, sock, msg, size, flags);
795}
796
a2e27255
ACM		 797static inline int __sock_recvmsg(struct kiocb *iocb, struct socket *sock,
798 struct msghdr *msg, size_t size, int flags)
799{
800 int err = security_socket_recvmsg(sock, msg, size, flags);
801
802 return err ?: __sock_recvmsg_nosec(iocb, sock, msg, size, flags);
803}
804
89bddce5 805int sock_recvmsg(struct socket *sock, struct msghdr *msg,
1da177e4
LT		 806 size_t size, int flags)
807{
808 struct kiocb iocb;
809 struct sock_iocb siocb;
810 int ret;
811
89bddce5 812 init_sync_kiocb(&iocb, NULL);
1da177e4
LT		 813 iocb.private = &siocb;
814 ret = __sock_recvmsg(&iocb, sock, msg, size, flags);
815 if (-EIOCBQUEUED == ret)
816 ret = wait_on_sync_kiocb(&iocb);
817 return ret;
818}
c6d409cf 819EXPORT_SYMBOL(sock_recvmsg);
1da177e4 820
a2e27255
ACM		 821static int sock_recvmsg_nosec(struct socket *sock, struct msghdr *msg,
822 size_t size, int flags)
823{
824 struct kiocb iocb;
825 struct sock_iocb siocb;
826 int ret;
827
828 init_sync_kiocb(&iocb, NULL);
829 iocb.private = &siocb;
830 ret = __sock_recvmsg_nosec(&iocb, sock, msg, size, flags);
831 if (-EIOCBQUEUED == ret)
832 ret = wait_on_sync_kiocb(&iocb);
833 return ret;
834}
835
c1249c0a
ML		 836/**
837 * kernel_recvmsg - Receive a message from a socket (kernel space)
838 * @sock: The socket to receive the message from
839 * @msg: Received message
840 * @vec: Input s/g array for message data
841 * @num: Size of input s/g array
842 * @size: Number of bytes to read
843 * @flags: Message flags (MSG_DONTWAIT, etc...)
844 *
845 * On return the msg structure contains the scatter/gather array passed in the
846 * vec argument. The array is modified so that it consists of the unfilled
847 * portion of the original array.
848 *
849 * The returned value is the total number of bytes received, or an error.
850 */
89bddce5
SH		 851int kernel_recvmsg(struct socket *sock, struct msghdr *msg,
852 struct kvec *vec, size_t num, size_t size, int flags)
1da177e4
LT		 853{
854 mm_segment_t oldfs = get_fs();
855 int result;
856
857 set_fs(KERNEL_DS);
858 /*
859 * the following is safe, since for compiler definitions of kvec and
860 * iovec are identical, yielding the same in-core layout and alignment
861 */
89bddce5 862 msg->msg_iov = (struct iovec *)vec, msg->msg_iovlen = num;
1da177e4
LT		 863 result = sock_recvmsg(sock, msg, size, flags);
864 set_fs(oldfs);
865 return result;
866}
c6d409cf 867EXPORT_SYMBOL(kernel_recvmsg);
1da177e4 868
ce1d4d3e
CH		 869static ssize_t sock_sendpage(struct file *file, struct page *page,
870 int offset, size_t size, loff_t *ppos, int more)
1da177e4 871{
1da177e4
LT		 872 struct socket *sock;
873 int flags;
874
ce1d4d3e
CH		 875 sock = file->private_data;
876
35f9c09f
ED		 877 flags = (file->f_flags & O_NONBLOCK) ? MSG_DONTWAIT : 0;
878 /* more is a combination of MSG_MORE and MSG_SENDPAGE_NOTLAST */
879 flags |= more;
ce1d4d3e 880
e6949583 881 return kernel_sendpage(sock, page, offset, size, flags);
ce1d4d3e 882}
1da177e4 883
9c55e01c 884static ssize_t sock_splice_read(struct file *file, loff_t *ppos,
c6d409cf 885 struct pipe_inode_info *pipe, size_t len,
9c55e01c
JA		 886 unsigned int flags)
887{
888 struct socket *sock = file->private_data;
889
997b37da
RDC		 890 if (unlikely(!sock->ops->splice_read))
891 return -EINVAL;
892
9c55e01c
JA		 893 return sock->ops->splice_read(sock, ppos, pipe, len, flags);
894}
895
ce1d4d3e 896static struct sock_iocb *alloc_sock_iocb(struct kiocb *iocb,
89bddce5 897 struct sock_iocb *siocb)
ce1d4d3e 898{
d29c445b
KO		 899 if (!is_sync_kiocb(iocb))
900 BUG();
1da177e4 901
ce1d4d3e 902 siocb->kiocb = iocb;
ce1d4d3e
CH		 903 iocb->private = siocb;
904 return siocb;
1da177e4
LT		 905}
906
ce1d4d3e 907static ssize_t do_sock_read(struct msghdr *msg, struct kiocb *iocb,
027445c3
BP		 908 struct file *file, const struct iovec *iov,
909 unsigned long nr_segs)
ce1d4d3e
CH		 910{
911 struct socket *sock = file->private_data;
912 size_t size = 0;
913 int i;
1da177e4 914
89bddce5
SH		 915 for (i = 0; i < nr_segs; i++)
916 size += iov[i].iov_len;
1da177e4 917
ce1d4d3e
CH		 918 msg->msg_name = NULL;
919 msg->msg_namelen = 0;
920 msg->msg_control = NULL;
921 msg->msg_controllen = 0;
89bddce5 922 msg->msg_iov = (struct iovec *)iov;
ce1d4d3e
CH		 923 msg->msg_iovlen = nr_segs;
924 msg->msg_flags = (file->f_flags & O_NONBLOCK) ? MSG_DONTWAIT : 0;
925
926 return __sock_recvmsg(iocb, sock, msg, size, msg->msg_flags);
927}
928
027445c3
BP		 929static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov,
930 unsigned long nr_segs, loff_t pos)
ce1d4d3e
CH		 931{
932 struct sock_iocb siocb, *x;
933
1da177e4
LT		 934 if (pos != 0)
935 return -ESPIPE;
027445c3 936
73a7075e 937 if (iocb->ki_nbytes == 0) /* Match SYS5 behaviour */
1da177e4
LT		 938 return 0;
939
027445c3
BP		 940
941 x = alloc_sock_iocb(iocb, &siocb);
ce1d4d3e
CH		 942 if (!x)
943 return -ENOMEM;
027445c3 944 return do_sock_read(&x->async_msg, iocb, iocb->ki_filp, iov, nr_segs);
1da177e4
LT		 945}
946
ce1d4d3e 947static ssize_t do_sock_write(struct msghdr *msg, struct kiocb *iocb,
027445c3
BP		 948 struct file *file, const struct iovec *iov,
949 unsigned long nr_segs)
1da177e4 950{
ce1d4d3e
CH		 951 struct socket *sock = file->private_data;
952 size_t size = 0;
953 int i;
1da177e4 954
89bddce5
SH		 955 for (i = 0; i < nr_segs; i++)
956 size += iov[i].iov_len;
1da177e4 957
ce1d4d3e
CH		 958 msg->msg_name = NULL;
959 msg->msg_namelen = 0;
960 msg->msg_control = NULL;
961 msg->msg_controllen = 0;
89bddce5 962 msg->msg_iov = (struct iovec *)iov;
ce1d4d3e
CH		 963 msg->msg_iovlen = nr_segs;
964 msg->msg_flags = (file->f_flags & O_NONBLOCK) ? MSG_DONTWAIT : 0;
965 if (sock->type == SOCK_SEQPACKET)
966 msg->msg_flags |= MSG_EOR;
1da177e4 967
ce1d4d3e 968 return __sock_sendmsg(iocb, sock, msg, size);
1da177e4
LT		 969}
970
027445c3
BP		 971static ssize_t sock_aio_write(struct kiocb *iocb, const struct iovec *iov,
972 unsigned long nr_segs, loff_t pos)
ce1d4d3e
CH		 973{
974 struct sock_iocb siocb, *x;
1da177e4 975
ce1d4d3e
CH		 976 if (pos != 0)
977 return -ESPIPE;
027445c3 978
027445c3 979 x = alloc_sock_iocb(iocb, &siocb);
ce1d4d3e
CH		 980 if (!x)
981 return -ENOMEM;
1da177e4 982
027445c3 983 return do_sock_write(&x->async_msg, iocb, iocb->ki_filp, iov, nr_segs);
1da177e4
LT		 984}
985
1da177e4
LT		 986/*
987 * Atomic setting of ioctl hooks to avoid race
988 * with module unload.
989 */
990
4a3e2f71 991static DEFINE_MUTEX(br_ioctl_mutex);
c6d409cf 992static int (*br_ioctl_hook) (struct net *, unsigned int cmd, void __user *arg);
1da177e4 993
881d966b 994void brioctl_set(int (*hook) (struct net *, unsigned int, void __user *))
1da177e4 995{
4a3e2f71 996 mutex_lock(&br_ioctl_mutex);
1da177e4 997 br_ioctl_hook = hook;
4a3e2f71 998 mutex_unlock(&br_ioctl_mutex);
1da177e4
LT		 999}
1000EXPORT_SYMBOL(brioctl_set);
1001
4a3e2f71 1002static DEFINE_MUTEX(vlan_ioctl_mutex);
881d966b 1003static int (*vlan_ioctl_hook) (struct net *, void __user *arg);
1da177e4 1004
881d966b 1005void vlan_ioctl_set(int (*hook) (struct net *, void __user *))
1da177e4 1006{
4a3e2f71 1007 mutex_lock(&vlan_ioctl_mutex);
1da177e4 1008 vlan_ioctl_hook = hook;
4a3e2f71 1009 mutex_unlock(&vlan_ioctl_mutex);
1da177e4
LT		 1010}
1011EXPORT_SYMBOL(vlan_ioctl_set);
1012
4a3e2f71 1013static DEFINE_MUTEX(dlci_ioctl_mutex);
89bddce5 1014static int (*dlci_ioctl_hook) (unsigned int, void __user *);
1da177e4 1015
89bddce5 1016void dlci_ioctl_set(int (*hook) (unsigned int, void __user *))
1da177e4 1017{
4a3e2f71 1018 mutex_lock(&dlci_ioctl_mutex);
1da177e4 1019 dlci_ioctl_hook = hook;
4a3e2f71 1020 mutex_unlock(&dlci_ioctl_mutex);
1da177e4
LT		 1021}
1022EXPORT_SYMBOL(dlci_ioctl_set);
1023
6b96018b
AB		 1024static long sock_do_ioctl(struct net *net, struct socket *sock,
1025 unsigned int cmd, unsigned long arg)
1026{
1027 int err;
1028 void __user *argp = (void __user *)arg;
1029
1030 err = sock->ops->ioctl(sock, cmd, arg);
1031
1032 /*
1033 * If this ioctl is unknown try to hand it down
1034 * to the NIC driver.
1035 */
1036 if (err == -ENOIOCTLCMD)
1037 err = dev_ioctl(net, cmd, argp);
1038
1039 return err;
1040}
1041
1da177e4
LT		 1042/*
1043 * With an ioctl, arg may well be a user mode pointer, but we don't know
1044 * what to do with it - that's up to the protocol still.
1045 */
1046
1047static long sock_ioctl(struct file *file, unsigned cmd, unsigned long arg)
1048{
1049 struct socket *sock;
881d966b 1050 struct sock *sk;
1da177e4
LT		 1051 void __user *argp = (void __user *)arg;
1052 int pid, err;
881d966b 1053 struct net *net;
1da177e4 1054
b69aee04 1055 sock = file->private_data;
881d966b 1056 sk = sock->sk;
3b1e0a65 1057 net = sock_net(sk);
1da177e4 1058 if (cmd >= SIOCDEVPRIVATE && cmd <= (SIOCDEVPRIVATE + 15)) {
881d966b 1059 err = dev_ioctl(net, cmd, argp);
1da177e4 1060 } else
3d23e349 1061#ifdef CONFIG_WEXT_CORE
1da177e4 1062 if (cmd >= SIOCIWFIRST && cmd <= SIOCIWLAST) {
881d966b 1063 err = dev_ioctl(net, cmd, argp);
1da177e4 1064 } else
3d23e349 1065#endif
89bddce5 1066 switch (cmd) {
1da177e4
LT		 1067 case FIOSETOWN:
1068 case SIOCSPGRP:
1069 err = -EFAULT;
1070 if (get_user(pid, (int __user *)argp))
1071 break;
e0b93edd
JL		 1072 f_setown(sock->file, pid, 1);
1073 err = 0;
1da177e4
LT		 1074 break;
1075 case FIOGETOWN:
1076 case SIOCGPGRP:
609d7fa9 1077 err = put_user(f_getown(sock->file),
89bddce5 1078 (int __user *)argp);
1da177e4
LT		 1079 break;
1080 case SIOCGIFBR:
1081 case SIOCSIFBR:
1082 case SIOCBRADDBR:
1083 case SIOCBRDELBR:
1084 err = -ENOPKG;
1085 if (!br_ioctl_hook)
1086 request_module("bridge");
1087
4a3e2f71 1088 mutex_lock(&br_ioctl_mutex);
89bddce5 1089 if (br_ioctl_hook)
881d966b 1090 err = br_ioctl_hook(net, cmd, argp);
4a3e2f71 1091 mutex_unlock(&br_ioctl_mutex);
1da177e4
LT		 1092 break;
1093 case SIOCGIFVLAN:
1094 case SIOCSIFVLAN:
1095 err = -ENOPKG;
1096 if (!vlan_ioctl_hook)
1097 request_module("8021q");
1098
4a3e2f71 1099 mutex_lock(&vlan_ioctl_mutex);
1da177e4 1100 if (vlan_ioctl_hook)
881d966b 1101 err = vlan_ioctl_hook(net, argp);
4a3e2f71 1102 mutex_unlock(&vlan_ioctl_mutex);
1da177e4 1103 break;
1da177e4
LT		 1104 case SIOCADDDLCI:
1105 case SIOCDELDLCI:
1106 err = -ENOPKG;
1107 if (!dlci_ioctl_hook)
1108 request_module("dlci");
1109
7512cbf6
PE		 1110 mutex_lock(&dlci_ioctl_mutex);
1111 if (dlci_ioctl_hook)
1da177e4 1112 err = dlci_ioctl_hook(cmd, argp);
7512cbf6 1113 mutex_unlock(&dlci_ioctl_mutex);
1da177e4
LT		 1114 break;
1115 default:
6b96018b 1116 err = sock_do_ioctl(net, sock, cmd, arg);
1da177e4 1117 break;
89bddce5 1118 }
1da177e4
LT		 1119 return err;
1120}
1121
1122int sock_create_lite(int family, int type, int protocol, struct socket **res)
1123{
1124 int err;
1125 struct socket *sock = NULL;
89bddce5 1126
1da177e4
LT		 1127 err = security_socket_create(family, type, protocol, 1);
1128 if (err)
1129 goto out;
1130
1131 sock = sock_alloc();
1132 if (!sock) {
1133 err = -ENOMEM;
1134 goto out;
1135 }
1136
1da177e4 1137 sock->type = type;
7420ed23
VY		 1138 err = security_socket_post_create(sock, family, type, protocol, 1);
1139 if (err)
1140 goto out_release;
1141
1da177e4
LT		 1142out:
1143 *res = sock;
1144 return err;
7420ed23
VY		 1145out_release:
1146 sock_release(sock);
1147 sock = NULL;
1148 goto out;
1da177e4 1149}
c6d409cf 1150EXPORT_SYMBOL(sock_create_lite);
1da177e4
LT		 1151
1152/* No kernel lock held - perfect */
89bddce5 1153static unsigned int sock_poll(struct file *file, poll_table *wait)
1da177e4 1154{
cbf55001 1155 unsigned int busy_flag = 0;
1da177e4
LT		 1156 struct socket *sock;
1157
1158 /*
89bddce5 1159 * We can't return errors to poll, so it's either yes or no.
