Root/net/socket.c

1/*
2 * NET An implementation of the SOCKET network access protocol.
3 *
4 * Version: @(#)socket.c 1.1.93 18/02/95
5 *
6 * Authors: Orest Zborowski, <obz@Kodak.COM>
7 * Ross Biro
8 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
9 *
10 * Fixes:
11 * Anonymous : NOTSOCK/BADF cleanup. Error fix in
12 * shutdown()
13 * Alan Cox : verify_area() fixes
14 * Alan Cox : Removed DDI
15 * Jonathan Kamens : SOCK_DGRAM reconnect bug
16 * Alan Cox : Moved a load of checks to the very
17 * top level.
18 * Alan Cox : Move address structures to/from user
19 * mode above the protocol layers.
20 * Rob Janssen : Allow 0 length sends.
21 * Alan Cox : Asynchronous I/O support (cribbed from the
22 * tty drivers).
23 * Niibe Yutaka : Asynchronous I/O for writes (4.4BSD style)
24 * Jeff Uphoff : Made max number of sockets command-line
25 * configurable.
26 * Matti Aarnio : Made the number of sockets dynamic,
27 * to be allocated when needed, and mr.
28 * Uphoff's max is used as max to be
29 * allowed to allocate.
30 * Linus : Argh. removed all the socket allocation
31 * altogether: it's in the inode now.
32 * Alan Cox : Made sock_alloc()/sock_release() public
33 * for NetROM and future kernel nfsd type
34 * stuff.
35 * Alan Cox : sendmsg/recvmsg basics.
36 * Tom Dyas : Export net symbols.
37 * Marcin Dalecki : Fixed problems with CONFIG_NET="n".
38 * Alan Cox : Added thread locking to sys_* calls
39 * for sockets. May have errors at the
40 * moment.
41 * Kevin Buhr : Fixed the dumb errors in the above.
42 * Andi Kleen : Some small cleanups, optimizations,
43 * and fixed a copy_from_user() bug.
44 * Tigran Aivazian : sys_send(args) calls sys_sendto(args, NULL, 0)
45 * Tigran Aivazian : Made listen(2) backlog sanity checks
46 * protocol-independent
47 *
48 *
49 * This program is free software; you can redistribute it and/or
50 * modify it under the terms of the GNU General Public License
51 * as published by the Free Software Foundation; either version
52 * 2 of the License, or (at your option) any later version.
53 *
54 *
55 * This module is effectively the top level interface to the BSD socket
56 * paradigm.
57 *
58 * Based upon Swansea University Computer Society NET3.039
59 */
60
61#include <linux/mm.h>
62#include <linux/socket.h>
63#include <linux/file.h>
64#include <linux/net.h>
65#include <linux/interrupt.h>
66#include <linux/thread_info.h>
67#include <linux/rcupdate.h>
68#include <linux/netdevice.h>
69#include <linux/proc_fs.h>
70#include <linux/seq_file.h>
71#include <linux/mutex.h>
72#include <linux/if_bridge.h>
73#include <linux/if_frad.h>
74#include <linux/if_vlan.h>
75#include <linux/init.h>
76#include <linux/poll.h>
77#include <linux/cache.h>
78#include <linux/module.h>
79#include <linux/highmem.h>
80#include <linux/mount.h>
81#include <linux/security.h>
82#include <linux/syscalls.h>
83#include <linux/compat.h>
84#include <linux/kmod.h>
85#include <linux/audit.h>
86#include <linux/wireless.h>
87#include <linux/nsproxy.h>
88#include <linux/magic.h>
89#include <linux/slab.h>
90#include <linux/xattr.h>
91
92#include <asm/uaccess.h>
93#include <asm/unistd.h>
94
95#include <net/compat.h>
96#include <net/wext.h>
97#include <net/cls_cgroup.h>
98
99#include <net/sock.h>
100#include <linux/netfilter.h>
101
102#include <linux/if_tun.h>
103#include <linux/ipv6_route.h>
104#include <linux/route.h>
105#include <linux/sockios.h>
106#include <linux/atalk.h>
107#include <net/busy_poll.h>
108
109#ifdef CONFIG_NET_RX_BUSY_POLL
110unsigned int sysctl_net_busy_read __read_mostly;
111unsigned int sysctl_net_busy_poll __read_mostly;
112#endif
113
114static int sock_no_open(struct inode *irrelevant, struct file *dontcare);
115static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov,
116             unsigned long nr_segs, loff_t pos);
117static ssize_t sock_aio_write(struct kiocb *iocb, const struct iovec *iov,
118              unsigned long nr_segs, loff_t pos);
119static int sock_mmap(struct file *file, struct vm_area_struct *vma);
120
121static int sock_close(struct inode *inode, struct file *file);
122static unsigned int sock_poll(struct file *file,
123                  struct poll_table_struct *wait);
124static long sock_ioctl(struct file *file, unsigned int cmd, unsigned long arg);
125#ifdef CONFIG_COMPAT
126static long compat_sock_ioctl(struct file *file,
127                  unsigned int cmd, unsigned long arg);
128#endif
129static int sock_fasync(int fd, struct file *filp, int on);
130static ssize_t sock_sendpage(struct file *file, struct page *page,
131                 int offset, size_t size, loff_t *ppos, int more);
132static ssize_t sock_splice_read(struct file *file, loff_t *ppos,
133                struct pipe_inode_info *pipe, size_t len,
134                unsigned int flags);
135
136/*
137 * Socket files have a set of 'special' operations as well as the generic file ones. These don't appear
138 * in the operation structures but are done directly via the socketcall() multiplexor.
139 */
140
141static const struct file_operations socket_file_ops = {
142    .owner = THIS_MODULE,
143    .llseek = no_llseek,
144    .aio_read = sock_aio_read,
145    .aio_write = sock_aio_write,
146    .poll = sock_poll,
147    .unlocked_ioctl = sock_ioctl,
148#ifdef CONFIG_COMPAT
149    .compat_ioctl = compat_sock_ioctl,
150#endif
151    .mmap = sock_mmap,
152    .open = sock_no_open, /* special open code to disallow open via /proc */
153    .release = sock_close,
154    .fasync = sock_fasync,
155    .sendpage = sock_sendpage,
156    .splice_write = generic_splice_sendpage,
157    .splice_read = sock_splice_read,
158};
159
160/*
161 * The protocol list. Each protocol is registered in here.
162 */
163
164static DEFINE_SPINLOCK(net_family_lock);
165static const struct net_proto_family __rcu *net_families[NPROTO] __read_mostly;
166
167/*
168 * Statistics counters of the socket lists
169 */
170
171static DEFINE_PER_CPU(int, sockets_in_use);
172
173/*
174 * Support routines.
175 * Move socket addresses back and forth across the kernel/user
176 * divide and look after the messy bits.
177 */
178
179/**
180 * move_addr_to_kernel - copy a socket address into kernel space
181 * @uaddr: Address in user space
182 * @kaddr: Address in kernel space
183 * @ulen: Length in user space
184 *
185 * The address is copied into kernel space. If the provided address is
186 * too long an error code of -EINVAL is returned. If the copy gives
187 * invalid addresses -EFAULT is returned. On a success 0 is returned.
188 */
189
190int move_addr_to_kernel(void __user *uaddr, int ulen, struct sockaddr_storage *kaddr)
191{
192    if (ulen < 0 || ulen > sizeof(struct sockaddr_storage))
193        return -EINVAL;
194    if (ulen == 0)
195        return 0;
196    if (copy_from_user(kaddr, uaddr, ulen))
197        return -EFAULT;
198    return audit_sockaddr(ulen, kaddr);
199}
200
201/**
202 * move_addr_to_user - copy an address to user space
203 * @kaddr: kernel space address
204 * @klen: length of address in kernel
205 * @uaddr: user space address
206 * @ulen: pointer to user length field
207 *
208 * The value pointed to by ulen on entry is the buffer length available.
209 * This is overwritten with the buffer space used. -EINVAL is returned
210 * if an overlong buffer is specified or a negative buffer size. -EFAULT
211 * is returned if either the buffer or the length field are not
212 * accessible.
