PageRenderTime 110ms CodeModel.GetById 14ms app.highlight 79ms RepoModel.GetById 1ms app.codeStats 1ms

/net/socket.c

http://github.com/mirrors/linux
C | 3900 lines | 2673 code | 554 blank | 673 comment | 433 complexity | 84723dff9441b8f411429fc030df9f76 MD5 | raw file

Large files files are truncated, but you can click here to view the full file

   1// SPDX-License-Identifier: GPL-2.0-or-later
   2/*
   3 * NET		An implementation of the SOCKET network access protocol.
   4 *
   5 * Version:	@(#)socket.c	1.1.93	18/02/95
   6 *
   7 * Authors:	Orest Zborowski, <obz@Kodak.COM>
   8 *		Ross Biro
   9 *		Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
  10 *
  11 * Fixes:
  12 *		Anonymous	:	NOTSOCK/BADF cleanup. Error fix in
  13 *					shutdown()
  14 *		Alan Cox	:	verify_area() fixes
  15 *		Alan Cox	:	Removed DDI
  16 *		Jonathan Kamens	:	SOCK_DGRAM reconnect bug
  17 *		Alan Cox	:	Moved a load of checks to the very
  18 *					top level.
  19 *		Alan Cox	:	Move address structures to/from user
  20 *					mode above the protocol layers.
  21 *		Rob Janssen	:	Allow 0 length sends.
  22 *		Alan Cox	:	Asynchronous I/O support (cribbed from the
  23 *					tty drivers).
  24 *		Niibe Yutaka	:	Asynchronous I/O for writes (4.4BSD style)
  25 *		Jeff Uphoff	:	Made max number of sockets command-line
  26 *					configurable.
  27 *		Matti Aarnio	:	Made the number of sockets dynamic,
  28 *					to be allocated when needed, and mr.
  29 *					Uphoff's max is used as max to be
  30 *					allowed to allocate.
  31 *		Linus		:	Argh. removed all the socket allocation
  32 *					altogether: it's in the inode now.
  33 *		Alan Cox	:	Made sock_alloc()/sock_release() public
  34 *					for NetROM and future kernel nfsd type
  35 *					stuff.
  36 *		Alan Cox	:	sendmsg/recvmsg basics.
  37 *		Tom Dyas	:	Export net symbols.
  38 *		Marcin Dalecki	:	Fixed problems with CONFIG_NET="n".
  39 *		Alan Cox	:	Added thread locking to sys_* calls
  40 *					for sockets. May have errors at the
  41 *					moment.
  42 *		Kevin Buhr	:	Fixed the dumb errors in the above.
  43 *		Andi Kleen	:	Some small cleanups, optimizations,
  44 *					and fixed a copy_from_user() bug.
  45 *		Tigran Aivazian	:	sys_send(args) calls sys_sendto(args, NULL, 0)
  46 *		Tigran Aivazian	:	Made listen(2) backlog sanity checks
  47 *					protocol-independent
  48 *
  49 *	This module is effectively the top level interface to the BSD socket
  50 *	paradigm.
  51 *
  52 *	Based upon Swansea University Computer Society NET3.039
  53 */
  54
  55#include <linux/mm.h>
  56#include <linux/socket.h>
  57#include <linux/file.h>
  58#include <linux/net.h>
  59#include <linux/interrupt.h>
  60#include <linux/thread_info.h>
  61#include <linux/rcupdate.h>
  62#include <linux/netdevice.h>
  63#include <linux/proc_fs.h>
  64#include <linux/seq_file.h>
  65#include <linux/mutex.h>
  66#include <linux/if_bridge.h>
  67#include <linux/if_frad.h>
  68#include <linux/if_vlan.h>
  69#include <linux/ptp_classify.h>
  70#include <linux/init.h>
  71#include <linux/poll.h>
  72#include <linux/cache.h>
  73#include <linux/module.h>
  74#include <linux/highmem.h>
  75#include <linux/mount.h>
  76#include <linux/pseudo_fs.h>
  77#include <linux/security.h>
  78#include <linux/syscalls.h>
  79#include <linux/compat.h>
  80#include <linux/kmod.h>
  81#include <linux/audit.h>
  82#include <linux/wireless.h>
  83#include <linux/nsproxy.h>
  84#include <linux/magic.h>
  85#include <linux/slab.h>
  86#include <linux/xattr.h>
  87#include <linux/nospec.h>
  88#include <linux/indirect_call_wrapper.h>
  89
  90#include <linux/uaccess.h>
  91#include <asm/unistd.h>
  92
  93#include <net/compat.h>
  94#include <net/wext.h>
  95#include <net/cls_cgroup.h>
  96
  97#include <net/sock.h>
  98#include <linux/netfilter.h>
  99
 100#include <linux/if_tun.h>
 101#include <linux/ipv6_route.h>
 102#include <linux/route.h>
 103#include <linux/termios.h>
 104#include <linux/sockios.h>
 105#include <net/busy_poll.h>
 106#include <linux/errqueue.h>
 107
 108#ifdef CONFIG_NET_RX_BUSY_POLL
 109unsigned int sysctl_net_busy_read __read_mostly;
 110unsigned int sysctl_net_busy_poll __read_mostly;
 111#endif
 112
 113static ssize_t sock_read_iter(struct kiocb *iocb, struct iov_iter *to);
 114static ssize_t sock_write_iter(struct kiocb *iocb, struct iov_iter *from);
 115static int sock_mmap(struct file *file, struct vm_area_struct *vma);
 116
 117static int sock_close(struct inode *inode, struct file *file);
 118static __poll_t sock_poll(struct file *file,
 119			      struct poll_table_struct *wait);
 120static long sock_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
 121#ifdef CONFIG_COMPAT
 122static long compat_sock_ioctl(struct file *file,
 123			      unsigned int cmd, unsigned long arg);
 124#endif
 125static int sock_fasync(int fd, struct file *filp, int on);
 126static ssize_t sock_sendpage(struct file *file, struct page *page,
 127			     int offset, size_t size, loff_t *ppos, int more);
 128static ssize_t sock_splice_read(struct file *file, loff_t *ppos,
 129				struct pipe_inode_info *pipe, size_t len,
 130				unsigned int flags);
 131
 132#ifdef CONFIG_PROC_FS
 133static void sock_show_fdinfo(struct seq_file *m, struct file *f)
 134{
 135	struct socket *sock = f->private_data;
 136
 137	if (sock->ops->show_fdinfo)
 138		sock->ops->show_fdinfo(m, sock);
 139}
 140#else
 141#define sock_show_fdinfo NULL
 142#endif
 143
 144/*
 145 *	Socket files have a set of 'special' operations as well as the generic file ones. These don't appear
 146 *	in the operation structures but are done directly via the socketcall() multiplexor.
 147 */
 148
 149static const struct file_operations socket_file_ops = {
 150	.owner =	THIS_MODULE,
 151	.llseek =	no_llseek,
 152	.read_iter =	sock_read_iter,
 153	.write_iter =	sock_write_iter,
 154	.poll =		sock_poll,
 155	.unlocked_ioctl = sock_ioctl,
 156#ifdef CONFIG_COMPAT
 157	.compat_ioctl = compat_sock_ioctl,
 158#endif
 159	.mmap =		sock_mmap,
 160	.release =	sock_close,
 161	.fasync =	sock_fasync,
 162	.sendpage =	sock_sendpage,
 163	.splice_write = generic_splice_sendpage,
 164	.splice_read =	sock_splice_read,
 165	.show_fdinfo =	sock_show_fdinfo,
 166};
 167
 168/*
 169 *	The protocol list. Each protocol is registered in here.
 170 */
 171
 172static DEFINE_SPINLOCK(net_family_lock);
 173static const struct net_proto_family __rcu *net_families[NPROTO] __read_mostly;
 174
 175/*
 176 * Support routines.
 177 * Move socket addresses back and forth across the kernel/user
 178 * divide and look after the messy bits.
 179 */
 180
 181/**
 182 *	move_addr_to_kernel	-	copy a socket address into kernel space
 183 *	@uaddr: Address in user space
 184 *	@kaddr: Address in kernel space
 185 *	@ulen: Length in user space
 186 *
 187 *	The address is copied into kernel space. If the provided address is
 188 *	too long an error code of -EINVAL is returned. If the copy gives
 189 *	invalid addresses -EFAULT is returned. On a success 0 is returned.
 190 */
 191
 192int move_addr_to_kernel(void __user *uaddr, int ulen, struct sockaddr_storage *kaddr)
 193{
 194	if (ulen < 0 || ulen > sizeof(struct sockaddr_storage))
 195		return -EINVAL;
 196	if (ulen == 0)
 197		return 0;
 198	if (copy_from_user(kaddr, uaddr, ulen))
 199		return -EFAULT;
 200	return audit_sockaddr(ulen, kaddr);
 201}
 202
 203/**
 204 *	move_addr_to_user	-	copy an address to user space
 205 *	@kaddr: kernel space address
 206 *	@klen: length of address in kernel
 207 *	@uaddr: user space address
 208 *	@ulen: pointer to user length field
 209 *
 210 *	The value pointed to by ulen on entry is the buffer length available.