1da177e4 1160 */
b69aee04 1161 sock = file->private_data;
2d48d67f 1162
cbf55001 1163 if (sk_can_busy_loop(sock->sk)) {
2d48d67f 1164 /* this socket can poll_ll so tell the system call */
cbf55001 1165 busy_flag = POLL_BUSY_LOOP;
2d48d67f
ET		 1166
1167 /* once, only if requested by syscall */
cbf55001
ET		 1168 if (wait && (wait->_key & POLL_BUSY_LOOP))
1169 sk_busy_loop(sock->sk, 1);
2d48d67f
ET		 1170 }
1171
cbf55001 1172 return busy_flag | sock->ops->poll(file, sock, wait);
1da177e4
LT		 1173}
1174
89bddce5 1175static int sock_mmap(struct file *file, struct vm_area_struct *vma)
1da177e4 1176{
b69aee04 1177 struct socket *sock = file->private_data;
1da177e4
LT		 1178
1179 return sock->ops->mmap(file, sock, vma);
1180}
1181
20380731 1182static int sock_close(struct inode *inode, struct file *filp)
1da177e4 1183{
1da177e4
LT		 1184 sock_release(SOCKET_I(inode));
1185 return 0;
1186}
1187
1188/*
1189 * Update the socket async list
1190 *
1191 * Fasync_list locking strategy.
1192 *
1193 * 1. fasync_list is modified only under process context socket lock
1194 * i.e. under semaphore.
1195 * 2. fasync_list is used under read_lock(&sk->sk_callback_lock)
989a2979 1196 * or under socket lock
1da177e4
LT		 1197 */
1198
1199static int sock_fasync(int fd, struct file *filp, int on)
1200{
989a2979
ED		 1201 struct socket *sock = filp->private_data;
1202 struct sock *sk = sock->sk;
eaefd110 1203 struct socket_wq *wq;
1da177e4 1204
989a2979 1205 if (sk == NULL)
1da177e4 1206 return -EINVAL;
1da177e4
LT		 1207
1208 lock_sock(sk);
eaefd110
ED		 1209 wq = rcu_dereference_protected(sock->wq, sock_owned_by_user(sk));
1210 fasync_helper(fd, filp, on, &wq->fasync_list);
1da177e4 1211
eaefd110 1212 if (!wq->fasync_list)
989a2979
ED		 1213 sock_reset_flag(sk, SOCK_FASYNC);
1214 else
bcdce719 1215 sock_set_flag(sk, SOCK_FASYNC);
1da177e4 1216
989a2979 1217 release_sock(sk);
1da177e4
LT		 1218 return 0;
1219}
1220
43815482 1221/* This function may be called only under socket lock or callback_lock or rcu_lock */
1da177e4
LT		 1222
1223int sock_wake_async(struct socket *sock, int how, int band)
1224{
43815482
ED		 1225 struct socket_wq *wq;
1226
1227 if (!sock)
1228 return -1;
1229 rcu_read_lock();
1230 wq = rcu_dereference(sock->wq);
1231 if (!wq || !wq->fasync_list) {
1232 rcu_read_unlock();
1da177e4 1233 return -1;
43815482 1234 }
89bddce5 1235 switch (how) {
8d8ad9d7 1236 case SOCK_WAKE_WAITD:
1da177e4
LT		 1237 if (test_bit(SOCK_ASYNC_WAITDATA, &sock->flags))
1238 break;
1239 goto call_kill;
8d8ad9d7 1240 case SOCK_WAKE_SPACE:
1da177e4
LT		 1241 if (!test_and_clear_bit(SOCK_ASYNC_NOSPACE, &sock->flags))
1242 break;
1243 /* fall through */
8d8ad9d7 1244 case SOCK_WAKE_IO:
89bddce5 1245call_kill:
43815482 1246 kill_fasync(&wq->fasync_list, SIGIO, band);
1da177e4 1247 break;
8d8ad9d7 1248 case SOCK_WAKE_URG:
43815482 1249 kill_fasync(&wq->fasync_list, SIGURG, band);
1da177e4 1250 }
43815482 1251 rcu_read_unlock();
1da177e4
LT		 1252 return 0;
1253}
c6d409cf 1254EXPORT_SYMBOL(sock_wake_async);
1da177e4 1255
721db93a 1256int __sock_create(struct net *net, int family, int type, int protocol,
89bddce5 1257 struct socket **res, int kern)
1da177e4
LT		 1258{
1259 int err;
1260 struct socket *sock;
55737fda 1261 const struct net_proto_family *pf;
1da177e4
LT		 1262
1263 /*
89bddce5 1264 * Check protocol is in range
1da177e4
LT		 1265 */
1266 if (family < 0 || family >= NPROTO)
1267 return -EAFNOSUPPORT;
1268 if (type < 0 || type >= SOCK_MAX)
1269 return -EINVAL;
1270
1271 /* Compatibility.
1272
1273 This uglymoron is moved from INET layer to here to avoid
1274 deadlock in module load.
1275 */
1276 if (family == PF_INET && type == SOCK_PACKET) {
89bddce5 1277 static int warned;
1da177e4
LT		 1278 if (!warned) {
1279 warned = 1;
3410f22e
YY		 1280 pr_info("%s uses obsolete (PF_INET,SOCK_PACKET)\n",
1281 current->comm);
1da177e4
LT		 1282 }
1283 family = PF_PACKET;
1284 }
1285
1286 err = security_socket_create(family, type, protocol, kern);
1287 if (err)
1288 return err;
89bddce5 1289
55737fda
SH		 1290 /*
1291 * Allocate the socket and allow the family to set things up. if
1292 * the protocol is 0, the family is instructed to select an appropriate
1293 * default.
1294 */
1295 sock = sock_alloc();
1296 if (!sock) {
e87cc472 1297 net_warn_ratelimited("socket: no more sockets\n");
55737fda
SH		 1298 return -ENFILE; /* Not exactly a match, but its the
1299 closest posix thing */
1300 }
1301
1302 sock->type = type;
1303
95a5afca 1304#ifdef CONFIG_MODULES
89bddce5
SH		 1305 /* Attempt to load a protocol module if the find failed.
1306 *
1307 * 12/09/1996 Marcin: But! this makes REALLY only sense, if the user
1da177e4
LT		 1308 * requested real, full-featured networking support upon configuration.
1309 * Otherwise module support will break!
1310 */
190683a9 1311 if (rcu_access_pointer(net_families[family]) == NULL)
89bddce5 1312 request_module("net-pf-%d", family);
1da177e4
LT		 1313#endif
1314
55737fda
SH		 1315 rcu_read_lock();
1316 pf = rcu_dereference(net_families[family]);
1317 err = -EAFNOSUPPORT;
1318 if (!pf)
1319 goto out_release;
1da177e4
LT		 1320
1321 /*
1322 * We will call the ->create function, that possibly is in a loadable
1323 * module, so we have to bump that loadable module refcnt first.
1324 */
55737fda 1325 if (!try_module_get(pf->owner))
1da177e4
LT		 1326 goto out_release;
1327
55737fda
SH		 1328 /* Now protected by module ref count */
1329 rcu_read_unlock();
1330
3f378b68 1331 err = pf->create(net, sock, protocol, kern);
55737fda 1332 if (err < 0)
1da177e4 1333 goto out_module_put;
a79af59e 1334
1da177e4
LT		 1335 /*
1336 * Now to bump the refcnt of the [loadable] module that owns this
1337 * socket at sock_release time we decrement its refcnt.
1338 */
55737fda
SH		 1339 if (!try_module_get(sock->ops->owner))
1340 goto out_module_busy;
1341
1da177e4
LT		 1342 /*
1343 * Now that we're done with the ->create function, the [loadable]
1344 * module can have its refcnt decremented
1345 */
55737fda 1346 module_put(pf->owner);
7420ed23
VY		 1347 err = security_socket_post_create(sock, family, type, protocol, kern);
1348 if (err)
3b185525 1349 goto out_sock_release;
55737fda 1350 *res = sock;
1da177e4 1351
55737fda
SH		 1352 return 0;
1353
1354out_module_busy:
1355 err = -EAFNOSUPPORT;
1da177e4 1356out_module_put:
55737fda
SH		 1357 sock->ops = NULL;
1358 module_put(pf->owner);
1359out_sock_release:
1da177e4 1360 sock_release(sock);
55737fda
SH		 1361 return err;
1362
1363out_release:
1364 rcu_read_unlock();
1365 goto out_sock_release;
1da177e4 1366}
721db93a 1367EXPORT_SYMBOL(__sock_create);
1da177e4
LT		 1368
1369int sock_create(int family, int type, int protocol, struct socket **res)
1370{
1b8d7ae4 1371 return __sock_create(current->nsproxy->net_ns, family, type, protocol, res, 0);
1da177e4 1372}
c6d409cf 1373EXPORT_SYMBOL(sock_create);
1da177e4
LT		 1374
1375int sock_create_kern(int family, int type, int protocol, struct socket **res)
1376{
1b8d7ae4 1377 return __sock_create(&init_net, family, type, protocol, res, 1);
1da177e4 1378}
c6d409cf 1379EXPORT_SYMBOL(sock_create_kern);
1da177e4 1380
3e0fa65f 1381SYSCALL_DEFINE3(socket, int, family, int, type, int, protocol)
1da177e4
LT		 1382{
1383 int retval;
1384 struct socket *sock;
a677a039
UD		 1385 int flags;
1386
e38b36f3
UD		 1387 /* Check the SOCK_* constants for consistency. */
1388 BUILD_BUG_ON(SOCK_CLOEXEC != O_CLOEXEC);
1389 BUILD_BUG_ON((SOCK_MAX | SOCK_TYPE_MASK) != SOCK_TYPE_MASK);
1390 BUILD_BUG_ON(SOCK_CLOEXEC & SOCK_TYPE_MASK);
1391 BUILD_BUG_ON(SOCK_NONBLOCK & SOCK_TYPE_MASK);
1392
a677a039 1393 flags = type & ~SOCK_TYPE_MASK;
77d27200 1394 if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
a677a039
UD		 1395 return -EINVAL;
1396 type &= SOCK_TYPE_MASK;
1da177e4 1397
aaca0bdc
UD		 1398 if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
1399 flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
1400
1da177e4
LT		 1401 retval = sock_create(family, type, protocol, &sock);
1402 if (retval < 0)
1403 goto out;
1404
77d27200 1405 retval = sock_map_fd(sock, flags & (O_CLOEXEC | O_NONBLOCK));
1da177e4
LT		 1406 if (retval < 0)
1407 goto out_release;
1408
1409out:
1410 /* It may be already another descriptor 8) Not kernel problem. */
1411 return retval;
1412
1413out_release:
1414 sock_release(sock);
1415 return retval;
1416}
1417
1418/*
1419 * Create a pair of connected sockets.
1420 */
1421
3e0fa65f
HC		 1422SYSCALL_DEFINE4(socketpair, int, family, int, type, int, protocol,
1423 int __user *, usockvec)
1da177e4
LT		 1424{
1425 struct socket *sock1, *sock2;
1426 int fd1, fd2, err;
db349509 1427 struct file *newfile1, *newfile2;
a677a039
UD		 1428 int flags;
1429
1430 flags = type & ~SOCK_TYPE_MASK;
77d27200 1431 if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
a677a039
UD		 1432 return -EINVAL;
1433 type &= SOCK_TYPE_MASK;
1da177e4 1434
aaca0bdc
UD		 1435 if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
1436 flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
1437
1da177e4
LT		 1438 /*
1439 * Obtain the first socket and check if the underlying protocol
1440 * supports the socketpair call.
1441 */
1442
1443 err = sock_create(family, type, protocol, &sock1);
1444 if (err < 0)
1445 goto out;
1446
1447 err = sock_create(family, type, protocol, &sock2);
1448 if (err < 0)
1449 goto out_release_1;
1450
1451 err = sock1->ops->socketpair(sock1, sock2);
89bddce5 1452 if (err < 0)
1da177e4
LT		 1453 goto out_release_both;
1454
28407630 1455 fd1 = get_unused_fd_flags(flags);
bf3c23d1
DM		 1456 if (unlikely(fd1 < 0)) {
1457 err = fd1;
db349509 1458 goto out_release_both;
bf3c23d1 1459 }
d73aa286 1460
28407630 1461 fd2 = get_unused_fd_flags(flags);
198de4d7
AV		 1462 if (unlikely(fd2 < 0)) {
1463 err = fd2;
d73aa286 1464 goto out_put_unused_1;
28407630
AV		 1465 }
1466
aab174f0 1467 newfile1 = sock_alloc_file(sock1, flags, NULL);
28407630
AV		 1468 if (unlikely(IS_ERR(newfile1))) {
1469 err = PTR_ERR(newfile1);
d73aa286 1470 goto out_put_unused_both;
28407630
AV		 1471 }
1472
aab174f0 1473 newfile2 = sock_alloc_file(sock2, flags, NULL);
28407630
AV		 1474 if (IS_ERR(newfile2)) {
1475 err = PTR_ERR(newfile2);
d73aa286 1476 goto out_fput_1;
db349509
AV		 1477 }
1478
d73aa286
YD		 1479 err = put_user(fd1, &usockvec[0]);
1480 if (err)
1481 goto out_fput_both;
1482
1483 err = put_user(fd2, &usockvec[1]);
1484 if (err)
1485 goto out_fput_both;
1486
157cf649 1487 audit_fd_pair(fd1, fd2);
d73aa286 1488
db349509
AV		 1489 fd_install(fd1, newfile1);
1490 fd_install(fd2, newfile2);
1da177e4
LT		 1491 /* fd1 and fd2 may be already another descriptors.