213 * After copying the data up to the limit the user specifies, the true
214 * length of the data is written over the length limit the user
215 * specified. Zero is returned for a success.
216 */
217
218static int move_addr_to_user(struct sockaddr_storage *kaddr, int klen,
219                 void __user *uaddr, int __user *ulen)
220{
221    int err;
222    int len;
223
224    err = get_user(len, ulen);
225    if (err)
226        return err;
227    if (len > klen)
228        len = klen;
229    if (len < 0 || len > sizeof(struct sockaddr_storage))
230        return -EINVAL;
231    if (len) {
232        if (audit_sockaddr(klen, kaddr))
233            return -ENOMEM;
234        if (copy_to_user(uaddr, kaddr, len))
235            return -EFAULT;
236    }
237    /*
238     * "fromlen shall refer to the value before truncation.."
239     * 1003.1g
240     */
241    return __put_user(klen, ulen);
242}
243
244static struct kmem_cache *sock_inode_cachep __read_mostly;
245
246static struct inode *sock_alloc_inode(struct super_block *sb)
247{
248    struct socket_alloc *ei;
249    struct socket_wq *wq;
250
251    ei = kmem_cache_alloc(sock_inode_cachep, GFP_KERNEL);
252    if (!ei)
253        return NULL;
254    wq = kmalloc(sizeof(*wq), GFP_KERNEL);
255    if (!wq) {
256        kmem_cache_free(sock_inode_cachep, ei);
257        return NULL;
258    }
259    init_waitqueue_head(&wq->wait);
260    wq->fasync_list = NULL;
261    RCU_INIT_POINTER(ei->socket.wq, wq);
262
263    ei->socket.state = SS_UNCONNECTED;
264    ei->socket.flags = 0;
265    ei->socket.ops = NULL;
266    ei->socket.sk = NULL;
267    ei->socket.file = NULL;
268
269    return &ei->vfs_inode;
270}
271
272static void sock_destroy_inode(struct inode *inode)
273{
274    struct socket_alloc *ei;
275    struct socket_wq *wq;
276
277    ei = container_of(inode, struct socket_alloc, vfs_inode);
278    wq = rcu_dereference_protected(ei->socket.wq, 1);
279    kfree_rcu(wq, rcu);
280    kmem_cache_free(sock_inode_cachep, ei);
281}
282
283static void init_once(void *foo)
284{
285    struct socket_alloc *ei = (struct socket_alloc *)foo;
286
287    inode_init_once(&ei->vfs_inode);
288}
289
290static int init_inodecache(void)
291{
292    sock_inode_cachep = kmem_cache_create("sock_inode_cache",
293                          sizeof(struct socket_alloc),
294                          0,
295                          (SLAB_HWCACHE_ALIGN |
296                           SLAB_RECLAIM_ACCOUNT |
297                           SLAB_MEM_SPREAD),
298                          init_once);
299    if (sock_inode_cachep == NULL)
300        return -ENOMEM;
301    return 0;
302}
303
304static const struct super_operations sockfs_ops = {
305    .alloc_inode = sock_alloc_inode,
306    .destroy_inode = sock_destroy_inode,
307    .statfs = simple_statfs,
308};
309
310/*
311 * sockfs_dname() is called from d_path().
312 */
313static char *sockfs_dname(struct dentry *dentry, char *buffer, int buflen)
314{
315    return dynamic_dname(dentry, buffer, buflen, "socket:[%lu]",
316                dentry->d_inode->i_ino);
317}
318
319static const struct dentry_operations sockfs_dentry_operations = {
320    .d_dname = sockfs_dname,
321};
322
323static struct dentry *sockfs_mount(struct file_system_type *fs_type,
324             int flags, const char *dev_name, void *data)
325{
326    return mount_pseudo(fs_type, "socket:", &sockfs_ops,
327        &sockfs_dentry_operations, SOCKFS_MAGIC);
328}
329
330static struct vfsmount *sock_mnt __read_mostly;
331
332static struct file_system_type sock_fs_type = {
333    .name = "sockfs",
334    .mount = sockfs_mount,
335    .kill_sb = kill_anon_super,
336};
337
338/*
339 * Obtains the first available file descriptor and sets it up for use.
340 *
341 * These functions create file structures and maps them to fd space
342 * of the current process. On success it returns file descriptor
343 * and file struct implicitly stored in sock->file.
344 * Note that another thread may close file descriptor before we return
345 * from this function. We use the fact that now we do not refer
346 * to socket after mapping. If one day we will need it, this
347 * function will increment ref. count on file by 1.
348 *
349 * In any case returned fd MAY BE not valid!
350 * This race condition is unavoidable
351 * with shared fd spaces, we cannot solve it inside kernel,
352 * but we take care of internal coherence yet.
353 */
354
355struct file *sock_alloc_file(struct socket *sock, int flags, const char *dname)
356{
357    struct qstr name = { .name = "" };
358    struct path path;
359    struct file *file;
360
361    if (dname) {
362        name.name = dname;
363        name.len = strlen(name.name);
364    } else if (sock->sk) {
365        name.name = sock->sk->sk_prot_creator->name;
366        name.len = strlen(name.name);
367    }
368    path.dentry = d_alloc_pseudo(sock_mnt->mnt_sb, &name);
369    if (unlikely(!path.dentry))
370        return ERR_PTR(-ENOMEM);
371    path.mnt = mntget(sock_mnt);
372
373    d_instantiate(path.dentry, SOCK_INODE(sock));
374    SOCK_INODE(sock)->i_fop = &socket_file_ops;
375
376    file = alloc_file(&path, FMODE_READ | FMODE_WRITE,
377          &socket_file_ops);
378    if (unlikely(IS_ERR(file))) {
379        /* drop dentry, keep inode */
380        ihold(path.dentry->d_inode);
381        path_put(&path);
382        return file;
383    }
384
385    sock->file = file;
386    file->f_flags = O_RDWR | (flags & O_NONBLOCK);
387    file->private_data = sock;
388    return file;
389}
390EXPORT_SYMBOL(sock_alloc_file);
391
392static int sock_map_fd(struct socket *sock, int flags)
393{
394    struct file *newfile;
395    int fd = get_unused_fd_flags(flags);
396    if (unlikely(fd < 0))
397        return fd;
398
399    newfile = sock_alloc_file(sock, flags, NULL);
400    if (likely(!IS_ERR(newfile))) {
401        fd_install(fd, newfile);
402        return fd;
403    }
404
405    put_unused_fd(fd);
406    return PTR_ERR(newfile);
407}
408
409struct socket *sock_from_file(struct file *file, int *err)
410{
411    if (file->f_op == &socket_file_ops)
412        return file->private_data; /* set in sock_map_fd */
413
414    *err = -ENOTSOCK;
415    return NULL;
416}
417EXPORT_SYMBOL(sock_from_file);
418
419/**
420 * sockfd_lookup - Go from a file number to its socket slot
421 * @fd: file handle
422 * @err: pointer to an error code return
423 *
424 * The file handle passed in is locked and the socket it is bound
425 * too is returned. If an error occurs the err pointer is overwritten
426 * with a negative errno code and NULL is returned. The function checks
427 * for both invalid handles and passing a handle which is not a socket.
428 *
429 * On a success the socket object pointer is returned.
