CoCalc -- socket.c

GitHub Repository: awilliam/linux-vfio
Path: blob/master/net/socket.c
¹⁵¹⁰⁹ views
1
/*
2
 * NET		An implementation of the SOCKET network access protocol.
3
 *
4
 * Version:	@(#)socket.c	1.1.93	18/02/95
5
 *
6
 * Authors:	Orest Zborowski, <[email protected]>
7
 *		Ross Biro
8
 *		Fred N. van Kempen, <[email protected]>
9
 *
10
 * Fixes:
11
 *		Anonymous	:	NOTSOCK/BADF cleanup. Error fix in
12
 *					shutdown()
13
 *		Alan Cox	:	verify_area() fixes
14
 *		Alan Cox	:	Removed DDI
15
 *		Jonathan Kamens	:	SOCK_DGRAM reconnect bug
16
 *		Alan Cox	:	Moved a load of checks to the very
17
 *					top level.
18
 *		Alan Cox	:	Move address structures to/from user
19
 *					mode above the protocol layers.
20
 *		Rob Janssen	:	Allow 0 length sends.
21
 *		Alan Cox	:	Asynchronous I/O support (cribbed from the
22
 *					tty drivers).
23
 *		Niibe Yutaka	:	Asynchronous I/O for writes (4.4BSD style)
24
 *		Jeff Uphoff	:	Made max number of sockets command-line
25
 *					configurable.
26
 *		Matti Aarnio	:	Made the number of sockets dynamic,
27
 *					to be allocated when needed, and mr.
28
 *					Uphoff's max is used as max to be
29
 *					allowed to allocate.
30
 *		Linus		:	Argh. removed all the socket allocation
31
 *					altogether: it's in the inode now.
32
 *		Alan Cox	:	Made sock_alloc()/sock_release() public
33
 *					for NetROM and future kernel nfsd type
34
 *					stuff.
35
 *		Alan Cox	:	sendmsg/recvmsg basics.
36
 *		Tom Dyas	:	Export net symbols.
37
 *		Marcin Dalecki	:	Fixed problems with CONFIG_NET="n".
38
 *		Alan Cox	:	Added thread locking to sys_* calls
39
 *					for sockets. May have errors at the
40
 *					moment.
41
 *		Kevin Buhr	:	Fixed the dumb errors in the above.
42
 *		Andi Kleen	:	Some small cleanups, optimizations,
43
 *					and fixed a copy_from_user() bug.
44
 *		Tigran Aivazian	:	sys_send(args) calls sys_sendto(args, NULL, 0)
45
 *		Tigran Aivazian	:	Made listen(2) backlog sanity checks
46
 *					protocol-independent
47
 *
48
 *
49
 *		This program is free software; you can redistribute it and/or
50
 *		modify it under the terms of the GNU General Public License
51
 *		as published by the Free Software Foundation; either version
52
 *		2 of the License, or (at your option) any later version.
53
 *
54
 *
55
 *	This module is effectively the top level interface to the BSD socket
56
 *	paradigm.
57
 *
58
 *	Based upon Swansea University Computer Society NET3.039
59
 */
60

61
#include <linux/mm.h>
62
#include <linux/socket.h>
63
#include <linux/file.h>
64
#include <linux/net.h>
65
#include <linux/interrupt.h>
66
#include <linux/thread_info.h>
67
#include <linux/rcupdate.h>
68
#include <linux/netdevice.h>
69
#include <linux/proc_fs.h>
70
#include <linux/seq_file.h>
71
#include <linux/mutex.h>
72
#include <linux/wanrouter.h>
73
#include <linux/if_bridge.h>
74
#include <linux/if_frad.h>
75
#include <linux/if_vlan.h>
76
#include <linux/init.h>
77
#include <linux/poll.h>
78
#include <linux/cache.h>
79
#include <linux/module.h>
80
#include <linux/highmem.h>
81
#include <linux/mount.h>
82
#include <linux/security.h>
83
#include <linux/syscalls.h>
84
#include <linux/compat.h>
85
#include <linux/kmod.h>
86
#include <linux/audit.h>
87
#include <linux/wireless.h>
88
#include <linux/nsproxy.h>
89
#include <linux/magic.h>
90
#include <linux/slab.h>
91

92
#include <asm/uaccess.h>
93
#include <asm/unistd.h>
94

95
#include <net/compat.h>
96
#include <net/wext.h>
97
#include <net/cls_cgroup.h>
98

99
#include <net/sock.h>
100
#include <linux/netfilter.h>
101

102
#include <linux/if_tun.h>
103
#include <linux/ipv6_route.h>
104
#include <linux/route.h>
105
#include <linux/sockios.h>
106
#include <linux/atalk.h>
107

108
static int sock_no_open(struct inode *irrelevant, struct file *dontcare);
109
static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov,
110
			 unsigned long nr_segs, loff_t pos);
111
static ssize_t sock_aio_write(struct kiocb *iocb, const struct iovec *iov,
112
			  unsigned long nr_segs, loff_t pos);
113
static int sock_mmap(struct file *file, struct vm_area_struct *vma);
114

115
static int sock_close(struct inode *inode, struct file *file);
116
static unsigned int sock_poll(struct file *file,
117
			      struct poll_table_struct *wait);
118
static long sock_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
119
#ifdef CONFIG_COMPAT
120
static long compat_sock_ioctl(struct file *file,
121
			      unsigned int cmd, unsigned long arg);
122
#endif
123
static int sock_fasync(int fd, struct file *filp, int on);
124
static ssize_t sock_sendpage(struct file *file, struct page *page,
125
			     int offset, size_t size, loff_t *ppos, int more);
126
static ssize_t sock_splice_read(struct file *file, loff_t *ppos,
127
				struct pipe_inode_info *pipe, size_t len,
128
				unsigned int flags);
129

130
/*
131
 *	Socket files have a set of 'special' operations as well as the generic file ones. These don't appear
132
 *	in the operation structures but are done directly via the socketcall() multiplexor.
133
 */
134

135
static const struct file_operations socket_file_ops = {
136
	.owner =	THIS_MODULE,
137
	.llseek =	no_llseek,
138
	.aio_read =	sock_aio_read,
139
	.aio_write =	sock_aio_write,
140
	.poll =		sock_poll,
141
	.unlocked_ioctl = sock_ioctl,
142
#ifdef CONFIG_COMPAT
143
	.compat_ioctl = compat_sock_ioctl,
144
#endif
145
	.mmap =		sock_mmap,
146
	.open =		sock_no_open,	/* special open code to disallow open via /proc */
147
	.release =	sock_close,
148
	.fasync =	sock_fasync,
149
	.sendpage =	sock_sendpage,
150
	.splice_write = generic_splice_sendpage,
151
	.splice_read =	sock_splice_read,
152
};
153

154
/*
155
 *	The protocol list. Each protocol is registered in here.
156
 */
157

158
static DEFINE_SPINLOCK(net_family_lock);
159
static const struct net_proto_family __rcu *net_families[NPROTO] __read_mostly;
160

161
/*
162
 *	Statistics counters of the socket lists
163
 */
164

165
static DEFINE_PER_CPU(int, sockets_in_use);
166

167
/*
168
 * Support routines.
169
 * Move socket addresses back and forth across the kernel/user
170
 * divide and look after the messy bits.
171
 */
172

173
/**
174
 *	move_addr_to_kernel	-	copy a socket address into kernel space
175
 *	@uaddr: Address in user space
176
 *	@kaddr: Address in kernel space
177
 *	@ulen: Length in user space
178
 *
179
 *	The address is copied into kernel space. If the provided address is
180
 *	too long an error code of -EINVAL is returned. If the copy gives
181
 *	invalid addresses -EFAULT is returned. On a success 0 is returned.
182
 */
183

184
int move_addr_to_kernel(void __user *uaddr, int ulen, struct sockaddr *kaddr)
185
{
186
	if (ulen < 0 || ulen > sizeof(struct sockaddr_storage))
187
		return -EINVAL;
188
	if (ulen == 0)
189
		return 0;
190
	if (copy_from_user(kaddr, uaddr, ulen))
191
		return -EFAULT;
192
	return audit_sockaddr(ulen, kaddr);
193
}
194

195
/**
196
 *	move_addr_to_user	-	copy an address to user space
197
 *	@kaddr: kernel space address
198
 *	@klen: length of address in kernel
199
 *	@uaddr: user space address
200
 *	@ulen: pointer to user length field
201
 *
202
 *	The value pointed to by ulen on entry is the buffer length available.
203
 *	This is overwritten with the buffer space used. -EINVAL is returned
204
 *	if an overlong buffer is specified or a negative buffer size. -EFAULT
205
 *	is returned if either the buffer or the length field are not
206
 *	accessible.
207
 *	After copying the data up to the limit the user specifies, the true
208
 *	length of the data is written over the length limit the user
209
 *	specified. Zero is returned for a success.
210
 */
211

212
static int move_addr_to_user(struct sockaddr *kaddr, int klen,
213
			     void __user *uaddr, int __user *ulen)
214
{
215
	int err;
216
	int len;
217

218
	err = get_user(len, ulen);
219
	if (err)
220
		return err;
221
	if (len > klen)
222
		len = klen;
223
	if (len < 0 || len > sizeof(struct sockaddr_storage))
224
		return -EINVAL;
225
	if (len) {
226
		if (audit_sockaddr(klen, kaddr))
227
			return -ENOMEM;
228
		if (copy_to_user(uaddr, kaddr, len))
229
			return -EFAULT;
230
	}
231
	/*
232
	 *      "fromlen shall refer to the value before truncation.."
233
	 *                      1003.1g
234
	 */
235
	return __put_user(klen, ulen);
236
}
237

238
static struct kmem_cache *sock_inode_cachep __read_mostly;
239

240
static struct inode *sock_alloc_inode(struct super_block *sb)
241
{
242
	struct socket_alloc *ei;
243
	struct socket_wq *wq;
244

245
	ei = kmem_cache_alloc(sock_inode_cachep, GFP_KERNEL);
246
	if (!ei)
247
		return NULL;
248
	wq = kmalloc(sizeof(*wq), GFP_KERNEL);
249
	if (!wq) {
250
		kmem_cache_free(sock_inode_cachep, ei);
251
		return NULL;
252
	}
253
	init_waitqueue_head(&wq->wait);
254
	wq->fasync_list = NULL;
255
	RCU_INIT_POINTER(ei->socket.wq, wq);
256

257
	ei->socket.state = SS_UNCONNECTED;
258
	ei->socket.flags = 0;
259
	ei->socket.ops = NULL;
260
	ei->socket.sk = NULL;
261
	ei->socket.file = NULL;
262

263
	return &ei->vfs_inode;
264
}
265

266
static void sock_destroy_inode(struct inode *inode)
267
{
268
	struct socket_alloc *ei;
269
	struct socket_wq *wq;
270

271
	ei = container_of(inode, struct socket_alloc, vfs_inode);
272
	wq = rcu_dereference_protected(ei->socket.wq, 1);
273
	kfree_rcu(wq, rcu);
274
	kmem_cache_free(sock_inode_cachep, ei);
275
}
276

277
static void init_once(void *foo)
278
{
279
	struct socket_alloc *ei = (struct socket_alloc *)foo;
280

281
	inode_init_once(&ei->vfs_inode);
282
}
283

284
static int init_inodecache(void)
285
{
286
	sock_inode_cachep = kmem_cache_create("sock_inode_cache",
287
					      sizeof(struct socket_alloc),
288
					      0,
289
					      (SLAB_HWCACHE_ALIGN |
290
					       SLAB_RECLAIM_ACCOUNT |
291
					       SLAB_MEM_SPREAD),
292
					      init_once);
293
	if (sock_inode_cachep == NULL)
294
		return -ENOMEM;
295
	return 0;
296
}
297

298
static const struct super_operations sockfs_ops = {
299
	.alloc_inode	= sock_alloc_inode,
300
	.destroy_inode	= sock_destroy_inode,
301
	.statfs		= simple_statfs,
302
};
303

304
/*
305
 * sockfs_dname() is called from d_path().
306
 */
307
static char *sockfs_dname(struct dentry *dentry, char *buffer, int buflen)
308
{
309
	return dynamic_dname(dentry, buffer, buflen, "socket:[%lu]",
310
				dentry->d_inode->i_ino);
311
}
312

313
static const struct dentry_operations sockfs_dentry_operations = {
314
	.d_dname  = sockfs_dname,
315
};
316

317
static struct dentry *sockfs_mount(struct file_system_type *fs_type,
318
			 int flags, const char *dev_name, void *data)
319
{
320
	return mount_pseudo(fs_type, "socket:", &sockfs_ops,
321
		&sockfs_dentry_operations, SOCKFS_MAGIC);
322
}
323

324
static struct vfsmount *sock_mnt __read_mostly;
325

326
static struct file_system_type sock_fs_type = {
327
	.name =		"sockfs",
328
	.mount =	sockfs_mount,
329
	.kill_sb =	kill_anon_super,
330
};
331

332
/*
333
 *	Obtains the first available file descriptor and sets it up for use.
334
 *
335
 *	These functions create file structures and maps them to fd space
336
 *	of the current process. On success it returns file descriptor
337
 *	and file struct implicitly stored in sock->file.
338
 *	Note that another thread may close file descriptor before we return
339
 *	from this function. We use the fact that now we do not refer
340
 *	to socket after mapping. If one day we will need it, this
341
 *	function will increment ref. count on file by 1.
342
 *
343
 *	In any case returned fd MAY BE not valid!
344
 *	This race condition is unavoidable
345
 *	with shared fd spaces, we cannot solve it inside kernel,
346
 *	but we take care of internal coherence yet.
347
 */
348

349
static int sock_alloc_file(struct socket *sock, struct file **f, int flags)
350
{
351
	struct qstr name = { .name = "" };
352
	struct path path;
353
	struct file *file;
354
	int fd;
355

356
	fd = get_unused_fd_flags(flags);
357
	if (unlikely(fd < 0))
358
		return fd;
359

360
	path.dentry = d_alloc_pseudo(sock_mnt->mnt_sb, &name);
361
	if (unlikely(!path.dentry)) {
362
		put_unused_fd(fd);
363
		return -ENOMEM;
364
	}
365
	path.mnt = mntget(sock_mnt);
366

367
	d_instantiate(path.dentry, SOCK_INODE(sock));
368
	SOCK_INODE(sock)->i_fop = &socket_file_ops;
369

370
	file = alloc_file(&path, FMODE_READ | FMODE_WRITE,
371
		  &socket_file_ops);
372
	if (unlikely(!file)) {
373
		/* drop dentry, keep inode */
374
		ihold(path.dentry->d_inode);
375
		path_put(&path);
376
		put_unused_fd(fd);
377
		return -ENFILE;
378
	}
379

380
	sock->file = file;
381
	file->f_flags = O_RDWR | (flags & O_NONBLOCK);
382
	file->f_pos = 0;
383
	file->private_data = sock;
384

385
	*f = file;
386
	return fd;
387
}
388

389
int sock_map_fd(struct socket *sock, int flags)
390
{
391
	struct file *newfile;
392
	int fd = sock_alloc_file(sock, &newfile, flags);
393

394
	if (likely(fd >= 0))
395
		fd_install(fd, newfile);
396

397
	return fd;
398
}
399
EXPORT_SYMBOL(sock_map_fd);
400

401
static struct socket *sock_from_file(struct file *file, int *err)
402
{
403
	if (file->f_op == &socket_file_ops)
404
		return file->private_data;	/* set in sock_map_fd */
405

406
	*err = -ENOTSOCK;
407
	return NULL;
408
}
409

410
/**
411
 *	sockfd_lookup - Go from a file number to its socket slot
412
 *	@fd: file handle
413
 *	@err: pointer to an error code return
414
 *
415
 *	The file handle passed in is locked and the socket it is bound
416
 *	too is returned. If an error occurs the err pointer is overwritten
417
 *	with a negative errno code and NULL is returned. The function checks
418
 *	for both invalid handles and passing a handle which is not a socket.
419
 *
420
 *	On a success the socket object pointer is returned.
421
 */
422