1492 * Not kernel problem.
1493 */
1494
d73aa286 1495 return 0;
1da177e4 1496
d73aa286
YD		 1497out_fput_both:
1498 fput(newfile2);
1499 fput(newfile1);
1500 put_unused_fd(fd2);
1501 put_unused_fd(fd1);
1502 goto out;
1503
1504out_fput_1:
1505 fput(newfile1);
1506 put_unused_fd(fd2);
1507 put_unused_fd(fd1);
1508 sock_release(sock2);
1509 goto out;
1da177e4 1510
d73aa286
YD		 1511out_put_unused_both:
1512 put_unused_fd(fd2);
1513out_put_unused_1:
1514 put_unused_fd(fd1);
1da177e4 1515out_release_both:
89bddce5 1516 sock_release(sock2);
1da177e4 1517out_release_1:
89bddce5 1518 sock_release(sock1);
1da177e4
LT		 1519out:
1520 return err;
1521}
1522
1da177e4
LT		 1523/*
1524 * Bind a name to a socket. Nothing much to do here since it's
1525 * the protocol's responsibility to handle the local address.
1526 *
1527 * We move the socket address to kernel space before we call
1528 * the protocol layer (having also checked the address is ok).
1529 */
1530
20f37034 1531SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
1da177e4
LT		 1532{
1533 struct socket *sock;
230b1839 1534 struct sockaddr_storage address;
6cb153ca 1535 int err, fput_needed;
1da177e4 1536
89bddce5 1537 sock = sockfd_lookup_light(fd, &err, &fput_needed);
e71a4783 1538 if (sock) {
43db362d 1539 err = move_addr_to_kernel(umyaddr, addrlen, &address);
89bddce5
SH		 1540 if (err >= 0) {
1541 err = security_socket_bind(sock,
230b1839 1542 (struct sockaddr *)&address,
89bddce5 1543 addrlen);
6cb153ca
BL		 1544 if (!err)
1545 err = sock->ops->bind(sock,
89bddce5 1546 (struct sockaddr *)
230b1839 1547 &address, addrlen);
1da177e4 1548 }
6cb153ca 1549 fput_light(sock->file, fput_needed);
89bddce5 1550 }
1da177e4
LT		 1551 return err;
1552}
1553
1da177e4
LT		 1554/*
1555 * Perform a listen. Basically, we allow the protocol to do anything
1556 * necessary for a listen, and if that works, we mark the socket as
1557 * ready for listening.
1558 */
1559
3e0fa65f 1560SYSCALL_DEFINE2(listen, int, fd, int, backlog)
1da177e4
LT		 1561{
1562 struct socket *sock;
6cb153ca 1563 int err, fput_needed;
b8e1f9b5 1564 int somaxconn;
89bddce5
SH		 1565
1566 sock = sockfd_lookup_light(fd, &err, &fput_needed);
1567 if (sock) {
8efa6e93 1568 somaxconn = sock_net(sock->sk)->core.sysctl_somaxconn;
95c96174 1569 if ((unsigned int)backlog > somaxconn)
b8e1f9b5 1570 backlog = somaxconn;
1da177e4
LT		 1571
1572 err = security_socket_listen(sock, backlog);
6cb153ca
BL		 1573 if (!err)
1574 err = sock->ops->listen(sock, backlog);
1da177e4 1575
6cb153ca 1576 fput_light(sock->file, fput_needed);
1da177e4
LT		 1577 }
1578 return err;
1579}
1580
1da177e4
LT		 1581/*
1582 * For accept, we attempt to create a new socket, set up the link
1583 * with the client, wake up the client, then return the new
1584 * connected fd. We collect the address of the connector in kernel
1585 * space and move it to user at the very end. This is unclean because
1586 * we open the socket then return an error.
1587 *
1588 * 1003.1g adds the ability to recvmsg() to query connection pending
1589 * status to recvmsg. We need to add that support in a way thats
1590 * clean when we restucture accept also.
1591 */
1592
20f37034
HC		 1593SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
1594 int __user *, upeer_addrlen, int, flags)
1da177e4
LT		 1595{
1596 struct socket *sock, *newsock;
39d8c1b6 1597 struct file *newfile;
6cb153ca 1598 int err, len, newfd, fput_needed;
230b1839 1599 struct sockaddr_storage address;
1da177e4 1600
77d27200 1601 if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
aaca0bdc
UD		 1602 return -EINVAL;
1603
1604 if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
1605 flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
1606
6cb153ca 1607 sock = sockfd_lookup_light(fd, &err, &fput_needed);
1da177e4
LT		 1608 if (!sock)
1609 goto out;
1610
1611 err = -ENFILE;
c6d409cf
ED		 1612 newsock = sock_alloc();
1613 if (!newsock)
1da177e4
LT		 1614 goto out_put;
1615
1616 newsock->type = sock->type;
1617 newsock->ops = sock->ops;
1618
1da177e4
LT		 1619 /*
1620 * We don't need try_module_get here, as the listening socket (sock)
1621 * has the protocol module (sock->ops->owner) held.
1622 */
1623 __module_get(newsock->ops->owner);
1624
28407630 1625 newfd = get_unused_fd_flags(flags);
39d8c1b6
DM		 1626 if (unlikely(newfd < 0)) {
1627 err = newfd;
9a1875e6
DM		 1628 sock_release(newsock);
1629 goto out_put;
39d8c1b6 1630 }
aab174f0 1631 newfile = sock_alloc_file(newsock, flags, sock->sk->sk_prot_creator->name);
28407630
AV		 1632 if (unlikely(IS_ERR(newfile))) {
1633 err = PTR_ERR(newfile);
1634 put_unused_fd(newfd);
1635 sock_release(newsock);
1636 goto out_put;
1637 }
39d8c1b6 1638
a79af59e
FF		 1639 err = security_socket_accept(sock, newsock);
1640 if (err)
39d8c1b6 1641 goto out_fd;
a79af59e 1642
1da177e4
LT		 1643 err = sock->ops->accept(sock, newsock, sock->file->f_flags);
1644 if (err < 0)
39d8c1b6 1645 goto out_fd;
1da177e4
LT		 1646
1647 if (upeer_sockaddr) {
230b1839 1648 if (newsock->ops->getname(newsock, (struct sockaddr *)&address,
89bddce5 1649 &len, 2) < 0) {
1da177e4 1650 err = -ECONNABORTED;
39d8c1b6 1651 goto out_fd;
1da177e4 1652 }
43db362d 1653 err = move_addr_to_user(&address,
230b1839 1654 len, upeer_sockaddr, upeer_addrlen);
1da177e4 1655 if (err < 0)
39d8c1b6 1656 goto out_fd;
1da177e4
LT		 1657 }
1658
1659 /* File flags are not inherited via accept() unlike another OSes. */
1660
39d8c1b6
DM		 1661 fd_install(newfd, newfile);
1662 err = newfd;
1da177e4 1663
1da177e4 1664out_put:
6cb153ca 1665 fput_light(sock->file, fput_needed);
1da177e4
LT		 1666out:
1667 return err;
39d8c1b6 1668out_fd:
9606a216 1669 fput(newfile);
39d8c1b6 1670 put_unused_fd(newfd);
1da177e4
LT		 1671 goto out_put;
1672}
1673
20f37034
HC		 1674SYSCALL_DEFINE3(accept, int, fd, struct sockaddr __user *, upeer_sockaddr,
1675 int __user *, upeer_addrlen)
aaca0bdc 1676{
de11defe 1677 return sys_accept4(fd, upeer_sockaddr, upeer_addrlen, 0);
aaca0bdc
UD		 1678}
1679
1da177e4
LT		 1680/*
1681 * Attempt to connect to a socket with the server address. The address
1682 * is in user space so we verify it is OK and move it to kernel space.
1683 *
1684 * For 1003.1g we need to add clean support for a bind to AF_UNSPEC to
1685 * break bindings
1686 *
1687 * NOTE: 1003.1g draft 6.3 is broken with respect to AX.25/NetROM and
1688 * other SEQPACKET protocols that take time to connect() as it doesn't
1689 * include the -EINPROGRESS status for such sockets.
1690 */
1691
20f37034
HC		 1692SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
1693 int, addrlen)
1da177e4
LT		 1694{
1695 struct socket *sock;
230b1839 1696 struct sockaddr_storage address;
6cb153ca 1697 int err, fput_needed;
1da177e4 1698
6cb153ca 1699 sock = sockfd_lookup_light(fd, &err, &fput_needed);
1da177e4
LT		 1700 if (!sock)
1701 goto out;
43db362d 1702 err = move_addr_to_kernel(uservaddr, addrlen, &address);
1da177e4
LT		 1703 if (err < 0)
1704 goto out_put;
1705
89bddce5 1706 err =
230b1839 1707 security_socket_connect(sock, (struct sockaddr *)&address, addrlen);
1da177e4
LT		 1708 if (err)
1709 goto out_put;
1710
230b1839 1711 err = sock->ops->connect(sock, (struct sockaddr *)&address, addrlen,
1da177e4
LT		 1712 sock->file->f_flags);
1713out_put:
6cb153ca 1714 fput_light(sock->file, fput_needed);
1da177e4
LT		 1715out:
1716 return err;
1717}
1718
1719/*
1720 * Get the local address ('name') of a socket object. Move the obtained
1721 * name to user space.
1722 */
1723
20f37034
HC		 1724SYSCALL_DEFINE3(getsockname, int, fd, struct sockaddr __user *, usockaddr,
1725 int __user *, usockaddr_len)
1da177e4
LT		 1726{
1727 struct socket *sock;
230b1839 1728 struct sockaddr_storage address;
6cb153ca 1729 int len, err, fput_needed;
89bddce5 1730
6cb153ca 1731 sock = sockfd_lookup_light(fd, &err, &fput_needed);
1da177e4
LT		 1732 if (!sock)
1733 goto out;
1734
1735 err = security_socket_getsockname(sock);
1736 if (err)
1737 goto out_put;
1738
230b1839 1739 err = sock->ops->getname(sock, (struct sockaddr *)&address, &len, 0);
1da177e4
LT		 1740 if (err)
1741 goto out_put;
43db362d 1742 err = move_addr_to_user(&address, len, usockaddr, usockaddr_len);
1da177e4
LT		 1743
1744out_put:
6cb153ca 1745 fput_light(sock->file, fput_needed);
1da177e4
LT		 1746out:
1747 return err;
1748}
1749
1750/*
1751 * Get the remote address ('name') of a socket object. Move the obtained
1752 * name to user space.
1753 */
1754
20f37034
HC		 1755SYSCALL_DEFINE3(getpeername, int, fd, struct sockaddr __user *, usockaddr,
1756 int __user *, usockaddr_len)
1da177e4
LT		 1757{
1758 struct socket *sock;
230b1839 1759 struct sockaddr_storage address;
6cb153ca 1760 int len, err, fput_needed;
1da177e4 1761
89bddce5
SH		 1762 sock = sockfd_lookup_light(fd, &err, &fput_needed);
1763 if (sock != NULL) {
1da177e4
LT		 1764 err = security_socket_getpeername(sock);
1765 if (err) {
6cb153ca 1766 fput_light(sock->file, fput_needed);
1da177e4
LT		 1767 return err;
1768 }
1769
89bddce5 1770 err =
230b1839 1771 sock->ops->getname(sock, (struct sockaddr *)&address, &len,
89bddce5 1772 1);
1da177e4 1773 if (!err)
43db362d 1774 err = move_addr_to_user(&address, len, usockaddr,
89bddce5 1775 usockaddr_len);
6cb153ca 1776 fput_light(sock->file, fput_needed);
1da177e4
LT		 1777 }
1778 return err;
1779}
1780
1781/*
1782 * Send a datagram to a given address. We move the address into kernel
1783 * space and check the user space data area is readable before invoking
1784 * the protocol.
1785 */
1786
3e0fa65f 1787SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len,
95c96174 1788 unsigned int, flags, struct sockaddr __user *, addr,
3e0fa65f 1789 int, addr_len)
1da177e4
LT		 1790{
1791 struct socket *sock;
230b1839 1792 struct sockaddr_storage address;
1da177e4
LT		 1793 int err;
1794 struct msghdr msg;
1795 struct iovec iov;
6cb153ca 1796 int fput_needed;
6cb153ca 1797
253eacc0
LT		 1798 if (len > INT_MAX)
1799 len = INT_MAX;
de0fa95c
PE		 1800 sock = sockfd_lookup_light(fd, &err, &fput_needed);
1801 if (!sock)
4387ff75 1802 goto out;
6cb153ca 1803
89bddce5
SH		 1804 iov.iov_base = buff;
1805 iov.iov_len = len;
1806 msg.msg_name = NULL;
1807 msg.msg_iov = &iov;
1808 msg.msg_iovlen = 1;
1809 msg.msg_control = NULL;
1810 msg.msg_controllen = 0;
1811 msg.msg_namelen = 0;
6cb153ca 1812 if (addr) {
43db362d 1813 err = move_addr_to_kernel(addr, addr_len, &address);
1da177e4
LT		 1814 if (err < 0)
1815 goto out_put;
230b1839 1816 msg.msg_name = (struct sockaddr *)&address;
89bddce5 1817 msg.msg_namelen = addr_len;
1da177e4
LT		 1818 }
1819 if (sock->file->f_flags & O_NONBLOCK)
1820 flags |= MSG_DONTWAIT;
1821 msg.msg_flags = flags;
1822 err = sock_sendmsg(sock, &msg, len);
1823
89bddce5 1824out_put:
de0fa95c 1825 fput_light(sock->file, fput_needed);
4387ff75 1826out:
1da177e4
LT		 1827 return err;
1828}
1829
1830/*
89bddce5 1831 * Send a datagram down a socket.
1da177e4
LT		 1832 */
1833
3e0fa65f 1834SYSCALL_DEFINE4(send, int, fd, void __user *, buff, size_t, len,
95c96174 1835 unsigned int, flags)
1da177e4
LT		 1836{
1837 return sys_sendto(fd, buff, len, flags, NULL, 0);
1838}
1839
1840/*
89bddce5 1841 * Receive a frame from the socket and optionally record the address of the
1da177e4
LT		 1842 * sender. We verify the buffers are writable and if needed move the
1843 * sender address from kernel to user space.