 211 *	This is overwritten with the buffer space used. -EINVAL is returned
 212 *	if an overlong buffer is specified or a negative buffer size. -EFAULT
 213 *	is returned if either the buffer or the length field are not
 214 *	accessible.
 215 *	After copying the data up to the limit the user specifies, the true
 216 *	length of the data is written over the length limit the user
 217 *	specified. Zero is returned for a success.
 218 */
 219
 220static int move_addr_to_user(struct sockaddr_storage *kaddr, int klen,
 221			     void __user *uaddr, int __user *ulen)
 222{
 223	int err;
 224	int len;
 225
 226	BUG_ON(klen > sizeof(struct sockaddr_storage));
 227	err = get_user(len, ulen);
 228	if (err)
 229		return err;
 230	if (len > klen)
 231		len = klen;
 232	if (len < 0)
 233		return -EINVAL;
 234	if (len) {
 235		if (audit_sockaddr(klen, kaddr))
 236			return -ENOMEM;
 237		if (copy_to_user(uaddr, kaddr, len))
 238			return -EFAULT;
 239	}
 240	/*
 241	 *      "fromlen shall refer to the value before truncation.."
 242	 *                      1003.1g
 243	 */
 244	return __put_user(klen, ulen);
 245}
 246
 247static struct kmem_cache *sock_inode_cachep __ro_after_init;
 248
 249static struct inode *sock_alloc_inode(struct super_block *sb)
 250{
 251	struct socket_alloc *ei;
 252
 253	ei = kmem_cache_alloc(sock_inode_cachep, GFP_KERNEL);
 254	if (!ei)
 255		return NULL;
 256	init_waitqueue_head(&ei->socket.wq.wait);
 257	ei->socket.wq.fasync_list = NULL;
 258	ei->socket.wq.flags = 0;
 259
 260	ei->socket.state = SS_UNCONNECTED;
 261	ei->socket.flags = 0;
 262	ei->socket.ops = NULL;
 263	ei->socket.sk = NULL;
 264	ei->socket.file = NULL;
 265
 266	return &ei->vfs_inode;
 267}
 268
 269static void sock_free_inode(struct inode *inode)
 270{
 271	struct socket_alloc *ei;
 272
 273	ei = container_of(inode, struct socket_alloc, vfs_inode);
 274	kmem_cache_free(sock_inode_cachep, ei);
 275}
 276
 277static void init_once(void *foo)
 278{
 279	struct socket_alloc *ei = (struct socket_alloc *)foo;
 280
 281	inode_init_once(&ei->vfs_inode);
 282}
 283
 284static void init_inodecache(void)
 285{
 286	sock_inode_cachep = kmem_cache_create("sock_inode_cache",
 287					      sizeof(struct socket_alloc),
 288					      0,
 289					      (SLAB_HWCACHE_ALIGN |
 290					       SLAB_RECLAIM_ACCOUNT |
 291					       SLAB_MEM_SPREAD | SLAB_ACCOUNT),
 292					      init_once);
 293	BUG_ON(sock_inode_cachep == NULL);
 294}
 295
 296static const struct super_operations sockfs_ops = {
 297	.alloc_inode	= sock_alloc_inode,
 298	.free_inode	= sock_free_inode,
 299	.statfs		= simple_statfs,
 300};
 301
 302/*
 303 * sockfs_dname() is called from d_path().
 304 */
 305static char *sockfs_dname(struct dentry *dentry, char *buffer, int buflen)
 306{
 307	return dynamic_dname(dentry, buffer, buflen, "socket:[%lu]",
 308				d_inode(dentry)->i_ino);
 309}
 310
 311static const struct dentry_operations sockfs_dentry_operations = {
 312	.d_dname  = sockfs_dname,
 313};
 314
 315static int sockfs_xattr_get(const struct xattr_handler *handler,
 316			    struct dentry *dentry, struct inode *inode,
 317			    const char *suffix, void *value, size_t size)
 318{
 319	if (value) {
 320		if (dentry->d_name.len + 1 > size)
 321			return -ERANGE;
 322		memcpy(value, dentry->d_name.name, dentry->d_name.len + 1);
 323	}
 324	return dentry->d_name.len + 1;
 325}
 326
 327#define XATTR_SOCKPROTONAME_SUFFIX "sockprotoname"
 328#define XATTR_NAME_SOCKPROTONAME (XATTR_SYSTEM_PREFIX XATTR_SOCKPROTONAME_SUFFIX)
 329#define XATTR_NAME_SOCKPROTONAME_LEN (sizeof(XATTR_NAME_SOCKPROTONAME)-1)
 330
 331static const struct xattr_handler sockfs_xattr_handler = {
 332	.name = XATTR_NAME_SOCKPROTONAME,
 333	.get = sockfs_xattr_get,
 334};
 335
 336static int sockfs_security_xattr_set(const struct xattr_handler *handler,
 337				     struct dentry *dentry, struct inode *inode,
 338				     const char *suffix, const void *value,
 339				     size_t size, int flags)
 340{
 341	/* Handled by LSM. */
 342	return -EAGAIN;
 343}
 344
 345static const struct xattr_handler sockfs_security_xattr_handler = {
 346	.prefix = XATTR_SECURITY_PREFIX,
 347	.set = sockfs_security_xattr_set,
 348};
 349
 350static const struct xattr_handler *sockfs_xattr_handlers[] = {
 351	&sockfs_xattr_handler,
 352	&sockfs_security_xattr_handler,
 353	NULL
 354};
 355
 356static int sockfs_init_fs_context(struct fs_context *fc)
 357{
 358	struct pseudo_fs_context *ctx = init_pseudo(fc, SOCKFS_MAGIC);
 359	if (!ctx)
 360		return -ENOMEM;
 361	ctx->ops = &sockfs_ops;
 362	ctx->dops = &sockfs_dentry_operations;
 363	ctx->xattr = sockfs_xattr_handlers;
 364	return 0;
 365}
 366
 367static struct vfsmount *sock_mnt __read_mostly;
 368
 369static struct file_system_type sock_fs_type = {
 370	.name =		"sockfs",
 371	.init_fs_context = sockfs_init_fs_context,
 372	.kill_sb =	kill_anon_super,
 373};
 374
 375/*
 376 *	Obtains the first available file descriptor and sets it up for use.
 377 *
 378 *	These functions create file structures and maps them to fd space
 379 *	of the current process. On success it returns file descriptor
 380 *	and file struct implicitly stored in sock->file.
 381 *	Note that another thread may close file descriptor before we return
 382 *	from this function. We use the fact that now we do not refer
 383 *	to socket after mapping. If one day we will need it, this
 384 *	function will increment ref. count on file by 1.
 385 *
 386 *	In any case returned fd MAY BE not valid!
 387 *	This race condition is unavoidable
 388 *	with shared fd spaces, we cannot solve it inside kernel,
 389 *	but we take care of internal coherence yet.
 390 */
 391
 392/**
 393 *	sock_alloc_file - Bind a &socket to a &file
 394 *	@sock: socket
 395 *	@flags: file status flags
 396 *	@dname: protocol name
 397 *
 398 *	Returns the &file bound with @sock, implicitly storing it
 399 *	in sock->file. If dname is %NULL, sets to "".
 400 *	On failure the return is a ERR pointer (see linux/err.h).
 401 *	This function uses GFP_KERNEL internally.
 402 */
 403
 404struct file *sock_alloc_file(struct socket *sock, int flags, const char *dname)
 405{
 406	struct file *file;
 407
 408	if (!dname)
 409		dname = sock->sk ? sock->sk->sk_prot_creator->name : "";
 410
 411	file = alloc_file_pseudo(SOCK_INODE(sock), sock_mnt, dname,
 412				O_RDWR | (flags & O_NONBLOCK),
 413				&socket_file_ops);
 414	if (IS_ERR(file)) {
 415		sock_release(sock);
 416		return file;
 417	}
 418
 419	sock->file = file;
 420	file->private_data = sock;
 421	stream_open(SOCK_INODE(sock), file);
 422	return file;
 423}
 424EXPORT_SYMBOL(sock_alloc_file);
 425
 426static int sock_map_fd(struct socket *sock, int flags)
 427{
 428	struct file *newfile;
 429	int fd = get_unused_fd_flags(flags);
 430	if (unlikely(fd < 0)) {
 431		sock_release(sock);
 432		return fd;
 433	}
 434
 435	newfile = sock_alloc_file(sock, flags, NULL);
 436	if (!IS_ERR(newfile)) {
 437		fd_install(fd, newfile);
 438		return fd;
 439	}
 440
 441	put_unused_fd(fd);
 442	return PTR_ERR(newfile);
 443}
 444
 445/**
 446 *	sock_from_file - Return the &socket bounded to @file.
 447 *	@file: file
 448 *	@err: pointer to an error code return
 449 *
 450 *	On failure returns %NULL and assigns -ENOTSOCK to @err.