423
struct socket *sockfd_lookup(int fd, int *err)
424
{
425
	struct file *file;
426
	struct socket *sock;
427

428
	file = fget(fd);
429
	if (!file) {
430
		*err = -EBADF;
431
		return NULL;
432
	}
433

434
	sock = sock_from_file(file, err);
435
	if (!sock)
436
		fput(file);
437
	return sock;
438
}
439
EXPORT_SYMBOL(sockfd_lookup);
440

441
static struct socket *sockfd_lookup_light(int fd, int *err, int *fput_needed)
442
{
443
	struct file *file;
444
	struct socket *sock;
445

446
	*err = -EBADF;
447
	file = fget_light(fd, fput_needed);
448
	if (file) {
449
		sock = sock_from_file(file, err);
450
		if (sock)
451
			return sock;
452
		fput_light(file, *fput_needed);
453
	}
454
	return NULL;
455
}
456

457
/**
458
 *	sock_alloc	-	allocate a socket
459
 *
460
 *	Allocate a new inode and socket object. The two are bound together
461
 *	and initialised. The socket is then returned. If we are out of inodes
462
 *	NULL is returned.
463
 */
464

465
static struct socket *sock_alloc(void)
466
{
467
	struct inode *inode;
468
	struct socket *sock;
469

470
	inode = new_inode(sock_mnt->mnt_sb);
471
	if (!inode)
472
		return NULL;
473

474
	sock = SOCKET_I(inode);
475

476
	kmemcheck_annotate_bitfield(sock, type);
477
	inode->i_ino = get_next_ino();
478
	inode->i_mode = S_IFSOCK | S_IRWXUGO;
479
	inode->i_uid = current_fsuid();
480
	inode->i_gid = current_fsgid();
481

482
	percpu_add(sockets_in_use, 1);
483
	return sock;
484
}
485

486
/*
487
 *	In theory you can't get an open on this inode, but /proc provides
488
 *	a back door. Remember to keep it shut otherwise you'll let the
489
 *	creepy crawlies in.
490
 */
491

492
static int sock_no_open(struct inode *irrelevant, struct file *dontcare)
493
{
494
	return -ENXIO;
495
}
496

497
const struct file_operations bad_sock_fops = {
498
	.owner = THIS_MODULE,
499
	.open = sock_no_open,
500
	.llseek = noop_llseek,
501
};
502

503
/**
504
 *	sock_release	-	close a socket
505
 *	@sock: socket to close
506
 *
507
 *	The socket is released from the protocol stack if it has a release
508
 *	callback, and the inode is then released if the socket is bound to
509
 *	an inode not a file.
510
 */
511

512
void sock_release(struct socket *sock)
513
{
514
	if (sock->ops) {
515
		struct module *owner = sock->ops->owner;
516

517
		sock->ops->release(sock);
518
		sock->ops = NULL;
519
		module_put(owner);
520
	}
521

522
	if (rcu_dereference_protected(sock->wq, 1)->fasync_list)
523
		printk(KERN_ERR "sock_release: fasync list not empty!\n");
524

525
	percpu_sub(sockets_in_use, 1);
526
	if (!sock->file) {
527
		iput(SOCK_INODE(sock));
528
		return;
529
	}
530
	sock->file = NULL;
531
}
532
EXPORT_SYMBOL(sock_release);
533

534
int sock_tx_timestamp(struct sock *sk, __u8 *tx_flags)
535
{
536
	*tx_flags = 0;
537
	if (sock_flag(sk, SOCK_TIMESTAMPING_TX_HARDWARE))
538
		*tx_flags |= SKBTX_HW_TSTAMP;
539
	if (sock_flag(sk, SOCK_TIMESTAMPING_TX_SOFTWARE))
540
		*tx_flags |= SKBTX_SW_TSTAMP;
541
	return 0;
542
}
543
EXPORT_SYMBOL(sock_tx_timestamp);
544

545
static inline int __sock_sendmsg_nosec(struct kiocb *iocb, struct socket *sock,
546
				       struct msghdr *msg, size_t size)
547
{
548
	struct sock_iocb *si = kiocb_to_siocb(iocb);
549

550
	sock_update_classid(sock->sk);
551

552
	si->sock = sock;
553
	si->scm = NULL;
554
	si->msg = msg;
555
	si->size = size;
556

557
	return sock->ops->sendmsg(iocb, sock, msg, size);
558
}
559

560
static inline int __sock_sendmsg(struct kiocb *iocb, struct socket *sock,
561
				 struct msghdr *msg, size_t size)
562
{
563
	int err = security_socket_sendmsg(sock, msg, size);
564

565
	return err ?: __sock_sendmsg_nosec(iocb, sock, msg, size);
566
}
567

568
int sock_sendmsg(struct socket *sock, struct msghdr *msg, size_t size)
569
{
570
	struct kiocb iocb;
571
	struct sock_iocb siocb;
572
	int ret;
573

574
	init_sync_kiocb(&iocb, NULL);
575
	iocb.private = &siocb;
576
	ret = __sock_sendmsg(&iocb, sock, msg, size);
577
	if (-EIOCBQUEUED == ret)
578
		ret = wait_on_sync_kiocb(&iocb);
579
	return ret;
580
}
581
EXPORT_SYMBOL(sock_sendmsg);
582

583
int sock_sendmsg_nosec(struct socket *sock, struct msghdr *msg, size_t size)
584
{
585
	struct kiocb iocb;
586
	struct sock_iocb siocb;
587
	int ret;
588

589
	init_sync_kiocb(&iocb, NULL);
590
	iocb.private = &siocb;
591
	ret = __sock_sendmsg_nosec(&iocb, sock, msg, size);
592
	if (-EIOCBQUEUED == ret)
593
		ret = wait_on_sync_kiocb(&iocb);
594
	return ret;
595
}
596

597
int kernel_sendmsg(struct socket *sock, struct msghdr *msg,
598
		   struct kvec *vec, size_t num, size_t size)
599
{
600
	mm_segment_t oldfs = get_fs();
601
	int result;
602

603
	set_fs(KERNEL_DS);
604
	/*
605
	 * the following is safe, since for compiler definitions of kvec and
606
	 * iovec are identical, yielding the same in-core layout and alignment
607
	 */
608
	msg->msg_iov = (struct iovec *)vec;
609
	msg->msg_iovlen = num;
610
	result = sock_sendmsg(sock, msg, size);
611
	set_fs(oldfs);
612
	return result;
613
}
614
EXPORT_SYMBOL(kernel_sendmsg);
615

616
static int ktime2ts(ktime_t kt, struct timespec *ts)
617
{
618
	if (kt.tv64) {
619
		*ts = ktime_to_timespec(kt);
620
		return 1;
621
	} else {
622
		return 0;
623
	}
624
}
625

626
/*
627
 * called from sock_recv_timestamp() if sock_flag(sk, SOCK_RCVTSTAMP)
628
 */
629
void __sock_recv_timestamp(struct msghdr *msg, struct sock *sk,
630
	struct sk_buff *skb)
631
{
632
	int need_software_tstamp = sock_flag(sk, SOCK_RCVTSTAMP);
633
	struct timespec ts[3];
634
	int empty = 1;
635
	struct skb_shared_hwtstamps *shhwtstamps =
636
		skb_hwtstamps(skb);
637

638
	/* Race occurred between timestamp enabling and packet
639
	   receiving.  Fill in the current time for now. */
640
	if (need_software_tstamp && skb->tstamp.tv64 == 0)
641
		__net_timestamp(skb);
642

643
	if (need_software_tstamp) {
644
		if (!sock_flag(sk, SOCK_RCVTSTAMPNS)) {
645
			struct timeval tv;
646
			skb_get_timestamp(skb, &tv);
647
			put_cmsg(msg, SOL_SOCKET, SCM_TIMESTAMP,
648
				 sizeof(tv), &tv);
649
		} else {
650
			skb_get_timestampns(skb, &ts[0]);
651
			put_cmsg(msg, SOL_SOCKET, SCM_TIMESTAMPNS,
652
				 sizeof(ts[0]), &ts[0]);
653
		}
654
	}
655

656

657
	memset(ts, 0, sizeof(ts));
658
	if (skb->tstamp.tv64 &&
659
	    sock_flag(sk, SOCK_TIMESTAMPING_SOFTWARE)) {
660
		skb_get_timestampns(skb, ts + 0);
661
		empty = 0;
662
	}
663
	if (shhwtstamps) {
664
		if (sock_flag(sk, SOCK_TIMESTAMPING_SYS_HARDWARE) &&
665
		    ktime2ts(shhwtstamps->syststamp, ts + 1))
666
			empty = 0;
667
		if (sock_flag(sk, SOCK_TIMESTAMPING_RAW_HARDWARE) &&
668
		    ktime2ts(shhwtstamps->hwtstamp, ts + 2))
669
			empty = 0;
670
	}
671
	if (!empty)
672
		put_cmsg(msg, SOL_SOCKET,
673
			 SCM_TIMESTAMPING, sizeof(ts), &ts);
674
}
675
EXPORT_SYMBOL_GPL(__sock_recv_timestamp);
676

677
static inline void sock_recv_drops(struct msghdr *msg, struct sock *sk,
678
				   struct sk_buff *skb)
679
{
680
	if (sock_flag(sk, SOCK_RXQ_OVFL) && skb && skb->dropcount)
681
		put_cmsg(msg, SOL_SOCKET, SO_RXQ_OVFL,
682
			sizeof(__u32), &skb->dropcount);
683
}
684

685
void __sock_recv_ts_and_drops(struct msghdr *msg, struct sock *sk,
686
	struct sk_buff *skb)
687
{
688
	sock_recv_timestamp(msg, sk, skb);
689
	sock_recv_drops(msg, sk, skb);
690
}
691
EXPORT_SYMBOL_GPL(__sock_recv_ts_and_drops);
692

693
static inline int __sock_recvmsg_nosec(struct kiocb *iocb, struct socket *sock,
694
				       struct msghdr *msg, size_t size, int flags)
695
{
696
	struct sock_iocb *si = kiocb_to_siocb(iocb);
697

698
	sock_update_classid(sock->sk);
699

700
	si->sock = sock;
701
	si->scm = NULL;
702
	si->msg = msg;
703
	si->size = size;
704
	si->flags = flags;
705

706
	return sock->ops->recvmsg(iocb, sock, msg, size, flags);
707
}
708

709
static inline int __sock_recvmsg(struct kiocb *iocb, struct socket *sock,
710
				 struct msghdr *msg, size_t size, int flags)
711
{
712
	int err = security_socket_recvmsg(sock, msg, size, flags);
713

714
	return err ?: __sock_recvmsg_nosec(iocb, sock, msg, size, flags);
715
}
716

717
int sock_recvmsg(struct socket *sock, struct msghdr *msg,
718
		 size_t size, int flags)
719
{
720
	struct kiocb iocb;
721
	struct sock_iocb siocb;
722
	int ret;
723

724
	init_sync_kiocb(&iocb, NULL);
725
	iocb.private = &siocb;
726
	ret = __sock_recvmsg(&iocb, sock, msg, size, flags);
727
	if (-EIOCBQUEUED == ret)
728
		ret = wait_on_sync_kiocb(&iocb);
729
	return ret;
730
}
731
EXPORT_SYMBOL(sock_recvmsg);
732

733
static int sock_recvmsg_nosec(struct socket *sock, struct msghdr *msg,
734
			      size_t size, int flags)
735
{
736
	struct kiocb iocb;
737
	struct sock_iocb siocb;
738
	int ret;
739

740
	init_sync_kiocb(&iocb, NULL);
741
	iocb.private = &siocb;
742
	ret = __sock_recvmsg_nosec(&iocb, sock, msg, size, flags);
743
	if (-EIOCBQUEUED == ret)
744
		ret = wait_on_sync_kiocb(&iocb);
745
	return ret;
746
}
747

748
/**
749
 * kernel_recvmsg - Receive a message from a socket (kernel space)
750
 * @sock:       The socket to receive the message from
751
 * @msg:        Received message
752
 * @vec:        Input s/g array for message data
753
 * @num:        Size of input s/g array
754
 * @size:       Number of bytes to read
755
 * @flags:      Message flags (MSG_DONTWAIT, etc...)
756
 *
757
 * On return the msg structure contains the scatter/gather array passed in the
758
 * vec argument. The array is modified so that it consists of the unfilled
759
 * portion of the original array.
760
 *
761
 * The returned value is the total number of bytes received, or an error.
762
 */
763
int kernel_recvmsg(struct socket *sock, struct msghdr *msg,
764
		   struct kvec *vec, size_t num, size_t size, int flags)
765
{
766
	mm_segment_t oldfs = get_fs();
767
	int result;
768

769
	set_fs(KERNEL_DS);
770
	/*
771
	 * the following is safe, since for compiler definitions of kvec and
772
	 * iovec are identical, yielding the same in-core layout and alignment
773
	 */
774
	msg->msg_iov = (struct iovec *)vec, msg->msg_iovlen = num;
775
	result = sock_recvmsg(sock, msg, size, flags);
776
	set_fs(oldfs);
777
	return result;
778
}
779
EXPORT_SYMBOL(kernel_recvmsg);
780

781
static void sock_aio_dtor(struct kiocb *iocb)
782
{
783
	kfree(iocb->private);
784
}
785

786
static ssize_t sock_sendpage(struct file *file, struct page *page,
787
			     int offset, size_t size, loff_t *ppos, int more)
788
{
789
	struct socket *sock;
790
	int flags;
791

792
	sock = file->private_data;
793

794
	flags = !(file->f_flags & O_NONBLOCK) ? 0 : MSG_DONTWAIT;
795
	if (more)
796
		flags |= MSG_MORE;
797

798
	return kernel_sendpage(sock, page, offset, size, flags);
799
}
800

801
static ssize_t sock_splice_read(struct file *file, loff_t *ppos,
802
				struct pipe_inode_info *pipe, size_t len,
803
				unsigned int flags)
804
{
805
	struct socket *sock = file->private_data;
806

807
	if (unlikely(!sock->ops->splice_read))
808
		return -EINVAL;
809

810
	sock_update_classid(sock->sk);
811

812
	return sock->ops->splice_read(sock, ppos, pipe, len, flags);
813
}
814

815
static struct sock_iocb *alloc_sock_iocb(struct kiocb *iocb,
816
					 struct sock_iocb *siocb)
817
{
818
	if (!is_sync_kiocb(iocb)) {
819
		siocb = kmalloc(sizeof(*siocb), GFP_KERNEL);
820
		if (!siocb)
821
			return NULL;
822
		iocb->ki_dtor = sock_aio_dtor;
823
	}
824

825
	siocb->kiocb = iocb;
826
	iocb->private = siocb;
827
	return siocb;
828
}
829

830
static ssize_t do_sock_read(struct msghdr *msg, struct kiocb *iocb,
831
		struct file *file, const struct iovec *iov,
832
		unsigned long nr_segs)
833
{
834
	struct socket *sock = file->private_data;
835
	size_t size = 0;
836
	int i;
837

838
	for (i = 0; i < nr_segs; i++)
839
		size += iov[i].iov_len;
840

841
	msg->msg_name = NULL;
842
	msg->msg_namelen = 0;
843
	msg->msg_control = NULL;
844
	msg->msg_controllen = 0;
845
	msg->msg_iov = (struct iovec *)iov;
846
	msg->msg_iovlen = nr_segs;
847
	msg->msg_flags = (file->f_flags & O_NONBLOCK) ? MSG_DONTWAIT : 0;
848

849
	return __sock_recvmsg(iocb, sock, msg, size, msg->msg_flags);
850
}
851

852
static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov,
853
				unsigned long nr_segs, loff_t pos)
854
{
855
	struct sock_iocb siocb, *x;
856

857
	if (pos != 0)
858
		return -ESPIPE;
859

860
	if (iocb->ki_left == 0)	/* Match SYS5 behaviour */
861
		return 0;
862

863

864
	x = alloc_sock_iocb(iocb, &siocb);
865
	if (!x)
866
		return -ENOMEM;
867
	return do_sock_read(&x->async_msg, iocb, iocb->ki_filp, iov, nr_segs);
868
}
869