1844 */
1845
3e0fa65f 1846SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
95c96174 1847 unsigned int, flags, struct sockaddr __user *, addr,
3e0fa65f 1848 int __user *, addr_len)
1da177e4
LT		 1849{
1850 struct socket *sock;
1851 struct iovec iov;
1852 struct msghdr msg;
230b1839 1853 struct sockaddr_storage address;
89bddce5 1854 int err, err2;
6cb153ca
BL		 1855 int fput_needed;
1856
253eacc0
LT		 1857 if (size > INT_MAX)
1858 size = INT_MAX;
de0fa95c 1859 sock = sockfd_lookup_light(fd, &err, &fput_needed);
1da177e4 1860 if (!sock)
de0fa95c 1861 goto out;
1da177e4 1862
89bddce5
SH		 1863 msg.msg_control = NULL;
1864 msg.msg_controllen = 0;
1865 msg.msg_iovlen = 1;
1866 msg.msg_iov = &iov;
1867 iov.iov_len = size;
1868 iov.iov_base = ubuf;
f3d33426
HFS		 1869 /* Save some cycles and don't copy the address if not needed */
1870 msg.msg_name = addr ? (struct sockaddr *)&address : NULL;
1871 /* We assume all kernel code knows the size of sockaddr_storage */
1872 msg.msg_namelen = 0;
1da177e4
LT		 1873 if (sock->file->f_flags & O_NONBLOCK)
1874 flags |= MSG_DONTWAIT;
89bddce5 1875 err = sock_recvmsg(sock, &msg, size, flags);
1da177e4 1876
89bddce5 1877 if (err >= 0 && addr != NULL) {
43db362d 1878 err2 = move_addr_to_user(&address,
230b1839 1879 msg.msg_namelen, addr, addr_len);
89bddce5
SH		 1880 if (err2 < 0)
1881 err = err2;
1da177e4 1882 }
de0fa95c
PE		 1883
1884 fput_light(sock->file, fput_needed);
4387ff75 1885out:
1da177e4
LT		 1886 return err;
1887}
1888
1889/*
89bddce5 1890 * Receive a datagram from a socket.
1da177e4
LT		 1891 */
1892
b7c0ddf5
JG		 1893SYSCALL_DEFINE4(recv, int, fd, void __user *, ubuf, size_t, size,
1894 unsigned int, flags)
1da177e4
LT		 1895{
1896 return sys_recvfrom(fd, ubuf, size, flags, NULL, NULL);
1897}
1898
1899/*
1900 * Set a socket option. Because we don't know the option lengths we have
1901 * to pass the user mode parameter for the protocols to sort out.
1902 */
1903
20f37034
HC		 1904SYSCALL_DEFINE5(setsockopt, int, fd, int, level, int, optname,
1905 char __user *, optval, int, optlen)
1da177e4 1906{
6cb153ca 1907 int err, fput_needed;
1da177e4
LT		 1908 struct socket *sock;
1909
1910 if (optlen < 0)
1911 return -EINVAL;
89bddce5
SH		 1912
1913 sock = sockfd_lookup_light(fd, &err, &fput_needed);
1914 if (sock != NULL) {
1915 err = security_socket_setsockopt(sock, level, optname);
6cb153ca
BL		 1916 if (err)
1917 goto out_put;
1da177e4
LT		 1918
1919 if (level == SOL_SOCKET)
89bddce5
SH		 1920 err =
1921 sock_setsockopt(sock, level, optname, optval,
1922 optlen);
1da177e4 1923 else
89bddce5
SH		 1924 err =
1925 sock->ops->setsockopt(sock, level, optname, optval,
1926 optlen);
6cb153ca
BL		 1927out_put:
1928 fput_light(sock->file, fput_needed);
1da177e4
LT		 1929 }
1930 return err;
1931}
1932
1933/*
1934 * Get a socket option. Because we don't know the option lengths we have
1935 * to pass a user mode parameter for the protocols to sort out.
1936 */
1937
20f37034
HC		 1938SYSCALL_DEFINE5(getsockopt, int, fd, int, level, int, optname,
1939 char __user *, optval, int __user *, optlen)
1da177e4 1940{
6cb153ca 1941 int err, fput_needed;
1da177e4
LT		 1942 struct socket *sock;
1943
89bddce5
SH		 1944 sock = sockfd_lookup_light(fd, &err, &fput_needed);
1945 if (sock != NULL) {
6cb153ca
BL		 1946 err = security_socket_getsockopt(sock, level, optname);
1947 if (err)
1948 goto out_put;
1da177e4
LT		 1949
1950 if (level == SOL_SOCKET)
89bddce5
SH		 1951 err =
1952 sock_getsockopt(sock, level, optname, optval,
1953 optlen);
1da177e4 1954 else
89bddce5
SH		 1955 err =
1956 sock->ops->getsockopt(sock, level, optname, optval,
1957 optlen);
6cb153ca
BL		 1958out_put:
1959 fput_light(sock->file, fput_needed);
1da177e4
LT		 1960 }
1961 return err;
1962}
1963
1da177e4
LT		 1964/*
1965 * Shutdown a socket.
1966 */
1967
754fe8d2 1968SYSCALL_DEFINE2(shutdown, int, fd, int, how)
1da177e4 1969{
6cb153ca 1970 int err, fput_needed;
1da177e4
LT		 1971 struct socket *sock;
1972
89bddce5
SH		 1973 sock = sockfd_lookup_light(fd, &err, &fput_needed);
1974 if (sock != NULL) {
1da177e4 1975 err = security_socket_shutdown(sock, how);
6cb153ca
BL		 1976 if (!err)
1977 err = sock->ops->shutdown(sock, how);
1978 fput_light(sock->file, fput_needed);
1da177e4
LT		 1979 }
1980 return err;
1981}
1982
89bddce5 1983/* A couple of helpful macros for getting the address of the 32/64 bit
1da177e4
LT		 1984 * fields which are the same type (int / unsigned) on our platforms.
1985 */
1986#define COMPAT_MSG(msg, member) ((MSG_CMSG_COMPAT & flags) ? &msg##_compat->member : &msg->member)
1987#define COMPAT_NAMELEN(msg) COMPAT_MSG(msg, msg_namelen)
1988#define COMPAT_FLAGS(msg) COMPAT_MSG(msg, msg_flags)
1989
c71d8ebe
TH		 1990struct used_address {
1991 struct sockaddr_storage name;
1992 unsigned int name_len;
1993};
1994
1661bf36
DC		 1995static int copy_msghdr_from_user(struct msghdr *kmsg,
1996 struct msghdr __user *umsg)
1997{
1998 if (copy_from_user(kmsg, umsg, sizeof(struct msghdr)))
1999 return -EFAULT;
dbb490b9
ML		 2000
2001 if (kmsg->msg_namelen < 0)
2002 return -EINVAL;
2003
1661bf36 2004 if (kmsg->msg_namelen > sizeof(struct sockaddr_storage))
db31c55a 2005 kmsg->msg_namelen = sizeof(struct sockaddr_storage);
1661bf36
DC		 2006 return 0;
2007}
2008
a7526eb5 2009static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
95c96174 2010 struct msghdr *msg_sys, unsigned int flags,
c71d8ebe 2011 struct used_address *used_address)
1da177e4 2012{
89bddce5
SH		 2013 struct compat_msghdr __user *msg_compat =
2014 (struct compat_msghdr __user *)msg;
230b1839 2015 struct sockaddr_storage address;
1da177e4 2016 struct iovec iovstack[UIO_FASTIOV], *iov = iovstack;
b9d717a7 2017 unsigned char ctl[sizeof(struct cmsghdr) + 20]
89bddce5
SH		 2018 __attribute__ ((aligned(sizeof(__kernel_size_t))));
2019 /* 20 is size of ipv6_pktinfo */
1da177e4 2020 unsigned char *ctl_buf = ctl;
a74e9106 2021 int err, ctl_len, total_len;
89bddce5 2022
1da177e4
LT		 2023 err = -EFAULT;
2024 if (MSG_CMSG_COMPAT & flags) {
228e548e 2025 if (get_compat_msghdr(msg_sys, msg_compat))
1da177e4 2026 return -EFAULT;
1661bf36
DC		 2027 } else {
2028 err = copy_msghdr_from_user(msg_sys, msg);
2029 if (err)
2030 return err;
2031 }
1da177e4 2032
228e548e 2033 if (msg_sys->msg_iovlen > UIO_FASTIOV) {
a74e9106
ED		 2034 err = -EMSGSIZE;
2035 if (msg_sys->msg_iovlen > UIO_MAXIOV)
2036 goto out;
2037 err = -ENOMEM;
2038 iov = kmalloc(msg_sys->msg_iovlen * sizeof(struct iovec),
2039 GFP_KERNEL);
1da177e4 2040 if (!iov)
228e548e 2041 goto out;
1da177e4
LT		 2042 }
2043
2044 /* This will also move the address data into kernel space */
2045 if (MSG_CMSG_COMPAT & flags) {
43db362d 2046 err = verify_compat_iovec(msg_sys, iov, &address, VERIFY_READ);
1da177e4 2047 } else
43db362d 2048 err = verify_iovec(msg_sys, iov, &address, VERIFY_READ);
89bddce5 2049 if (err < 0)
1da177e4
LT		 2050 goto out_freeiov;
2051 total_len = err;
2052
2053 err = -ENOBUFS;
2054
228e548e 2055 if (msg_sys->msg_controllen > INT_MAX)
1da177e4 2056 goto out_freeiov;
228e548e 2057 ctl_len = msg_sys->msg_controllen;
1da177e4 2058 if ((MSG_CMSG_COMPAT & flags) && ctl_len) {
89bddce5 2059 err =
228e548e 2060 cmsghdr_from_user_compat_to_kern(msg_sys, sock->sk, ctl,
89bddce5 2061 sizeof(ctl));
1da177e4
LT		 2062 if (err)
2063 goto out_freeiov;
228e548e
AB		 2064 ctl_buf = msg_sys->msg_control;
2065 ctl_len = msg_sys->msg_controllen;
1da177e4 2066 } else if (ctl_len) {
89bddce5 2067 if (ctl_len > sizeof(ctl)) {
1da177e4 2068 ctl_buf = sock_kmalloc(sock->sk, ctl_len, GFP_KERNEL);
89bddce5 2069 if (ctl_buf == NULL)
1da177e4
LT		 2070 goto out_freeiov;
2071 }
2072 err = -EFAULT;
2073 /*
228e548e 2074 * Careful! Before this, msg_sys->msg_control contains a user pointer.
1da177e4
LT		 2075 * Afterwards, it will be a kernel pointer. Thus the compiler-assisted
2076 * checking falls down on this.
2077 */
fb8621bb 2078 if (copy_from_user(ctl_buf,
228e548e 2079 (void __user __force *)msg_sys->msg_control,
89bddce5 2080 ctl_len))
1da177e4 2081 goto out_freectl;
228e548e 2082 msg_sys->msg_control = ctl_buf;
1da177e4 2083 }
228e548e 2084 msg_sys->msg_flags = flags;
1da177e4
LT		 2085
2086 if (sock->file->f_flags & O_NONBLOCK)
228e548e 2087 msg_sys->msg_flags |= MSG_DONTWAIT;
c71d8ebe
TH		 2088 /*
2089 * If this is sendmmsg() and current destination address is same as
2090 * previously succeeded address, omit asking LSM's decision.
2091 * used_address->name_len is initialized to UINT_MAX so that the first
2092 * destination address never matches.
2093 */
bc909d9d
MD		 2094 if (used_address && msg_sys->msg_name &&
2095 used_address->name_len == msg_sys->msg_namelen &&
2096 !memcmp(&used_address->name, msg_sys->msg_name,
c71d8ebe
TH		 2097 used_address->name_len)) {
2098 err = sock_sendmsg_nosec(sock, msg_sys, total_len);
2099 goto out_freectl;
2100 }
2101 err = sock_sendmsg(sock, msg_sys, total_len);
2102 /*
2103 * If this is sendmmsg() and sending to current destination address was
2104 * successful, remember it.