 451 */
 452
 453struct socket *sock_from_file(struct file *file, int *err)
 454{
 455	if (file->f_op == &socket_file_ops)
 456		return file->private_data;	/* set in sock_map_fd */
 457
 458	*err = -ENOTSOCK;
 459	return NULL;
 460}
 461EXPORT_SYMBOL(sock_from_file);
 462
 463/**
 464 *	sockfd_lookup - Go from a file number to its socket slot
 465 *	@fd: file handle
 466 *	@err: pointer to an error code return
 467 *
 468 *	The file handle passed in is locked and the socket it is bound
 469 *	to is returned. If an error occurs the err pointer is overwritten
 470 *	with a negative errno code and NULL is returned. The function checks
 471 *	for both invalid handles and passing a handle which is not a socket.
 472 *
 473 *	On a success the socket object pointer is returned.
 474 */
 475
 476struct socket *sockfd_lookup(int fd, int *err)
 477{
 478	struct file *file;
 479	struct socket *sock;
 480
 481	file = fget(fd);
 482	if (!file) {
 483		*err = -EBADF;
 484		return NULL;
 485	}
 486
 487	sock = sock_from_file(file, err);
 488	if (!sock)
 489		fput(file);
 490	return sock;
 491}
 492EXPORT_SYMBOL(sockfd_lookup);
 493
 494static struct socket *sockfd_lookup_light(int fd, int *err, int *fput_needed)
 495{
 496	struct fd f = fdget(fd);
 497	struct socket *sock;
 498
 499	*err = -EBADF;
 500	if (f.file) {
 501		sock = sock_from_file(f.file, err);
 502		if (likely(sock)) {
 503			*fput_needed = f.flags;
 504			return sock;
 505		}
 506		fdput(f);
 507	}
 508	return NULL;
 509}
 510
 511static ssize_t sockfs_listxattr(struct dentry *dentry, char *buffer,
 512				size_t size)
 513{
 514	ssize_t len;
 515	ssize_t used = 0;
 516
 517	len = security_inode_listsecurity(d_inode(dentry), buffer, size);
 518	if (len < 0)
 519		return len;
 520	used += len;
 521	if (buffer) {
 522		if (size < used)
 523			return -ERANGE;
 524		buffer += len;
 525	}
 526
 527	len = (XATTR_NAME_SOCKPROTONAME_LEN + 1);
 528	used += len;
 529	if (buffer) {
 530		if (size < used)
 531			return -ERANGE;
 532		memcpy(buffer, XATTR_NAME_SOCKPROTONAME, len);
 533		buffer += len;
 534	}
 535
 536	return used;
 537}
 538
 539static int sockfs_setattr(struct dentry *dentry, struct iattr *iattr)
 540{
 541	int err = simple_setattr(dentry, iattr);
 542
 543	if (!err && (iattr->ia_valid & ATTR_UID)) {
 544		struct socket *sock = SOCKET_I(d_inode(dentry));
 545
 546		if (sock->sk)
 547			sock->sk->sk_uid = iattr->ia_uid;
 548		else
 549			err = -ENOENT;
 550	}
 551
 552	return err;
 553}
 554
 555static const struct inode_operations sockfs_inode_ops = {
 556	.listxattr = sockfs_listxattr,
 557	.setattr = sockfs_setattr,
 558};
 559
 560/**
 561 *	sock_alloc - allocate a socket
 562 *
 563 *	Allocate a new inode and socket object. The two are bound together
 564 *	and initialised. The socket is then returned. If we are out of inodes
 565 *	NULL is returned. This functions uses GFP_KERNEL internally.
 566 */
 567
 568struct socket *sock_alloc(void)
 569{
 570	struct inode *inode;
 571	struct socket *sock;
 572
 573	inode = new_inode_pseudo(sock_mnt->mnt_sb);
 574	if (!inode)
 575		return NULL;
 576
 577	sock = SOCKET_I(inode);
 578
 579	inode->i_ino = get_next_ino();
 580	inode->i_mode = S_IFSOCK | S_IRWXUGO;
 581	inode->i_uid = current_fsuid();
 582	inode->i_gid = current_fsgid();
 583	inode->i_op = &sockfs_inode_ops;
 584
 585	return sock;
 586}
 587EXPORT_SYMBOL(sock_alloc);
 588
 589/**
 590 *	sock_release - close a socket
 591 *	@sock: socket to close
 592 *
 593 *	The socket is released from the protocol stack if it has a release
 594 *	callback, and the inode is then released if the socket is bound to
 595 *	an inode not a file.
 596 */
 597
 598static void __sock_release(struct socket *sock, struct inode *inode)
 599{
 600	if (sock->ops) {
 601		struct module *owner = sock->ops->owner;
 602
 603		if (inode)
 604			inode_lock(inode);
 605		sock->ops->release(sock);
 606		sock->sk = NULL;
 607		if (inode)
 608			inode_unlock(inode);
 609		sock->ops = NULL;
 610		module_put(owner);
 611	}
 612
 613	if (sock->wq.fasync_list)
 614		pr_err("%s: fasync list not empty!\n", __func__);
 615
 616	if (!sock->file) {
 617		iput(SOCK_INODE(sock));
 618		return;
 619	}
 620	sock->file = NULL;
 621}
 622
 623void sock_release(struct socket *sock)
 624{
 625	__sock_release(sock, NULL);
 626}
 627EXPORT_SYMBOL(sock_release);
 628
 629void __sock_tx_timestamp(__u16 tsflags, __u8 *tx_flags)
 630{
 631	u8 flags = *tx_flags;
 632
 633	if (tsflags & SOF_TIMESTAMPING_TX_HARDWARE)
 634		flags |= SKBTX_HW_TSTAMP;
 635
 636	if (tsflags & SOF_TIMESTAMPING_TX_SOFTWARE)
 637		flags |= SKBTX_SW_TSTAMP;
 638
 639	if (tsflags & SOF_TIMESTAMPING_TX_SCHED)
 640		flags |= SKBTX_SCHED_TSTAMP;
 641
 642	*tx_flags = flags;
 643}
 644EXPORT_SYMBOL(__sock_tx_timestamp);
 645
 646INDIRECT_CALLABLE_DECLARE(int inet_sendmsg(struct socket *, struct msghdr *,
 647					   size_t));
 648INDIRECT_CALLABLE_DECLARE(int inet6_sendmsg(struct socket *, struct msghdr *,
 649					    size_t));
 650static inline int sock_sendmsg_nosec(struct socket *sock, struct msghdr *msg)
 651{
 652	int ret = INDIRECT_CALL_INET(sock->ops->sendmsg, inet6_sendmsg,
 653				     inet_sendmsg, sock, msg,
 654				     msg_data_left(msg));
 655	BUG_ON(ret == -EIOCBQUEUED);
 656	return ret;
 657}
 658
 659/**
 660 *	sock_sendmsg - send a message through @sock
 661 *	@sock: socket
 662 *	@msg: message to send
 663 *
 664 *	Sends @msg through @sock, passing through LSM.
 665 *	Returns the number of bytes sent, or an error code.
 666 */
 667int sock_sendmsg(struct socket *sock, struct msghdr *msg)
 668{
 669	int err = security_socket_sendmsg(sock, msg,
 670					  msg_data_left(msg));
 671
 672	return err ?: sock_sendmsg_nosec(sock, msg);
 673}
 674EXPORT_SYMBOL(sock_sendmsg);
 675
 676/**
 677 *	kernel_sendmsg - send a message through @sock (kernel-space)
 678 *	@sock: socket
 679 *	@msg: message header
 680 *	@vec: kernel vec
 681 *	@num: vec array length
 682 *	@size: total message data size
 683 *
 684 *	Builds the message data with @vec and sends it through @sock.
 685 *	Returns the number of bytes sent, or an error code.
 686 */
 687
 688int kernel_sendmsg(struct socket *sock, struct msghdr *msg,
 689		   struct kvec *vec, size_t num, size_t size)
 690{
 691	iov_iter_kvec(&msg->msg_iter, WRITE, vec, num, size);
 692	return sock_sendmsg(sock, msg);
 693}
 694EXPORT_SYMBOL(kernel_sendmsg);
 695
 696/**
 697 *	kernel_sendmsg_locked - send a message through @sock (kernel-space)
 698 *	@sk: sock
 699 *	@msg: message header
 700 *	@vec: output s/g array
 701 *	@num: output s/g array length
 702 *	@size: total message data size
 703 *
 704 *	Builds the message data with @vec and sends it through @sock.
 705 *	Returns the number of bytes sent, or an error code.
 706 *	Caller must hold @sk.
 707 */
 708
 709int kernel_sendmsg_locked(struct sock *sk, struct msghdr *msg,
 710			  struct kvec *vec, size_t num, size_t size)
 711{
 712	struct socket *sock = sk->sk_socket;
 713
 714	if (!sock->ops->sendmsg_locked)
 715		return sock_no_sendmsg_locked(sk, msg, size);
 716
 717	iov_iter_kvec(&msg->msg_iter, WRITE, vec, num, size);
 718
 719	return sock->ops->sendmsg_locked(sk, msg, msg_data_left(msg));
 720}
 721EXPORT_SYMBOL(kernel_sendmsg_locked);
 722
 723static bool skb_is_err_queue(const struct sk_buff *skb)
 724{
 725	/* pkt_type of skbs enqueued on the error queue are set to
 726	 * PACKET_OUTGOING in skb_set_err_queue(). This is only safe to do
 727	 * in recvmsg, since skbs received on a local socket will never
 728	 * have a pkt_type of PACKET_OUTGOING.