870
static ssize_t do_sock_write(struct msghdr *msg, struct kiocb *iocb,
871
			struct file *file, const struct iovec *iov,
872
			unsigned long nr_segs)
873
{
874
	struct socket *sock = file->private_data;
875
	size_t size = 0;
876
	int i;
877

878
	for (i = 0; i < nr_segs; i++)
879
		size += iov[i].iov_len;
880

881
	msg->msg_name = NULL;
882
	msg->msg_namelen = 0;
883
	msg->msg_control = NULL;
884
	msg->msg_controllen = 0;
885
	msg->msg_iov = (struct iovec *)iov;
886
	msg->msg_iovlen = nr_segs;
887
	msg->msg_flags = (file->f_flags & O_NONBLOCK) ? MSG_DONTWAIT : 0;
888
	if (sock->type == SOCK_SEQPACKET)
889
		msg->msg_flags |= MSG_EOR;
890

891
	return __sock_sendmsg(iocb, sock, msg, size);
892
}
893

894
static ssize_t sock_aio_write(struct kiocb *iocb, const struct iovec *iov,
895
			  unsigned long nr_segs, loff_t pos)
896
{
897
	struct sock_iocb siocb, *x;
898

899
	if (pos != 0)
900
		return -ESPIPE;
901

902
	x = alloc_sock_iocb(iocb, &siocb);
903
	if (!x)
904
		return -ENOMEM;
905

906
	return do_sock_write(&x->async_msg, iocb, iocb->ki_filp, iov, nr_segs);
907
}
908

909
/*
910
 * Atomic setting of ioctl hooks to avoid race
911
 * with module unload.
912
 */
913

914
static DEFINE_MUTEX(br_ioctl_mutex);
915
static int (*br_ioctl_hook) (struct net *, unsigned int cmd, void __user *arg);
916

917
void brioctl_set(int (*hook) (struct net *, unsigned int, void __user *))
918
{
919
	mutex_lock(&br_ioctl_mutex);
920
	br_ioctl_hook = hook;
921
	mutex_unlock(&br_ioctl_mutex);
922
}
923
EXPORT_SYMBOL(brioctl_set);
924

925
static DEFINE_MUTEX(vlan_ioctl_mutex);
926
static int (*vlan_ioctl_hook) (struct net *, void __user *arg);
927

928
void vlan_ioctl_set(int (*hook) (struct net *, void __user *))
929
{
930
	mutex_lock(&vlan_ioctl_mutex);
931
	vlan_ioctl_hook = hook;
932
	mutex_unlock(&vlan_ioctl_mutex);
933
}
934
EXPORT_SYMBOL(vlan_ioctl_set);
935

936
static DEFINE_MUTEX(dlci_ioctl_mutex);
937
static int (*dlci_ioctl_hook) (unsigned int, void __user *);
938

939
void dlci_ioctl_set(int (*hook) (unsigned int, void __user *))
940
{
941
	mutex_lock(&dlci_ioctl_mutex);
942
	dlci_ioctl_hook = hook;
943
	mutex_unlock(&dlci_ioctl_mutex);
944
}
945
EXPORT_SYMBOL(dlci_ioctl_set);
946

947
static long sock_do_ioctl(struct net *net, struct socket *sock,
948
				 unsigned int cmd, unsigned long arg)
949
{
950
	int err;
951
	void __user *argp = (void __user *)arg;
952

953
	err = sock->ops->ioctl(sock, cmd, arg);
954

955
	/*
956
	 * If this ioctl is unknown try to hand it down
957
	 * to the NIC driver.
958
	 */
959
	if (err == -ENOIOCTLCMD)
960
		err = dev_ioctl(net, cmd, argp);
961

962
	return err;
963
}
964

965
/*
966
 *	With an ioctl, arg may well be a user mode pointer, but we don't know
967
 *	what to do with it - that's up to the protocol still.
968
 */
969

970
static long sock_ioctl(struct file *file, unsigned cmd, unsigned long arg)
971
{
972
	struct socket *sock;
973
	struct sock *sk;
974
	void __user *argp = (void __user *)arg;
975
	int pid, err;
976
	struct net *net;
977

978
	sock = file->private_data;
979
	sk = sock->sk;
980
	net = sock_net(sk);
981
	if (cmd >= SIOCDEVPRIVATE && cmd <= (SIOCDEVPRIVATE + 15)) {
982
		err = dev_ioctl(net, cmd, argp);
983
	} else
984
#ifdef CONFIG_WEXT_CORE
985
	if (cmd >= SIOCIWFIRST && cmd <= SIOCIWLAST) {
986
		err = dev_ioctl(net, cmd, argp);
987
	} else
988
#endif
989
		switch (cmd) {
990
		case FIOSETOWN:
991
		case SIOCSPGRP:
992
			err = -EFAULT;
993
			if (get_user(pid, (int __user *)argp))
994
				break;
995
			err = f_setown(sock->file, pid, 1);
996
			break;
997
		case FIOGETOWN:
998
		case SIOCGPGRP:
999
			err = put_user(f_getown(sock->file),
1000
				       (int __user *)argp);
1001
			break;
1002
		case SIOCGIFBR:
1003
		case SIOCSIFBR:
1004
		case SIOCBRADDBR:
1005
		case SIOCBRDELBR:
1006
			err = -ENOPKG;
1007
			if (!br_ioctl_hook)
1008
				request_module("bridge");
1009

1010
			mutex_lock(&br_ioctl_mutex);
1011
			if (br_ioctl_hook)
1012
				err = br_ioctl_hook(net, cmd, argp);
1013
			mutex_unlock(&br_ioctl_mutex);
1014
			break;
1015
		case SIOCGIFVLAN:
1016
		case SIOCSIFVLAN:
1017
			err = -ENOPKG;
1018
			if (!vlan_ioctl_hook)
1019
				request_module("8021q");
1020

1021
			mutex_lock(&vlan_ioctl_mutex);
1022
			if (vlan_ioctl_hook)
1023
				err = vlan_ioctl_hook(net, argp);
1024
			mutex_unlock(&vlan_ioctl_mutex);
1025
			break;
1026
		case SIOCADDDLCI:
1027
		case SIOCDELDLCI:
1028
			err = -ENOPKG;
1029
			if (!dlci_ioctl_hook)
1030
				request_module("dlci");
1031

1032
			mutex_lock(&dlci_ioctl_mutex);
1033
			if (dlci_ioctl_hook)
1034
				err = dlci_ioctl_hook(cmd, argp);
1035
			mutex_unlock(&dlci_ioctl_mutex);
1036
			break;
1037
		default:
1038
			err = sock_do_ioctl(net, sock, cmd, arg);
1039
			break;
1040
		}
1041
	return err;
1042
}
1043

1044
int sock_create_lite(int family, int type, int protocol, struct socket **res)
1045
{
1046
	int err;
1047
	struct socket *sock = NULL;
1048

1049
	err = security_socket_create(family, type, protocol, 1);
1050
	if (err)
1051
		goto out;
1052

1053
	sock = sock_alloc();
1054
	if (!sock) {
1055
		err = -ENOMEM;
1056
		goto out;
1057
	}
1058

1059
	sock->type = type;
1060
	err = security_socket_post_create(sock, family, type, protocol, 1);
1061
	if (err)
1062
		goto out_release;
1063

1064
out:
1065
	*res = sock;
1066
	return err;
1067
out_release:
1068
	sock_release(sock);
1069
	sock = NULL;
1070
	goto out;
1071
}
1072
EXPORT_SYMBOL(sock_create_lite);
1073

1074
/* No kernel lock held - perfect */
1075
static unsigned int sock_poll(struct file *file, poll_table *wait)
1076
{
1077
	struct socket *sock;
1078

1079
	/*
1080
	 *      We can't return errors to poll, so it's either yes or no.
1081
	 */
1082
	sock = file->private_data;
1083
	return sock->ops->poll(file, sock, wait);
1084
}
1085

1086
static int sock_mmap(struct file *file, struct vm_area_struct *vma)
1087
{
1088
	struct socket *sock = file->private_data;
1089

1090
	return sock->ops->mmap(file, sock, vma);
1091
}
1092

1093
static int sock_close(struct inode *inode, struct file *filp)
1094
{
1095
	/*
1096
	 *      It was possible the inode is NULL we were
1097
	 *      closing an unfinished socket.
1098
	 */
1099

1100
	if (!inode) {
1101
		printk(KERN_DEBUG "sock_close: NULL inode\n");
1102
		return 0;
1103
	}
1104
	sock_release(SOCKET_I(inode));
1105
	return 0;
1106
}
1107

1108
/*
1109
 *	Update the socket async list
1110
 *
1111
 *	Fasync_list locking strategy.
1112
 *
1113
 *	1. fasync_list is modified only under process context socket lock
1114
 *	   i.e. under semaphore.
1115
 *	2. fasync_list is used under read_lock(&sk->sk_callback_lock)
1116
 *	   or under socket lock
1117
 */
1118

1119
static int sock_fasync(int fd, struct file *filp, int on)
1120
{
1121
	struct socket *sock = filp->private_data;
1122
	struct sock *sk = sock->sk;
1123
	struct socket_wq *wq;
1124

1125
	if (sk == NULL)
1126
		return -EINVAL;
1127

1128
	lock_sock(sk);
1129
	wq = rcu_dereference_protected(sock->wq, sock_owned_by_user(sk));
1130
	fasync_helper(fd, filp, on, &wq->fasync_list);
1131

1132
	if (!wq->fasync_list)
1133
		sock_reset_flag(sk, SOCK_FASYNC);
1134
	else
1135
		sock_set_flag(sk, SOCK_FASYNC);
1136

1137
	release_sock(sk);
1138
	return 0;
1139
}
1140

1141
/* This function may be called only under socket lock or callback_lock or rcu_lock */
1142

1143
int sock_wake_async(struct socket *sock, int how, int band)
1144
{
1145
	struct socket_wq *wq;
1146

1147
	if (!sock)
1148
		return -1;
1149
	rcu_read_lock();
1150
	wq = rcu_dereference(sock->wq);
1151
	if (!wq || !wq->fasync_list) {
1152
		rcu_read_unlock();
1153
		return -1;
1154
	}
1155
	switch (how) {
1156
	case SOCK_WAKE_WAITD:
1157
		if (test_bit(SOCK_ASYNC_WAITDATA, &sock->flags))
1158
			break;
1159
		goto call_kill;
1160
	case SOCK_WAKE_SPACE:
1161
		if (!test_and_clear_bit(SOCK_ASYNC_NOSPACE, &sock->flags))
1162
			break;
1163
		/* fall through */
1164
	case SOCK_WAKE_IO:
1165
call_kill:
1166
		kill_fasync(&wq->fasync_list, SIGIO, band);
1167
		break;
1168
	case SOCK_WAKE_URG:
1169
		kill_fasync(&wq->fasync_list, SIGURG, band);
1170
	}
1171
	rcu_read_unlock();
1172
	return 0;
1173
}
1174
EXPORT_SYMBOL(sock_wake_async);
1175

1176
int __sock_create(struct net *net, int family, int type, int protocol,
1177
			 struct socket **res, int kern)
1178
{
1179
	int err;
1180
	struct socket *sock;
1181
	const struct net_proto_family *pf;
1182

1183
	/*
1184
	 *      Check protocol is in range
1185
	 */
1186
	if (family < 0 || family >= NPROTO)
1187
		return -EAFNOSUPPORT;
1188
	if (type < 0 || type >= SOCK_MAX)
1189
		return -EINVAL;
1190

1191
	/* Compatibility.
1192

1193
	   This uglymoron is moved from INET layer to here to avoid
1194
	   deadlock in module load.
1195
	 */
1196
	if (family == PF_INET && type == SOCK_PACKET) {
1197
		static int warned;
1198
		if (!warned) {
1199
			warned = 1;
1200
			printk(KERN_INFO "%s uses obsolete (PF_INET,SOCK_PACKET)\n",
1201
			       current->comm);
1202
		}
1203
		family = PF_PACKET;
1204
	}
1205

1206
	err = security_socket_create(family, type, protocol, kern);
1207
	if (err)
1208
		return err;
1209

1210
	/*
1211
	 *	Allocate the socket and allow the family to set things up. if
1212
	 *	the protocol is 0, the family is instructed to select an appropriate
1213
	 *	default.
1214
	 */
1215
	sock = sock_alloc();
1216
	if (!sock) {
1217
		if (net_ratelimit())
1218
			printk(KERN_WARNING "socket: no more sockets\n");
1219
		return -ENFILE;	/* Not exactly a match, but its the
1220
				   closest posix thing */
1221
	}
1222

1223
	sock->type = type;
1224

1225
#ifdef CONFIG_MODULES
1226
	/* Attempt to load a protocol module if the find failed.
1227
	 *
1228
	 * 12/09/1996 Marcin: But! this makes REALLY only sense, if the user
1229
	 * requested real, full-featured networking support upon configuration.
1230
	 * Otherwise module support will break!
1231
	 */
1232
	if (rcu_access_pointer(net_families[family]) == NULL)
1233
		request_module("net-pf-%d", family);
1234
#endif
1235

1236
	rcu_read_lock();
1237
	pf = rcu_dereference(net_families[family]);
1238
	err = -EAFNOSUPPORT;
1239
	if (!pf)
1240
		goto out_release;
1241

1242
	/*
1243
	 * We will call the ->create function, that possibly is in a loadable
1244
	 * module, so we have to bump that loadable module refcnt first.
1245
	 */
1246
	if (!try_module_get(pf->owner))
1247
		goto out_release;
1248

1249
	/* Now protected by module ref count */
1250
	rcu_read_unlock();
1251

1252
	err = pf->create(net, sock, protocol, kern);
1253
	if (err < 0)
1254
		goto out_module_put;
1255

1256
	/*
1257
	 * Now to bump the refcnt of the [loadable] module that owns this
1258
	 * socket at sock_release time we decrement its refcnt.
1259
	 */
1260
	if (!try_module_get(sock->ops->owner))
1261
		goto out_module_busy;
1262

1263
	/*
1264
	 * Now that we're done with the ->create function, the [loadable]
1265
	 * module can have its refcnt decremented
1266
	 */
1267
	module_put(pf->owner);
1268
	err = security_socket_post_create(sock, family, type, protocol, kern);
1269
	if (err)
1270
		goto out_sock_release;
1271
	*res = sock;
1272

1273
	return 0;
1274

1275
out_module_busy:
1276
	err = -EAFNOSUPPORT;
1277
out_module_put:
1278
	sock->ops = NULL;
1279
	module_put(pf->owner);
1280
out_sock_release:
1281
	sock_release(sock);
1282
	return err;
1283

1284
out_release:
1285
	rcu_read_unlock();
1286
	goto out_sock_release;
1287
}
1288
EXPORT_SYMBOL(__sock_create);
1289

1290
int sock_create(int family, int type, int protocol, struct socket **res)
1291
{
1292
	return __sock_create(current->nsproxy->net_ns, family, type, protocol, res, 0);
1293
}
1294
EXPORT_SYMBOL(sock_create);
1295

1296
int sock_create_kern(int family, int type, int protocol, struct socket **res)
1297
{
1298
	return __sock_create(&init_net, family, type, protocol, res, 1);
1299
}
1300
EXPORT_SYMBOL(sock_create_kern);
1301

1302
SYSCALL_DEFINE3(socket, int, family, int, type, int, protocol)
1303
{
1304
	int retval;
1305
	struct socket *sock;
1306
	int flags;
1307

1308
	/* Check the SOCK_* constants for consistency.  */
1309
	BUILD_BUG_ON(SOCK_CLOEXEC != O_CLOEXEC);
1310
	BUILD_BUG_ON((SOCK_MAX | SOCK_TYPE_MASK) != SOCK_TYPE_MASK);
1311
	BUILD_BUG_ON(SOCK_CLOEXEC & SOCK_TYPE_MASK);
1312
	BUILD_BUG_ON(SOCK_NONBLOCK & SOCK_TYPE_MASK);
1313