430 */
431
432struct socket *sockfd_lookup(int fd, int *err)
433{
434    struct file *file;
435    struct socket *sock;
436
437    file = fget(fd);
438    if (!file) {
439        *err = -EBADF;
440        return NULL;
441    }
442
443    sock = sock_from_file(file, err);
444    if (!sock)
445        fput(file);
446    return sock;
447}
448EXPORT_SYMBOL(sockfd_lookup);
449
450static struct socket *sockfd_lookup_light(int fd, int *err, int *fput_needed)
451{
452    struct file *file;
453    struct socket *sock;
454
455    *err = -EBADF;
456    file = fget_light(fd, fput_needed);
457    if (file) {
458        sock = sock_from_file(file, err);
459        if (sock)
460            return sock;
461        fput_light(file, *fput_needed);
462    }
463    return NULL;
464}
465
466#define XATTR_SOCKPROTONAME_SUFFIX "sockprotoname"
467#define XATTR_NAME_SOCKPROTONAME (XATTR_SYSTEM_PREFIX XATTR_SOCKPROTONAME_SUFFIX)
468#define XATTR_NAME_SOCKPROTONAME_LEN (sizeof(XATTR_NAME_SOCKPROTONAME)-1)
469static ssize_t sockfs_getxattr(struct dentry *dentry,
470                   const char *name, void *value, size_t size)
471{
472    const char *proto_name;
473    size_t proto_size;
474    int error;
475
476    error = -ENODATA;
477    if (!strncmp(name, XATTR_NAME_SOCKPROTONAME, XATTR_NAME_SOCKPROTONAME_LEN)) {
478        proto_name = dentry->d_name.name;
479        proto_size = strlen(proto_name);
480
481        if (value) {
482            error = -ERANGE;
483            if (proto_size + 1 > size)
484                goto out;
485
486            strncpy(value, proto_name, proto_size + 1);
487        }
488        error = proto_size + 1;
489    }
490
491out:
492    return error;
493}
494
495static ssize_t sockfs_listxattr(struct dentry *dentry, char *buffer,
496                size_t size)
497{
498    ssize_t len;
499    ssize_t used = 0;
500
501    len = security_inode_listsecurity(dentry->d_inode, buffer, size);
502    if (len < 0)
503        return len;
504    used += len;
505    if (buffer) {
506        if (size < used)
507            return -ERANGE;
508        buffer += len;
509    }
510
511    len = (XATTR_NAME_SOCKPROTONAME_LEN + 1);
512    used += len;
513    if (buffer) {
514        if (size < used)
515            return -ERANGE;
516        memcpy(buffer, XATTR_NAME_SOCKPROTONAME, len);
517        buffer += len;
518    }
519
520    return used;
521}
522
523static const struct inode_operations sockfs_inode_ops = {
524    .getxattr = sockfs_getxattr,
525    .listxattr = sockfs_listxattr,
526};
527
528/**
529 * sock_alloc - allocate a socket
530 *
531 * Allocate a new inode and socket object. The two are bound together
532 * and initialised. The socket is then returned. If we are out of inodes
533 * NULL is returned.
534 */
535
536static struct socket *sock_alloc(void)
537{
538    struct inode *inode;
539    struct socket *sock;
540
541    inode = new_inode_pseudo(sock_mnt->mnt_sb);
542    if (!inode)
543        return NULL;
544
545    sock = SOCKET_I(inode);
546
547    kmemcheck_annotate_bitfield(sock, type);
548    inode->i_ino = get_next_ino();
549    inode->i_mode = S_IFSOCK | S_IRWXUGO;
550    inode->i_uid = current_fsuid();
551    inode->i_gid = current_fsgid();
552    inode->i_op = &sockfs_inode_ops;
553
554    this_cpu_add(sockets_in_use, 1);
555    return sock;
556}
557
558/*
559 * In theory you can't get an open on this inode, but /proc provides
560 * a back door. Remember to keep it shut otherwise you'll let the
561 * creepy crawlies in.
562 */
563
564static int sock_no_open(struct inode *irrelevant, struct file *dontcare)
565{
566    return -ENXIO;
567}
568
569const struct file_operations bad_sock_fops = {
570    .owner = THIS_MODULE,
571    .open = sock_no_open,
572    .llseek = noop_llseek,
573};
574
575/**
576 * sock_release - close a socket
577 * @sock: socket to close
578 *
579 * The socket is released from the protocol stack if it has a release
580 * callback, and the inode is then released if the socket is bound to
581 * an inode not a file.
582 */
583
584void sock_release(struct socket *sock)
585{
586    if (sock->ops) {
587        struct module *owner = sock->ops->owner;
588
589        sock->ops->release(sock);
590        sock->ops = NULL;
591        module_put(owner);
592    }
593
594    if (rcu_dereference_protected(sock->wq, 1)->fasync_list)
595        printk(KERN_ERR "sock_release: fasync list not empty!\n");
596
597    if (test_bit(SOCK_EXTERNALLY_ALLOCATED, &sock->flags))
598        return;
599
600    this_cpu_sub(sockets_in_use, 1);
601    if (!sock->file) {
602        iput(SOCK_INODE(sock));
603        return;
604    }
605    sock->file = NULL;
606}
607EXPORT_SYMBOL(sock_release);
608
609void sock_tx_timestamp(struct sock *sk, __u8 *tx_flags)
610{
611    *tx_flags = 0;
612    if (sock_flag(sk, SOCK_TIMESTAMPING_TX_HARDWARE))
613        *tx_flags |= SKBTX_HW_TSTAMP;
614    if (sock_flag(sk, SOCK_TIMESTAMPING_TX_SOFTWARE))
615        *tx_flags |= SKBTX_SW_TSTAMP;
616    if (sock_flag(sk, SOCK_WIFI_STATUS))
617        *tx_flags |= SKBTX_WIFI_STATUS;
618}
619EXPORT_SYMBOL(sock_tx_timestamp);
620
621static inline int __sock_sendmsg_nosec(struct kiocb *iocb, struct socket *sock,
622                       struct msghdr *msg, size_t size)
623{
624    struct sock_iocb *si = kiocb_to_siocb(iocb);
625
626    si->sock = sock;
627    si->scm = NULL;
628    si->msg = msg;
629    si->size = size;
630
631    return sock->ops->sendmsg(iocb, sock, msg, size);
632}
633
634static inline int __sock_sendmsg(struct kiocb *iocb, struct socket *sock,
635                 struct msghdr *msg, size_t size)
636{
637    int err = security_socket_sendmsg(sock, msg, size);
638
639    return err ?: __sock_sendmsg_nosec(iocb, sock, msg, size);
640}
641
642int sock_sendmsg(struct socket *sock, struct msghdr *msg, size_t size)
643{
644    struct kiocb iocb;
645    struct sock_iocb siocb;
646    int ret;
647
648    init_sync_kiocb(&iocb, NULL);
649    iocb.private = &siocb;
650    ret = __sock_sendmsg(&iocb, sock, msg, size);