 729	 */
 730	return skb->pkt_type == PACKET_OUTGOING;
 731}
 732
 733/* On transmit, software and hardware timestamps are returned independently.
 734 * As the two skb clones share the hardware timestamp, which may be updated
 735 * before the software timestamp is received, a hardware TX timestamp may be
 736 * returned only if there is no software TX timestamp. Ignore false software
 737 * timestamps, which may be made in the __sock_recv_timestamp() call when the
 738 * option SO_TIMESTAMP_OLD(NS) is enabled on the socket, even when the skb has a
 739 * hardware timestamp.
 740 */
 741static bool skb_is_swtx_tstamp(const struct sk_buff *skb, int false_tstamp)
 742{
 743	return skb->tstamp && !false_tstamp && skb_is_err_queue(skb);
 744}
 745
 746static void put_ts_pktinfo(struct msghdr *msg, struct sk_buff *skb)
 747{
 748	struct scm_ts_pktinfo ts_pktinfo;
 749	struct net_device *orig_dev;
 750
 751	if (!skb_mac_header_was_set(skb))
 752		return;
 753
 754	memset(&ts_pktinfo, 0, sizeof(ts_pktinfo));
 755
 756	rcu_read_lock();
 757	orig_dev = dev_get_by_napi_id(skb_napi_id(skb));
 758	if (orig_dev)
 759		ts_pktinfo.if_index = orig_dev->ifindex;
 760	rcu_read_unlock();
 761
 762	ts_pktinfo.pkt_length = skb->len - skb_mac_offset(skb);
 763	put_cmsg(msg, SOL_SOCKET, SCM_TIMESTAMPING_PKTINFO,
 764		 sizeof(ts_pktinfo), &ts_pktinfo);
 765}
 766
 767/*
 768 * called from sock_recv_timestamp() if sock_flag(sk, SOCK_RCVTSTAMP)
 769 */
 770void __sock_recv_timestamp(struct msghdr *msg, struct sock *sk,
 771	struct sk_buff *skb)
 772{
 773	int need_software_tstamp = sock_flag(sk, SOCK_RCVTSTAMP);
 774	int new_tstamp = sock_flag(sk, SOCK_TSTAMP_NEW);
 775	struct scm_timestamping_internal tss;
 776
 777	int empty = 1, false_tstamp = 0;
 778	struct skb_shared_hwtstamps *shhwtstamps =
 779		skb_hwtstamps(skb);
 780
 781	/* Race occurred between timestamp enabling and packet
 782	   receiving.  Fill in the current time for now. */
 783	if (need_software_tstamp && skb->tstamp == 0) {
 784		__net_timestamp(skb);
 785		false_tstamp = 1;
 786	}
 787
 788	if (need_software_tstamp) {
 789		if (!sock_flag(sk, SOCK_RCVTSTAMPNS)) {
 790			if (new_tstamp) {
 791				struct __kernel_sock_timeval tv;
 792
 793				skb_get_new_timestamp(skb, &tv);
 794				put_cmsg(msg, SOL_SOCKET, SO_TIMESTAMP_NEW,
 795					 sizeof(tv), &tv);
 796			} else {
 797				struct __kernel_old_timeval tv;
 798
 799				skb_get_timestamp(skb, &tv);
 800				put_cmsg(msg, SOL_SOCKET, SO_TIMESTAMP_OLD,
 801					 sizeof(tv), &tv);
 802			}
 803		} else {
 804			if (new_tstamp) {
 805				struct __kernel_timespec ts;
 806
 807				skb_get_new_timestampns(skb, &ts);
 808				put_cmsg(msg, SOL_SOCKET, SO_TIMESTAMPNS_NEW,
 809					 sizeof(ts), &ts);
 810			} else {
 811				struct __kernel_old_timespec ts;
 812
 813				skb_get_timestampns(skb, &ts);
 814				put_cmsg(msg, SOL_SOCKET, SO_TIMESTAMPNS_OLD,
 815					 sizeof(ts), &ts);
 816			}
 817		}
 818	}
 819
 820	memset(&tss, 0, sizeof(tss));
 821	if ((sk->sk_tsflags & SOF_TIMESTAMPING_SOFTWARE) &&
 822	    ktime_to_timespec64_cond(skb->tstamp, tss.ts + 0))
 823		empty = 0;
 824	if (shhwtstamps &&
 825	    (sk->sk_tsflags & SOF_TIMESTAMPING_RAW_HARDWARE) &&
 826	    !skb_is_swtx_tstamp(skb, false_tstamp) &&
 827	    ktime_to_timespec64_cond(shhwtstamps->hwtstamp, tss.ts + 2)) {
 828		empty = 0;
 829		if ((sk->sk_tsflags & SOF_TIMESTAMPING_OPT_PKTINFO) &&
 830		    !skb_is_err_queue(skb))
 831			put_ts_pktinfo(msg, skb);
 832	}
 833	if (!empty) {
 834		if (sock_flag(sk, SOCK_TSTAMP_NEW))
 835			put_cmsg_scm_timestamping64(msg, &tss);
 836		else
 837			put_cmsg_scm_timestamping(msg, &tss);
 838
 839		if (skb_is_err_queue(skb) && skb->len &&
 840		    SKB_EXT_ERR(skb)->opt_stats)
 841			put_cmsg(msg, SOL_SOCKET, SCM_TIMESTAMPING_OPT_STATS,
 842				 skb->len, skb->data);
 843	}
 844}
 845EXPORT_SYMBOL_GPL(__sock_recv_timestamp);
 846
 847void __sock_recv_wifi_status(struct msghdr *msg, struct sock *sk,
 848	struct sk_buff *skb)
 849{
 850	int ack;
 851
 852	if (!sock_flag(sk, SOCK_WIFI_STATUS))
 853		return;
 854	if (!skb->wifi_acked_valid)
 855		return;
 856
 857	ack = skb->wifi_acked;
 858
 859	put_cmsg(msg, SOL_SOCKET, SCM_WIFI_STATUS, sizeof(ack), &ack);
 860}
 861EXPORT_SYMBOL_GPL(__sock_recv_wifi_status);
 862
 863static inline void sock_recv_drops(struct msghdr *msg, struct sock *sk,
 864				   struct sk_buff *skb)
 865{
 866	if (sock_flag(sk, SOCK_RXQ_OVFL) && skb && SOCK_SKB_CB(skb)->dropcount)
 867		put_cmsg(msg, SOL_SOCKET, SO_RXQ_OVFL,
 868			sizeof(__u32), &SOCK_SKB_CB(skb)->dropcount);
 869}
 870
 871void __sock_recv_ts_and_drops(struct msghdr *msg, struct sock *sk,
 872	struct sk_buff *skb)
 873{
 874	sock_recv_timestamp(msg, sk, skb);
 875	sock_recv_drops(msg, sk, skb);
 876}
 877EXPORT_SYMBOL_GPL(__sock_recv_ts_and_drops);
 878
 879INDIRECT_CALLABLE_DECLARE(int inet_recvmsg(struct socket *, struct msghdr *,
 880					   size_t, int));
 881INDIRECT_CALLABLE_DECLARE(int inet6_recvmsg(struct socket *, struct msghdr *,
 882					    size_t, int));
 883static inline int sock_recvmsg_nosec(struct socket *sock, struct msghdr *msg,
 884				     int flags)
 885{
 886	return INDIRECT_CALL_INET(sock->ops->recvmsg, inet6_recvmsg,
 887				  inet_recvmsg, sock, msg, msg_data_left(msg),
 888				  flags);
 889}
 890
 891/**
 892 *	sock_recvmsg - receive a message from @sock
 893 *	@sock: socket
 894 *	@msg: message to receive
 895 *	@flags: message flags
 896 *
 897 *	Receives @msg from @sock, passing through LSM. Returns the total number
 898 *	of bytes received, or an error.
 899 */
 900int sock_recvmsg(struct socket *sock, struct msghdr *msg, int flags)
 901{
 902	int err = security_socket_recvmsg(sock, msg, msg_data_left(msg), flags);
 903
 904	return err ?: sock_recvmsg_nosec(sock, msg, flags);
 905}
 906EXPORT_SYMBOL(sock_recvmsg);
 907
 908/**
 909 *	kernel_recvmsg - Receive a message from a socket (kernel space)
 910 *	@sock: The socket to receive the message from
 911 *	@msg: Received message
 912 *	@vec: Input s/g array for message data
 913 *	@num: Size of input s/g array
 914 *	@size: Number of bytes to read
 915 *	@flags: Message flags (MSG_DONTWAIT, etc...)
 916 *
 917 *	On return the msg structure contains the scatter/gather array passed in the
 918 *	vec argument. The array is modified so that it consists of the unfilled
 919 *	portion of the original array.