1314
	flags = type & ~SOCK_TYPE_MASK;
1315
	if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
1316
		return -EINVAL;
1317
	type &= SOCK_TYPE_MASK;
1318

1319
	if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
1320
		flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
1321

1322
	retval = sock_create(family, type, protocol, &sock);
1323
	if (retval < 0)
1324
		goto out;
1325

1326
	retval = sock_map_fd(sock, flags & (O_CLOEXEC | O_NONBLOCK));
1327
	if (retval < 0)
1328
		goto out_release;
1329

1330
out:
1331
	/* It may be already another descriptor 8) Not kernel problem. */
1332
	return retval;
1333

1334
out_release:
1335
	sock_release(sock);
1336
	return retval;
1337
}
1338

1339
/*
1340
 *	Create a pair of connected sockets.
1341
 */
1342

1343
SYSCALL_DEFINE4(socketpair, int, family, int, type, int, protocol,
1344
		int __user *, usockvec)
1345
{
1346
	struct socket *sock1, *sock2;
1347
	int fd1, fd2, err;
1348
	struct file *newfile1, *newfile2;
1349
	int flags;
1350

1351
	flags = type & ~SOCK_TYPE_MASK;
1352
	if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
1353
		return -EINVAL;
1354
	type &= SOCK_TYPE_MASK;
1355

1356
	if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
1357
		flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
1358

1359
	/*
1360
	 * Obtain the first socket and check if the underlying protocol
1361
	 * supports the socketpair call.
1362
	 */
1363

1364
	err = sock_create(family, type, protocol, &sock1);
1365
	if (err < 0)
1366
		goto out;
1367

1368
	err = sock_create(family, type, protocol, &sock2);
1369
	if (err < 0)
1370
		goto out_release_1;
1371

1372
	err = sock1->ops->socketpair(sock1, sock2);
1373
	if (err < 0)
1374
		goto out_release_both;
1375

1376
	fd1 = sock_alloc_file(sock1, &newfile1, flags);
1377
	if (unlikely(fd1 < 0)) {
1378
		err = fd1;
1379
		goto out_release_both;
1380
	}
1381

1382
	fd2 = sock_alloc_file(sock2, &newfile2, flags);
1383
	if (unlikely(fd2 < 0)) {
1384
		err = fd2;
1385
		fput(newfile1);
1386
		put_unused_fd(fd1);
1387
		sock_release(sock2);
1388
		goto out;
1389
	}
1390

1391
	audit_fd_pair(fd1, fd2);
1392
	fd_install(fd1, newfile1);
1393
	fd_install(fd2, newfile2);
1394
	/* fd1 and fd2 may be already another descriptors.
1395
	 * Not kernel problem.
1396
	 */
1397

1398
	err = put_user(fd1, &usockvec[0]);
1399
	if (!err)
1400
		err = put_user(fd2, &usockvec[1]);
1401
	if (!err)
1402
		return 0;
1403

1404
	sys_close(fd2);
1405
	sys_close(fd1);
1406
	return err;
1407

1408
out_release_both:
1409
	sock_release(sock2);
1410
out_release_1:
1411
	sock_release(sock1);
1412
out:
1413
	return err;
1414
}
1415

1416
/*
1417
 *	Bind a name to a socket. Nothing much to do here since it's
1418
 *	the protocol's responsibility to handle the local address.
1419
 *
1420
 *	We move the socket address to kernel space before we call
1421
 *	the protocol layer (having also checked the address is ok).
1422
 */
1423

1424
SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
1425
{
1426
	struct socket *sock;
1427
	struct sockaddr_storage address;
1428
	int err, fput_needed;
1429

1430
	sock = sockfd_lookup_light(fd, &err, &fput_needed);
1431
	if (sock) {
1432
		err = move_addr_to_kernel(umyaddr, addrlen, (struct sockaddr *)&address);
1433
		if (err >= 0) {
1434
			err = security_socket_bind(sock,
1435
						   (struct sockaddr *)&address,
1436
						   addrlen);
1437
			if (!err)
1438
				err = sock->ops->bind(sock,
1439
						      (struct sockaddr *)
1440
						      &address, addrlen);
1441
		}
1442
		fput_light(sock->file, fput_needed);
1443
	}
1444
	return err;
1445
}
1446

1447
/*
1448
 *	Perform a listen. Basically, we allow the protocol to do anything
1449
 *	necessary for a listen, and if that works, we mark the socket as
1450
 *	ready for listening.
1451
 */
1452

1453
SYSCALL_DEFINE2(listen, int, fd, int, backlog)
1454
{
1455
	struct socket *sock;
1456
	int err, fput_needed;
1457
	int somaxconn;
1458

1459
	sock = sockfd_lookup_light(fd, &err, &fput_needed);
1460
	if (sock) {
1461
		somaxconn = sock_net(sock->sk)->core.sysctl_somaxconn;
1462
		if ((unsigned)backlog > somaxconn)
1463
			backlog = somaxconn;
1464

1465
		err = security_socket_listen(sock, backlog);
1466
		if (!err)
1467
			err = sock->ops->listen(sock, backlog);
1468

1469
		fput_light(sock->file, fput_needed);
1470
	}
1471
	return err;
1472
}
1473

1474
/*
1475
 *	For accept, we attempt to create a new socket, set up the link
1476
 *	with the client, wake up the client, then return the new
1477
 *	connected fd. We collect the address of the connector in kernel
1478
 *	space and move it to user at the very end. This is unclean because
1479
 *	we open the socket then return an error.
1480
 *
1481
 *	1003.1g adds the ability to recvmsg() to query connection pending
1482
 *	status to recvmsg. We need to add that support in a way thats
1483
 *	clean when we restucture accept also.
1484
 */
1485

1486
SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
1487
		int __user *, upeer_addrlen, int, flags)
1488
{
1489
	struct socket *sock, *newsock;
1490
	struct file *newfile;
1491
	int err, len, newfd, fput_needed;
1492
	struct sockaddr_storage address;
1493

1494
	if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
1495
		return -EINVAL;
1496

1497
	if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
1498
		flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
1499

1500
	sock = sockfd_lookup_light(fd, &err, &fput_needed);
1501
	if (!sock)
1502
		goto out;
1503

1504
	err = -ENFILE;
1505
	newsock = sock_alloc();
1506
	if (!newsock)
1507
		goto out_put;
1508

1509
	newsock->type = sock->type;
1510
	newsock->ops = sock->ops;
1511

1512
	/*
1513
	 * We don't need try_module_get here, as the listening socket (sock)
1514
	 * has the protocol module (sock->ops->owner) held.
1515
	 */
1516
	__module_get(newsock->ops->owner);
1517

1518
	newfd = sock_alloc_file(newsock, &newfile, flags);
1519
	if (unlikely(newfd < 0)) {
1520
		err = newfd;
1521
		sock_release(newsock);
1522
		goto out_put;
1523
	}
1524

1525
	err = security_socket_accept(sock, newsock);
1526
	if (err)
1527
		goto out_fd;
1528

1529
	err = sock->ops->accept(sock, newsock, sock->file->f_flags);
1530
	if (err < 0)
1531
		goto out_fd;
1532

1533
	if (upeer_sockaddr) {
1534
		if (newsock->ops->getname(newsock, (struct sockaddr *)&address,
1535
					  &len, 2) < 0) {
1536
			err = -ECONNABORTED;
1537
			goto out_fd;
1538
		}
1539
		err = move_addr_to_user((struct sockaddr *)&address,
1540
					len, upeer_sockaddr, upeer_addrlen);
1541
		if (err < 0)
1542
			goto out_fd;
1543
	}
1544

1545
	/* File flags are not inherited via accept() unlike another OSes. */
1546

1547
	fd_install(newfd, newfile);
1548
	err = newfd;
1549

1550
out_put:
1551
	fput_light(sock->file, fput_needed);
1552
out:
1553
	return err;
1554
out_fd:
1555
	fput(newfile);
1556
	put_unused_fd(newfd);
1557
	goto out_put;
1558
}
1559

1560
SYSCALL_DEFINE3(accept, int, fd, struct sockaddr __user *, upeer_sockaddr,
1561
		int __user *, upeer_addrlen)
1562
{
1563
	return sys_accept4(fd, upeer_sockaddr, upeer_addrlen, 0);
1564
}
1565

1566
/*
1567
 *	Attempt to connect to a socket with the server address.  The address
1568
 *	is in user space so we verify it is OK and move it to kernel space.
1569
 *
1570
 *	For 1003.1g we need to add clean support for a bind to AF_UNSPEC to
1571
 *	break bindings
1572
 *
1573
 *	NOTE: 1003.1g draft 6.3 is broken with respect to AX.25/NetROM and
1574
 *	other SEQPACKET protocols that take time to connect() as it doesn't
1575
 *	include the -EINPROGRESS status for such sockets.
1576
 */
1577

1578
SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
1579
		int, addrlen)
1580
{
1581
	struct socket *sock;
1582
	struct sockaddr_storage address;
1583
	int err, fput_needed;
1584

1585
	sock = sockfd_lookup_light(fd, &err, &fput_needed);
1586
	if (!sock)
1587
		goto out;
1588
	err = move_addr_to_kernel(uservaddr, addrlen, (struct sockaddr *)&address);
1589
	if (err < 0)
1590
		goto out_put;
1591

1592
	err =
1593
	    security_socket_connect(sock, (struct sockaddr *)&address, addrlen);
1594
	if (err)
1595
		goto out_put;
1596

1597
	err = sock->ops->connect(sock, (struct sockaddr *)&address, addrlen,
1598
				 sock->file->f_flags);
1599
out_put:
1600
	fput_light(sock->file, fput_needed);
1601
out:
1602
	return err;
1603
}
1604

1605
/*
1606
 *	Get the local address ('name') of a socket object. Move the obtained
1607
 *	name to user space.
1608
 */
1609

1610
SYSCALL_DEFINE3(getsockname, int, fd, struct sockaddr __user *, usockaddr,
1611
		int __user *, usockaddr_len)
1612
{
1613
	struct socket *sock;
1614
	struct sockaddr_storage address;
1615
	int len, err, fput_needed;
1616

1617
	sock = sockfd_lookup_light(fd, &err, &fput_needed);
1618
	if (!sock)
1619
		goto out;
1620

1621
	err = security_socket_getsockname(sock);
1622
	if (err)
1623
		goto out_put;
1624

1625
	err = sock->ops->getname(sock, (struct sockaddr *)&address, &len, 0);
1626
	if (err)
1627
		goto out_put;
1628
	err = move_addr_to_user((struct sockaddr *)&address, len, usockaddr, usockaddr_len);
1629

1630
out_put:
1631
	fput_light(sock->file, fput_needed);
1632
out:
1633
	return err;
1634
}
1635

1636
/*
1637
 *	Get the remote address ('name') of a socket object. Move the obtained
1638
 *	name to user space.
1639
 */
1640

1641
SYSCALL_DEFINE3(getpeername, int, fd, struct sockaddr __user *, usockaddr,
1642
		int __user *, usockaddr_len)
1643
{
1644
	struct socket *sock;
1645
	struct sockaddr_storage address;
1646
	int len, err, fput_needed;
1647

1648
	sock = sockfd_lookup_light(fd, &err, &fput_needed);
1649
	if (sock != NULL) {
1650
		err = security_socket_getpeername(sock);
1651
		if (err) {
1652
			fput_light(sock->file, fput_needed);
1653
			return err;
1654
		}
1655

1656
		err =
1657
		    sock->ops->getname(sock, (struct sockaddr *)&address, &len,
1658
				       1);
1659
		if (!err)
1660
			err = move_addr_to_user((struct sockaddr *)&address, len, usockaddr,
1661
						usockaddr_len);
1662
		fput_light(sock->file, fput_needed);
1663
	}
1664
	return err;
1665
}
1666

1667
/*
1668
 *	Send a datagram to a given address. We move the address into kernel
1669
 *	space and check the user space data area is readable before invoking
1670
 *	the protocol.
1671
 */
1672

1673
SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len,
1674
		unsigned, flags, struct sockaddr __user *, addr,
1675
		int, addr_len)
1676
{
1677
	struct socket *sock;
1678
	struct sockaddr_storage address;
1679
	int err;
1680
	struct msghdr msg;
1681
	struct iovec iov;
1682
	int fput_needed;
1683

1684
	if (len > INT_MAX)
1685
		len = INT_MAX;
1686
	sock = sockfd_lookup_light(fd, &err, &fput_needed);
1687
	if (!sock)
1688
		goto out;
1689

1690
	iov.iov_base = buff;
1691
	iov.iov_len = len;
1692
	msg.msg_name = NULL;
1693
	msg.msg_iov = &iov;
1694
	msg.msg_iovlen = 1;
1695
	msg.msg_control = NULL;
1696
	msg.msg_controllen = 0;
1697
	msg.msg_namelen = 0;
1698
	if (addr) {
1699
		err = move_addr_to_kernel(addr, addr_len, (struct sockaddr *)&address);
1700
		if (err < 0)
1701
			goto out_put;
1702
		msg.msg_name = (struct sockaddr *)&address;
1703
		msg.msg_namelen = addr_len;
1704
	}
1705
	if (sock->file->f_flags & O_NONBLOCK)
1706
		flags |= MSG_DONTWAIT;
1707
	msg.msg_flags = flags;
1708
	err = sock_sendmsg(sock, &msg, len);
1709

1710
out_put:
1711
	fput_light(sock->file, fput_needed);
1712
out:
1713
	return err;
1714
}
1715

1716
/*
1717
 *	Send a datagram down a socket.
1718
 */
1719

1720
SYSCALL_DEFINE4(send, int, fd, void __user *, buff, size_t, len,
1721
		unsigned, flags)
1722
{
1723
	return sys_sendto(fd, buff, len, flags, NULL, 0);
1724
}
1725

1726
/*
1727
 *	Receive a frame from the socket and optionally record the address of the
1728
 *	sender. We verify the buffers are writable and if needed move the
1729
 *	sender address from kernel to user space.
1730
 */
1731

1732
SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
1733
		unsigned, flags, struct sockaddr __user *, addr,
1734
		int __user *, addr_len)
1735
{
1736
	struct socket *sock;
1737
	struct iovec iov;
1738
	struct msghdr msg;
1739
	struct sockaddr_storage address;
1740
	int err, err2;
1741
	int fput_needed;
1742

1743
	if (size > INT_MAX)
1744
		size = INT_MAX;
1745
	sock = sockfd_lookup_light(fd, &err, &fput_needed);
1746
	if (!sock)
1747
		goto out;
1748

1749
	msg.msg_control = NULL;
1750
	msg.msg_controllen = 0;
1751
	msg.msg_iovlen = 1;
1752
	msg.msg_iov = &iov;
1753
	iov.iov_len = size;
1754
	iov.iov_base = ubuf;
1755
	msg.msg_name = (struct sockaddr *)&address;
1756
	msg.msg_namelen = sizeof(address);
1757
	if (sock->file->f_flags & O_NONBLOCK)
1758
		flags |= MSG_DONTWAIT;
1759
	err = sock_recvmsg(sock, &msg, size, flags);
1760

1761
	if (err >= 0 && addr != NULL) {
1762
		err2 = move_addr_to_user((struct sockaddr *)&address,
1763
					 msg.msg_namelen, addr, addr_len);
1764
		if (err2 < 0)
1765
			err = err2;
1766
	}
1767

1768
	fput_light(sock->file, fput_needed);
1769
out:
1770
	return err;
1771
}
1772

1773
/*
1774
 *	Receive a datagram from a socket.
1775
 */
1776

1777
asmlinkage long sys_recv(int fd, void __user *ubuf, size_t size,
1778
			 unsigned flags)
1779
{
1780
	return sys_recvfrom(fd, ubuf, size, flags, NULL, NULL);
1781
}
1782

1783
/*
1784
 *	Set a socket option. Because we don't know the option lengths we have
1785
 *	to pass the user mode parameter for the protocols to sort out.
1786
 */
1787