651    if (-EIOCBQUEUED == ret)
652        ret = wait_on_sync_kiocb(&iocb);
653    return ret;
654}
655EXPORT_SYMBOL(sock_sendmsg);
656
657static int sock_sendmsg_nosec(struct socket *sock, struct msghdr *msg, size_t size)
658{
659    struct kiocb iocb;
660    struct sock_iocb siocb;
661    int ret;
662
663    init_sync_kiocb(&iocb, NULL);
664    iocb.private = &siocb;
665    ret = __sock_sendmsg_nosec(&iocb, sock, msg, size);
666    if (-EIOCBQUEUED == ret)
667        ret = wait_on_sync_kiocb(&iocb);
668    return ret;
669}
670
671int kernel_sendmsg(struct socket *sock, struct msghdr *msg,
672           struct kvec *vec, size_t num, size_t size)
673{
674    mm_segment_t oldfs = get_fs();
675    int result;
676
677    set_fs(KERNEL_DS);
678    /*
679     * the following is safe, since for compiler definitions of kvec and
680     * iovec are identical, yielding the same in-core layout and alignment
681     */
682    msg->msg_iov = (struct iovec *)vec;
683    msg->msg_iovlen = num;
684    result = sock_sendmsg(sock, msg, size);
685    set_fs(oldfs);
686    return result;
687}
688EXPORT_SYMBOL(kernel_sendmsg);
689
690/*
691 * called from sock_recv_timestamp() if sock_flag(sk, SOCK_RCVTSTAMP)
692 */
693void __sock_recv_timestamp(struct msghdr *msg, struct sock *sk,
694    struct sk_buff *skb)
695{
696    int need_software_tstamp = sock_flag(sk, SOCK_RCVTSTAMP);
697    struct timespec ts[3];
698    int empty = 1;
699    struct skb_shared_hwtstamps *shhwtstamps =
700        skb_hwtstamps(skb);
701
702    /* Race occurred between timestamp enabling and packet
703       receiving. Fill in the current time for now. */
704    if (need_software_tstamp && skb->tstamp.tv64 == 0)
705        __net_timestamp(skb);
706
707    if (need_software_tstamp) {
708        if (!sock_flag(sk, SOCK_RCVTSTAMPNS)) {
709            struct timeval tv;
710            skb_get_timestamp(skb, &tv);
711            put_cmsg(msg, SOL_SOCKET, SCM_TIMESTAMP,
712                 sizeof(tv), &tv);
713        } else {
714            skb_get_timestampns(skb, &ts[0]);
715            put_cmsg(msg, SOL_SOCKET, SCM_TIMESTAMPNS,
716                 sizeof(ts[0]), &ts[0]);
717        }
718    }
719
720
721    memset(ts, 0, sizeof(ts));
722    if (sock_flag(sk, SOCK_TIMESTAMPING_SOFTWARE) &&
723        ktime_to_timespec_cond(skb->tstamp, ts + 0))
724        empty = 0;
725    if (shhwtstamps) {
726        if (sock_flag(sk, SOCK_TIMESTAMPING_SYS_HARDWARE) &&
727            ktime_to_timespec_cond(shhwtstamps->syststamp, ts + 1))
728            empty = 0;
729        if (sock_flag(sk, SOCK_TIMESTAMPING_RAW_HARDWARE) &&
730            ktime_to_timespec_cond(shhwtstamps->hwtstamp, ts + 2))
731            empty = 0;
732    }
733    if (!empty)
734        put_cmsg(msg, SOL_SOCKET,
735             SCM_TIMESTAMPING, sizeof(ts), &ts);
736}
737EXPORT_SYMBOL_GPL(__sock_recv_timestamp);
738
739void __sock_recv_wifi_status(struct msghdr *msg, struct sock *sk,
740    struct sk_buff *skb)
741{
742    int ack;
743
744    if (!sock_flag(sk, SOCK_WIFI_STATUS))
745        return;
746    if (!skb->wifi_acked_valid)
747        return;
748
749    ack = skb->wifi_acked;
750
751    put_cmsg(msg, SOL_SOCKET, SCM_WIFI_STATUS, sizeof(ack), &ack);
752}
753EXPORT_SYMBOL_GPL(__sock_recv_wifi_status);
754
755static inline void sock_recv_drops(struct msghdr *msg, struct sock *sk,
756                   struct sk_buff *skb)
757{
758    if (sock_flag(sk, SOCK_RXQ_OVFL) && skb && skb->dropcount)
759        put_cmsg(msg, SOL_SOCKET, SO_RXQ_OVFL,
760            sizeof(__u32), &skb->dropcount);
761}
762
763void __sock_recv_ts_and_drops(struct msghdr *msg, struct sock *sk,
764    struct sk_buff *skb)
765{
766    sock_recv_timestamp(msg, sk, skb);
767    sock_recv_drops(msg, sk, skb);
768}
769EXPORT_SYMBOL_GPL(__sock_recv_ts_and_drops);
770
771static inline int __sock_recvmsg_nosec(struct kiocb *iocb, struct socket *sock,
772                       struct msghdr *msg, size_t size, int flags)
773{
774    struct sock_iocb *si = kiocb_to_siocb(iocb);
775
776    si->sock = sock;
777    si->scm = NULL;
778    si->msg = msg;
779    si->size = size;
780    si->flags = flags;
781
782    return sock->ops->recvmsg(iocb, sock, msg, size, flags);
783}
784
785static inline int __sock_recvmsg(struct kiocb *iocb, struct socket *sock,
786                 struct msghdr *msg, size_t size, int flags)
787{
788    int err = security_socket_recvmsg(sock, msg, size, flags);
789
790    return err ?: __sock_recvmsg_nosec(iocb, sock, msg, size, flags);
791}
792
793int sock_recvmsg(struct socket *sock, struct msghdr *msg,
794         size_t size, int flags)
795{
796    struct kiocb iocb;
797    struct sock_iocb siocb;
798    int ret;
799
800    init_sync_kiocb(&iocb, NULL);
801    iocb.private = &siocb;
802    ret = __sock_recvmsg(&iocb, sock, msg, size, flags);
803    if (-EIOCBQUEUED == ret)
804        ret = wait_on_sync_kiocb(&iocb);
805    return ret;
806}
807EXPORT_SYMBOL(sock_recvmsg);
808
809static int sock_recvmsg_nosec(struct socket *sock, struct msghdr *msg,
810                  size_t size, int flags)
811{
812    struct kiocb iocb;
813    struct sock_iocb siocb;
814    int ret;
815
816    init_sync_kiocb(&iocb, NULL);
817    iocb.private = &siocb;
818    ret = __sock_recvmsg_nosec(&iocb, sock, msg, size, flags);
819    if (-EIOCBQUEUED == ret)
820        ret = wait_on_sync_kiocb(&iocb);
821    return ret;
822}
823
824/**
825 * kernel_recvmsg - Receive a message from a socket (kernel space)
826 * @sock: The socket to receive the message from
827 * @msg: Received message
828 * @vec: Input s/g array for message data
829 * @num: Size of input s/g array
830 * @size: Number of bytes to read
831 * @flags: Message flags (MSG_DONTWAIT, etc...)
832 *
833 * On return the msg structure contains the scatter/gather array passed in the
834 * vec argument. The array is modified so that it consists of the unfilled
835 * portion of the original array.
836 *
837 * The returned value is the total number of bytes received, or an error.