2105 */
2106 if (used_address && err >= 0) {
2107 used_address->name_len = msg_sys->msg_namelen;
bc909d9d
MD		 2108 if (msg_sys->msg_name)
2109 memcpy(&used_address->name, msg_sys->msg_name,
2110 used_address->name_len);
c71d8ebe 2111 }
1da177e4
LT		 2112
2113out_freectl:
89bddce5 2114 if (ctl_buf != ctl)
1da177e4
LT		 2115 sock_kfree_s(sock->sk, ctl_buf, ctl_len);
2116out_freeiov:
2117 if (iov != iovstack)
a74e9106 2118 kfree(iov);
228e548e
AB		 2119out:
2120 return err;
2121}
2122
2123/*
2124 * BSD sendmsg interface
2125 */
2126
a7526eb5 2127long __sys_sendmsg(int fd, struct msghdr __user *msg, unsigned flags)
228e548e
AB		 2128{
2129 int fput_needed, err;
2130 struct msghdr msg_sys;
1be374a0
AL		 2131 struct socket *sock;
2132
1be374a0 2133 sock = sockfd_lookup_light(fd, &err, &fput_needed);
228e548e
AB		 2134 if (!sock)
2135 goto out;
2136
a7526eb5 2137 err = ___sys_sendmsg(sock, msg, &msg_sys, flags, NULL);
228e548e 2138
6cb153ca 2139 fput_light(sock->file, fput_needed);
89bddce5 2140out:
1da177e4
LT		 2141 return err;
2142}
2143
a7526eb5
AL		 2144SYSCALL_DEFINE3(sendmsg, int, fd, struct msghdr __user *, msg, unsigned int, flags)
2145{
2146 if (flags & MSG_CMSG_COMPAT)
2147 return -EINVAL;
2148 return __sys_sendmsg(fd, msg, flags);
2149}
2150
228e548e
AB		 2151/*
2152 * Linux sendmmsg interface
2153 */
2154
2155int __sys_sendmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen,
2156 unsigned int flags)
2157{
2158 int fput_needed, err, datagrams;
2159 struct socket *sock;
2160 struct mmsghdr __user *entry;
2161 struct compat_mmsghdr __user *compat_entry;
2162 struct msghdr msg_sys;
c71d8ebe 2163 struct used_address used_address;
228e548e 2164
98382f41
AB		 2165 if (vlen > UIO_MAXIOV)
2166 vlen = UIO_MAXIOV;
228e548e
AB		 2167
2168 datagrams = 0;
2169
2170 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2171 if (!sock)
2172 return err;
2173
c71d8ebe 2174 used_address.name_len = UINT_MAX;
228e548e
AB		 2175 entry = mmsg;
2176 compat_entry = (struct compat_mmsghdr __user *)mmsg;
728ffb86 2177 err = 0;
228e548e
AB		 2178
2179 while (datagrams < vlen) {
228e548e 2180 if (MSG_CMSG_COMPAT & flags) {
a7526eb5
AL		 2181 err = ___sys_sendmsg(sock, (struct msghdr __user *)compat_entry,
2182 &msg_sys, flags, &used_address);
228e548e
AB		 2183 if (err < 0)
2184 break;
2185 err = __put_user(err, &compat_entry->msg_len);
2186 ++compat_entry;
2187 } else {
a7526eb5
AL		 2188 err = ___sys_sendmsg(sock,
2189 (struct msghdr __user *)entry,
2190 &msg_sys, flags, &used_address);
228e548e
AB		 2191 if (err < 0)
2192 break;
2193 err = put_user(err, &entry->msg_len);
2194 ++entry;
2195 }
2196
2197 if (err)
2198 break;
2199 ++datagrams;
2200 }
2201
228e548e
AB		 2202 fput_light(sock->file, fput_needed);
2203
728ffb86
AB		 2204 /* We only return an error if no datagrams were able to be sent */
2205 if (datagrams != 0)
228e548e
AB		 2206 return datagrams;
2207
228e548e
AB		 2208 return err;
2209}
2210
2211SYSCALL_DEFINE4(sendmmsg, int, fd, struct mmsghdr __user *, mmsg,
2212 unsigned int, vlen, unsigned int, flags)
2213{
1be374a0
AL		 2214 if (flags & MSG_CMSG_COMPAT)
2215 return -EINVAL;
228e548e
AB		 2216 return __sys_sendmmsg(fd, mmsg, vlen, flags);
2217}
2218
a7526eb5 2219static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
95c96174 2220 struct msghdr *msg_sys, unsigned int flags, int nosec)
1da177e4 2221{
89bddce5
SH		 2222 struct compat_msghdr __user *msg_compat =
2223 (struct compat_msghdr __user *)msg;
1da177e4 2224 struct iovec iovstack[UIO_FASTIOV];
89bddce5 2225 struct iovec *iov = iovstack;
1da177e4 2226 unsigned long cmsg_ptr;
a74e9106 2227 int err, total_len, len;
1da177e4
LT		 2228
2229 /* kernel mode address */
230b1839 2230 struct sockaddr_storage addr;
1da177e4
LT		 2231
2232 /* user mode address pointers */
2233 struct sockaddr __user *uaddr;
2234 int __user *uaddr_len;
89bddce5 2235
1da177e4 2236 if (MSG_CMSG_COMPAT & flags) {
a2e27255 2237 if (get_compat_msghdr(msg_sys, msg_compat))
1da177e4 2238 return -EFAULT;
1661bf36
DC		 2239 } else {
2240 err = copy_msghdr_from_user(msg_sys, msg);
2241 if (err)
2242 return err;
2243 }
1da177e4 2244
a2e27255 2245 if (msg_sys->msg_iovlen > UIO_FASTIOV) {
a74e9106
ED		 2246 err = -EMSGSIZE;
2247 if (msg_sys->msg_iovlen > UIO_MAXIOV)
2248 goto out;
2249 err = -ENOMEM;
2250 iov = kmalloc(msg_sys->msg_iovlen * sizeof(struct iovec),
2251 GFP_KERNEL);
1da177e4 2252 if (!iov)
a2e27255 2253 goto out;
1da177e4
LT		 2254 }
2255
f3d33426
HFS		 2256 /* Save the user-mode address (verify_iovec will change the
2257 * kernel msghdr to use the kernel address space)
1da177e4 2258 */
a2e27255 2259 uaddr = (__force void __user *)msg_sys->msg_name;
1da177e4 2260 uaddr_len = COMPAT_NAMELEN(msg);
f3d33426 2261 if (MSG_CMSG_COMPAT & flags)
43db362d 2262 err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE);
f3d33426 2263 else
43db362d 2264 err = verify_iovec(msg_sys, iov, &addr, VERIFY_WRITE);
1da177e4
LT		 2265 if (err < 0)
2266 goto out_freeiov;
89bddce5 2267 total_len = err;
1da177e4 2268
a2e27255
ACM		 2269 cmsg_ptr = (unsigned long)msg_sys->msg_control;
2270 msg_sys->msg_flags = flags & (MSG_CMSG_CLOEXEC|MSG_CMSG_COMPAT);
89bddce5 2271
f3d33426
HFS		 2272 /* We assume all kernel code knows the size of sockaddr_storage */
2273 msg_sys->msg_namelen = 0;
2274
1da177e4
LT		 2275 if (sock->file->f_flags & O_NONBLOCK)
2276 flags |= MSG_DONTWAIT;
a2e27255
ACM		 2277 err = (nosec ? sock_recvmsg_nosec : sock_recvmsg)(sock, msg_sys,
2278 total_len, flags);
1da177e4
LT		 2279 if (err < 0)
2280 goto out_freeiov;
2281 len = err;
2282
2283 if (uaddr != NULL) {
43db362d 2284 err = move_addr_to_user(&addr,
a2e27255 2285 msg_sys->msg_namelen, uaddr,
89bddce5 2286 uaddr_len);
1da177e4
LT		 2287 if (err < 0)
2288 goto out_freeiov;
2289 }
a2e27255 2290 err = __put_user((msg_sys->msg_flags & ~MSG_CMSG_COMPAT),
37f7f421 2291 COMPAT_FLAGS(msg));
1da177e4
LT		 2292 if (err)
2293 goto out_freeiov;
2294 if (MSG_CMSG_COMPAT & flags)
a2e27255 2295 err = __put_user((unsigned long)msg_sys->msg_control - cmsg_ptr,
1da177e4
LT		 2296 &msg_compat->msg_controllen);
2297 else
a2e27255 2298 err = __put_user((unsigned long)msg_sys->msg_control - cmsg_ptr,
1da177e4
LT		 2299 &msg->msg_controllen);
2300 if (err)
2301 goto out_freeiov;
2302 err = len;
2303
2304out_freeiov:
2305 if (iov != iovstack)
a74e9106 2306 kfree(iov);
a2e27255
ACM		 2307out:
2308 return err;
2309}
2310
2311/*
2312 * BSD recvmsg interface
2313 */
2314
a7526eb5 2315long __sys_recvmsg(int fd, struct msghdr __user *msg, unsigned flags)
a2e27255
ACM		 2316{
2317 int fput_needed, err;
2318 struct msghdr msg_sys;
1be374a0
AL		 2319 struct socket *sock;
2320
1be374a0 2321 sock = sockfd_lookup_light(fd, &err, &fput_needed);
a2e27255
ACM		 2322 if (!sock)
2323 goto out;
2324
a7526eb5 2325 err = ___sys_recvmsg(sock, msg, &msg_sys, flags, 0);
a2e27255 2326
6cb153ca 2327 fput_light(sock->file, fput_needed);
1da177e4
LT		 2328out:
2329 return err;
2330}
2331
a7526eb5
AL		 2332SYSCALL_DEFINE3(recvmsg, int, fd, struct msghdr __user *, msg,
2333 unsigned int, flags)
2334{
2335 if (flags & MSG_CMSG_COMPAT)
2336 return -EINVAL;
2337 return __sys_recvmsg(fd, msg, flags);
2338}
2339
a2e27255
ACM		 2340/*
2341 * Linux recvmmsg interface
2342 */
2343
2344int __sys_recvmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen,
2345 unsigned int flags, struct timespec *timeout)
2346{
2347 int fput_needed, err, datagrams;
2348 struct socket *sock;
2349 struct mmsghdr __user *entry;
d7256d0e 2350 struct compat_mmsghdr __user *compat_entry;
a2e27255
ACM		 2351 struct msghdr msg_sys;
2352 struct timespec end_time;
2353
2354 if (timeout &&
2355 poll_select_set_timeout(&end_time, timeout->tv_sec,
2356 timeout->tv_nsec))
2357 return -EINVAL;
2358
2359 datagrams = 0;
2360
2361 sock = sockfd_lookup_light(fd, &err, &fput_needed);
2362 if (!sock)
2363 return err;
2364
2365 err = sock_error(sock->sk);
2366 if (err)
2367 goto out_put;
2368
2369 entry = mmsg;
d7256d0e 2370 compat_entry = (struct compat_mmsghdr __user *)mmsg;
a2e27255
ACM		 2371
2372 while (datagrams < vlen) {
2373 /*
2374 * No need to ask LSM for more than the first datagram.
2375 */
d7256d0e 2376 if (MSG_CMSG_COMPAT & flags) {
a7526eb5
AL		 2377 err = ___sys_recvmsg(sock, (struct msghdr __user *)compat_entry,
2378 &msg_sys, flags & ~MSG_WAITFORONE,
2379 datagrams);
d7256d0e
JMG		 2380 if (err < 0)
2381 break;
2382 err = __put_user(err, &compat_entry->msg_len);
2383 ++compat_entry;
2384 } else {
a7526eb5
AL		 2385 err = ___sys_recvmsg(sock,
2386 (struct msghdr __user *)entry,
2387 &msg_sys, flags & ~MSG_WAITFORONE,
2388 datagrams);
d7256d0e
JMG		 2389 if (err < 0)
2390 break;
2391 err = put_user(err, &entry->msg_len);
2392 ++entry;
2393 }
2394
a2e27255
ACM		 2395 if (err)
2396 break;
a2e27255
ACM		 2397 ++datagrams;
2398
71c5c159
BB		 2399 /* MSG_WAITFORONE turns on MSG_DONTWAIT after one packet */
2400 if (flags & MSG_WAITFORONE)
2401 flags |= MSG_DONTWAIT;
2402
a2e27255
ACM		 2403 if (timeout) {
2404 ktime_get_ts(timeout);
2405 *timeout = timespec_sub(end_time, *timeout);
2406 if (timeout->tv_sec < 0) {
2407 timeout->tv_sec = timeout->tv_nsec = 0;
2408 break;
2409 }
2410
2411 /* Timeout, return less than vlen datagrams */
2412 if (timeout->tv_nsec == 0 && timeout->tv_sec == 0)
2413 break;
2414 }
2415
2416 /* Out of band data, return right away */
2417 if (msg_sys.msg_flags & MSG_OOB)
2418 break;
2419 }
2420
2421out_put:
2422 fput_light(sock->file, fput_needed);
1da177e4 2423
a2e27255
ACM		 2424 if (err == 0)
2425 return datagrams;
2426
2427 if (datagrams != 0) {
2428 /*
2429 * We may return less entries than requested (vlen) if the
2430 * sock is non block and there aren't enough datagrams...
2431 */
2432 if (err != -EAGAIN) {
2433 /*
2434 * ... or if recvmsg returns an error after we
2435 * received some datagrams, where we record the
2436 * error to return on the next call or if the
2437 * app asks about it using getsockopt(SO_ERROR).
2438 */
2439 sock->sk->sk_err = -err;
2440 }
2441
2442 return datagrams;
2443 }
2444
2445 return err;
2446}
2447
2448SYSCALL_DEFINE5(recvmmsg, int, fd, struct mmsghdr __user *, mmsg,
2449 unsigned int, vlen, unsigned int, flags,
2450 struct timespec __user *, timeout)
2451{
2452 int datagrams;
2453 struct timespec timeout_sys;
2454
1be374a0
AL		 2455 if (flags & MSG_CMSG_COMPAT)
2456 return -EINVAL;
2457
a2e27255
ACM		 2458 if (!timeout)
2459 return __sys_recvmmsg(fd, mmsg, vlen, flags, NULL);
2460
2461 if (copy_from_user(&timeout_sys, timeout, sizeof(timeout_sys)))
2462 return -EFAULT;
2463
2464 datagrams = __sys_recvmmsg(fd, mmsg, vlen, flags, &timeout_sys);
2465
2466 if (datagrams > 0 &&
2467 copy_to_user(timeout, &timeout_sys, sizeof(timeout_sys)))
2468 datagrams = -EFAULT;
2469
2470 return datagrams;
2471}
2472
2473#ifdef __ARCH_WANT_SYS_SOCKETCALL
1da177e4
LT		 2474/* Argument list sizes for sys_socketcall */
2475#define AL(x) ((x) * sizeof(unsigned long))
228e548e 2476static const unsigned char nargs[21] = {
c6d409cf
ED		 2477 AL(0), AL(3), AL(3), AL(3), AL(2), AL(3),
2478 AL(3), AL(3), AL(4), AL(4), AL(4), AL(6),
2479 AL(6), AL(2), AL(5), AL(5), AL(3), AL(3),
228e548e 2480 AL(4), AL(5), AL(4)
89bddce5
SH		 2481};
2482
1da177e4
LT		 2483#undef AL
2484
2485/*
89bddce5 2486 * System call vectors.
1da177e4
LT		 2487 *
2488 * Argument checking cleaned up. Saved 20% in size.
2489 * This function doesn't need to set the kernel lock because
89bddce5 2490 * it is set by the callees.