1788
SYSCALL_DEFINE5(setsockopt, int, fd, int, level, int, optname,
1789
		char __user *, optval, int, optlen)
1790
{
1791
	int err, fput_needed;
1792
	struct socket *sock;
1793

1794
	if (optlen < 0)
1795
		return -EINVAL;
1796

1797
	sock = sockfd_lookup_light(fd, &err, &fput_needed);
1798
	if (sock != NULL) {
1799
		err = security_socket_setsockopt(sock, level, optname);
1800
		if (err)
1801
			goto out_put;
1802

1803
		if (level == SOL_SOCKET)
1804
			err =
1805
			    sock_setsockopt(sock, level, optname, optval,
1806
					    optlen);
1807
		else
1808
			err =
1809
			    sock->ops->setsockopt(sock, level, optname, optval,
1810
						  optlen);
1811
out_put:
1812
		fput_light(sock->file, fput_needed);
1813
	}
1814
	return err;
1815
}
1816

1817
/*
1818
 *	Get a socket option. Because we don't know the option lengths we have
1819
 *	to pass a user mode parameter for the protocols to sort out.
1820
 */
1821

1822
SYSCALL_DEFINE5(getsockopt, int, fd, int, level, int, optname,
1823
		char __user *, optval, int __user *, optlen)
1824
{
1825
	int err, fput_needed;
1826
	struct socket *sock;
1827

1828
	sock = sockfd_lookup_light(fd, &err, &fput_needed);
1829
	if (sock != NULL) {
1830
		err = security_socket_getsockopt(sock, level, optname);
1831
		if (err)
1832
			goto out_put;
1833

1834
		if (level == SOL_SOCKET)
1835
			err =
1836
			    sock_getsockopt(sock, level, optname, optval,
1837
					    optlen);
1838
		else
1839
			err =
1840
			    sock->ops->getsockopt(sock, level, optname, optval,
1841
						  optlen);
1842
out_put:
1843
		fput_light(sock->file, fput_needed);
1844
	}
1845
	return err;
1846
}
1847

1848
/*
1849
 *	Shutdown a socket.
1850
 */
1851

1852
SYSCALL_DEFINE2(shutdown, int, fd, int, how)
1853
{
1854
	int err, fput_needed;
1855
	struct socket *sock;
1856

1857
	sock = sockfd_lookup_light(fd, &err, &fput_needed);
1858
	if (sock != NULL) {
1859
		err = security_socket_shutdown(sock, how);
1860
		if (!err)
1861
			err = sock->ops->shutdown(sock, how);
1862
		fput_light(sock->file, fput_needed);
1863
	}
1864
	return err;
1865
}
1866

1867
/* A couple of helpful macros for getting the address of the 32/64 bit
1868
 * fields which are the same type (int / unsigned) on our platforms.
1869
 */
1870
#define COMPAT_MSG(msg, member)	((MSG_CMSG_COMPAT & flags) ? &msg##_compat->member : &msg->member)
1871
#define COMPAT_NAMELEN(msg)	COMPAT_MSG(msg, msg_namelen)
1872
#define COMPAT_FLAGS(msg)	COMPAT_MSG(msg, msg_flags)
1873

1874
static int __sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
1875
			 struct msghdr *msg_sys, unsigned flags, int nosec)
1876
{
1877
	struct compat_msghdr __user *msg_compat =
1878
	    (struct compat_msghdr __user *)msg;
1879
	struct sockaddr_storage address;
1880
	struct iovec iovstack[UIO_FASTIOV], *iov = iovstack;
1881
	unsigned char ctl[sizeof(struct cmsghdr) + 20]
1882
	    __attribute__ ((aligned(sizeof(__kernel_size_t))));
1883
	/* 20 is size of ipv6_pktinfo */
1884
	unsigned char *ctl_buf = ctl;
1885
	int err, ctl_len, iov_size, total_len;
1886

1887
	err = -EFAULT;
1888
	if (MSG_CMSG_COMPAT & flags) {
1889
		if (get_compat_msghdr(msg_sys, msg_compat))
1890
			return -EFAULT;
1891
	} else if (copy_from_user(msg_sys, msg, sizeof(struct msghdr)))
1892
		return -EFAULT;
1893

1894
	/* do not move before msg_sys is valid */
1895
	err = -EMSGSIZE;
1896
	if (msg_sys->msg_iovlen > UIO_MAXIOV)
1897
		goto out;
1898

1899
	/* Check whether to allocate the iovec area */
1900
	err = -ENOMEM;
1901
	iov_size = msg_sys->msg_iovlen * sizeof(struct iovec);
1902
	if (msg_sys->msg_iovlen > UIO_FASTIOV) {
1903
		iov = sock_kmalloc(sock->sk, iov_size, GFP_KERNEL);
1904
		if (!iov)
1905
			goto out;
1906
	}
1907

1908
	/* This will also move the address data into kernel space */
1909
	if (MSG_CMSG_COMPAT & flags) {
1910
		err = verify_compat_iovec(msg_sys, iov,
1911
					  (struct sockaddr *)&address,
1912
					  VERIFY_READ);
1913
	} else
1914
		err = verify_iovec(msg_sys, iov,
1915
				   (struct sockaddr *)&address,
1916
				   VERIFY_READ);
1917
	if (err < 0)
1918
		goto out_freeiov;
1919
	total_len = err;
1920

1921
	err = -ENOBUFS;
1922

1923
	if (msg_sys->msg_controllen > INT_MAX)
1924
		goto out_freeiov;
1925
	ctl_len = msg_sys->msg_controllen;
1926
	if ((MSG_CMSG_COMPAT & flags) && ctl_len) {
1927
		err =
1928
		    cmsghdr_from_user_compat_to_kern(msg_sys, sock->sk, ctl,
1929
						     sizeof(ctl));
1930
		if (err)
1931
			goto out_freeiov;
1932
		ctl_buf = msg_sys->msg_control;
1933
		ctl_len = msg_sys->msg_controllen;
1934
	} else if (ctl_len) {
1935
		if (ctl_len > sizeof(ctl)) {
1936
			ctl_buf = sock_kmalloc(sock->sk, ctl_len, GFP_KERNEL);
1937
			if (ctl_buf == NULL)
1938
				goto out_freeiov;
1939
		}
1940
		err = -EFAULT;
1941
		/*
1942
		 * Careful! Before this, msg_sys->msg_control contains a user pointer.
1943
		 * Afterwards, it will be a kernel pointer. Thus the compiler-assisted
1944
		 * checking falls down on this.
1945
		 */
1946
		if (copy_from_user(ctl_buf,
1947
				   (void __user __force *)msg_sys->msg_control,
1948
				   ctl_len))
1949
			goto out_freectl;
1950
		msg_sys->msg_control = ctl_buf;
1951
	}
1952
	msg_sys->msg_flags = flags;
1953

1954
	if (sock->file->f_flags & O_NONBLOCK)
1955
		msg_sys->msg_flags |= MSG_DONTWAIT;
1956
	err = (nosec ? sock_sendmsg_nosec : sock_sendmsg)(sock, msg_sys,
1957
							  total_len);
1958

1959
out_freectl:
1960
	if (ctl_buf != ctl)
1961
		sock_kfree_s(sock->sk, ctl_buf, ctl_len);
1962
out_freeiov:
1963
	if (iov != iovstack)
1964
		sock_kfree_s(sock->sk, iov, iov_size);
1965
out:
1966
	return err;
1967
}
1968

1969
/*
1970
 *	BSD sendmsg interface
1971
 */
1972

1973
SYSCALL_DEFINE3(sendmsg, int, fd, struct msghdr __user *, msg, unsigned, flags)
1974
{
1975
	int fput_needed, err;
1976
	struct msghdr msg_sys;
1977
	struct socket *sock = sockfd_lookup_light(fd, &err, &fput_needed);
1978

1979
	if (!sock)
1980
		goto out;
1981

1982
	err = __sys_sendmsg(sock, msg, &msg_sys, flags, 0);
1983

1984
	fput_light(sock->file, fput_needed);
1985
out:
1986
	return err;
1987
}
1988

1989
/*
1990
 *	Linux sendmmsg interface
1991
 */
1992

1993
int __sys_sendmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen,
1994
		   unsigned int flags)
1995
{
1996
	int fput_needed, err, datagrams;
1997
	struct socket *sock;
1998
	struct mmsghdr __user *entry;
1999
	struct compat_mmsghdr __user *compat_entry;
2000
	struct msghdr msg_sys;
2001

2002
	datagrams = 0;
2003

2004
	sock = sockfd_lookup_light(fd, &err, &fput_needed);
2005
	if (!sock)
2006
		return err;
2007

2008
	err = sock_error(sock->sk);
2009
	if (err)
2010
		goto out_put;
2011

2012
	entry = mmsg;
2013
	compat_entry = (struct compat_mmsghdr __user *)mmsg;
2014

2015
	while (datagrams < vlen) {
2016
		/*
2017
		 * No need to ask LSM for more than the first datagram.
2018
		 */
2019
		if (MSG_CMSG_COMPAT & flags) {
2020
			err = __sys_sendmsg(sock, (struct msghdr __user *)compat_entry,
2021
					    &msg_sys, flags, datagrams);
2022
			if (err < 0)
2023
				break;
2024
			err = __put_user(err, &compat_entry->msg_len);
2025
			++compat_entry;
2026
		} else {
2027
			err = __sys_sendmsg(sock, (struct msghdr __user *)entry,
2028
					    &msg_sys, flags, datagrams);
2029
			if (err < 0)
2030
				break;
2031
			err = put_user(err, &entry->msg_len);
2032
			++entry;
2033
		}
2034

2035
		if (err)
2036
			break;
2037
		++datagrams;
2038
	}
2039

2040
out_put:
2041
	fput_light(sock->file, fput_needed);
2042

2043
	if (err == 0)
2044
		return datagrams;
2045

2046
	if (datagrams != 0) {
2047
		/*
2048
		 * We may send less entries than requested (vlen) if the
2049
		 * sock is non blocking...
2050
		 */
2051
		if (err != -EAGAIN) {
2052
			/*
2053
			 * ... or if sendmsg returns an error after we
2054
			 * send some datagrams, where we record the
2055
			 * error to return on the next call or if the
2056
			 * app asks about it using getsockopt(SO_ERROR).
2057
			 */
2058
			sock->sk->sk_err = -err;
2059
		}
2060

2061
		return datagrams;
2062
	}
2063

2064
	return err;
2065
}
2066

2067
SYSCALL_DEFINE4(sendmmsg, int, fd, struct mmsghdr __user *, mmsg,
2068
		unsigned int, vlen, unsigned int, flags)
2069
{
2070
	return __sys_sendmmsg(fd, mmsg, vlen, flags);
2071
}
2072

2073
static int __sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
2074
			 struct msghdr *msg_sys, unsigned flags, int nosec)
2075
{
2076
	struct compat_msghdr __user *msg_compat =
2077
	    (struct compat_msghdr __user *)msg;
2078
	struct iovec iovstack[UIO_FASTIOV];
2079
	struct iovec *iov = iovstack;
2080
	unsigned long cmsg_ptr;
2081
	int err, iov_size, total_len, len;
2082

2083
	/* kernel mode address */
2084
	struct sockaddr_storage addr;
2085

2086
	/* user mode address pointers */
2087
	struct sockaddr __user *uaddr;
2088
	int __user *uaddr_len;
2089

2090
	if (MSG_CMSG_COMPAT & flags) {
2091
		if (get_compat_msghdr(msg_sys, msg_compat))
2092
			return -EFAULT;
2093
	} else if (copy_from_user(msg_sys, msg, sizeof(struct msghdr)))
2094
		return -EFAULT;
2095

2096
	err = -EMSGSIZE;
2097
	if (msg_sys->msg_iovlen > UIO_MAXIOV)
2098
		goto out;
2099

2100
	/* Check whether to allocate the iovec area */
2101
	err = -ENOMEM;
2102
	iov_size = msg_sys->msg_iovlen * sizeof(struct iovec);
2103
	if (msg_sys->msg_iovlen > UIO_FASTIOV) {
2104
		iov = sock_kmalloc(sock->sk, iov_size, GFP_KERNEL);
2105
		if (!iov)
2106
			goto out;
2107
	}
2108

2109
	/*
2110
	 *      Save the user-mode address (verify_iovec will change the
2111
	 *      kernel msghdr to use the kernel address space)
2112
	 */
2113

2114
	uaddr = (__force void __user *)msg_sys->msg_name;
2115
	uaddr_len = COMPAT_NAMELEN(msg);
2116
	if (MSG_CMSG_COMPAT & flags) {
2117
		err = verify_compat_iovec(msg_sys, iov,
2118
					  (struct sockaddr *)&addr,
2119
					  VERIFY_WRITE);
2120
	} else
2121
		err = verify_iovec(msg_sys, iov,
2122
				   (struct sockaddr *)&addr,
2123
				   VERIFY_WRITE);
2124
	if (err < 0)
2125
		goto out_freeiov;
2126
	total_len = err;
2127

2128
	cmsg_ptr = (unsigned long)msg_sys->msg_control;
2129
	msg_sys->msg_flags = flags & (MSG_CMSG_CLOEXEC|MSG_CMSG_COMPAT);
2130

2131
	if (sock->file->f_flags & O_NONBLOCK)
2132
		flags |= MSG_DONTWAIT;
2133
	err = (nosec ? sock_recvmsg_nosec : sock_recvmsg)(sock, msg_sys,
2134
							  total_len, flags);
2135
	if (err < 0)
2136
		goto out_freeiov;
2137
	len = err;
2138

2139
	if (uaddr != NULL) {
2140
		err = move_addr_to_user((struct sockaddr *)&addr,
2141
					msg_sys->msg_namelen, uaddr,
2142
					uaddr_len);
2143
		if (err < 0)
2144
			goto out_freeiov;
2145
	}
2146
	err = __put_user((msg_sys->msg_flags & ~MSG_CMSG_COMPAT),
2147
			 COMPAT_FLAGS(msg));
2148
	if (err)
2149
		goto out_freeiov;
2150
	if (MSG_CMSG_COMPAT & flags)
2151
		err = __put_user((unsigned long)msg_sys->msg_control - cmsg_ptr,
2152
				 &msg_compat->msg_controllen);
2153
	else
2154
		err = __put_user((unsigned long)msg_sys->msg_control - cmsg_ptr,
2155
				 &msg->msg_controllen);
2156
	if (err)
2157
		goto out_freeiov;
2158
	err = len;
2159

2160
out_freeiov:
2161
	if (iov != iovstack)
2162
		sock_kfree_s(sock->sk, iov, iov_size);
2163
out:
2164
	return err;
2165
}
2166

2167
/*
2168
 *	BSD recvmsg interface
2169
 */
2170

2171
SYSCALL_DEFINE3(recvmsg, int, fd, struct msghdr __user *, msg,
2172
		unsigned int, flags)
2173
{
2174
	int fput_needed, err;
2175
	struct msghdr msg_sys;
2176
	struct socket *sock = sockfd_lookup_light(fd, &err, &fput_needed);
2177

2178
	if (!sock)
2179
		goto out;
2180

2181
	err = __sys_recvmsg(sock, msg, &msg_sys, flags, 0);
2182

2183
	fput_light(sock->file, fput_needed);
2184
out:
2185
	return err;
2186
}
2187

2188
/*
2189
 *     Linux recvmmsg interface
2190
 */
2191

2192
int __sys_recvmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen,
2193
		   unsigned int flags, struct timespec *timeout)
2194
{
2195
	int fput_needed, err, datagrams;
2196
	struct socket *sock;
2197
	struct mmsghdr __user *entry;
2198
	struct compat_mmsghdr __user *compat_entry;
2199
	struct msghdr msg_sys;
2200
	struct timespec end_time;
2201

2202
	if (timeout &&
2203
	    poll_select_set_timeout(&end_time, timeout->tv_sec,
2204
				    timeout->tv_nsec))
2205
		return -EINVAL;
2206