838 */
839int kernel_recvmsg(struct socket *sock, struct msghdr *msg,
840           struct kvec *vec, size_t num, size_t size, int flags)
841{
842    mm_segment_t oldfs = get_fs();
843    int result;
844
845    set_fs(KERNEL_DS);
846    /*
847     * the following is safe, since for compiler definitions of kvec and
848     * iovec are identical, yielding the same in-core layout and alignment
849     */
850    msg->msg_iov = (struct iovec *)vec, msg->msg_iovlen = num;
851    result = sock_recvmsg(sock, msg, size, flags);
852    set_fs(oldfs);
853    return result;
854}
855EXPORT_SYMBOL(kernel_recvmsg);
856
857static ssize_t sock_sendpage(struct file *file, struct page *page,
858                 int offset, size_t size, loff_t *ppos, int more)
859{
860    struct socket *sock;
861    int flags;
862
863    sock = file->private_data;
864
865    flags = (file->f_flags & O_NONBLOCK) ? MSG_DONTWAIT : 0;
866    /* more is a combination of MSG_MORE and MSG_SENDPAGE_NOTLAST */
867    flags |= more;
868
869    return kernel_sendpage(sock, page, offset, size, flags);
870}
871
872static ssize_t sock_splice_read(struct file *file, loff_t *ppos,
873                struct pipe_inode_info *pipe, size_t len,
874                unsigned int flags)
875{
876    struct socket *sock = file->private_data;
877
878    if (unlikely(!sock->ops->splice_read))
879        return -EINVAL;
880
881    return sock->ops->splice_read(sock, ppos, pipe, len, flags);
882}
883
884static struct sock_iocb *alloc_sock_iocb(struct kiocb *iocb,
885                     struct sock_iocb *siocb)
886{
887    if (!is_sync_kiocb(iocb))
888        BUG();
889
890    siocb->kiocb = iocb;
891    iocb->private = siocb;
892    return siocb;
893}
894
895static ssize_t do_sock_read(struct msghdr *msg, struct kiocb *iocb,
896        struct file *file, const struct iovec *iov,
897        unsigned long nr_segs)
898{
899    struct socket *sock = file->private_data;
900    size_t size = 0;
901    int i;
902
903    for (i = 0; i < nr_segs; i++)
904        size += iov[i].iov_len;
905
906    msg->msg_name = NULL;
907    msg->msg_namelen = 0;
908    msg->msg_control = NULL;
909    msg->msg_controllen = 0;
910    msg->msg_iov = (struct iovec *)iov;
911    msg->msg_iovlen = nr_segs;
912    msg->msg_flags = (file->f_flags & O_NONBLOCK) ? MSG_DONTWAIT : 0;
913
914    return __sock_recvmsg(iocb, sock, msg, size, msg->msg_flags);
915}
916
917static ssize_t sock_aio_read(struct kiocb *iocb, const struct iovec *iov,
918                unsigned long nr_segs, loff_t pos)
919{
920    struct sock_iocb siocb, *x;
921
922    if (pos != 0)
923        return -ESPIPE;
924
925    if (iocb->ki_nbytes == 0) /* Match SYS5 behaviour */
926        return 0;
927
928
929    x = alloc_sock_iocb(iocb, &siocb);
930    if (!x)
931        return -ENOMEM;
932    return do_sock_read(&x->async_msg, iocb, iocb->ki_filp, iov, nr_segs);
933}
934
935static ssize_t do_sock_write(struct msghdr *msg, struct kiocb *iocb,
936            struct file *file, const struct iovec *iov,
937            unsigned long nr_segs)
938{
939    struct socket *sock = file->private_data;
940    size_t size = 0;
941    int i;
942
943    for (i = 0; i < nr_segs; i++)
944        size += iov[i].iov_len;
945
946    msg->msg_name = NULL;
947    msg->msg_namelen = 0;
948    msg->msg_control = NULL;
949    msg->msg_controllen = 0;
950    msg->msg_iov = (struct iovec *)iov;
951    msg->msg_iovlen = nr_segs;
952    msg->msg_flags = (file->f_flags & O_NONBLOCK) ? MSG_DONTWAIT : 0;
953    if (sock->type == SOCK_SEQPACKET)
954        msg->msg_flags |= MSG_EOR;
955
956    return __sock_sendmsg(iocb, sock, msg, size);
957}
958
959static ssize_t sock_aio_write(struct kiocb *iocb, const struct iovec *iov,
960              unsigned long nr_segs, loff_t pos)
961{
962    struct sock_iocb siocb, *x;
963
964    if (pos != 0)
965        return -ESPIPE;
966
967    x = alloc_sock_iocb(iocb, &siocb);
968    if (!x)
969        return -ENOMEM;
970
971    return do_sock_write(&x->async_msg, iocb, iocb->ki_filp, iov, nr_segs);
972}
973
974/*
975 * Atomic setting of ioctl hooks to avoid race
976 * with module unload.
977 */
978
979static DEFINE_MUTEX(br_ioctl_mutex);
980static int (*br_ioctl_hook) (struct net *, unsigned int cmd, void __user *arg);
981
982void brioctl_set(int (*hook) (struct net *, unsigned int, void __user *))
983{
984    mutex_lock(&br_ioctl_mutex);
985    br_ioctl_hook = hook;
986    mutex_unlock(&br_ioctl_mutex);
987}
988EXPORT_SYMBOL(brioctl_set);
989
990static DEFINE_MUTEX(vlan_ioctl_mutex);
991static int (*vlan_ioctl_hook) (struct net *, void __user *arg);
992
993void vlan_ioctl_set(int (*hook) (struct net *, void __user *))
994{
995    mutex_lock(&vlan_ioctl_mutex);
996    vlan_ioctl_hook = hook;
997    mutex_unlock(&vlan_ioctl_mutex);
998}
999EXPORT_SYMBOL(vlan_ioctl_set);
1000
1001static DEFINE_MUTEX(dlci_ioctl_mutex);
1002static int (*dlci_ioctl_hook) (unsigned int, void __user *);
1003
1004void dlci_ioctl_set(int (*hook) (unsigned int, void __user *))
1005{
1006    mutex_lock(&dlci_ioctl_mutex);
1007    dlci_ioctl_hook = hook;
1008    mutex_unlock(&dlci_ioctl_mutex);
1009}
1010EXPORT_SYMBOL(dlci_ioctl_set);
1011
1012static long sock_do_ioctl(struct net *net, struct socket *sock,
1013                 unsigned int cmd, unsigned long arg)
1014{
1015    int err;
1016    void __user *argp = (void __user *)arg;
1017
1018    err = sock->ops->ioctl(sock, cmd, arg);
1019
1020    /*
1021     * If this ioctl is unknown try to hand it down
1022     * to the NIC driver.
1023     */
1024    if (err == -ENOIOCTLCMD)
1025        err = dev_ioctl(net, cmd, argp);
1026
1027    return err;
1028}
1029
1030/*
1031 * With an ioctl, arg may well be a user mode pointer, but we don't know
1032 * what to do with it - that's up to the protocol still.
1033 */
1034
1035static long sock_ioctl(struct file *file, unsigned cmd, unsigned long arg)
1036{
1037    struct socket *sock;
1038    struct sock *sk;
1039    void __user *argp = (void __user *)arg;
1040    int pid, err;
1041    struct net *net;
1042
1043    sock = file->private_data;
1044    sk = sock->sk;
1045    net = sock_net(sk);
1046    if (cmd >= SIOCDEVPRIVATE && cmd <= (SIOCDEVPRIVATE + 15)) {
1047        err = dev_ioctl(net, cmd, argp);
1048    } else
1049#ifdef CONFIG_WEXT_CORE
1050    if (cmd >= SIOCIWFIRST && cmd <= SIOCIWLAST) {
1051        err = dev_ioctl(net, cmd, argp);
1052    } else
1053#endif
1054        switch (cmd) {
1055        case FIOSETOWN:
1056        case SIOCSPGRP:
1057            err = -EFAULT;
1058            if (get_user(pid, (int __user *)argp))
1059                break;
1060            err = f_setown(sock->file, pid, 1);
1061            break;
1062        case FIOGETOWN:
1063        case SIOCGPGRP:
1064            err = put_user(f_getown(sock->file),
1065                       (int __user *)argp);
1066            break;
1067        case SIOCGIFBR:
1068        case SIOCSIFBR:
1069        case SIOCBRADDBR:
1070        case SIOCBRDELBR:
1071            err = -ENOPKG;
1072            if (!br_ioctl_hook)
1073                request_module("bridge");
1074
1075            mutex_lock(&br_ioctl_mutex);
1076            if (br_ioctl_hook)
1077                err = br_ioctl_hook(net, cmd, argp);
1078            mutex_unlock(&br_ioctl_mutex);
1079            break;
1080        case SIOCGIFVLAN:
1081        case SIOCSIFVLAN:
1082            err = -ENOPKG;
1083            if (!vlan_ioctl_hook)
1084                request_module("8021q");
1085
1086            mutex_lock(&vlan_ioctl_mutex);
1087            if (vlan_ioctl_hook)
1088                err = vlan_ioctl_hook(net, argp);
1089            mutex_unlock(&vlan_ioctl_mutex);
1090            break;
1091        case SIOCADDDLCI:
1092        case SIOCDELDLCI:
1093            err = -ENOPKG;
1094            if (!dlci_ioctl_hook)
1095                request_module("dlci");
1096
1097            mutex_lock(&dlci_ioctl_mutex);
1098            if (dlci_ioctl_hook)
1099                err = dlci_ioctl_hook(cmd, argp);
1100            mutex_unlock(&dlci_ioctl_mutex);
1101            break;
1102        default:
1103            err = sock_do_ioctl(net, sock, cmd, arg);
1104            break;
1105        }
1106    return err;
1107}
1108
1109int sock_create_lite(int family, int type, int protocol, struct socket **res)
1110{
1111    int err;
1112    struct socket *sock = NULL;
1113
1114    err = security_socket_create(family, type, protocol, 1);
1115    if (err)
1116        goto out;
1117
1118    sock = sock_alloc();
1119    if (!sock) {
1120        err = -ENOMEM;
1121        goto out;
1122    }
1123
1124    sock->type = type;
1125    err = security_socket_post_create(sock, family, type, protocol, 1);
1126    if (err)
1127        goto out_release;
1128
1129out:
1130    *res = sock;
1131    return err;
1132out_release:
1133    sock_release(sock);
1134    sock = NULL;
1135    goto out;
1136}
1137EXPORT_SYMBOL(sock_create_lite);
1138
1139/* No kernel lock held - perfect */
1140static unsigned int sock_poll(struct file *file, poll_table *wait)
1141{
1142    unsigned int busy_flag = 0;
1143    struct socket *sock;
1144
1145    /*
1146     * We can't return errors to poll, so it's either yes or no.