1da177e4
LT		 2491 */
2492
3e0fa65f 2493SYSCALL_DEFINE2(socketcall, int, call, unsigned long __user *, args)
1da177e4 2494{
2950fa9d 2495 unsigned long a[AUDITSC_ARGS];
89bddce5 2496 unsigned long a0, a1;
1da177e4 2497 int err;
47379052 2498 unsigned int len;
1da177e4 2499
228e548e 2500 if (call < 1 || call > SYS_SENDMMSG)
1da177e4
LT		 2501 return -EINVAL;
2502
47379052
AV		 2503 len = nargs[call];
2504 if (len > sizeof(a))
2505 return -EINVAL;
2506
1da177e4 2507 /* copy_from_user should be SMP safe. */
47379052 2508 if (copy_from_user(a, args, len))
1da177e4 2509 return -EFAULT;
3ec3b2fb 2510
2950fa9d
CG		 2511 err = audit_socketcall(nargs[call] / sizeof(unsigned long), a);
2512 if (err)
2513 return err;
3ec3b2fb 2514
89bddce5
SH		 2515 a0 = a[0];
2516 a1 = a[1];
2517
2518 switch (call) {
2519 case SYS_SOCKET:
2520 err = sys_socket(a0, a1, a[2]);
2521 break;
2522 case SYS_BIND:
2523 err = sys_bind(a0, (struct sockaddr __user *)a1, a[2]);
2524 break;
2525 case SYS_CONNECT:
2526 err = sys_connect(a0, (struct sockaddr __user *)a1, a[2]);
2527 break;
2528 case SYS_LISTEN:
2529 err = sys_listen(a0, a1);
2530 break;
2531 case SYS_ACCEPT:
de11defe
UD		 2532 err = sys_accept4(a0, (struct sockaddr __user *)a1,
2533 (int __user *)a[2], 0);
89bddce5
SH		 2534 break;
2535 case SYS_GETSOCKNAME:
2536 err =
2537 sys_getsockname(a0, (struct sockaddr __user *)a1,
2538 (int __user *)a[2]);
2539 break;
2540 case SYS_GETPEERNAME:
2541 err =
2542 sys_getpeername(a0, (struct sockaddr __user *)a1,
2543 (int __user *)a[2]);
2544 break;
2545 case SYS_SOCKETPAIR:
2546 err = sys_socketpair(a0, a1, a[2], (int __user *)a[3]);
2547 break;
2548 case SYS_SEND:
2549 err = sys_send(a0, (void __user *)a1, a[2], a[3]);
2550 break;
2551 case SYS_SENDTO:
2552 err = sys_sendto(a0, (void __user *)a1, a[2], a[3],
2553 (struct sockaddr __user *)a[4], a[5]);
2554 break;
2555 case SYS_RECV:
2556 err = sys_recv(a0, (void __user *)a1, a[2], a[3]);
2557 break;
2558 case SYS_RECVFROM:
2559 err = sys_recvfrom(a0, (void __user *)a1, a[2], a[3],
2560 (struct sockaddr __user *)a[4],
2561 (int __user *)a[5]);
2562 break;
2563 case SYS_SHUTDOWN:
2564 err = sys_shutdown(a0, a1);
2565 break;
2566 case SYS_SETSOCKOPT:
2567 err = sys_setsockopt(a0, a1, a[2], (char __user *)a[3], a[4]);
2568 break;
2569 case SYS_GETSOCKOPT:
2570 err =
2571 sys_getsockopt(a0, a1, a[2], (char __user *)a[3],
2572 (int __user *)a[4]);
2573 break;
2574 case SYS_SENDMSG:
2575 err = sys_sendmsg(a0, (struct msghdr __user *)a1, a[2]);
2576 break;
228e548e
AB		 2577 case SYS_SENDMMSG:
2578 err = sys_sendmmsg(a0, (struct mmsghdr __user *)a1, a[2], a[3]);
2579 break;
89bddce5
SH		 2580 case SYS_RECVMSG:
2581 err = sys_recvmsg(a0, (struct msghdr __user *)a1, a[2]);
2582 break;
a2e27255
ACM		 2583 case SYS_RECVMMSG:
2584 err = sys_recvmmsg(a0, (struct mmsghdr __user *)a1, a[2], a[3],
2585 (struct timespec __user *)a[4]);
2586 break;
de11defe
UD		 2587 case SYS_ACCEPT4:
2588 err = sys_accept4(a0, (struct sockaddr __user *)a1,
2589 (int __user *)a[2], a[3]);
aaca0bdc 2590 break;
89bddce5
SH		 2591 default:
2592 err = -EINVAL;
2593 break;
1da177e4
LT		 2594 }
2595 return err;
2596}
2597
89bddce5 2598#endif /* __ARCH_WANT_SYS_SOCKETCALL */
1da177e4 2599
55737fda
SH		 2600/**
2601 * sock_register - add a socket protocol handler
2602 * @ops: description of protocol
2603 *
1da177e4
LT		 2604 * This function is called by a protocol handler that wants to
2605 * advertise its address family, and have it linked into the
55737fda
SH		 2606 * socket interface. The value ops->family coresponds to the
2607 * socket system call protocol family.
1da177e4 2608 */
f0fd27d4 2609int sock_register(const struct net_proto_family *ops)
1da177e4
LT		 2610{
2611 int err;
2612
2613 if (ops->family >= NPROTO) {
3410f22e 2614 pr_crit("protocol %d >= NPROTO(%d)\n", ops->family, NPROTO);
1da177e4
LT		 2615 return -ENOBUFS;
2616 }
55737fda
SH		 2617
2618 spin_lock(&net_family_lock);
190683a9
ED		 2619 if (rcu_dereference_protected(net_families[ops->family],
2620 lockdep_is_held(&net_family_lock)))
55737fda
SH		 2621 err = -EEXIST;
2622 else {
cf778b00 2623 rcu_assign_pointer(net_families[ops->family], ops);
1da177e4
LT		 2624 err = 0;
2625 }
55737fda
SH		 2626 spin_unlock(&net_family_lock);
2627
3410f22e 2628 pr_info("NET: Registered protocol family %d\n", ops->family);
1da177e4
LT		 2629 return err;
2630}
c6d409cf 2631EXPORT_SYMBOL(sock_register);
1da177e4 2632
55737fda
SH		 2633/**
2634 * sock_unregister - remove a protocol handler
2635 * @family: protocol family to remove
2636 *
1da177e4
LT		 2637 * This function is called by a protocol handler that wants to
2638 * remove its address family, and have it unlinked from the
55737fda
SH		 2639 * new socket creation.
2640 *
2641 * If protocol handler is a module, then it can use module reference
2642 * counts to protect against new references. If protocol handler is not
2643 * a module then it needs to provide its own protection in
2644 * the ops->create routine.
1da177e4 2645 */
f0fd27d4 2646void sock_unregister(int family)
1da177e4 2647{
f0fd27d4 2648 BUG_ON(family < 0 || family >= NPROTO);
1da177e4 2649
55737fda 2650 spin_lock(&net_family_lock);
a9b3cd7f 2651 RCU_INIT_POINTER(net_families[family], NULL);
55737fda
SH		 2652 spin_unlock(&net_family_lock);
2653
2654 synchronize_rcu();
2655
3410f22e 2656 pr_info("NET: Unregistered protocol family %d\n", family);
1da177e4 2657}
c6d409cf 2658EXPORT_SYMBOL(sock_unregister);
1da177e4 2659
77d76ea3 2660static int __init sock_init(void)
1da177e4 2661{
b3e19d92 2662 int err;
2ca794e5
EB		 2663 /*
2664 * Initialize the network sysctl infrastructure.
2665 */
2666 err = net_sysctl_init();
2667 if (err)
2668 goto out;
b3e19d92 2669
1da177e4 2670 /*
89bddce5 2671 * Initialize skbuff SLAB cache
1da177e4
LT		 2672 */
2673 skb_init();
1da177e4
LT		 2674
2675 /*
89bddce5 2676 * Initialize the protocols module.
1da177e4
LT		 2677 */
2678
2679 init_inodecache();
b3e19d92
NP		 2680
2681 err = register_filesystem(&sock_fs_type);
2682 if (err)
2683 goto out_fs;
1da177e4 2684 sock_mnt = kern_mount(&sock_fs_type);
b3e19d92
NP		 2685 if (IS_ERR(sock_mnt)) {
2686 err = PTR_ERR(sock_mnt);
2687 goto out_mount;
2688 }
77d76ea3
AK		 2689
2690 /* The real protocol initialization is performed in later initcalls.
1da177e4
LT		 2691 */
2692
2693#ifdef CONFIG_NETFILTER
6d11cfdb
PNA		 2694 err = netfilter_init();
2695 if (err)
2696 goto out;
1da177e4 2697#endif
cbeb321a 2698
408eccce 2699 ptp_classifier_init();
c1f19b51 2700
b3e19d92
NP		 2701out:
2702 return err;
2703
2704out_mount:
2705 unregister_filesystem(&sock_fs_type);
2706out_fs:
2707 goto out;
1da177e4
LT		 2708}
2709
77d76ea3
AK		 2710core_initcall(sock_init); /* early initcall */
2711
1da177e4
LT		 2712#ifdef CONFIG_PROC_FS
2713void socket_seq_show(struct seq_file *seq)
2714{
2715 int cpu;
2716 int counter = 0;
2717
6f912042 2718 for_each_possible_cpu(cpu)
89bddce5 2719 counter += per_cpu(sockets_in_use, cpu);
1da177e4
LT		 2720
2721 /* It can be negative, by the way. 8) */
2722 if (counter < 0)
2723 counter = 0;
2724
2725 seq_printf(seq, "sockets: used %d\n", counter);
2726}
89bddce5 2727#endif /* CONFIG_PROC_FS */
1da177e4 2728
89bbfc95 2729#ifdef CONFIG_COMPAT
6b96018b 2730static int do_siocgstamp(struct net *net, struct socket *sock,
644595f8 2731 unsigned int cmd, void __user *up)
7a229387 2732{
7a229387
AB		 2733 mm_segment_t old_fs = get_fs();
2734 struct timeval ktv;
2735 int err;
2736
2737 set_fs(KERNEL_DS);
6b96018b 2738 err = sock_do_ioctl(net, sock, cmd, (unsigned long)&ktv);
7a229387 2739 set_fs(old_fs);
644595f8 2740 if (!err)
ed6fe9d6 2741 err = compat_put_timeval(&ktv, up);
644595f8 2742
7a229387
AB		 2743 return err;
2744}
2745
6b96018b 2746static int do_siocgstampns(struct net *net, struct socket *sock,
644595f8 2747 unsigned int cmd, void __user *up)
7a229387 2748{
7a229387
AB		 2749 mm_segment_t old_fs = get_fs();
2750 struct timespec kts;
2751 int err;
2752
2753 set_fs(KERNEL_DS);
6b96018b 2754 err = sock_do_ioctl(net, sock, cmd, (unsigned long)&kts);
7a229387 2755 set_fs(old_fs);
644595f8 2756 if (!err)
ed6fe9d6 2757 err = compat_put_timespec(&kts, up);
644595f8 2758
7a229387
AB		 2759 return err;
2760}
2761
6b96018b 2762static int dev_ifname32(struct net *net, struct compat_ifreq __user *uifr32)
7a229387
AB		 2763{
2764 struct ifreq __user *uifr;
2765 int err;
2766
2767 uifr = compat_alloc_user_space(sizeof(struct ifreq));
6b96018b 2768 if (copy_in_user(uifr, uifr32, sizeof(struct compat_ifreq)))
7a229387
AB		 2769 return -EFAULT;
2770
6b96018b 2771 err = dev_ioctl(net, SIOCGIFNAME, uifr);
7a229387
AB		 2772 if (err)
2773 return err;
2774
6b96018b 2775 if (copy_in_user(uifr32, uifr, sizeof(struct compat_ifreq)))
7a229387
AB		 2776 return -EFAULT;
2777
2778 return 0;
2779}
2780
6b96018b 2781static int dev_ifconf(struct net *net, struct compat_ifconf __user *uifc32)
7a229387 2782{
6b96018b 2783 struct compat_ifconf ifc32;
7a229387
AB		 2784 struct ifconf ifc;
2785 struct ifconf __user *uifc;
6b96018b 2786 struct compat_ifreq __user *ifr32;
7a229387
AB		 2787 struct ifreq __user *ifr;
2788 unsigned int i, j;
2789 int err;
2790
6b96018b 2791 if (copy_from_user(&ifc32, uifc32, sizeof(struct compat_ifconf)))
7a229387
AB		 2792 return -EFAULT;
2793
43da5f2e 2794 memset(&ifc, 0, sizeof(ifc));
7a229387
AB		 2795 if (ifc32.ifcbuf == 0) {
2796 ifc32.ifc_len = 0;
2797 ifc.ifc_len = 0;
2798 ifc.ifc_req = NULL;
2799 uifc = compat_alloc_user_space(sizeof(struct ifconf));
2800 } else {
c6d409cf
ED		 2801 size_t len = ((ifc32.ifc_len / sizeof(struct compat_ifreq)) + 1) *
2802 sizeof(struct ifreq);
7a229387
AB		 2803 uifc = compat_alloc_user_space(sizeof(struct ifconf) + len);
2804 ifc.ifc_len = len;
2805 ifr = ifc.ifc_req = (void __user *)(uifc + 1);
2806 ifr32 = compat_ptr(ifc32.ifcbuf);
c6d409cf 2807 for (i = 0; i < ifc32.ifc_len; i += sizeof(struct compat_ifreq)) {
6b96018b 2808 if (copy_in_user(ifr, ifr32, sizeof(struct compat_ifreq)))
7a229387
AB		 2809 return -EFAULT;
2810 ifr++;
2811 ifr32++;
2812 }
2813 }
2814 if (copy_to_user(uifc, &ifc, sizeof(struct ifconf)))
2815 return -EFAULT;
2816
6b96018b 2817 err = dev_ioctl(net, SIOCGIFCONF, uifc);
7a229387
AB		 2818 if (err)
2819 return err;
2820
2821 if (copy_from_user(&ifc, uifc, sizeof(struct ifconf)))
2822 return -EFAULT;
2823
2824 ifr = ifc.ifc_req;
2825 ifr32 = compat_ptr(ifc32.ifcbuf);
2826 for (i = 0, j = 0;
c6d409cf
ED		 2827 i + sizeof(struct compat_ifreq) <= ifc32.ifc_len && j < ifc.ifc_len;
2828 i += sizeof(struct compat_ifreq), j += sizeof(struct ifreq)) {
2829 if (copy_in_user(ifr32, ifr, sizeof(struct compat_ifreq)))
7a229387
AB		 2830 return -EFAULT;
2831 ifr32++;
2832 ifr++;
2833 }
2834
2835 if (ifc32.ifcbuf == 0) {
2836 /* Translate from 64-bit structure multiple to
2837 * a 32-bit one.
2838 */
2839 i = ifc.ifc_len;
6b96018b 2840 i = ((i / sizeof(struct ifreq)) * sizeof(struct compat_ifreq));
7a229387
AB		 2841 ifc32.ifc_len = i;
2842 } else {
2843 ifc32.ifc_len = i;
2844 }
6b96018b 2845 if (copy_to_user(uifc32, &ifc32, sizeof(struct compat_ifconf)))
7a229387
AB		 2846 return -EFAULT;
2847
2848 return 0;
2849}
2850
6b96018b 2851static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
7a229387 2852{
3a7da39d
BH		 2853 struct compat_ethtool_rxnfc __user *compat_rxnfc;
2854 bool convert_in = false, convert_out = false;
2855 size_t buf_size = ALIGN(sizeof(struct ifreq), 8);
2856 struct ethtool_rxnfc __user *rxnfc;
7a229387 2857 struct ifreq __user *ifr;
3a7da39d
BH		 2858 u32 rule_cnt = 0, actual_rule_cnt;
2859 u32 ethcmd;
7a229387 2860 u32 data;
3a7da39d 2861 int ret;
7a229387 2862
3a7da39d
BH		 2863 if (get_user(data, &ifr32->ifr_ifru.ifru_data))
2864 return -EFAULT;
7a229387 2865
3a7da39d
BH		 2866 compat_rxnfc = compat_ptr(data);
2867
2868 if (get_user(ethcmd, &compat_rxnfc->cmd))
7a229387
AB		 2869 return -EFAULT;
2870
3a7da39d
BH		 2871 /* Most ethtool structures are defined without padding.