2207
	datagrams = 0;
2208

2209
	sock = sockfd_lookup_light(fd, &err, &fput_needed);
2210
	if (!sock)
2211
		return err;
2212

2213
	err = sock_error(sock->sk);
2214
	if (err)
2215
		goto out_put;
2216

2217
	entry = mmsg;
2218
	compat_entry = (struct compat_mmsghdr __user *)mmsg;
2219

2220
	while (datagrams < vlen) {
2221
		/*
2222
		 * No need to ask LSM for more than the first datagram.
2223
		 */
2224
		if (MSG_CMSG_COMPAT & flags) {
2225
			err = __sys_recvmsg(sock, (struct msghdr __user *)compat_entry,
2226
					    &msg_sys, flags & ~MSG_WAITFORONE,
2227
					    datagrams);
2228
			if (err < 0)
2229
				break;
2230
			err = __put_user(err, &compat_entry->msg_len);
2231
			++compat_entry;
2232
		} else {
2233
			err = __sys_recvmsg(sock, (struct msghdr __user *)entry,
2234
					    &msg_sys, flags & ~MSG_WAITFORONE,
2235
					    datagrams);
2236
			if (err < 0)
2237
				break;
2238
			err = put_user(err, &entry->msg_len);
2239
			++entry;
2240
		}
2241

2242
		if (err)
2243
			break;
2244
		++datagrams;
2245

2246
		/* MSG_WAITFORONE turns on MSG_DONTWAIT after one packet */
2247
		if (flags & MSG_WAITFORONE)
2248
			flags |= MSG_DONTWAIT;
2249

2250
		if (timeout) {
2251
			ktime_get_ts(timeout);
2252
			*timeout = timespec_sub(end_time, *timeout);
2253
			if (timeout->tv_sec < 0) {
2254
				timeout->tv_sec = timeout->tv_nsec = 0;
2255
				break;
2256
			}
2257

2258
			/* Timeout, return less than vlen datagrams */
2259
			if (timeout->tv_nsec == 0 && timeout->tv_sec == 0)
2260
				break;
2261
		}
2262

2263
		/* Out of band data, return right away */
2264
		if (msg_sys.msg_flags & MSG_OOB)
2265
			break;
2266
	}
2267

2268
out_put:
2269
	fput_light(sock->file, fput_needed);
2270

2271
	if (err == 0)
2272
		return datagrams;
2273

2274
	if (datagrams != 0) {
2275
		/*
2276
		 * We may return less entries than requested (vlen) if the
2277
		 * sock is non block and there aren't enough datagrams...
2278
		 */
2279
		if (err != -EAGAIN) {
2280
			/*
2281
			 * ... or  if recvmsg returns an error after we
2282
			 * received some datagrams, where we record the
2283
			 * error to return on the next call or if the
2284
			 * app asks about it using getsockopt(SO_ERROR).
2285
			 */
2286
			sock->sk->sk_err = -err;
2287
		}
2288

2289
		return datagrams;
2290
	}
2291

2292
	return err;
2293
}
2294

2295
SYSCALL_DEFINE5(recvmmsg, int, fd, struct mmsghdr __user *, mmsg,
2296
		unsigned int, vlen, unsigned int, flags,
2297
		struct timespec __user *, timeout)
2298
{
2299
	int datagrams;
2300
	struct timespec timeout_sys;
2301

2302
	if (!timeout)
2303
		return __sys_recvmmsg(fd, mmsg, vlen, flags, NULL);
2304

2305
	if (copy_from_user(&timeout_sys, timeout, sizeof(timeout_sys)))
2306
		return -EFAULT;
2307

2308
	datagrams = __sys_recvmmsg(fd, mmsg, vlen, flags, &timeout_sys);
2309

2310
	if (datagrams > 0 &&
2311
	    copy_to_user(timeout, &timeout_sys, sizeof(timeout_sys)))
2312
		datagrams = -EFAULT;
2313

2314
	return datagrams;
2315
}
2316

2317
#ifdef __ARCH_WANT_SYS_SOCKETCALL
2318
/* Argument list sizes for sys_socketcall */
2319
#define AL(x) ((x) * sizeof(unsigned long))
2320
static const unsigned char nargs[21] = {
2321
	AL(0), AL(3), AL(3), AL(3), AL(2), AL(3),
2322
	AL(3), AL(3), AL(4), AL(4), AL(4), AL(6),
2323
	AL(6), AL(2), AL(5), AL(5), AL(3), AL(3),
2324
	AL(4), AL(5), AL(4)
2325
};
2326

2327
#undef AL
2328

2329
/*
2330
 *	System call vectors.
2331
 *
2332
 *	Argument checking cleaned up. Saved 20% in size.
2333
 *  This function doesn't need to set the kernel lock because
2334
 *  it is set by the callees.
2335
 */
2336

2337
SYSCALL_DEFINE2(socketcall, int, call, unsigned long __user *, args)
2338
{
2339
	unsigned long a[6];
2340
	unsigned long a0, a1;
2341
	int err;
2342
	unsigned int len;
2343

2344
	if (call < 1 || call > SYS_SENDMMSG)
2345
		return -EINVAL;
2346

2347
	len = nargs[call];
2348
	if (len > sizeof(a))
2349
		return -EINVAL;
2350

2351
	/* copy_from_user should be SMP safe. */
2352
	if (copy_from_user(a, args, len))
2353
		return -EFAULT;
2354

2355
	audit_socketcall(nargs[call] / sizeof(unsigned long), a);
2356

2357
	a0 = a[0];
2358
	a1 = a[1];
2359

2360
	switch (call) {
2361
	case SYS_SOCKET:
2362
		err = sys_socket(a0, a1, a[2]);
2363
		break;
2364
	case SYS_BIND:
2365
		err = sys_bind(a0, (struct sockaddr __user *)a1, a[2]);
2366
		break;
2367
	case SYS_CONNECT:
2368
		err = sys_connect(a0, (struct sockaddr __user *)a1, a[2]);
2369
		break;
2370
	case SYS_LISTEN:
2371
		err = sys_listen(a0, a1);
2372
		break;
2373
	case SYS_ACCEPT:
2374
		err = sys_accept4(a0, (struct sockaddr __user *)a1,
2375
				  (int __user *)a[2], 0);
2376
		break;
2377
	case SYS_GETSOCKNAME:
2378
		err =
2379
		    sys_getsockname(a0, (struct sockaddr __user *)a1,
2380
				    (int __user *)a[2]);
2381
		break;
2382
	case SYS_GETPEERNAME:
2383
		err =
2384
		    sys_getpeername(a0, (struct sockaddr __user *)a1,
2385
				    (int __user *)a[2]);
2386
		break;
2387
	case SYS_SOCKETPAIR:
2388
		err = sys_socketpair(a0, a1, a[2], (int __user *)a[3]);
2389
		break;
2390
	case SYS_SEND:
2391
		err = sys_send(a0, (void __user *)a1, a[2], a[3]);
2392
		break;
2393
	case SYS_SENDTO:
2394
		err = sys_sendto(a0, (void __user *)a1, a[2], a[3],
2395
				 (struct sockaddr __user *)a[4], a[5]);
2396
		break;
2397
	case SYS_RECV:
2398
		err = sys_recv(a0, (void __user *)a1, a[2], a[3]);
2399
		break;
2400
	case SYS_RECVFROM:
2401
		err = sys_recvfrom(a0, (void __user *)a1, a[2], a[3],
2402
				   (struct sockaddr __user *)a[4],
2403
				   (int __user *)a[5]);
2404
		break;
2405
	case SYS_SHUTDOWN:
2406
		err = sys_shutdown(a0, a1);
2407
		break;
2408
	case SYS_SETSOCKOPT:
2409
		err = sys_setsockopt(a0, a1, a[2], (char __user *)a[3], a[4]);
2410
		break;
2411
	case SYS_GETSOCKOPT:
2412
		err =
2413
		    sys_getsockopt(a0, a1, a[2], (char __user *)a[3],
2414
				   (int __user *)a[4]);
2415
		break;
2416
	case SYS_SENDMSG:
2417
		err = sys_sendmsg(a0, (struct msghdr __user *)a1, a[2]);
2418
		break;
2419
	case SYS_SENDMMSG:
2420
		err = sys_sendmmsg(a0, (struct mmsghdr __user *)a1, a[2], a[3]);
2421
		break;
2422
	case SYS_RECVMSG:
2423
		err = sys_recvmsg(a0, (struct msghdr __user *)a1, a[2]);
2424
		break;
2425
	case SYS_RECVMMSG:
2426
		err = sys_recvmmsg(a0, (struct mmsghdr __user *)a1, a[2], a[3],
2427
				   (struct timespec __user *)a[4]);
2428
		break;
2429
	case SYS_ACCEPT4:
2430
		err = sys_accept4(a0, (struct sockaddr __user *)a1,
2431
				  (int __user *)a[2], a[3]);
2432
		break;
2433
	default:
2434
		err = -EINVAL;
2435
		break;
2436
	}
2437
	return err;
2438
}
2439

2440
#endif				/* __ARCH_WANT_SYS_SOCKETCALL */
2441

2442
/**
2443
 *	sock_register - add a socket protocol handler
2444
 *	@ops: description of protocol
2445
 *
2446
 *	This function is called by a protocol handler that wants to
2447
 *	advertise its address family, and have it linked into the
2448
 *	socket interface. The value ops->family coresponds to the
2449
 *	socket system call protocol family.
2450
 */
2451
int sock_register(const struct net_proto_family *ops)
2452
{
2453
	int err;
2454

2455
	if (ops->family >= NPROTO) {
2456
		printk(KERN_CRIT "protocol %d >= NPROTO(%d)\n", ops->family,
2457
		       NPROTO);
2458
		return -ENOBUFS;
2459
	}
2460

2461
	spin_lock(&net_family_lock);
2462
	if (rcu_dereference_protected(net_families[ops->family],
2463
				      lockdep_is_held(&net_family_lock)))
2464
		err = -EEXIST;
2465
	else {
2466
		rcu_assign_pointer(net_families[ops->family], ops);
2467
		err = 0;
2468
	}
2469
	spin_unlock(&net_family_lock);
2470

2471
	printk(KERN_INFO "NET: Registered protocol family %d\n", ops->family);
2472
	return err;
2473
}
2474
EXPORT_SYMBOL(sock_register);
2475

2476
/**
2477
 *	sock_unregister - remove a protocol handler
2478
 *	@family: protocol family to remove
2479
 *
2480
 *	This function is called by a protocol handler that wants to
2481
 *	remove its address family, and have it unlinked from the
2482
 *	new socket creation.
2483
 *
2484
 *	If protocol handler is a module, then it can use module reference
2485
 *	counts to protect against new references. If protocol handler is not
2486
 *	a module then it needs to provide its own protection in
2487
 *	the ops->create routine.
2488
 */
2489
void sock_unregister(int family)
2490
{
2491
	BUG_ON(family < 0 || family >= NPROTO);
2492

2493
	spin_lock(&net_family_lock);
2494
	rcu_assign_pointer(net_families[family], NULL);
2495
	spin_unlock(&net_family_lock);
2496

2497
	synchronize_rcu();
2498

2499
	printk(KERN_INFO "NET: Unregistered protocol family %d\n", family);
2500
}
2501
EXPORT_SYMBOL(sock_unregister);
2502

2503
static int __init sock_init(void)
2504
{
2505
	int err;
2506

2507
	/*
2508
	 *      Initialize sock SLAB cache.
2509
	 */
2510

2511
	sk_init();
2512

2513
	/*
2514
	 *      Initialize skbuff SLAB cache
2515
	 */
2516
	skb_init();
2517

2518
	/*
2519
	 *      Initialize the protocols module.
2520
	 */
2521

2522
	init_inodecache();
2523

2524
	err = register_filesystem(&sock_fs_type);
2525
	if (err)
2526
		goto out_fs;
2527
	sock_mnt = kern_mount(&sock_fs_type);
2528
	if (IS_ERR(sock_mnt)) {
2529
		err = PTR_ERR(sock_mnt);
2530
		goto out_mount;
2531
	}
2532

2533
	/* The real protocol initialization is performed in later initcalls.
2534
	 */
2535

2536
#ifdef CONFIG_NETFILTER
2537
	netfilter_init();
2538
#endif
2539

2540
#ifdef CONFIG_NETWORK_PHY_TIMESTAMPING
2541
	skb_timestamping_init();
2542
#endif
2543

2544
out:
2545
	return err;
2546

2547
out_mount:
2548
	unregister_filesystem(&sock_fs_type);
2549
out_fs:
2550
	goto out;
2551
}
2552

2553
core_initcall(sock_init);	/* early initcall */
2554

2555
#ifdef CONFIG_PROC_FS
2556
void socket_seq_show(struct seq_file *seq)
2557
{
2558
	int cpu;
2559
	int counter = 0;
2560

2561
	for_each_possible_cpu(cpu)
2562
	    counter += per_cpu(sockets_in_use, cpu);
2563

2564
	/* It can be negative, by the way. 8) */
2565
	if (counter < 0)
2566
		counter = 0;
2567

2568
	seq_printf(seq, "sockets: used %d\n", counter);
2569
}
2570
#endif				/* CONFIG_PROC_FS */
2571

2572
#ifdef CONFIG_COMPAT
2573
static int do_siocgstamp(struct net *net, struct socket *sock,
2574
			 unsigned int cmd, struct compat_timeval __user *up)
2575
{
2576
	mm_segment_t old_fs = get_fs();
2577
	struct timeval ktv;
2578
	int err;
2579

2580
	set_fs(KERNEL_DS);
2581
	err = sock_do_ioctl(net, sock, cmd, (unsigned long)&ktv);
2582
	set_fs(old_fs);
2583
	if (!err) {
2584
		err = put_user(ktv.tv_sec, &up->tv_sec);
2585
		err |= __put_user(ktv.tv_usec, &up->tv_usec);
2586
	}
2587
	return err;
2588
}
2589

2590
static int do_siocgstampns(struct net *net, struct socket *sock,
2591
			 unsigned int cmd, struct compat_timespec __user *up)
2592
{
2593
	mm_segment_t old_fs = get_fs();
2594
	struct timespec kts;
2595
	int err;
2596

2597
	set_fs(KERNEL_DS);
2598
	err = sock_do_ioctl(net, sock, cmd, (unsigned long)&kts);
2599
	set_fs(old_fs);
2600
	if (!err) {
2601
		err = put_user(kts.tv_sec, &up->tv_sec);
2602
		err |= __put_user(kts.tv_nsec, &up->tv_nsec);
2603
	}
2604
	return err;
2605
}
2606

2607
static int dev_ifname32(struct net *net, struct compat_ifreq __user *uifr32)
2608
{
2609
	struct ifreq __user *uifr;
2610
	int err;
2611

2612
	uifr = compat_alloc_user_space(sizeof(struct ifreq));
2613
	if (copy_in_user(uifr, uifr32, sizeof(struct compat_ifreq)))
2614
		return -EFAULT;
2615

2616
	err = dev_ioctl(net, SIOCGIFNAME, uifr);
2617
	if (err)
2618
		return err;
2619

2620
	if (copy_in_user(uifr32, uifr, sizeof(struct compat_ifreq)))
2621
		return -EFAULT;
2622

2623
	return 0;
2624
}
2625

2626
static int dev_ifconf(struct net *net, struct compat_ifconf __user *uifc32)
2627
{
2628
	struct compat_ifconf ifc32;
2629
	struct ifconf ifc;
2630
	struct ifconf __user *uifc;
2631
	struct compat_ifreq __user *ifr32;
2632
	struct ifreq __user *ifr;
2633
	unsigned int i, j;
2634
	int err;
2635

2636
	if (copy_from_user(&ifc32, uifc32, sizeof(struct compat_ifconf)))
2637
		return -EFAULT;
2638