 920 *
 921 *	The returned value is the total number of bytes received, or an error.
 922 */
 923
 924int kernel_recvmsg(struct socket *sock, struct msghdr *msg,
 925		   struct kvec *vec, size_t num, size_t size, int flags)
 926{
 927	mm_segment_t oldfs = get_fs();
 928	int result;
 929
 930	iov_iter_kvec(&msg->msg_iter, READ, vec, num, size);
 931	set_fs(KERNEL_DS);
 932	result = sock_recvmsg(sock, msg, flags);
 933	set_fs(oldfs);
 934	return result;
 935}
 936EXPORT_SYMBOL(kernel_recvmsg);
 937
 938static ssize_t sock_sendpage(struct file *file, struct page *page,
 939			     int offset, size_t size, loff_t *ppos, int more)
 940{
 941	struct socket *sock;
 942	int flags;
 943
 944	sock = file->private_data;
 945
 946	flags = (file->f_flags & O_NONBLOCK) ? MSG_DONTWAIT : 0;
 947	/* more is a combination of MSG_MORE and MSG_SENDPAGE_NOTLAST */
 948	flags |= more;
 949
 950	return kernel_sendpage(sock, page, offset, size, flags);
 951}
 952
 953static ssize_t sock_splice_read(struct file *file, loff_t *ppos,
 954				struct pipe_inode_info *pipe, size_t len,
 955				unsigned int flags)
 956{
 957	struct socket *sock = file->private_data;
 958
 959	if (unlikely(!sock->ops->splice_read))
 960		return generic_file_splice_read(file, ppos, pipe, len, flags);
 961
 962	return sock->ops->splice_read(sock, ppos, pipe, len, flags);
 963}
 964
 965static ssize_t sock_read_iter(struct kiocb *iocb, struct iov_iter *to)
 966{
 967	struct file *file = iocb->ki_filp;
 968	struct socket *sock = file->private_data;
 969	struct msghdr msg = {.msg_iter = *to,
 970			     .msg_iocb = iocb};
 971	ssize_t res;
 972
 973	if (file->f_flags & O_NONBLOCK || (iocb->ki_flags & IOCB_NOWAIT))
 974		msg.msg_flags = MSG_DONTWAIT;
 975
 976	if (iocb->ki_pos != 0)
 977		return -ESPIPE;
 978
 979	if (!iov_iter_count(to))	/* Match SYS5 behaviour */
 980		return 0;
 981
 982	res = sock_recvmsg(sock, &msg, msg.msg_flags);
 983	*to = msg.msg_iter;
 984	return res;
 985}
 986
 987static ssize_t sock_write_iter(struct kiocb *iocb, struct iov_iter *from)
 988{
 989	struct file *file = iocb->ki_filp;
 990	struct socket *sock = file->private_data;
 991	struct msghdr msg = {.msg_iter = *from,
 992			     .msg_iocb = iocb};
 993	ssize_t res;
 994
 995	if (iocb->ki_pos != 0)
 996		return -ESPIPE;
 997
 998	if (file->f_flags & O_NONBLOCK || (iocb->ki_flags & IOCB_NOWAIT))
 999		msg.msg_flags = MSG_DONTWAIT;
1000
1001	if (sock->type == SOCK_SEQPACKET)
1002		msg.msg_flags |= MSG_EOR;
1003
1004	res = sock_sendmsg(sock, &msg);
1005	*from = msg.msg_iter;
1006	return res;
1007}
1008
1009/*
1010 * Atomic setting of ioctl hooks to avoid race
1011 * with module unload.
1012 */
1013
1014static DEFINE_MUTEX(br_ioctl_mutex);
1015static int (*br_ioctl_hook) (struct net *, unsigned int cmd, void __user *arg);
1016
1017void brioctl_set(int (*hook) (struct net *, unsigned int, void __user *))
1018{
1019	mutex_lock(&br_ioctl_mutex);
1020	br_ioctl_hook = hook;
1021	mutex_unlock(&br_ioctl_mutex);
1022}
1023EXPORT_SYMBOL(brioctl_set);
1024
1025static DEFINE_MUTEX(vlan_ioctl_mutex);
1026static int (*vlan_ioctl_hook) (struct net *, void __user *arg);
1027
1028void vlan_ioctl_set(int (*hook) (struct net *, void __user *))
1029{
1030	mutex_lock(&vlan_ioctl_mutex);
1031	vlan_ioctl_hook = hook;
1032	mutex_unlock(&vlan_ioctl_mutex);
1033}
1034EXPORT_SYMBOL(vlan_ioctl_set);
1035
1036static DEFINE_MUTEX(dlci_ioctl_mutex);
1037static int (*dlci_ioctl_hook) (unsigned int, void __user *);
1038
1039void dlci_ioctl_set(int (*hook) (unsigned int, void __user *))
1040{
1041	mutex_lock(&dlci_ioctl_mutex);
1042	dlci_ioctl_hook = hook;
1043	mutex_unlock(&dlci_ioctl_mutex);
1044}
1045EXPORT_SYMBOL(dlci_ioctl_set);
1046
1047static long sock_do_ioctl(struct net *net, struct socket *sock,
1048			  unsigned int cmd, unsigned long arg)
1049{
1050	int err;
1051	void __user *argp = (void __user *)arg;
1052
1053	err = sock->ops->ioctl(sock, cmd, arg);
1054
1055	/*
1056	 * If this ioctl is unknown try to hand it down
1057	 * to the NIC driver.
1058	 */
1059	if (err != -ENOIOCTLCMD)
1060		return err;
1061
1062	if (cmd == SIOCGIFCONF) {
1063		struct ifconf ifc;
1064		if (copy_from_user(&ifc, argp, sizeof(struct ifconf)))
1065			return -EFAULT;
1066		rtnl_lock();
1067		err = dev_ifconf(net, &ifc, sizeof(struct ifreq));
1068		rtnl_unlock();
1069		if (!err && copy_to_user(argp, &ifc, sizeof(struct ifconf)))
1070			err = -EFAULT;
1071	} else {
1072		struct ifreq ifr;
1073		bool need_copyout;
1074		if (copy_from_user(&ifr, argp, sizeof(struct ifreq)))
1075			return -EFAULT;
1076		err = dev_ioctl(net, cmd, &ifr, &need_copyout);
1077		if (!err && need_copyout)
1078			if (copy_to_user(argp, &ifr, sizeof(struct ifreq)))
1079				return -EFAULT;
1080	}
1081	return err;
1082}
1083
1084/*
1085 *	With an ioctl, arg may well be a user mode pointer, but we don't know
1086 *	what to do with it - that's up to the protocol still.
1087 */
1088
1089/**
1090 *	get_net_ns - increment the refcount of the network namespace
1091 *	@ns: common namespace (net)
1092 *
1093 *	Returns the net's common namespace.
1094 */
1095
1096struct ns_common *get_net_ns(struct ns_common *ns)
1097{
1098	return &get_net(container_of(ns, struct net, ns))->ns;
1099}
1100EXPORT_SYMBOL_GPL(get_net_ns);
1101
1102static long sock_ioctl(struct file *file, unsigned cmd, unsigned long arg)
1103{
1104	struct socket *sock;
1105	struct sock *sk;
1106	void __user *argp = (void __user *)arg;
1107	int pid, err;
1108	struct net *net;
1109
1110	sock = file->private_data;
1111	sk = sock->sk;
1112	net = sock_net(sk);
1113	if (unlikely(cmd >= SIOCDEVPRIVATE && cmd <= (SIOCDEVPRIVATE + 15))) {
1114		struct ifreq ifr;
1115		bool need_copyout;
1116		if (copy_from_user(&ifr, argp, sizeof(struct ifreq)))
1117			return -EFAULT;
1118		err = dev_ioctl(net, cmd, &ifr, &need_copyout);
1119		if (!err && need_copyout)
1120			if (copy_to_user(argp, &ifr, sizeof(struct ifreq)))
1121				return -EFAULT;
1122	} else
1123#ifdef CONFIG_WEXT_CORE
1124	if (cmd >= SIOCIWFIRST && cmd <= SIOCIWLAST) {
1125		err = wext_handle_ioctl(net, cmd, argp);
1126	} else
1127#endif
1128		switch (cmd) {
1129		case FIOSETOWN:
1130		case SIOCSPGRP:
1131			err = -EFAULT;
1132			if (get_user(pid, (int __user *)argp))
1133				break;
1134			err = f_setown(sock->file, pid, 1);
1135			break;
1136		case FIOGETOWN:
1137		case SIOCGPGRP:
1138			err = put_user(f_getown(sock->file),
1139				       (int __user *)argp);
1140			break;
1141		case SIOCGIFBR:
1142		case SIOCSIFBR:
1143		case SIOCBRADDBR:
1144		case SIOCBRDELBR:
1145			err = -ENOPKG;
1146			if (!br_ioctl_hook)
1147				request_module("bridge");
1148
1149			mutex_lock(&br_ioctl_mutex);
1150			if (br_ioctl_hook)
1151				err = br_ioctl_hook(net, cmd, argp);
1152			mutex_unlock(&br_ioctl_mutex);
1153			break;
1154		case SIOCGIFVLAN:
1155		case SIOCSIFVLAN:
1156			err = -ENOPKG;
1157			if (!vlan_ioctl_hook)
1158				request_module("8021q");
1159
1160			mutex_lock(&vlan_ioctl_mutex);
1161			if (vlan_ioctl_hook)
1162				err = vlan_ioctl_hook(net, argp);
1163			mutex_unlock(&vlan_ioctl_mutex);
1164			break;
1165		case SIOCADDDLCI:
1166		case SIOCDELDLCI:
1167			err = -ENOPKG;
1168			if (!dlci_ioctl_hook)
1169				request_module("dlci");
1170
1171			mutex_lock(&dlci_ioctl_mutex);
1172			if (dlci_ioctl_hook)
1173				err = dlci_ioctl_hook(cmd, argp);
1174			mutex_unlock(&dlci_ioctl_mutex);
1175			break;
1176		case SIOCGSKNS:
1177			err = -EPERM;
1178			if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
1179				break;
1180
1181			err = open_related_ns(&net->ns, get_net_ns);
1182			break;
1183		case SIOCGSTAMP_OLD:
1184		case SIOCGSTAMPNS_OLD:
1185			if (!sock->ops->gettstamp) {
1186				err = -ENOIOCTLCMD;
1187				break;
1188			}
1189			err = sock->ops->gettstamp(sock, argp,
1190						   cmd == SIOCGSTAMP_OLD,
1191						   !IS_ENABLED(CONFIG_64BIT));
1192			break;
1193		case SIOCGSTAMP_NEW:
1194		case SIOCGSTAMPNS_NEW:
1195			if (!sock->ops->gettstamp) {
1196				err = -ENOIOCTLCMD;
1197				break;
1198			}
1199			err = sock->ops->gettstamp(sock, argp,
1200						   cmd == SIOCGSTAMP_NEW,
1201						   false);
1202			break;
1203		default:
1204			err = sock_do_ioctl(net, sock, cmd, arg);
1205			break;
1206		}
1207	return err;
1208}
1209
1210/**
1211 *	sock_create_lite - creates a socket
1212 *	@family: protocol family (AF_INET, ...)