1147     */
1148    sock = file->private_data;
1149
1150    if (sk_can_busy_loop(sock->sk)) {
1151        /* this socket can poll_ll so tell the system call */
1152        busy_flag = POLL_BUSY_LOOP;
1153
1154        /* once, only if requested by syscall */
1155        if (wait && (wait->_key & POLL_BUSY_LOOP))
1156            sk_busy_loop(sock->sk, 1);
1157    }
1158
1159    return busy_flag | sock->ops->poll(file, sock, wait);
1160}
1161
1162static int sock_mmap(struct file *file, struct vm_area_struct *vma)
1163{
1164    struct socket *sock = file->private_data;
1165
1166    return sock->ops->mmap(file, sock, vma);
1167}
1168
1169static int sock_close(struct inode *inode, struct file *filp)
1170{
1171    sock_release(SOCKET_I(inode));
1172    return 0;
1173}
1174
1175/*
1176 * Update the socket async list
1177 *
1178 * Fasync_list locking strategy.
1179 *
1180 * 1. fasync_list is modified only under process context socket lock
1181 * i.e. under semaphore.
1182 * 2. fasync_list is used under read_lock(&sk->sk_callback_lock)
1183 * or under socket lock
1184 */
1185
1186static int sock_fasync(int fd, struct file *filp, int on)
1187{
1188    struct socket *sock = filp->private_data;
1189    struct sock *sk = sock->sk;
1190    struct socket_wq *wq;
1191
1192    if (sk == NULL)
1193        return -EINVAL;
1194
1195    lock_sock(sk);
1196    wq = rcu_dereference_protected(sock->wq, sock_owned_by_user(sk));
1197    fasync_helper(fd, filp, on, &wq->fasync_list);
1198
1199    if (!wq->fasync_list)
1200        sock_reset_flag(sk, SOCK_FASYNC);
1201    else
1202        sock_set_flag(sk, SOCK_FASYNC);
1203
1204    release_sock(sk);
1205    return 0;
1206}
1207
1208/* This function may be called only under socket lock or callback_lock or rcu_lock */
1209
1210int sock_wake_async(struct socket *sock, int how, int band)
1211{
1212    struct socket_wq *wq;
1213
1214    if (!sock)
1215        return -1;
1216    rcu_read_lock();
1217    wq = rcu_dereference(sock->wq);
1218    if (!wq || !wq->fasync_list) {
1219        rcu_read_unlock();
1220        return -1;
1221    }
1222    switch (how) {
1223    case SOCK_WAKE_WAITD:
1224        if (test_bit(SOCK_ASYNC_WAITDATA, &sock->flags))
1225            break;
1226        goto call_kill;
1227    case SOCK_WAKE_SPACE:
1228        if (!test_and_clear_bit(SOCK_ASYNC_NOSPACE, &sock->flags))
1229            break;
1230        /* fall through */
1231    case SOCK_WAKE_IO:
1232call_kill:
1233        kill_fasync(&wq->fasync_list, SIGIO, band);
1234        break;
1235    case SOCK_WAKE_URG:
1236        kill_fasync(&wq->fasync_list, SIGURG, band);
1237    }
1238    rcu_read_unlock();
1239    return 0;
1240}
1241EXPORT_SYMBOL(sock_wake_async);
1242
1243int __sock_create(struct net *net, int family, int type, int protocol,
1244             struct socket **res, int kern)
1245{
1246    int err;
1247    struct socket *sock;
1248    const struct net_proto_family *pf;
1249
1250    /*
1251     * Check protocol is in range
1252     */
1253    if (family < 0 || family >= NPROTO)
1254        return -EAFNOSUPPORT;
1255    if (type < 0 || type >= SOCK_MAX)
1256        return -EINVAL;
1257
1258    /* Compatibility.
1259
1260       This uglymoron is moved from INET layer to here to avoid
1261       deadlock in module load.
1262     */
1263    if (family == PF_INET && type == SOCK_PACKET) {
1264        static int warned;
1265        if (!warned) {
1266            warned = 1;
1267            printk(KERN_INFO "%s uses obsolete (PF_INET,SOCK_PACKET)\n",
1268                   current->comm);
1269        }
1270        family = PF_PACKET;
1271    }
1272
1273    err = security_socket_create(family, type, protocol, kern);
1274    if (err)
1275        return err;
1276
1277    /*
1278     * Allocate the socket and allow the family to set things up. if
1279     * the protocol is 0, the family is instructed to select an appropriate
1280     * default.
1281     */
1282    sock = sock_alloc();
1283    if (!sock) {
1284        net_warn_ratelimited("socket: no more sockets\n");
1285        return -ENFILE; /* Not exactly a match, but its the
1286                   closest posix thing */
1287    }
1288
1289    sock->type = type;
1290
1291#ifdef CONFIG_MODULES
1292    /* Attempt to load a protocol module if the find failed.
1293     *
1294     * 12/09/1996 Marcin: But! this makes REALLY only sense, if the user
1295     * requested real, full-featured networking support upon configuration.
1296     * Otherwise module support will break!
1297     */
1298    if (rcu_access_pointer(net_families[family]) == NULL)
1299        request_module("net-pf-%d", family);
1300#endif
1301
1302    rcu_read_lock();
1303    pf = rcu_dereference(net_families[family]);
1304    err = -EAFNOSUPPORT;
1305    if (!pf)
1306        goto out_release;
1307
1308    /*
1309     * We will call the ->create function, that possibly is in a loadable
1310     * module, so we have to bump that loadable module refcnt first.
1311     */
1312    if (!try_module_get(pf->owner))
1313        goto out_release;
1314
1315    /* Now protected by module ref count */
1316    rcu_read_unlock();
1317
1318    err = pf->create(net, sock, protocol, kern);
1319    if (err < 0)
1320        goto out_module_put;
1321
1322    /*
1323     * Now to bump the refcnt of the [loadable] module that owns this
1324     * socket at sock_release time we decrement its refcnt.
1325     */
1326    if (!try_module_get(sock->ops->owner))
1327        goto out_module_busy;
1328
1329    /*
1330     * Now that we're done with the ->create function, the [loadable]
1331     * module can have its refcnt decremented
1332     */
1333    module_put(pf->owner);
1334    err = security_socket_post_create(sock, family, type, protocol, kern);
1335    if (err)
1336        goto out_sock_release;
1337    *res = sock;
1338
1339    return 0;
1340
1341out_module_busy:
1342    err = -EAFNOSUPPORT;
1343out_module_put:
1344    sock->ops = NULL;
1345    module_put(pf->owner);
1346out_sock_release:
1347    sock_release(sock);
1348    return err;
1349
1350out_release:
1351    rcu_read_unlock();
1352    goto out_sock_release;
1353}
1354EXPORT_SYMBOL(__sock_create);
1355
1356int sock_create(int family, int type, int protocol, struct socket **res)
1357{
1358    return __sock_create(current->nsproxy->net_ns, family, type, protocol, res, 0);
1359}
1360EXPORT_SYMBOL(sock_create);
1361
1362int sock_create_kern(int family, int type, int protocol, struct socket **res)
1363{
1364    return __sock_create(&init_net, family, type, protocol, res, 1);
1365}
1366EXPORT_SYMBOL(sock_create_kern);
1367
1368SYSCALL_DEFINE3(socket, int, family, int, type, int, protocol)
1369{
1370    int retval;
1371    struct socket *sock;
1372    int flags;
1373
1374    /* Check the SOCK_* constants for consistency. */
1375    BUILD_BUG_ON(SOCK_CLOEXEC != O_CLOEXEC);
1376    BUILD_BUG_ON((SOCK_MAX | SOCK_TYPE_MASK) != SOCK_TYPE_MASK);
1377    BUILD_BUG_ON(SOCK_CLOEXEC & SOCK_TYPE_MASK);
1378    BUILD_BUG_ON(SOCK_NONBLOCK & SOCK_TYPE_MASK);
1379
1380    flags = type & ~SOCK_TYPE_MASK;
1381    if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
1382        return -EINVAL;
1383    type &= SOCK_TYPE_MASK;
1384
1385    if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
1386        flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
1387
1388    retval = sock_create(family, type, protocol, &sock);
1389    if (retval < 0)
1390        goto out;
1391
1392    retval = sock_map_fd(sock, flags & (O_CLOEXEC | O_NONBLOCK));
1393    if (retval < 0)
1394        goto out_release;
1395
1396out:
1397    /* It may be already another descriptor 8) Not kernel problem. */
1398    return retval;
1399
1400out_release:
1401    sock_release(sock);
1402    return retval;
1403}
1404
1405/*
1406 * Create a pair of connected sockets.