2639
	if (ifc32.ifcbuf == 0) {
2640
		ifc32.ifc_len = 0;
2641
		ifc.ifc_len = 0;
2642
		ifc.ifc_req = NULL;
2643
		uifc = compat_alloc_user_space(sizeof(struct ifconf));
2644
	} else {
2645
		size_t len = ((ifc32.ifc_len / sizeof(struct compat_ifreq)) + 1) *
2646
			sizeof(struct ifreq);
2647
		uifc = compat_alloc_user_space(sizeof(struct ifconf) + len);
2648
		ifc.ifc_len = len;
2649
		ifr = ifc.ifc_req = (void __user *)(uifc + 1);
2650
		ifr32 = compat_ptr(ifc32.ifcbuf);
2651
		for (i = 0; i < ifc32.ifc_len; i += sizeof(struct compat_ifreq)) {
2652
			if (copy_in_user(ifr, ifr32, sizeof(struct compat_ifreq)))
2653
				return -EFAULT;
2654
			ifr++;
2655
			ifr32++;
2656
		}
2657
	}
2658
	if (copy_to_user(uifc, &ifc, sizeof(struct ifconf)))
2659
		return -EFAULT;
2660

2661
	err = dev_ioctl(net, SIOCGIFCONF, uifc);
2662
	if (err)
2663
		return err;
2664

2665
	if (copy_from_user(&ifc, uifc, sizeof(struct ifconf)))
2666
		return -EFAULT;
2667

2668
	ifr = ifc.ifc_req;
2669
	ifr32 = compat_ptr(ifc32.ifcbuf);
2670
	for (i = 0, j = 0;
2671
	     i + sizeof(struct compat_ifreq) <= ifc32.ifc_len && j < ifc.ifc_len;
2672
	     i += sizeof(struct compat_ifreq), j += sizeof(struct ifreq)) {
2673
		if (copy_in_user(ifr32, ifr, sizeof(struct compat_ifreq)))
2674
			return -EFAULT;
2675
		ifr32++;
2676
		ifr++;
2677
	}
2678

2679
	if (ifc32.ifcbuf == 0) {
2680
		/* Translate from 64-bit structure multiple to
2681
		 * a 32-bit one.
2682
		 */
2683
		i = ifc.ifc_len;
2684
		i = ((i / sizeof(struct ifreq)) * sizeof(struct compat_ifreq));
2685
		ifc32.ifc_len = i;
2686
	} else {
2687
		ifc32.ifc_len = i;
2688
	}
2689
	if (copy_to_user(uifc32, &ifc32, sizeof(struct compat_ifconf)))
2690
		return -EFAULT;
2691

2692
	return 0;
2693
}
2694

2695
static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
2696
{
2697
	struct compat_ethtool_rxnfc __user *compat_rxnfc;
2698
	bool convert_in = false, convert_out = false;
2699
	size_t buf_size = ALIGN(sizeof(struct ifreq), 8);
2700
	struct ethtool_rxnfc __user *rxnfc;
2701
	struct ifreq __user *ifr;
2702
	u32 rule_cnt = 0, actual_rule_cnt;
2703
	u32 ethcmd;
2704
	u32 data;
2705
	int ret;
2706

2707
	if (get_user(data, &ifr32->ifr_ifru.ifru_data))
2708
		return -EFAULT;
2709

2710
	compat_rxnfc = compat_ptr(data);
2711

2712
	if (get_user(ethcmd, &compat_rxnfc->cmd))
2713
		return -EFAULT;
2714

2715
	/* Most ethtool structures are defined without padding.
2716
	 * Unfortunately struct ethtool_rxnfc is an exception.
2717
	 */
2718
	switch (ethcmd) {
2719
	default:
2720
		break;
2721
	case ETHTOOL_GRXCLSRLALL:
2722
		/* Buffer size is variable */
2723
		if (get_user(rule_cnt, &compat_rxnfc->rule_cnt))
2724
			return -EFAULT;
2725
		if (rule_cnt > KMALLOC_MAX_SIZE / sizeof(u32))
2726
			return -ENOMEM;
2727
		buf_size += rule_cnt * sizeof(u32);
2728
		/* fall through */
2729
	case ETHTOOL_GRXRINGS:
2730
	case ETHTOOL_GRXCLSRLCNT:
2731
	case ETHTOOL_GRXCLSRULE:
2732
		convert_out = true;
2733
		/* fall through */
2734
	case ETHTOOL_SRXCLSRLDEL:
2735
	case ETHTOOL_SRXCLSRLINS:
2736
		buf_size += sizeof(struct ethtool_rxnfc);
2737
		convert_in = true;
2738
		break;
2739
	}
2740

2741
	ifr = compat_alloc_user_space(buf_size);
2742
	rxnfc = (void *)ifr + ALIGN(sizeof(struct ifreq), 8);
2743

2744
	if (copy_in_user(&ifr->ifr_name, &ifr32->ifr_name, IFNAMSIZ))
2745
		return -EFAULT;
2746

2747
	if (put_user(convert_in ? rxnfc : compat_ptr(data),
2748
		     &ifr->ifr_ifru.ifru_data))
2749
		return -EFAULT;
2750

2751
	if (convert_in) {
2752
		/* We expect there to be holes between fs.m_ext and
2753
		 * fs.ring_cookie and at the end of fs, but nowhere else.
2754
		 */
2755
		BUILD_BUG_ON(offsetof(struct compat_ethtool_rxnfc, fs.m_ext) +
2756
			     sizeof(compat_rxnfc->fs.m_ext) !=
2757
			     offsetof(struct ethtool_rxnfc, fs.m_ext) +
2758
			     sizeof(rxnfc->fs.m_ext));
2759
		BUILD_BUG_ON(
2760
			offsetof(struct compat_ethtool_rxnfc, fs.location) -
2761
			offsetof(struct compat_ethtool_rxnfc, fs.ring_cookie) !=
2762
			offsetof(struct ethtool_rxnfc, fs.location) -
2763
			offsetof(struct ethtool_rxnfc, fs.ring_cookie));
2764

2765
		if (copy_in_user(rxnfc, compat_rxnfc,
2766
				 (void *)(&rxnfc->fs.m_ext + 1) -
2767
				 (void *)rxnfc) ||
2768
		    copy_in_user(&rxnfc->fs.ring_cookie,
2769
				 &compat_rxnfc->fs.ring_cookie,
2770
				 (void *)(&rxnfc->fs.location + 1) -
2771
				 (void *)&rxnfc->fs.ring_cookie) ||
2772
		    copy_in_user(&rxnfc->rule_cnt, &compat_rxnfc->rule_cnt,
2773
				 sizeof(rxnfc->rule_cnt)))
2774
			return -EFAULT;
2775
	}
2776

2777
	ret = dev_ioctl(net, SIOCETHTOOL, ifr);
2778
	if (ret)
2779
		return ret;
2780

2781
	if (convert_out) {
2782
		if (copy_in_user(compat_rxnfc, rxnfc,
2783
				 (const void *)(&rxnfc->fs.m_ext + 1) -
2784
				 (const void *)rxnfc) ||
2785
		    copy_in_user(&compat_rxnfc->fs.ring_cookie,
2786
				 &rxnfc->fs.ring_cookie,
2787
				 (const void *)(&rxnfc->fs.location + 1) -
2788
				 (const void *)&rxnfc->fs.ring_cookie) ||
2789
		    copy_in_user(&compat_rxnfc->rule_cnt, &rxnfc->rule_cnt,
2790
				 sizeof(rxnfc->rule_cnt)))
2791
			return -EFAULT;
2792

2793
		if (ethcmd == ETHTOOL_GRXCLSRLALL) {
2794
			/* As an optimisation, we only copy the actual
2795
			 * number of rules that the underlying
2796
			 * function returned.  Since Mallory might
2797
			 * change the rule count in user memory, we
2798
			 * check that it is less than the rule count
2799
			 * originally given (as the user buffer size),
2800
			 * which has been range-checked.
2801
			 */
2802
			if (get_user(actual_rule_cnt, &rxnfc->rule_cnt))
2803
				return -EFAULT;
2804
			if (actual_rule_cnt < rule_cnt)
2805
				rule_cnt = actual_rule_cnt;
2806
			if (copy_in_user(&compat_rxnfc->rule_locs[0],
2807
					 &rxnfc->rule_locs[0],
2808
					 rule_cnt * sizeof(u32)))
2809
				return -EFAULT;
2810
		}
2811
	}
2812

2813
	return 0;
2814
}
2815

2816
static int compat_siocwandev(struct net *net, struct compat_ifreq __user *uifr32)
2817
{
2818
	void __user *uptr;
2819
	compat_uptr_t uptr32;
2820
	struct ifreq __user *uifr;
2821

2822
	uifr = compat_alloc_user_space(sizeof(*uifr));
2823
	if (copy_in_user(uifr, uifr32, sizeof(struct compat_ifreq)))
2824
		return -EFAULT;
2825

2826
	if (get_user(uptr32, &uifr32->ifr_settings.ifs_ifsu))
2827
		return -EFAULT;
2828

2829
	uptr = compat_ptr(uptr32);
2830

2831
	if (put_user(uptr, &uifr->ifr_settings.ifs_ifsu.raw_hdlc))
2832
		return -EFAULT;
2833

2834
	return dev_ioctl(net, SIOCWANDEV, uifr);
2835
}
2836

2837
static int bond_ioctl(struct net *net, unsigned int cmd,
2838
			 struct compat_ifreq __user *ifr32)
2839
{
2840
	struct ifreq kifr;
2841
	struct ifreq __user *uifr;
2842
	mm_segment_t old_fs;
2843
	int err;
2844
	u32 data;
2845
	void __user *datap;
2846

2847
	switch (cmd) {
2848
	case SIOCBONDENSLAVE:
2849
	case SIOCBONDRELEASE:
2850
	case SIOCBONDSETHWADDR:
2851
	case SIOCBONDCHANGEACTIVE:
2852
		if (copy_from_user(&kifr, ifr32, sizeof(struct compat_ifreq)))
2853
			return -EFAULT;
2854

2855
		old_fs = get_fs();
2856
		set_fs(KERNEL_DS);
2857
		err = dev_ioctl(net, cmd,
2858
				(struct ifreq __user __force *) &kifr);
2859
		set_fs(old_fs);
2860

2861
		return err;
2862
	case SIOCBONDSLAVEINFOQUERY:
2863
	case SIOCBONDINFOQUERY:
2864
		uifr = compat_alloc_user_space(sizeof(*uifr));
2865
		if (copy_in_user(&uifr->ifr_name, &ifr32->ifr_name, IFNAMSIZ))
2866
			return -EFAULT;
2867

2868
		if (get_user(data, &ifr32->ifr_ifru.ifru_data))
2869
			return -EFAULT;
2870

2871
		datap = compat_ptr(data);
2872
		if (put_user(datap, &uifr->ifr_ifru.ifru_data))
2873
			return -EFAULT;
2874

2875
		return dev_ioctl(net, cmd, uifr);
2876
	default:
2877
		return -EINVAL;
2878
	}
2879
}
2880

2881
static int siocdevprivate_ioctl(struct net *net, unsigned int cmd,
2882
				 struct compat_ifreq __user *u_ifreq32)
2883
{
2884
	struct ifreq __user *u_ifreq64;
2885
	char tmp_buf[IFNAMSIZ];
2886
	void __user *data64;
2887
	u32 data32;
2888

2889
	if (copy_from_user(&tmp_buf[0], &(u_ifreq32->ifr_ifrn.ifrn_name[0]),
2890
			   IFNAMSIZ))
2891
		return -EFAULT;
2892
	if (__get_user(data32, &u_ifreq32->ifr_ifru.ifru_data))
2893
		return -EFAULT;
2894
	data64 = compat_ptr(data32);
2895

2896
	u_ifreq64 = compat_alloc_user_space(sizeof(*u_ifreq64));
2897

2898
	/* Don't check these user accesses, just let that get trapped
2899
	 * in the ioctl handler instead.
2900
	 */
2901
	if (copy_to_user(&u_ifreq64->ifr_ifrn.ifrn_name[0], &tmp_buf[0],
2902
			 IFNAMSIZ))
2903
		return -EFAULT;
2904
	if (__put_user(data64, &u_ifreq64->ifr_ifru.ifru_data))
2905
		return -EFAULT;
2906

2907
	return dev_ioctl(net, cmd, u_ifreq64);
2908
}
2909

2910
static int dev_ifsioc(struct net *net, struct socket *sock,
2911
			 unsigned int cmd, struct compat_ifreq __user *uifr32)
2912
{
2913
	struct ifreq __user *uifr;
2914
	int err;
2915

2916
	uifr = compat_alloc_user_space(sizeof(*uifr));
2917
	if (copy_in_user(uifr, uifr32, sizeof(*uifr32)))
2918
		return -EFAULT;
2919

2920
	err = sock_do_ioctl(net, sock, cmd, (unsigned long)uifr);
2921

2922
	if (!err) {
2923
		switch (cmd) {
2924
		case SIOCGIFFLAGS:
2925
		case SIOCGIFMETRIC:
2926
		case SIOCGIFMTU:
2927
		case SIOCGIFMEM:
2928
		case SIOCGIFHWADDR:
2929
		case SIOCGIFINDEX:
2930
		case SIOCGIFADDR:
2931
		case SIOCGIFBRDADDR:
2932
		case SIOCGIFDSTADDR:
2933
		case SIOCGIFNETMASK:
2934
		case SIOCGIFPFLAGS:
2935
		case SIOCGIFTXQLEN:
2936
		case SIOCGMIIPHY:
2937
		case SIOCGMIIREG:
2938
			if (copy_in_user(uifr32, uifr, sizeof(*uifr32)))
2939
				err = -EFAULT;
2940
			break;
2941
		}
2942
	}
2943
	return err;
2944
}
2945

2946
static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
2947
			struct compat_ifreq __user *uifr32)
2948
{
2949
	struct ifreq ifr;
2950
	struct compat_ifmap __user *uifmap32;
2951
	mm_segment_t old_fs;
2952
	int err;
2953

2954
	uifmap32 = &uifr32->ifr_ifru.ifru_map;
2955
	err = copy_from_user(&ifr, uifr32, sizeof(ifr.ifr_name));
2956
	err |= __get_user(ifr.ifr_map.mem_start, &uifmap32->mem_start);
2957
	err |= __get_user(ifr.ifr_map.mem_end, &uifmap32->mem_end);
2958
	err |= __get_user(ifr.ifr_map.base_addr, &uifmap32->base_addr);
2959
	err |= __get_user(ifr.ifr_map.irq, &uifmap32->irq);
2960
	err |= __get_user(ifr.ifr_map.dma, &uifmap32->dma);
2961
	err |= __get_user(ifr.ifr_map.port, &uifmap32->port);
2962
	if (err)
2963
		return -EFAULT;
2964

2965
	old_fs = get_fs();
2966
	set_fs(KERNEL_DS);
2967
	err = dev_ioctl(net, cmd, (void  __user __force *)&ifr);
2968
	set_fs(old_fs);
2969

2970
	if (cmd == SIOCGIFMAP && !err) {
2971
		err = copy_to_user(uifr32, &ifr, sizeof(ifr.ifr_name));
2972
		err |= __put_user(ifr.ifr_map.mem_start, &uifmap32->mem_start);
2973
		err |= __put_user(ifr.ifr_map.mem_end, &uifmap32->mem_end);
2974
		err |= __put_user(ifr.ifr_map.base_addr, &uifmap32->base_addr);
2975
		err |= __put_user(ifr.ifr_map.irq, &uifmap32->irq);
2976
		err |= __put_user(ifr.ifr_map.dma, &uifmap32->dma);
2977
		err |= __put_user(ifr.ifr_map.port, &uifmap32->port);
2978
		if (err)
2979
			err = -EFAULT;
2980
	}
2981
	return err;
2982
}
2983

2984
static int compat_siocshwtstamp(struct net *net, struct compat_ifreq __user *uifr32)
2985
{
2986
	void __user *uptr;
2987
	compat_uptr_t uptr32;
2988
	struct ifreq __user *uifr;
2989

2990
	uifr = compat_alloc_user_space(sizeof(*uifr));
2991
	if (copy_in_user(uifr, uifr32, sizeof(struct compat_ifreq)))
2992
		return -EFAULT;
2993