1213 *	@type: communication type (SOCK_STREAM, ...)
1214 *	@protocol: protocol (0, ...)
1215 *	@res: new socket
1216 *
1217 *	Creates a new socket and assigns it to @res, passing through LSM.
1218 *	The new socket initialization is not complete, see kernel_accept().
1219 *	Returns 0 or an error. On failure @res is set to %NULL.
1220 *	This function internally uses GFP_KERNEL.
1221 */
1222
1223int sock_create_lite(int family, int type, int protocol, struct socket **res)
1224{
1225	int err;
1226	struct socket *sock = NULL;
1227
1228	err = security_socket_create(family, type, protocol, 1);
1229	if (err)
1230		goto out;
1231
1232	sock = sock_alloc();
1233	if (!sock) {
1234		err = -ENOMEM;
1235		goto out;
1236	}
1237
1238	sock->type = type;
1239	err = security_socket_post_create(sock, family, type, protocol, 1);
1240	if (err)
1241		goto out_release;
1242
1243out:
1244	*res = sock;
1245	return err;
1246out_release:
1247	sock_release(sock);
1248	sock = NULL;
1249	goto out;
1250}
1251EXPORT_SYMBOL(sock_create_lite);
1252
1253/* No kernel lock held - perfect */
1254static __poll_t sock_poll(struct file *file, poll_table *wait)
1255{
1256	struct socket *sock = file->private_data;
1257	__poll_t events = poll_requested_events(wait), flag = 0;
1258
1259	if (!sock->ops->poll)
1260		return 0;
1261
1262	if (sk_can_busy_loop(sock->sk)) {
1263		/* poll once if requested by the syscall */
1264		if (events & POLL_BUSY_LOOP)
1265			sk_busy_loop(sock->sk, 1);
1266
1267		/* if this socket can poll_ll, tell the system call */
1268		flag = POLL_BUSY_LOOP;
1269	}
1270
1271	return sock->ops->poll(file, sock, wait) | flag;
1272}
1273
1274static int sock_mmap(struct file *file, struct vm_area_struct *vma)
1275{
1276	struct socket *sock = file->private_data;
1277
1278	return sock->ops->mmap(file, sock, vma);
1279}
1280
1281static int sock_close(struct inode *inode, struct file *filp)
1282{
1283	__sock_release(SOCKET_I(inode), inode);
1284	return 0;
1285}
1286
1287/*
1288 *	Update the socket async list
1289 *
1290 *	Fasync_list locking strategy.
1291 *
1292 *	1. fasync_list is modified only under process context socket lock
1293 *	   i.e. under semaphore.
1294 *	2. fasync_list is used under read_lock(&sk->sk_callback_lock)
1295 *	   or under socket lock
1296 */
1297
1298static int sock_fasync(int fd, struct file *filp, int on)
1299{
1300	struct socket *sock = filp->private_data;
1301	struct sock *sk = sock->sk;
1302	struct socket_wq *wq = &sock->wq;
1303
1304	if (sk == NULL)
1305		return -EINVAL;
1306
1307	lock_sock(sk);
1308	fasync_helper(fd, filp, on, &wq->fasync_list);
1309
1310	if (!wq->fasync_list)
1311		sock_reset_flag(sk, SOCK_FASYNC);
1312	else
1313		sock_set_flag(sk, SOCK_FASYNC);
1314
1315	release_sock(sk);
1316	return 0;
1317}
1318
1319/* This function may be called only under rcu_lock */
1320
1321int sock_wake_async(struct socket_wq *wq, int how, int band)
1322{
1323	if (!wq || !wq->fasync_list)
1324		return -1;
1325
1326	switch (how) {
1327	case SOCK_WAKE_WAITD:
1328		if (test_bit(SOCKWQ_ASYNC_WAITDATA, &wq->flags))
1329			break;
1330		goto call_kill;
1331	case SOCK_WAKE_SPACE:
1332		if (!test_and_clear_bit(SOCKWQ_ASYNC_NOSPACE, &wq->flags))
1333			break;
1334		/* fall through */
1335	case SOCK_WAKE_IO:
1336call_kill:
1337		kill_fasync(&wq->fasync_list, SIGIO, band);
1338		break;
1339	case SOCK_WAKE_URG:
1340		kill_fasync(&wq->fasync_list, SIGURG, band);
1341	}
1342
1343	return 0;
1344}
1345EXPORT_SYMBOL(sock_wake_async);
1346
1347/**
1348 *	__sock_create - creates a socket
1349 *	@net: net namespace
1350 *	@family: protocol family (AF_INET, ...)
1351 *	@type: communication type (SOCK_STREAM, ...)
1352 *	@protocol: protocol (0, ...)
1353 *	@res: new socket
1354 *	@kern: boolean for kernel space sockets
1355 *
1356 *	Creates a new socket and assigns it to @res, passing through LSM.
1357 *	Returns 0 or an error. On failure @res is set to %NULL. @kern must
1358 *	be set to true if the socket resides in kernel space.
1359 *	This function internally uses GFP_KERNEL.
1360 */
1361
1362int __sock_create(struct net *net, int family, int type, int protocol,
1363			 struct socket **res, int kern)
1364{
1365	int err;
1366	struct socket *sock;
1367	const struct net_proto_family *pf;
1368
1369	/*
1370	 *      Check protocol is in range
1371	 */
1372	if (family < 0 || family >= NPROTO)
1373		return -EAFNOSUPPORT;
1374	if (type < 0 || type >= SOCK_MAX)
1375		return -EINVAL;
1376
1377	/* Compatibility.
1378
1379	   This uglymoron is moved from INET layer to here to avoid
1380	   deadlock in module load.
1381	 */
1382	if (family == PF_INET && type == SOCK_PACKET) {
1383		pr_info_once("%s uses obsolete (PF_INET,SOCK_PACKET)\n",
1384			     current->comm);
1385		family = PF_PACKET;
1386	}
1387
1388	err = security_socket_create(family, type, protocol, kern);
1389	if (err)
1390		return err;
1391
1392	/*
1393	 *	Allocate the socket and allow the family to set things up. if
1394	 *	the protocol is 0, the family is instructed to select an appropriate
1395	 *	default.
1396	 */
1397	sock = sock_alloc();
1398	if (!sock) {
1399		net_warn_ratelimited("socket: no more sockets\n");
1400		return -ENFILE;	/* Not exactly a match, but its the
1401				   closest posix thing */
1402	}
1403
1404	sock->type = type;
1405
1406#ifdef CONFIG_MODULES
1407	/* Attempt to load a protocol module if the find failed.
1408	 *
1409	 * 12/09/1996 Marcin: But! this makes REALLY only sense, if the user
1410	 * requested real, full-featured networking support upon configuration.
1411	 * Otherwise module support will break!