1407 */
1408
1409SYSCALL_DEFINE4(socketpair, int, family, int, type, int, protocol,
1410        int __user *, usockvec)
1411{
1412    struct socket *sock1, *sock2;
1413    int fd1, fd2, err;
1414    struct file *newfile1, *newfile2;
1415    int flags;
1416
1417    flags = type & ~SOCK_TYPE_MASK;
1418    if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
1419        return -EINVAL;
1420    type &= SOCK_TYPE_MASK;
1421
1422    if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
1423        flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
1424
1425    /*
1426     * Obtain the first socket and check if the underlying protocol
1427     * supports the socketpair call.
1428     */
1429
1430    err = sock_create(family, type, protocol, &sock1);
1431    if (err < 0)
1432        goto out;
1433
1434    err = sock_create(family, type, protocol, &sock2);
1435    if (err < 0)
1436        goto out_release_1;
1437
1438    err = sock1->ops->socketpair(sock1, sock2);
1439    if (err < 0)
1440        goto out_release_both;
1441
1442    fd1 = get_unused_fd_flags(flags);
1443    if (unlikely(fd1 < 0)) {
1444        err = fd1;
1445        goto out_release_both;
1446    }
1447    fd2 = get_unused_fd_flags(flags);
1448    if (unlikely(fd2 < 0)) {
1449        err = fd2;
1450        put_unused_fd(fd1);
1451        goto out_release_both;
1452    }
1453
1454    newfile1 = sock_alloc_file(sock1, flags, NULL);
1455    if (unlikely(IS_ERR(newfile1))) {
1456        err = PTR_ERR(newfile1);
1457        put_unused_fd(fd1);
1458        put_unused_fd(fd2);
1459        goto out_release_both;
1460    }
1461
1462    newfile2 = sock_alloc_file(sock2, flags, NULL);
1463    if (IS_ERR(newfile2)) {
1464        err = PTR_ERR(newfile2);
1465        fput(newfile1);
1466        put_unused_fd(fd1);
1467        put_unused_fd(fd2);
1468        sock_release(sock2);
1469        goto out;
1470    }
1471
1472    audit_fd_pair(fd1, fd2);
1473    fd_install(fd1, newfile1);
1474    fd_install(fd2, newfile2);
1475    /* fd1 and fd2 may be already another descriptors.
1476     * Not kernel problem.
1477     */
1478
1479    err = put_user(fd1, &usockvec[0]);
1480    if (!err)
1481        err = put_user(fd2, &usockvec[1]);
1482    if (!err)
1483        return 0;
1484
1485    sys_close(fd2);
1486    sys_close(fd1);
1487    return err;
1488
1489out_release_both:
1490    sock_release(sock2);
1491out_release_1:
1492    sock_release(sock1);
1493out:
1494    return err;
1495}
1496
1497/*
1498 * Bind a name to a socket. Nothing much to do here since it's
1499 * the protocol's responsibility to handle the local address.
1500 *
1501 * We move the socket address to kernel space before we call
1502 * the protocol layer (having also checked the address is ok).
1503 */
1504
1505SYSCALL_DEFINE3(bind, int, fd, struct sockaddr __user *, umyaddr, int, addrlen)
1506{
1507    struct socket *sock;
1508    struct sockaddr_storage address;
1509    int err, fput_needed;
1510
1511    sock = sockfd_lookup_light(fd, &err, &fput_needed);
1512    if (sock) {
1513        err = move_addr_to_kernel(umyaddr, addrlen, &address);
1514        if (err >= 0) {
1515            err = security_socket_bind(sock,
1516                           (struct sockaddr *)&address,
1517                           addrlen);
1518            if (!err)
1519                err = sock->ops->bind(sock,
1520                              (struct sockaddr *)
1521                              &address, addrlen);
1522        }
1523        fput_light(sock->file, fput_needed);
1524    }
1525    return err;
1526}
1527
1528/*
1529 * Perform a listen. Basically, we allow the protocol to do anything
1530 * necessary for a listen, and if that works, we mark the socket as
1531 * ready for listening.
1532 */
1533
1534SYSCALL_DEFINE2(listen, int, fd, int, backlog)
1535{
1536    struct socket *sock;
1537    int err, fput_needed;
1538    int somaxconn;
1539
1540    sock = sockfd_lookup_light(fd, &err, &fput_needed);
1541    if (sock) {
1542        somaxconn = sock_net(sock->sk)->core.sysctl_somaxconn;
1543        if ((unsigned int)backlog > somaxconn)
1544            backlog = somaxconn;
1545
1546        err = security_socket_listen(sock, backlog);
1547        if (!err)
1548            err = sock->ops->listen(sock, backlog);
1549
1550        fput_light(sock->file, fput_needed);
1551    }
1552    return err;
1553}
1554
1555/*
1556 * For accept, we attempt to create a new socket, set up the link
1557 * with the client, wake up the client, then return the new
1558 * connected fd. We collect the address of the connector in kernel
1559 * space and move it to user at the very end. This is unclean because
1560 * we open the socket then return an error.
1561 *
1562 * 1003.1g adds the ability to recvmsg() to query connection pending
1563 * status to recvmsg. We need to add that support in a way thats
1564 * clean when we restucture accept also.
1565 */
1566
1567SYSCALL_DEFINE4(accept4, int, fd, struct sockaddr __user *, upeer_sockaddr,
1568        int __user *, upeer_addrlen, int, flags)
1569{
1570    struct socket *sock, *newsock;
1571    struct file *newfile;
1572    int err, len, newfd, fput_needed;
1573    struct sockaddr_storage address;
1574
1575    if (flags & ~(SOCK_CLOEXEC | SOCK_NONBLOCK))
1576        return -EINVAL;
1577
1578    if (SOCK_NONBLOCK != O_NONBLOCK && (flags & SOCK_NONBLOCK))
1579        flags = (flags & ~SOCK_NONBLOCK) | O_NONBLOCK;
1580
1581    sock = sockfd_lookup_light(fd, &err, &fput_needed);
1582    if (!sock)
1583        goto out;
1584
1585    err = -ENFILE;
1586    newsock = sock_alloc();
1587    if (!newsock)
1588        goto out_put;
1589
1590    newsock->type = sock->type;
1591    newsock->ops = sock->ops;
1592
1593    /*
1594     * We don't need try_module_get here, as the listening socket (sock)
1595     * has the protocol module (sock->ops->owner) held.