2994
	if (get_user(uptr32, &uifr32->ifr_data))
2995
		return -EFAULT;
2996

2997
	uptr = compat_ptr(uptr32);
2998

2999
	if (put_user(uptr, &uifr->ifr_data))
3000
		return -EFAULT;
3001

3002
	return dev_ioctl(net, SIOCSHWTSTAMP, uifr);
3003
}
3004

3005
struct rtentry32 {
3006
	u32		rt_pad1;
3007
	struct sockaddr rt_dst;         /* target address               */
3008
	struct sockaddr rt_gateway;     /* gateway addr (RTF_GATEWAY)   */
3009
	struct sockaddr rt_genmask;     /* target network mask (IP)     */
3010
	unsigned short	rt_flags;
3011
	short		rt_pad2;
3012
	u32		rt_pad3;
3013
	unsigned char	rt_tos;
3014
	unsigned char	rt_class;
3015
	short		rt_pad4;
3016
	short		rt_metric;      /* +1 for binary compatibility! */
3017
	/* char * */ u32 rt_dev;        /* forcing the device at add    */
3018
	u32		rt_mtu;         /* per route MTU/Window         */
3019
	u32		rt_window;      /* Window clamping              */
3020
	unsigned short  rt_irtt;        /* Initial RTT                  */
3021
};
3022

3023
struct in6_rtmsg32 {
3024
	struct in6_addr		rtmsg_dst;
3025
	struct in6_addr		rtmsg_src;
3026
	struct in6_addr		rtmsg_gateway;
3027
	u32			rtmsg_type;
3028
	u16			rtmsg_dst_len;
3029
	u16			rtmsg_src_len;
3030
	u32			rtmsg_metric;
3031
	u32			rtmsg_info;
3032
	u32			rtmsg_flags;
3033
	s32			rtmsg_ifindex;
3034
};
3035

3036
static int routing_ioctl(struct net *net, struct socket *sock,
3037
			 unsigned int cmd, void __user *argp)
3038
{
3039
	int ret;
3040
	void *r = NULL;
3041
	struct in6_rtmsg r6;
3042
	struct rtentry r4;
3043
	char devname[16];
3044
	u32 rtdev;
3045
	mm_segment_t old_fs = get_fs();
3046

3047
	if (sock && sock->sk && sock->sk->sk_family == AF_INET6) { /* ipv6 */
3048
		struct in6_rtmsg32 __user *ur6 = argp;
3049
		ret = copy_from_user(&r6.rtmsg_dst, &(ur6->rtmsg_dst),
3050
			3 * sizeof(struct in6_addr));
3051
		ret |= __get_user(r6.rtmsg_type, &(ur6->rtmsg_type));
3052
		ret |= __get_user(r6.rtmsg_dst_len, &(ur6->rtmsg_dst_len));
3053
		ret |= __get_user(r6.rtmsg_src_len, &(ur6->rtmsg_src_len));
3054
		ret |= __get_user(r6.rtmsg_metric, &(ur6->rtmsg_metric));
3055
		ret |= __get_user(r6.rtmsg_info, &(ur6->rtmsg_info));
3056
		ret |= __get_user(r6.rtmsg_flags, &(ur6->rtmsg_flags));
3057
		ret |= __get_user(r6.rtmsg_ifindex, &(ur6->rtmsg_ifindex));
3058

3059
		r = (void *) &r6;
3060
	} else { /* ipv4 */
3061
		struct rtentry32 __user *ur4 = argp;
3062
		ret = copy_from_user(&r4.rt_dst, &(ur4->rt_dst),
3063
					3 * sizeof(struct sockaddr));
3064
		ret |= __get_user(r4.rt_flags, &(ur4->rt_flags));
3065
		ret |= __get_user(r4.rt_metric, &(ur4->rt_metric));
3066
		ret |= __get_user(r4.rt_mtu, &(ur4->rt_mtu));
3067
		ret |= __get_user(r4.rt_window, &(ur4->rt_window));
3068
		ret |= __get_user(r4.rt_irtt, &(ur4->rt_irtt));
3069
		ret |= __get_user(rtdev, &(ur4->rt_dev));
3070
		if (rtdev) {
3071
			ret |= copy_from_user(devname, compat_ptr(rtdev), 15);
3072
			r4.rt_dev = (char __user __force *)devname;
3073
			devname[15] = 0;
3074
		} else
3075
			r4.rt_dev = NULL;
3076

3077
		r = (void *) &r4;
3078
	}
3079

3080
	if (ret) {
3081
		ret = -EFAULT;
3082
		goto out;
3083
	}
3084

3085
	set_fs(KERNEL_DS);
3086
	ret = sock_do_ioctl(net, sock, cmd, (unsigned long) r);
3087
	set_fs(old_fs);
3088

3089
out:
3090
	return ret;
3091
}
3092

3093
/* Since old style bridge ioctl's endup using SIOCDEVPRIVATE
3094
 * for some operations; this forces use of the newer bridge-utils that
3095
 * use compatible ioctls
3096
 */
3097
static int old_bridge_ioctl(compat_ulong_t __user *argp)
3098
{
3099
	compat_ulong_t tmp;
3100

3101
	if (get_user(tmp, argp))
3102
		return -EFAULT;
3103
	if (tmp == BRCTL_GET_VERSION)
3104
		return BRCTL_VERSION + 1;
3105
	return -EINVAL;
3106
}
3107

3108
static int compat_sock_ioctl_trans(struct file *file, struct socket *sock,
3109
			 unsigned int cmd, unsigned long arg)
3110
{
3111
	void __user *argp = compat_ptr(arg);
3112
	struct sock *sk = sock->sk;
3113
	struct net *net = sock_net(sk);
3114

3115
	if (cmd >= SIOCDEVPRIVATE && cmd <= (SIOCDEVPRIVATE + 15))
3116
		return siocdevprivate_ioctl(net, cmd, argp);
3117

3118
	switch (cmd) {
3119
	case SIOCSIFBR:
3120
	case SIOCGIFBR:
3121
		return old_bridge_ioctl(argp);
3122
	case SIOCGIFNAME:
3123
		return dev_ifname32(net, argp);
3124
	case SIOCGIFCONF:
3125
		return dev_ifconf(net, argp);
3126
	case SIOCETHTOOL:
3127
		return ethtool_ioctl(net, argp);
3128
	case SIOCWANDEV:
3129
		return compat_siocwandev(net, argp);
3130
	case SIOCGIFMAP:
3131
	case SIOCSIFMAP:
3132
		return compat_sioc_ifmap(net, cmd, argp);
3133
	case SIOCBONDENSLAVE:
3134
	case SIOCBONDRELEASE:
3135
	case SIOCBONDSETHWADDR:
3136
	case SIOCBONDSLAVEINFOQUERY:
3137
	case SIOCBONDINFOQUERY:
3138
	case SIOCBONDCHANGEACTIVE:
3139
		return bond_ioctl(net, cmd, argp);
3140
	case SIOCADDRT:
3141
	case SIOCDELRT:
3142
		return routing_ioctl(net, sock, cmd, argp);
3143
	case SIOCGSTAMP:
3144
		return do_siocgstamp(net, sock, cmd, argp);
3145
	case SIOCGSTAMPNS:
3146
		return do_siocgstampns(net, sock, cmd, argp);
3147
	case SIOCSHWTSTAMP:
3148
		return compat_siocshwtstamp(net, argp);
3149

3150
	case FIOSETOWN:
3151
	case SIOCSPGRP:
3152
	case FIOGETOWN:
3153
	case SIOCGPGRP:
3154
	case SIOCBRADDBR:
3155
	case SIOCBRDELBR:
3156
	case SIOCGIFVLAN:
3157
	case SIOCSIFVLAN:
3158
	case SIOCADDDLCI:
3159
	case SIOCDELDLCI:
3160
		return sock_ioctl(file, cmd, arg);
3161

3162
	case SIOCGIFFLAGS:
3163
	case SIOCSIFFLAGS:
3164
	case SIOCGIFMETRIC:
3165
	case SIOCSIFMETRIC:
3166
	case SIOCGIFMTU:
3167
	case SIOCSIFMTU:
3168
	case SIOCGIFMEM:
3169
	case SIOCSIFMEM:
3170
	case SIOCGIFHWADDR:
3171
	case SIOCSIFHWADDR:
3172
	case SIOCADDMULTI:
3173
	case SIOCDELMULTI:
3174
	case SIOCGIFINDEX:
3175
	case SIOCGIFADDR:
3176
	case SIOCSIFADDR:
3177
	case SIOCSIFHWBROADCAST:
3178
	case SIOCDIFADDR:
3179
	case SIOCGIFBRDADDR:
3180
	case SIOCSIFBRDADDR:
3181
	case SIOCGIFDSTADDR:
3182
	case SIOCSIFDSTADDR:
3183
	case SIOCGIFNETMASK:
3184
	case SIOCSIFNETMASK:
3185
	case SIOCSIFPFLAGS:
3186
	case SIOCGIFPFLAGS:
3187
	case SIOCGIFTXQLEN:
3188
	case SIOCSIFTXQLEN:
3189
	case SIOCBRADDIF:
3190
	case SIOCBRDELIF:
3191
	case SIOCSIFNAME:
3192
	case SIOCGMIIPHY:
3193
	case SIOCGMIIREG:
3194
	case SIOCSMIIREG:
3195
		return dev_ifsioc(net, sock, cmd, argp);
3196

3197
	case SIOCSARP:
3198
	case SIOCGARP:
3199
	case SIOCDARP:
3200
	case SIOCATMARK:
3201
		return sock_do_ioctl(net, sock, cmd, arg);
3202
	}
3203

3204
	/* Prevent warning from compat_sys_ioctl, these always
3205
	 * result in -EINVAL in the native case anyway. */
3206
	switch (cmd) {
3207
	case SIOCRTMSG:
3208
	case SIOCGIFCOUNT:
3209
	case SIOCSRARP:
3210
	case SIOCGRARP:
3211
	case SIOCDRARP:
3212
	case SIOCSIFLINK:
3213
	case SIOCGIFSLAVE:
3214
	case SIOCSIFSLAVE:
3215
		return -EINVAL;
3216
	}
3217

3218
	return -ENOIOCTLCMD;
3219
}
3220

3221
static long compat_sock_ioctl(struct file *file, unsigned cmd,
3222
			      unsigned long arg)
3223
{
3224
	struct socket *sock = file->private_data;
3225
	int ret = -ENOIOCTLCMD;
3226
	struct sock *sk;
3227
	struct net *net;
3228

3229
	sk = sock->sk;
3230
	net = sock_net(sk);
3231

3232
	if (sock->ops->compat_ioctl)
3233
		ret = sock->ops->compat_ioctl(sock, cmd, arg);
3234

3235
	if (ret == -ENOIOCTLCMD &&
3236
	    (cmd >= SIOCIWFIRST && cmd <= SIOCIWLAST))
3237
		ret = compat_wext_handle_ioctl(net, cmd, arg);
3238

3239
	if (ret == -ENOIOCTLCMD)
3240
		ret = compat_sock_ioctl_trans(file, sock, cmd, arg);
3241

3242
	return ret;
3243
}
3244
#endif
3245

3246
int kernel_bind(struct socket *sock, struct sockaddr *addr, int addrlen)
3247
{
3248
	return sock->ops->bind(sock, addr, addrlen);
3249
}
3250
EXPORT_SYMBOL(kernel_bind);
3251

3252
int kernel_listen(struct socket *sock, int backlog)
3253
{
3254
	return sock->ops->listen(sock, backlog);
3255
}
3256
EXPORT_SYMBOL(kernel_listen);
3257

3258
int kernel_accept(struct socket *sock, struct socket **newsock, int flags)
3259
{
3260
	struct sock *sk = sock->sk;
3261
	int err;
3262

3263
	err = sock_create_lite(sk->sk_family, sk->sk_type, sk->sk_protocol,
3264
			       newsock);
3265
	if (err < 0)
3266
		goto done;
3267

3268
	err = sock->ops->accept(sock, *newsock, flags);
3269
	if (err < 0) {
3270
		sock_release(*newsock);
3271
		*newsock = NULL;
3272
		goto done;
3273
	}
3274

3275
	(*newsock)->ops = sock->ops;
3276
	__module_get((*newsock)->ops->owner);
3277

3278
done:
3279
	return err;
3280
}
3281
EXPORT_SYMBOL(kernel_accept);
3282

3283
int kernel_connect(struct socket *sock, struct sockaddr *addr, int addrlen,
3284
		   int flags)
3285
{
3286
	return sock->ops->connect(sock, addr, addrlen, flags);
3287
}
3288
EXPORT_SYMBOL(kernel_connect);
3289

3290
int kernel_getsockname(struct socket *sock, struct sockaddr *addr,
3291
			 int *addrlen)
3292
{
3293
	return sock->ops->getname(sock, addr, addrlen, 0);
3294
}
3295
EXPORT_SYMBOL(kernel_getsockname);
3296

3297
int kernel_getpeername(struct socket *sock, struct sockaddr *addr,
3298
			 int *addrlen)
3299
{
3300
	return sock->ops->getname(sock, addr, addrlen, 1);
3301
}
3302
EXPORT_SYMBOL(kernel_getpeername);
3303

3304
int kernel_getsockopt(struct socket *sock, int level, int optname,
3305
			char *optval, int *optlen)
3306
{
3307
	mm_segment_t oldfs = get_fs();
3308
	char __user *uoptval;
3309
	int __user *uoptlen;
3310
	int err;
3311

3312
	uoptval = (char __user __force *) optval;
3313
	uoptlen = (int __user __force *) optlen;
3314

3315
	set_fs(KERNEL_DS);
3316
	if (level == SOL_SOCKET)
3317
		err = sock_getsockopt(sock, level, optname, uoptval, uoptlen);
3318
	else
3319
		err = sock->ops->getsockopt(sock, level, optname, uoptval,
3320
					    uoptlen);
3321
	set_fs(oldfs);
3322
	return err;
3323
}
3324
EXPORT_SYMBOL(kernel_getsockopt);
3325

3326
int kernel_setsockopt(struct socket *sock, int level, int optname,
3327
			char *optval, unsigned int optlen)
3328
{
3329
	mm_segment_t oldfs = get_fs();
3330
	char __user *uoptval;
3331
	int err;
3332

3333
	uoptval = (char __user __force *) optval;
3334

3335
	set_fs(KERNEL_DS);
3336
	if (level == SOL_SOCKET)
3337
		err = sock_setsockopt(sock, level, optname, uoptval, optlen);
3338
	else
3339
		err = sock->ops->setsockopt(sock, level, optname, uoptval,
3340
					    optlen);
3341
	set_fs(oldfs);
3342
	return err;
3343
}
3344
EXPORT_SYMBOL(kernel_setsockopt);
3345

3346
int kernel_sendpage(struct socket *sock, struct page *page, int offset,
3347
		    size_t size, int flags)
3348
{
3349
	sock_update_classid(sock->sk);
3350

3351
	if (sock->ops->sendpage)
3352
		return sock->ops->sendpage(sock, page, offset, size, flags);
3353

3354
	return sock_no_sendpage(sock, page, offset, size, flags);
3355
}
3356
EXPORT_SYMBOL(kernel_sendpage);
3357

3358
int kernel_sock_ioctl(struct socket *sock, int cmd, unsigned long arg)
3359
{
3360
	mm_segment_t oldfs = get_fs();
3361
	int err;
3362

3363
	set_fs(KERNEL_DS);
3364
	err = sock->ops->ioctl(sock, cmd, arg);
3365
	set_fs(oldfs);
3366

3367
	return err;
3368
}
3369
EXPORT_SYMBOL(kernel_sock_ioctl);
3370

3371
int kernel_sock_shutdown(struct socket *sock, enum sock_shutdown_cmd how)
3372
{
3373
	return sock->ops->shutdown(sock, how);
3374
}
3375
EXPORT_SYMBOL(kernel_sock_shutdown);
3376

3377
Product

Resources

Company