1412	 */
1413	if (rcu_access_pointer(net_families[family]) == NULL)
1414		request_module("net-pf-%d", family);
1415#endif
1416
1417	rcu_read_lock();
1418	pf = rcu_dereference(net_families[family]);
1419	err = -EAFNOSUPPORT;
1420	if (!pf)
1421		goto out_release;
1422
1423	/*
1424	 * We will call the ->create function, that possibly is in a loadable
1425	 * module, so we have to bump that loadable module refcnt first.
1426	 */
1427	if (!try_module_get(pf->owner))
1428		goto out_release;
1429
1430	/* Now protected by module ref count */
1431	rcu_read_unlock();
1432
1433	err = pf->create(net, sock, protocol, kern);
1434	if (err < 0)
1435		goto out_module_put;
1436
1437	/*
1438	 * Now to bump the refcnt of the [loadable] module that owns this
1439	 * socket at sock_release time we decrement its refcnt.
1440	 */
1441	if (!try_module_get(sock->ops->owner))
1442		goto out_module_busy;
1443
1444	/*
1445	 * Now that we're done with the ->create function, the [loadable]
1446	 * module can have its refcnt decremented
1447	 */
1448	module_put(pf->owner);
1449	err = security_socket_post_create(sock, family, type, protocol, kern);
1450	if (err)
1451		goto out_sock_release;
1452	*res = sock;
1453
1454	return 0;
1455
1456out_module_busy:
1457	err = -EAFNOSUPPORT;
1458out_module_put:
1459	sock->ops = NULL;
1460	module_put(pf->owner);
1461out_sock_release:
1462	sock_release(sock);
1463	return err;
1464
1465out_release:
1466	rcu_read_unlock();
1467	goto out_sock_release;
1468}
1469EXPORT_SYMBOL(__sock_create);
1470
1471/**
1472 *	sock_create - creates a socket
1473 *	@family: protocol family (AF_INET, ...)
1474 *	@type: communication type (SOCK_STREAM, ...)
1475 *	@protocol: protocol (0, ...)
1476 *	@res: new socket
1477 *
1478 *	A wrapper around __sock_create().
1479 *	Returns 0 or an error. This function internally uses GFP_KERNEL.
1480 */
1481
1482int sock_create(int family, int type, int protocol, struct socket **res)
1483{
1484	return __sock_create(current->nsproxy->net_ns, family, type, protocol, res, 0);
1485}
1486EXPORT_SYMBOL(sock_create);
1487
1488/**
1489 *	sock_create_kern - creates a socket (kernel space)
1490 *	@net: net namespace
1491 *	@family: protocol family (AF_INET, ...)
1492 *	@type: communication type (SOCK_STREAM, ...)
1493 *	@protocol: protocol (0, ...)
1494 *	@res: new socket
1495 *
1496 *	A wrapper around __sock_create().
1497 *	Returns 0 or an error. This function internally uses GFP_KERNEL.
1498 */
1499
1500int sock_create_kern(struct net *net, int family, int type, int protocol, struct socket **res)
1501{
1502	return __sock_create(net, family, type, protocol, res, 1);
1503}
1504EXPORT_SYMBOL(sock_create_kern);
1505
1506int __sys_socket(int family, int type, int protocol)
1507{
1508	int retval;
1509	struct socket *sock;
1510	int flags;
1511
1512	/* Check the SOCK_* constants for consistency.  */
1513	BUILD_BUG_ON(SOCK_CLOEXEC != O_CLOEXEC);
1514	BUILD_BUG_ON((SOCK_MAX | SOCK_TYPE_MASK) != SOCK_TYPE_MASK);
1515	BUILD_BUG_ON(SOCK_CLOEXEC & SOCK_TYPE_MASK);
1516	BUILD_BUG_ON(SOCK_NONBLOCK & SOCK_TYPE_MASK);
1517
1518	flags = type & ~SOCK_TYPE_MASK;
1519	if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
1520		return -EINVAL;
1521	type &= SOCK_TYPE_MASK;
1522
1523	if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
1524		flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
1525
1526	retval = sock_create(family, type, protocol, &sock);
1527	if (retval < 0)
1528		return retval;
1529
1530	return sock_map_fd(sock, flags & (O_CLOEXEC | O_NONBLOCK));
1531}
1532
1533SYSCALL_DEFINE3(socket, int, family, int, type, int, protocol)
1534{
1535	return __sys_socket(family, type, protocol);
1536}
1537
1538/*
1539 *	Create a pair of connected sockets.
1540 */
1541
1542int __sys_socketpair(int family, int type, int protocol, int __user *usockvec)
1543{
1544	struct socket *sock1, *sock2;
1545	int fd1, fd2, err;
1546	struct file *newfile1, *newfile2;
1547	int flags;
1548
1549	flags = type & ~SOCK_TYPE_MASK;
1550	if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
1551		return -EINVAL;
1552	type &= SOCK_TYPE_MASK;
1553
1554	if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
1555		flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
1556
1557	/*
1558	 * reserve descriptors and make sure we won't fail
1559	 * to return them to userland.
1560	 */
1561	fd1 = get_unused_fd_flags(flags);
1562	if (unlikely(fd1 < 0))
1563		return fd1;
1564
1565	fd2 = get_unused_fd_flags(flags);
1566	if (unlikely(fd2 < 0)) {
1567		put_unused_fd(fd1);
1568		return fd2;
1569	}
1570
1571	err = put_user(fd1, &usockvec[0]);
1572	if (err)
1573		goto out;
1574
1575	err = put_user(fd2, &usockvec[1]);
1576	if (err)
1577		goto out;
1578
1579	/*
1580	 * Obtain the first socket and check if the underlying protocol
1581	 * supports the socketpair call.
1582	 */
1583
1584	err = sock_create(family, type, protocol, &sock1);
1585	if (unlikely(err < 0))
1586		goto out;
1587
1588	err = sock_create(family, type, protocol, &sock2);
1589	if (unlikely(err < 0)) {
1590		sock_release(sock1);
1591		goto out;
1592	}
1593
1594	err = security_socket_socketpair(sock1, sock2);
1595	if (unlikely(err)) {
1596		sock_release(sock2);
1597		sock_release(sock1);
1598		goto out;
1599	}
1600
1601	err = sock1->ops->socketpair(sock1, sock2);
1602	if (unlikely(err < 0)) {
1603		sock_release(sock2);
1604		sock_release(sock1);
1605		goto out;
1606	}
1607
1608	newfile1 = sock_alloc_file(sock1, flags, NULL);
1609	if (IS_ERR(newfile1)) {
1610		err = PTR_ERR(newfile1);
1611		sock_release(sock2);
1612		goto out;
1613	}
1614
1615	newfile2 = sock_alloc_file(sock2, flags, NULL);
1616	if (IS_ERR(newfile2)) {
1617		err = PTR_ERR(newfile2);
1618		fput(newfile1);
1619		goto out;
1620	}
1621
1622	audit_fd_pair(fd1, fd2);
1623
1624	fd_install(fd1, newfile1);
1625	fd_install(fd2, newfile2);
1626	return 0;
1627
1628out:
1629	put_unused_fd(fd2);
1630	put_unused_fd(fd1);
1631	return err;
1632}
1633
1634SYSCALL_DEFINE4(socketpair, int, family, int, type, int, protocol,
1635		int __user *, usockvec)
1636{
1637	return __sys_socketpair(family, type, protocol, usockvec);
1638}
1639
1640/*
1641 *	Bind a name to a socket. Nothing much to do here since it's
1642 *	the protocol's responsibility to handle the local address.
1643 *
1644 *	We move the socket address to kernel space before we call
1645 *	the protocol layer (having also checked the address is ok).
1646 */
1647
1648int __sys_bind(int fd, struct sockaddr __user *umyaddr, int addrlen)
1649{
1650	struct socket *sock;
1651	struct sockaddr_storage address;
1652	int err, fput_needed;
1653
1654	sock = sockfd_lookup_light(fd, &err, &fput_needed);
1655	if (sock) {
1656		err = move_addr_to_kernel(umyaddr, addrlen, &address);
1657		if (!err) {
1658			err = security_socket_bind(sock,
1659						   (struct sockaddr *)&address,
1660						   addrlen);
1661			if (!err)
1662				err = sock->ops->bind(sock,
1663						      (struct sockaddr *)
1664						      &address, addrlen);
1665		}
1666		fput_light(sock->file, fput_needed);
1667	}
1668	return err;
1669}
1670
1671SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
1672{
1673	return __sys_bind(fd, umyaddr, addrlen);
1674}
1675
1676/*
1677 *	Perform a listen. Basically, we allow the protocol to do anything
1678 *	necessary for a listen, and if that works, we mark the socket as
1679 *	ready for listening.