2872 * Unfortunately struct ethtool_rxnfc is an exception.
2873 */
2874 switch (ethcmd) {
2875 default:
2876 break;
2877 case ETHTOOL_GRXCLSRLALL:
2878 /* Buffer size is variable */
2879 if (get_user(rule_cnt, &compat_rxnfc->rule_cnt))
2880 return -EFAULT;
2881 if (rule_cnt > KMALLOC_MAX_SIZE / sizeof(u32))
2882 return -ENOMEM;
2883 buf_size += rule_cnt * sizeof(u32);
2884 /* fall through */
2885 case ETHTOOL_GRXRINGS:
2886 case ETHTOOL_GRXCLSRLCNT:
2887 case ETHTOOL_GRXCLSRULE:
55664f32 2888 case ETHTOOL_SRXCLSRLINS:
3a7da39d
BH		 2889 convert_out = true;
2890 /* fall through */
2891 case ETHTOOL_SRXCLSRLDEL:
3a7da39d
BH		 2892 buf_size += sizeof(struct ethtool_rxnfc);
2893 convert_in = true;
2894 break;
2895 }
2896
2897 ifr = compat_alloc_user_space(buf_size);
954b1244 2898 rxnfc = (void __user *)ifr + ALIGN(sizeof(struct ifreq), 8);
3a7da39d
BH		 2899
2900 if (copy_in_user(&ifr->ifr_name, &ifr32->ifr_name, IFNAMSIZ))
7a229387
AB		 2901 return -EFAULT;
2902
3a7da39d
BH		 2903 if (put_user(convert_in ? rxnfc : compat_ptr(data),
2904 &ifr->ifr_ifru.ifru_data))
7a229387
AB		 2905 return -EFAULT;
2906
3a7da39d 2907 if (convert_in) {
127fe533 2908 /* We expect there to be holes between fs.m_ext and
3a7da39d
BH		 2909 * fs.ring_cookie and at the end of fs, but nowhere else.
2910 */
127fe533
AD		 2911 BUILD_BUG_ON(offsetof(struct compat_ethtool_rxnfc, fs.m_ext) +
2912 sizeof(compat_rxnfc->fs.m_ext) !=
2913 offsetof(struct ethtool_rxnfc, fs.m_ext) +
2914 sizeof(rxnfc->fs.m_ext));
3a7da39d
BH		 2915 BUILD_BUG_ON(
2916 offsetof(struct compat_ethtool_rxnfc, fs.location) -
2917 offsetof(struct compat_ethtool_rxnfc, fs.ring_cookie) !=
2918 offsetof(struct ethtool_rxnfc, fs.location) -
2919 offsetof(struct ethtool_rxnfc, fs.ring_cookie));
2920
2921 if (copy_in_user(rxnfc, compat_rxnfc,
954b1244
SH		 2922 (void __user *)(&rxnfc->fs.m_ext + 1) -
2923 (void __user *)rxnfc) ||
3a7da39d
BH		 2924 copy_in_user(&rxnfc->fs.ring_cookie,
2925 &compat_rxnfc->fs.ring_cookie,
954b1244
SH		 2926 (void __user *)(&rxnfc->fs.location + 1) -
2927 (void __user *)&rxnfc->fs.ring_cookie) ||
3a7da39d
BH		 2928 copy_in_user(&rxnfc->rule_cnt, &compat_rxnfc->rule_cnt,
2929 sizeof(rxnfc->rule_cnt)))
2930 return -EFAULT;
2931 }
2932
2933 ret = dev_ioctl(net, SIOCETHTOOL, ifr);
2934 if (ret)
2935 return ret;
2936
2937 if (convert_out) {
2938 if (copy_in_user(compat_rxnfc, rxnfc,
954b1244
SH		 2939 (const void __user *)(&rxnfc->fs.m_ext + 1) -
2940 (const void __user *)rxnfc) ||
3a7da39d
BH		 2941 copy_in_user(&compat_rxnfc->fs.ring_cookie,
2942 &rxnfc->fs.ring_cookie,
954b1244
SH		 2943 (const void __user *)(&rxnfc->fs.location + 1) -
2944 (const void __user *)&rxnfc->fs.ring_cookie) ||
3a7da39d
BH		 2945 copy_in_user(&compat_rxnfc->rule_cnt, &rxnfc->rule_cnt,
2946 sizeof(rxnfc->rule_cnt)))
2947 return -EFAULT;
2948
2949 if (ethcmd == ETHTOOL_GRXCLSRLALL) {
2950 /* As an optimisation, we only copy the actual
2951 * number of rules that the underlying
2952 * function returned. Since Mallory might
2953 * change the rule count in user memory, we
2954 * check that it is less than the rule count
2955 * originally given (as the user buffer size),
2956 * which has been range-checked.
2957 */
2958 if (get_user(actual_rule_cnt, &rxnfc->rule_cnt))
2959 return -EFAULT;
2960 if (actual_rule_cnt < rule_cnt)
2961 rule_cnt = actual_rule_cnt;
2962 if (copy_in_user(&compat_rxnfc->rule_locs[0],
2963 &rxnfc->rule_locs[0],
2964 rule_cnt * sizeof(u32)))
2965 return -EFAULT;
2966 }
2967 }
2968
2969 return 0;
7a229387
AB		 2970}
2971
7a50a240
AB		 2972static int compat_siocwandev(struct net *net, struct compat_ifreq __user *uifr32)
2973{
2974 void __user *uptr;
2975 compat_uptr_t uptr32;
2976 struct ifreq __user *uifr;
2977
c6d409cf 2978 uifr = compat_alloc_user_space(sizeof(*uifr));
7a50a240
AB		 2979 if (copy_in_user(uifr, uifr32, sizeof(struct compat_ifreq)))
2980 return -EFAULT;
2981
2982 if (get_user(uptr32, &uifr32->ifr_settings.ifs_ifsu))
2983 return -EFAULT;
2984
2985 uptr = compat_ptr(uptr32);
2986
2987 if (put_user(uptr, &uifr->ifr_settings.ifs_ifsu.raw_hdlc))
2988 return -EFAULT;
2989
2990 return dev_ioctl(net, SIOCWANDEV, uifr);
2991}
2992
6b96018b
AB		 2993static int bond_ioctl(struct net *net, unsigned int cmd,
2994 struct compat_ifreq __user *ifr32)
7a229387
AB		 2995{
2996 struct ifreq kifr;
7a229387
AB		 2997 mm_segment_t old_fs;
2998 int err;
7a229387
AB		 2999
3000 switch (cmd) {
3001 case SIOCBONDENSLAVE:
3002 case SIOCBONDRELEASE:
3003 case SIOCBONDSETHWADDR:
3004 case SIOCBONDCHANGEACTIVE:
6b96018b 3005 if (copy_from_user(&kifr, ifr32, sizeof(struct compat_ifreq)))
7a229387
AB		 3006 return -EFAULT;
3007
3008 old_fs = get_fs();
c6d409cf 3009 set_fs(KERNEL_DS);
c3f52ae6 3010 err = dev_ioctl(net, cmd,
3011 (struct ifreq __user __force *) &kifr);
c6d409cf 3012 set_fs(old_fs);
7a229387
AB		 3013
3014 return err;
7a229387 3015 default:
07d106d0 3016 return -ENOIOCTLCMD;
ccbd6a5a 3017 }
7a229387
AB		 3018}
3019
590d4693
BH		 3020/* Handle ioctls that use ifreq::ifr_data and just need struct ifreq converted */
3021static int compat_ifr_data_ioctl(struct net *net, unsigned int cmd,
6b96018b 3022 struct compat_ifreq __user *u_ifreq32)
7a229387
AB		 3023{
3024 struct ifreq __user *u_ifreq64;
7a229387
AB		 3025 char tmp_buf[IFNAMSIZ];
3026 void __user *data64;
3027 u32 data32;
3028
3029 if (copy_from_user(&tmp_buf[0], &(u_ifreq32->ifr_ifrn.ifrn_name[0]),
3030 IFNAMSIZ))
3031 return -EFAULT;
417c3522 3032 if (get_user(data32, &u_ifreq32->ifr_ifru.ifru_data))
7a229387
AB		 3033 return -EFAULT;
3034 data64 = compat_ptr(data32);
3035
3036 u_ifreq64 = compat_alloc_user_space(sizeof(*u_ifreq64));
3037
7a229387
AB		 3038 if (copy_to_user(&u_ifreq64->ifr_ifrn.ifrn_name[0], &tmp_buf[0],
3039 IFNAMSIZ))
3040 return -EFAULT;
417c3522 3041 if (put_user(data64, &u_ifreq64->ifr_ifru.ifru_data))
7a229387
AB		 3042 return -EFAULT;
3043
6b96018b 3044 return dev_ioctl(net, cmd, u_ifreq64);
7a229387
AB		 3045}
3046
6b96018b
AB		 3047static int dev_ifsioc(struct net *net, struct socket *sock,
3048 unsigned int cmd, struct compat_ifreq __user *uifr32)
7a229387 3049{
a2116ed2 3050 struct ifreq __user *uifr;
7a229387
AB		 3051 int err;
3052
a2116ed2
AB		 3053 uifr = compat_alloc_user_space(sizeof(*uifr));
3054 if (copy_in_user(uifr, uifr32, sizeof(*uifr32)))
3055 return -EFAULT;
3056
3057 err = sock_do_ioctl(net, sock, cmd, (unsigned long)uifr);
3058
7a229387
AB		 3059 if (!err) {
3060 switch (cmd) {
3061 case SIOCGIFFLAGS:
3062 case SIOCGIFMETRIC:
3063 case SIOCGIFMTU:
3064 case SIOCGIFMEM:
3065 case SIOCGIFHWADDR:
3066 case SIOCGIFINDEX:
3067 case SIOCGIFADDR:
3068 case SIOCGIFBRDADDR:
3069 case SIOCGIFDSTADDR:
3070 case SIOCGIFNETMASK:
fab2532b 3071 case SIOCGIFPFLAGS:
7a229387 3072 case SIOCGIFTXQLEN:
fab2532b
AB		 3073 case SIOCGMIIPHY:
3074 case SIOCGMIIREG:
a2116ed2 3075 if (copy_in_user(uifr32, uifr, sizeof(*uifr32)))
7a229387
AB		 3076 err = -EFAULT;
3077 break;
3078 }
3079 }
3080 return err;
3081}
3082
a2116ed2
AB		 3083static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
3084 struct compat_ifreq __user *uifr32)
3085{
3086 struct ifreq ifr;
3087 struct compat_ifmap __user *uifmap32;
3088 mm_segment_t old_fs;
3089 int err;
3090
3091 uifmap32 = &uifr32->ifr_ifru.ifru_map;
3092 err = copy_from_user(&ifr, uifr32, sizeof(ifr.ifr_name));
3ddc5b46
MD		 3093 err |= get_user(ifr.ifr_map.mem_start, &uifmap32->mem_start);
3094 err |= get_user(ifr.ifr_map.mem_end, &uifmap32->mem_end);
3095 err |= get_user(ifr.ifr_map.base_addr, &uifmap32->base_addr);
3096 err |= get_user(ifr.ifr_map.irq, &uifmap32->irq);
3097 err |= get_user(ifr.ifr_map.dma, &uifmap32->dma);
3098 err |= get_user(ifr.ifr_map.port, &uifmap32->port);
a2116ed2
AB		 3099 if (err)
3100 return -EFAULT;
3101
3102 old_fs = get_fs();
c6d409cf 3103 set_fs(KERNEL_DS);
c3f52ae6 3104 err = dev_ioctl(net, cmd, (void __user __force *)&ifr);
c6d409cf 3105 set_fs(old_fs);
a2116ed2
AB		 3106
3107 if (cmd == SIOCGIFMAP && !err) {
3108 err = copy_to_user(uifr32, &ifr, sizeof(ifr.ifr_name));
3ddc5b46
MD		 3109 err |= put_user(ifr.ifr_map.mem_start, &uifmap32->mem_start);
3110 err |= put_user(ifr.ifr_map.mem_end, &uifmap32->mem_end);
3111 err |= put_user(ifr.ifr_map.base_addr, &uifmap32->base_addr);
3112 err |= put_user(ifr.ifr_map.irq, &uifmap32->irq);
3113 err |= put_user(ifr.ifr_map.dma, &uifmap32->dma);
3114 err |= put_user(ifr.ifr_map.port, &uifmap32->port);
a2116ed2
AB		 3115 if (err)
3116 err = -EFAULT;
3117 }
3118 return err;
3119}
3120
7a229387 3121struct rtentry32 {
c6d409cf 3122 u32 rt_pad1;
7a229387
AB		 3123 struct sockaddr rt_dst; /* target address */
3124 struct sockaddr rt_gateway; /* gateway addr (RTF_GATEWAY) */
3125 struct sockaddr rt_genmask; /* target network mask (IP) */
c6d409cf
ED		 3126 unsigned short rt_flags;
3127 short rt_pad2;
3128 u32 rt_pad3;
3129 unsigned char rt_tos;
3130 unsigned char rt_class;
3131 short rt_pad4;
3132 short rt_metric; /* +1 for binary compatibility! */
7a229387 3133 /* char * */ u32 rt_dev; /* forcing the device at add */
c6d409cf
ED		 3134 u32 rt_mtu; /* per route MTU/Window */
3135 u32 rt_window; /* Window clamping */
7a229387
AB		 3136 unsigned short rt_irtt; /* Initial RTT */
3137};
3138
3139struct in6_rtmsg32 {
3140 struct in6_addr rtmsg_dst;
3141 struct in6_addr rtmsg_src;
3142 struct in6_addr rtmsg_gateway;
3143 u32 rtmsg_type;
3144 u16 rtmsg_dst_len;
3145 u16 rtmsg_src_len;
3146 u32 rtmsg_metric;
3147 u32 rtmsg_info;
3148 u32 rtmsg_flags;
3149 s32 rtmsg_ifindex;
3150};
3151
6b96018b
AB		 3152static int routing_ioctl(struct net *net, struct socket *sock,
3153 unsigned int cmd, void __user *argp)
7a229387
AB		 3154{
3155 int ret;
3156 void *r = NULL;
3157 struct in6_rtmsg r6;
3158 struct rtentry r4;
3159 char devname[16];
3160 u32 rtdev;
3161 mm_segment_t old_fs = get_fs();
3162
6b96018b
AB		 3163 if (sock && sock->sk && sock->sk->sk_family == AF_INET6) { /* ipv6 */