1680 */
1681
1682int __sys_listen(int fd, int backlog)
1683{
1684	struct socket *sock;
1685	int err, fput_needed;
1686	int somaxconn;
1687
1688	sock = sockfd_lookup_light(fd, &err, &fput_needed);
1689	if (sock) {
1690		somaxconn = sock_net(sock->sk)->core.sysctl_somaxconn;
1691		if ((unsigned int)backlog > somaxconn)
1692			backlog = somaxconn;
1693
1694		err = security_socket_listen(sock, backlog);
1695		if (!err)
1696			err = sock->ops->listen(sock, backlog);
1697
1698		fput_light(sock->file, fput_needed);
1699	}
1700	return err;
1701}
1702
1703SYSCALL_DEFINE2(listen, int, fd, int, backlog)
1704{
1705	return __sys_listen(fd, backlog);
1706}
1707
1708int __sys_accept4_file(struct file *file, unsigned file_flags,
1709		       struct sockaddr __user *upeer_sockaddr,
1710		       int __user *upeer_addrlen, int flags,
1711		       unsigned long nofile)
1712{
1713	struct socket *sock, *newsock;
1714	struct file *newfile;
1715	int err, len, newfd;
1716	struct sockaddr_storage address;
1717
1718	if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
1719		return -EINVAL;
1720
1721	if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
1722		flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
1723
1724	sock = sock_from_file(file, &err);
1725	if (!sock)
1726		goto out;
1727
1728	err = -ENFILE;
1729	newsock = sock_alloc();
1730	if (!newsock)
1731		goto out;
1732
1733	newsock->type = sock->type;
1734	newsock->ops = sock->ops;
1735
1736	/*
1737	 * We don't need try_module_get here, as the listening socket (sock)
1738	 * has the protocol module (sock->ops->owner) held.
1739	 */
1740	__module_get(newsock->ops->owner);
1741
1742	newfd = __get_unused_fd_flags(flags, nofile);
1743	if (unlikely(newfd < 0)) {
1744		err = newfd;
1745		sock_release(newsock);
1746		goto out;
1747	}
1748	newfile = sock_alloc_file(newsock, flags, sock->sk->sk_prot_creator->name);
1749	if (IS_ERR(newfile)) {
1750		err = PTR_ERR(newfile);
1751		put_unused_fd(newfd);
1752		goto out;
1753	}
1754
1755	err = security_socket_accept(sock, newsock);
1756	if (err)
1757		goto out_fd;
1758
1759	err = sock->ops->accept(sock, newsock, sock->file->f_flags | file_flags,
1760					false);
1761	if (err < 0)
1762		goto out_fd;
1763
1764	if (upeer_sockaddr) {
1765		len = newsock->ops->getname(newsock,
1766					(struct sockaddr *)&address, 2);
1767		if (len < 0) {
1768			err = -ECONNABORTED;
1769			goto out_fd;
1770		}
1771		err = move_addr_to_user(&address,
1772					len, upeer_sockaddr, upeer_addrlen);
1773		if (err < 0)
1774			goto out_fd;
1775	}
1776
1777	/* File flags are not inherited via accept() unlike another OSes. */
1778
1779	fd_install(newfd, newfile);
1780	err = newfd;
1781out:
1782	return err;
1783out_fd:
1784	fput(newfile);
1785	put_unused_fd(newfd);
1786	goto out;
1787
1788}
1789
1790/*
1791 *	For accept, we attempt to create a new socket, set up the link
1792 *	with the client, wake up the client, then return the new
1793 *	connected fd. We collect the address of the connector in kernel
1794 *	space and move it to user at the very end. This is unclean because
1795 *	we open the socket then return an error.
1796 *
1797 *	1003.1g adds the ability to recvmsg() to query connection pending
1798 *	status to recvmsg. We need to add that support in a way thats
1799 *	clean when we restructure accept also.
1800 */
1801
1802int __sys_accept4(int fd, struct sockaddr __user *upeer_sockaddr,
1803		  int __user *upeer_addrlen, int flags)
1804{
1805	int ret = -EBADF;
1806	struct fd f;
1807
1808	f = fdget(fd);
1809	if (f.file) {
1810		ret = __sys_accept4_file(f.file, 0, upeer_sockaddr,
1811						upeer_addrlen, flags,
1812						rlimit(RLIMIT_NOFILE));
1813		if (f.flags)
1814			fput(f.file);
1815	}
1816
1817	return ret;
1818}
1819
1820SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
1821		int __user *, upeer_addrlen, int, flags)
1822{
1823	return __sys_accept4(fd, upeer_sockaddr, upeer_addrlen, flags);
1824}
1825
1826SYSCALL_DEFINE3(accept, int, fd, struct sockaddr __user *, upeer_sockaddr,
1827		int __user *, upeer_addrlen)
1828{
1829	return __sys_accept4(fd, upeer_sockaddr, upeer_addrlen, 0);
1830}
1831
1832/*
1833 *	Attempt to connect to a socket with the server address.  The address
1834 *	is in user space so we verify it is OK and move it to kernel space.
1835 *
1836 *	For 1003.1g we need to add clean support for a bind to AF_UNSPEC to
1837 *	break bindings
1838 *
1839 *	NOTE: 1003.1g draft 6.3 is broken with respect to AX.25/NetROM and
1840 *	other SEQPACKET protocols that take time to connect() as it doesn't
1841 *	include the -EINPROGRESS status for such sockets.
1842 */
1843
1844int __sys_connect_file(struct file *file, struct sockaddr_storage *address,
1845		       int addrlen, int file_flags)
1846{
1847	struct socket *sock;
1848	int err;
1849
1850	sock = sock_from_file(file, &err);
1851	if (!sock)
1852		goto out;
1853
1854	err =
1855	    security_socket_connect(sock, (struct sockaddr *)address, addrlen);
1856	if (err)
1857		goto out;
1858
1859	err = sock->ops->connect(sock, (struct sockaddr *)address, addrlen,
1860				 sock->file->f_flags | file_flags);
1861out:
1862	return err;
1863}
1864
1865int __sys_connect(int fd, struct sockaddr __user *uservaddr, int addrlen)
1866{
1867	int ret = -EBADF;
1868	struct fd f;
1869
1870	f = fdget(fd);
1871	if (f.file) {
1872		struct sockaddr_storage address;
1873
1874		ret = move_addr_to_kernel(uservaddr, addrlen, &address);
1875		if (!ret)
1876			ret = __sys_connect_file(f.file, &address, addrlen, 0);
1877		if (f.flags)
1878			fput(f.file);
1879	}
1880
1881	return ret;
1882}
1883
1884SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
1885		int, addrlen)
1886{
1887	return __sys_connect(fd, uservaddr, addrlen);
1888}
1889
1890/*
1891 *	Get the local address ('name') of a socket object. Move the obtained
1892 *	name to user space.
1893 */
1894
1895int __sys_getsockname(int fd, struct sockaddr __user *usockaddr,
1896		      int __user *usockaddr_len)
1897{
1898	struct socket *sock;
1899	struct sockaddr_storage address;
1900	int err, fput_needed;
1901
1902	sock = sockfd_lookup_light(fd, &err, &fput_needed);
1903	if (!sock)
1904		goto out;
1905
1906	err = security_socket_getsockname(sock);
1907	if (err)
1908		goto out_put;
1909
1910	err = sock->ops->getname(sock, (struct sockaddr *)&address, 0);
1911	if (err < 0)
1912		goto out_put;
1913        /* "err" is actually length in this case */
1914	err = move_addr_to_user(&address, err, usockaddr, usockaddr_len);
1915
1916out_put:
1917	fput_light(sock->file, fput_needed);
1918out:
1919	return err;
1920}
1921
1922SYSCALL_DEFINE3(getsockname, int, fd, struct sockaddr __user *, usockaddr,
1923		int __user *, usockaddr_len)
1924{
1925	return __sys_getsockname(fd, usockaddr, usockaddr_len);
1926}
1927
1928/*
1929 *	Get the remote address ('name') of a socket object. Move the obtained
1930 *	name to user space.
1931 */
1932
1933int __sys_getpeername(int fd, struct sockaddr __user *usockaddr,
1934		      int __user *usockaddr_len)
1935{
1936	struct socket *sock;
1937	struct sockaddr_storage address;
1938	int err, fput_needed;
1939
1940	sock = sockfd_lookup_light(fd, &err, &fput_needed);
1941	if (sock != NULL) {
1942		err = security_socket_getpeername(sock);
1943		if (err) {
1944			fput_light(sock->file, fput_needed);
1945			return err;
1946		}
1947
1948		err = sock->ops->getname(sock, (struct sockaddr *)&address, 1);
1949		if (err >= 0)
1950			/* "err" is actually length in this case */
1951			err = move_addr_to_user(&address, err, usockaddr,
1952						usockaddr_len);
1953		fput_light(sock->file, fput_needed);
1954	}
1955	return err;
1956}
1957
1958SYSCALL_DEFINE3(getpeername, int, fd, struct sockaddr __user *, usockaddr,
1959		int __user *, usockaddr_len)
1960{
1961	return __sys_getpeername(fd, usockaddr, usockaddr_len);
1962}
1963
1964/*
1965 *	Send a datagram to a given address. We move the address into kernel
1966 *	space and check the user space data area is readable before invoking
1967 *	the protocol.
1968 */
1969int __sys_sendto(int fd, void __user *buff, size_t len, unsigned int flags,
1970		 struct sockaddr __user *addr,  in

Large files files are truncated, but you can click here to view the full file