3164 struct in6_rtmsg32 __user *ur6 = argp;
c6d409cf 3165 ret = copy_from_user(&r6.rtmsg_dst, &(ur6->rtmsg_dst),
7a229387 3166 3 * sizeof(struct in6_addr));
3ddc5b46
MD		 3167 ret |= get_user(r6.rtmsg_type, &(ur6->rtmsg_type));
3168 ret |= get_user(r6.rtmsg_dst_len, &(ur6->rtmsg_dst_len));
3169 ret |= get_user(r6.rtmsg_src_len, &(ur6->rtmsg_src_len));
3170 ret |= get_user(r6.rtmsg_metric, &(ur6->rtmsg_metric));
3171 ret |= get_user(r6.rtmsg_info, &(ur6->rtmsg_info));
3172 ret |= get_user(r6.rtmsg_flags, &(ur6->rtmsg_flags));
3173 ret |= get_user(r6.rtmsg_ifindex, &(ur6->rtmsg_ifindex));
7a229387
AB		 3174
3175 r = (void *) &r6;
3176 } else { /* ipv4 */
6b96018b 3177 struct rtentry32 __user *ur4 = argp;
c6d409cf 3178 ret = copy_from_user(&r4.rt_dst, &(ur4->rt_dst),
7a229387 3179 3 * sizeof(struct sockaddr));
3ddc5b46
MD		 3180 ret |= get_user(r4.rt_flags, &(ur4->rt_flags));
3181 ret |= get_user(r4.rt_metric, &(ur4->rt_metric));
3182 ret |= get_user(r4.rt_mtu, &(ur4->rt_mtu));
3183 ret |= get_user(r4.rt_window, &(ur4->rt_window));
3184 ret |= get_user(r4.rt_irtt, &(ur4->rt_irtt));
3185 ret |= get_user(rtdev, &(ur4->rt_dev));
7a229387 3186 if (rtdev) {
c6d409cf 3187 ret |= copy_from_user(devname, compat_ptr(rtdev), 15);
c3f52ae6 3188 r4.rt_dev = (char __user __force *)devname;
3189 devname[15] = 0;
7a229387
AB		 3190 } else
3191 r4.rt_dev = NULL;
3192
3193 r = (void *) &r4;
3194 }
3195
3196 if (ret) {
3197 ret = -EFAULT;
3198 goto out;
3199 }
3200
c6d409cf 3201 set_fs(KERNEL_DS);
6b96018b 3202 ret = sock_do_ioctl(net, sock, cmd, (unsigned long) r);
c6d409cf 3203 set_fs(old_fs);
7a229387
AB		 3204
3205out:
7a229387
AB		 3206 return ret;
3207}
3208
3209/* Since old style bridge ioctl's endup using SIOCDEVPRIVATE
3210 * for some operations; this forces use of the newer bridge-utils that
25985edc 3211 * use compatible ioctls
7a229387 3212 */
6b96018b 3213static int old_bridge_ioctl(compat_ulong_t __user *argp)
7a229387 3214{
6b96018b 3215 compat_ulong_t tmp;
7a229387 3216
6b96018b 3217 if (get_user(tmp, argp))
7a229387
AB		 3218 return -EFAULT;
3219 if (tmp == BRCTL_GET_VERSION)
3220 return BRCTL_VERSION + 1;
3221 return -EINVAL;
3222}
3223
6b96018b
AB		 3224static int compat_sock_ioctl_trans(struct file *file, struct socket *sock,
3225 unsigned int cmd, unsigned long arg)
3226{
3227 void __user *argp = compat_ptr(arg);
3228 struct sock *sk = sock->sk;
3229 struct net *net = sock_net(sk);
7a229387 3230
6b96018b 3231 if (cmd >= SIOCDEVPRIVATE && cmd <= (SIOCDEVPRIVATE + 15))
590d4693 3232 return compat_ifr_data_ioctl(net, cmd, argp);
6b96018b
AB		 3233
3234 switch (cmd) {
3235 case SIOCSIFBR:
3236 case SIOCGIFBR:
3237 return old_bridge_ioctl(argp);
3238 case SIOCGIFNAME:
3239 return dev_ifname32(net, argp);
3240 case SIOCGIFCONF:
3241 return dev_ifconf(net, argp);
3242 case SIOCETHTOOL:
3243 return ethtool_ioctl(net, argp);
7a50a240
AB		 3244 case SIOCWANDEV:
3245 return compat_siocwandev(net, argp);
a2116ed2
AB		 3246 case SIOCGIFMAP:
3247 case SIOCSIFMAP:
3248 return compat_sioc_ifmap(net, cmd, argp);
6b96018b
AB		 3249 case SIOCBONDENSLAVE:
3250 case SIOCBONDRELEASE:
3251 case SIOCBONDSETHWADDR:
6b96018b
AB		 3252 case SIOCBONDCHANGEACTIVE:
3253 return bond_ioctl(net, cmd, argp);
3254 case SIOCADDRT:
3255 case SIOCDELRT:
3256 return routing_ioctl(net, sock, cmd, argp);
3257 case SIOCGSTAMP:
3258 return do_siocgstamp(net, sock, cmd, argp);
3259 case SIOCGSTAMPNS:
3260 return do_siocgstampns(net, sock, cmd, argp);
590d4693
BH		 3261 case SIOCBONDSLAVEINFOQUERY:
3262 case SIOCBONDINFOQUERY:
a2116ed2 3263 case SIOCSHWTSTAMP:
fd468c74 3264 case SIOCGHWTSTAMP:
590d4693 3265 return compat_ifr_data_ioctl(net, cmd, argp);
6b96018b
AB		 3266
3267 case FIOSETOWN:
3268 case SIOCSPGRP:
3269 case FIOGETOWN:
3270 case SIOCGPGRP:
3271 case SIOCBRADDBR:
3272 case SIOCBRDELBR:
3273 case SIOCGIFVLAN:
3274 case SIOCSIFVLAN:
3275 case SIOCADDDLCI:
3276 case SIOCDELDLCI:
3277 return sock_ioctl(file, cmd, arg);
3278
3279 case SIOCGIFFLAGS:
3280 case SIOCSIFFLAGS:
3281 case SIOCGIFMETRIC:
3282 case SIOCSIFMETRIC:
3283 case SIOCGIFMTU:
3284 case SIOCSIFMTU:
3285 case SIOCGIFMEM:
3286 case SIOCSIFMEM:
3287 case SIOCGIFHWADDR:
3288 case SIOCSIFHWADDR:
3289 case SIOCADDMULTI:
3290 case SIOCDELMULTI:
3291 case SIOCGIFINDEX:
6b96018b
AB		 3292 case SIOCGIFADDR:
3293 case SIOCSIFADDR:
3294 case SIOCSIFHWBROADCAST:
6b96018b 3295 case SIOCDIFADDR:
6b96018b
AB		 3296 case SIOCGIFBRDADDR:
3297 case SIOCSIFBRDADDR:
3298 case SIOCGIFDSTADDR:
3299 case SIOCSIFDSTADDR:
3300 case SIOCGIFNETMASK:
3301 case SIOCSIFNETMASK:
3302 case SIOCSIFPFLAGS:
3303 case SIOCGIFPFLAGS:
3304 case SIOCGIFTXQLEN:
3305 case SIOCSIFTXQLEN:
3306 case SIOCBRADDIF:
3307 case SIOCBRDELIF:
9177efd3
AB		 3308 case SIOCSIFNAME:
3309 case SIOCGMIIPHY:
3310 case SIOCGMIIREG:
3311 case SIOCSMIIREG:
6b96018b 3312 return dev_ifsioc(net, sock, cmd, argp);
9177efd3 3313
6b96018b
AB		 3314 case SIOCSARP:
3315 case SIOCGARP:
3316 case SIOCDARP:
6b96018b 3317 case SIOCATMARK:
9177efd3
AB		 3318 return sock_do_ioctl(net, sock, cmd, arg);
3319 }
3320
6b96018b
AB		 3321 return -ENOIOCTLCMD;
3322}
7a229387 3323
95c96174 3324static long compat_sock_ioctl(struct file *file, unsigned int cmd,
89bddce5 3325 unsigned long arg)
89bbfc95
SP		 3326{
3327 struct socket *sock = file->private_data;
3328 int ret = -ENOIOCTLCMD;
87de87d5
DM		 3329 struct sock *sk;
3330 struct net *net;
3331
3332 sk = sock->sk;
3333 net = sock_net(sk);
89bbfc95
SP		 3334
3335 if (sock->ops->compat_ioctl)
3336 ret = sock->ops->compat_ioctl(sock, cmd, arg);
3337
87de87d5
DM		 3338 if (ret == -ENOIOCTLCMD &&
3339 (cmd >= SIOCIWFIRST && cmd <= SIOCIWLAST))
3340 ret = compat_wext_handle_ioctl(net, cmd, arg);
3341
6b96018b
AB		 3342 if (ret == -ENOIOCTLCMD)
3343 ret = compat_sock_ioctl_trans(file, sock, cmd, arg);
3344
89bbfc95
SP		 3345 return ret;
3346}
3347#endif
3348
ac5a488e
SS		 3349int kernel_bind(struct socket *sock, struct sockaddr *addr, int addrlen)
3350{
3351 return sock->ops->bind(sock, addr, addrlen);
3352}
c6d409cf 3353EXPORT_SYMBOL(kernel_bind);
ac5a488e
SS		 3354
3355int kernel_listen(struct socket *sock, int backlog)
3356{
3357 return sock->ops->listen(sock, backlog);
3358}
c6d409cf 3359EXPORT_SYMBOL(kernel_listen);
ac5a488e
SS		 3360
3361int kernel_accept(struct socket *sock, struct socket **newsock, int flags)
3362{
3363 struct sock *sk = sock->sk;
3364 int err;
3365
3366 err = sock_create_lite(sk->sk_family, sk->sk_type, sk->sk_protocol,
3367 newsock);
3368 if (err < 0)
3369 goto done;
3370
3371 err = sock->ops->accept(sock, *newsock, flags);
3372 if (err < 0) {
3373 sock_release(*newsock);
fa8705b0 3374 *newsock = NULL;
ac5a488e
SS		 3375 goto done;
3376 }
3377
3378 (*newsock)->ops = sock->ops;
1b08534e 3379 __module_get((*newsock)->ops->owner);
ac5a488e
SS		 3380
3381done:
3382 return err;
3383}
c6d409cf 3384EXPORT_SYMBOL(kernel_accept);
ac5a488e
SS		 3385
3386int kernel_connect(struct socket *sock, struct sockaddr *addr, int addrlen,
4768fbcb 3387 int flags)
ac5a488e
SS		 3388{
3389 return sock->ops->connect(sock, addr, addrlen, flags);
3390}
c6d409cf 3391EXPORT_SYMBOL(kernel_connect);
ac5a488e
SS		 3392
3393int kernel_getsockname(struct socket *sock, struct sockaddr *addr,
3394 int *addrlen)
3395{
3396 return sock->ops->getname(sock, addr, addrlen, 0);
3397}
c6d409cf 3398EXPORT_SYMBOL(kernel_getsockname);
ac5a488e
SS		 3399
3400int kernel_getpeername(struct socket *sock, struct sockaddr *addr,
3401 int *addrlen)
3402{
3403 return sock->ops->getname(sock, addr, addrlen, 1);
3404}
c6d409cf 3405EXPORT_SYMBOL(kernel_getpeername);
ac5a488e
SS		 3406
3407int kernel_getsockopt(struct socket *sock, int level, int optname,
3408 char *optval, int *optlen)
3409{
3410 mm_segment_t oldfs = get_fs();
fb8621bb
NK		 3411 char __user *uoptval;
3412 int __user *uoptlen;
ac5a488e
SS		 3413 int err;
3414
fb8621bb
NK		 3415 uoptval = (char __user __force *) optval;
3416 uoptlen = (int __user __force *) optlen;
3417
ac5a488e
SS		 3418 set_fs(KERNEL_DS);
3419 if (level == SOL_SOCKET)
fb8621bb 3420 err = sock_getsockopt(sock, level, optname, uoptval, uoptlen);
ac5a488e 3421 else
fb8621bb
NK		 3422 err = sock->ops->getsockopt(sock, level, optname, uoptval,
3423 uoptlen);
ac5a488e
SS		 3424 set_fs(oldfs);
3425 return err;
3426}
c6d409cf 3427EXPORT_SYMBOL(kernel_getsockopt);
ac5a488e
SS		 3428
3429int kernel_setsockopt(struct socket *sock, int level, int optname,
b7058842 3430 char *optval, unsigned int optlen)
ac5a488e
SS		 3431{
3432 mm_segment_t oldfs = get_fs();
fb8621bb 3433 char __user *uoptval;
ac5a488e
SS		 3434 int err;
3435
fb8621bb
NK		 3436 uoptval = (char __user __force *) optval;
3437
ac5a488e
SS		 3438 set_fs(KERNEL_DS);
3439 if (level == SOL_SOCKET)
fb8621bb 3440 err = sock_setsockopt(sock, level, optname, uoptval, optlen);
ac5a488e 3441 else
fb8621bb 3442 err = sock->ops->setsockopt(sock, level, optname, uoptval,
ac5a488e
SS		 3443 optlen);
3444 set_fs(oldfs);
3445 return err;
3446}
c6d409cf 3447EXPORT_SYMBOL(kernel_setsockopt);
ac5a488e
SS		 3448
3449int kernel_sendpage(struct socket *sock, struct page *page, int offset,
3450 size_t size, int flags)
3451{
3452 if (sock->ops->sendpage)
3453 return sock->ops->sendpage(sock, page, offset, size, flags);
3454
3455 return sock_no_sendpage(sock, page, offset, size, flags);
3456}
c6d409cf 3457EXPORT_SYMBOL(kernel_sendpage);
ac5a488e
SS		 3458
3459int kernel_sock_ioctl(struct socket *sock, int cmd, unsigned long arg)
3460{
3461 mm_segment_t oldfs = get_fs();
3462 int err;
3463
3464 set_fs(KERNEL_DS);
3465 err = sock->ops->ioctl(sock, cmd, arg);
3466 set_fs(oldfs);
3467
3468 return err;
3469}
c6d409cf 3470EXPORT_SYMBOL(kernel_sock_ioctl);
ac5a488e 3471
91cf45f0
TM		 3472int kernel_sock_shutdown(struct socket *sock, enum sock_shutdown_cmd how)
3473{
3474 return sock->ops->shutdown(sock, how);
3475}
91cf45f0 3476EXPORT_SYMBOL(kernel_sock_shutdown);
Linux 6.x block layer and io_uring tree(s)