1596     */
1597    __module_get(newsock->ops->owner);
1598
1599    newfd = get_unused_fd_flags(flags);
1600    if (unlikely(newfd < 0)) {
1601        err = newfd;
1602        sock_release(newsock);
1603        goto out_put;
1604    }
1605    newfile = sock_alloc_file(newsock, flags, sock->sk->sk_prot_creator->name);
1606    if (unlikely(IS_ERR(newfile))) {
1607        err = PTR_ERR(newfile);
1608        put_unused_fd(newfd);
1609        sock_release(newsock);
1610        goto out_put;
1611    }
1612
1613    err = security_socket_accept(sock, newsock);
1614    if (err)
1615        goto out_fd;
1616
1617    err = sock->ops->accept(sock, newsock, sock->file->f_flags);
1618    if (err < 0)
1619        goto out_fd;
1620
1621    if (upeer_sockaddr) {
1622        if (newsock->ops->getname(newsock, (struct sockaddr *)&address,
1623                      &len, 2) < 0) {
1624            err = -ECONNABORTED;
1625            goto out_fd;
1626        }
1627        err = move_addr_to_user(&address,
1628                    len, upeer_sockaddr, upeer_addrlen);
1629        if (err < 0)
1630            goto out_fd;
1631    }
1632
1633    /* File flags are not inherited via accept() unlike another OSes. */
1634
1635    fd_install(newfd, newfile);
1636    err = newfd;
1637
1638out_put:
1639    fput_light(sock->file, fput_needed);
1640out:
1641    return err;
1642out_fd:
1643    fput(newfile);
1644    put_unused_fd(newfd);
1645    goto out_put;
1646}
1647
1648SYSCALL_DEFINE3(accept, int, fd, struct sockaddr __user *, upeer_sockaddr,
1649        int __user *, upeer_addrlen)
1650{
1651    return sys_accept4(fd, upeer_sockaddr, upeer_addrlen, 0);
1652}
1653
1654/*
1655 * Attempt to connect to a socket with the server address. The address
1656 * is in user space so we verify it is OK and move it to kernel space.
1657 *
1658 * For 1003.1g we need to add clean support for a bind to AF_UNSPEC to
1659 * break bindings
1660 *
1661 * NOTE: 1003.1g draft 6.3 is broken with respect to AX.25/NetROM and
1662 * other SEQPACKET protocols that take time to connect() as it doesn't
1663 * include the -EINPROGRESS status for such sockets.
1664 */
1665
1666SYSCALL_DEFINE3(connect, int, fd, struct sockaddr __user *, uservaddr,
1667        int, addrlen)
1668{
1669    struct socket *sock;
1670    struct sockaddr_storage address;
1671    int err, fput_needed;
1672
1673    sock = sockfd_lookup_light(fd, &err, &fput_needed);
1674    if (!sock)
1675        goto out;
1676    err = move_addr_to_kernel(uservaddr, addrlen, &address);
1677    if (err < 0)
1678        goto out_put;
1679
1680    err =
1681        security_socket_connect(sock, (struct sockaddr *)&address, addrlen);
1682    if (err)
1683        goto out_put;
1684
1685    err = sock->ops->connect(sock, (struct sockaddr *)&address, addrlen,
1686                 sock->file->f_flags);
1687out_put:
1688    fput_light(sock->file, fput_needed);
1689out:
1690    return err;
1691}
1692
1693/*
1694 * Get the local address ('name') of a socket object. Move the obtained
1695 * name to user space.
1696 */
1697
1698SYSCALL_DEFINE3(getsockname, int, fd, struct sockaddr __user *, usockaddr,
1699        int __user *, usockaddr_len)
1700{
1701    struct socket *sock;
1702    struct sockaddr_storage address;
1703    int len, err, fput_needed;
1704
1705    sock = sockfd_lookup_light(fd, &err, &fput_needed);
1706    if (!sock)
1707        goto out;
1708
1709    err = security_socket_getsockname(sock);
1710    if (err)
1711        goto out_put;
1712
1713    err = sock->ops->getname(sock, (struct sockaddr *)&address, &len, 0);
1714    if (err)
1715        goto out_put;
1716    err = move_addr_to_user(&address, len, usockaddr, usockaddr_len);
1717
1718out_put:
1719    fput_light(sock->file, fput_needed);
1720out:
1721    return err;
1722}
1723
1724/*
1725 * Get the remote address ('name') of a socket object. Move the obtained
1726 * name to user space.
1727 */
1728
1729SYSCALL_DEFINE3(getpeername, int, fd, struct sockaddr __user *, usockaddr,
1730        int __user *, usockaddr_len)
1731{
1732    struct socket *sock;
1733    struct sockaddr_storage address;
1734    int len, err, fput_needed;
1735
1736    sock = sockfd_lookup_light(fd, &err, &fput_needed);
1737    if (sock != NULL) {
1738        err = security_socket_getpeername(sock);
1739        if (err) {
1740            fput_light(sock->file, fput_needed);
1741            return err;
1742        }
1743
1744        err =
1745            sock->ops->getname(sock, (struct sockaddr *)&address, &len,
1746                       1);
1747        if (!err)
1748            err = move_addr_to_user(&address, len, usockaddr,
1749                        usockaddr_len);
1750        fput_light(sock->file, fput_needed);
1751    }
1752    return err;
1753}
1754
1755/*
1756 * Send a datagram to a given address. We move the address into kernel
1757 * space and check the user space data area is readable before invoking
1758 * the protocol.
1759 */
1760
1761SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len,
1762        unsigned int, flags, struct sockaddr __user *, addr,
1763        int, addr_len)
1764{
1765    struct socket *sock;
1766    struct sockaddr_storage address;
1767    int err;
1768    struct msghdr msg;
1769    struct iovec iov;
1770    int fput_needed;
1771
1772    if (len > INT_MAX)
1773        len = INT_MAX;
1774    sock = sockfd_lookup_light(fd, &err, &fput_needed);
1775    if (!sock)
1776        goto out;
1777
1778    iov.iov_base = buff;
1779    iov.iov_len = len;
1780    msg.msg_name = NULL;
1781    msg.msg_iov = &iov;
1782    msg.msg_iovlen = 1;
1783    msg.msg_control = NULL;
1784    msg.msg_controllen = 0;
1785    msg.msg_namelen = 0;
1786    if (addr) {
1787        err = move_addr_to_kernel(addr, addr_len, &address);
1788        if (err < 0)
1789            goto out_put;
1790        msg.msg_name = (struct sockaddr *)&address;
1791        msg.msg_namelen = addr_len;
1792    }
1793    if (sock->file->f_flags & O_NONBLOCK)
1794        flags |= MSG_DONTWAIT;
1795    msg.msg_flags = flags;
1796    err = sock_sendmsg(sock, &msg, len);
1797
1798out_put:
1799    fput_light(sock->file, fput_needed);
1800out:
1801    return err;
1802}
1803
1804/*
1805 * Send a datagram down a socket.
1806 */
1807
1808SYSCALL_DEFINE4(send, int, fd, void __user *, buff, size_t, len,
1809        unsigned int, flags)
1810{
1811    return sys_sendto(fd, buff, len, flags, NULL, 0);
1812}
1813
1814/*
1815 * Receive a frame from the socket and optionally record the address of the
1816 * sender. We verify the buffers are writable and if needed move the
1817 * sender address from kernel to user space.
1818 */
1819
1820SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
1821        unsigned int, flags, struct sockaddr __user *, addr,
1822        int __user *, addr_len)
1823{
1824    struct socket *sock;
1825    struct iovec iov;
1826    struct msghdr msg;
1827    struct sockaddr_storage address;
1828    int err, err2;
1829    int fput_needed;
1830
1831    if (size > INT_MAX)
1832        size = INT_MAX;
1833    sock = sockfd_lookup_light(fd, &err, &fput_needed);
1834    if (!sock)
1835        goto out;
1836
1837    msg.msg_control = NULL;
1838    msg.msg_controllen = 0;
1839    msg.msg_iovlen = 1;
1840    msg.msg_iov = &iov;
1841    iov.iov_len = size;
1842    iov.iov_base = ubuf;
1843    msg.msg_name = (struct sockaddr *)&address;
1844    msg.msg_namelen = sizeof(address);
1845    if (sock->file->f_flags & O_NONBLOCK)
1846        flags |= MSG_DONTWAIT;
1847    err = sock_recvmsg(sock, &msg, size, flags);
1848
1849    if (err >= 0 && addr != NULL) {
1850        err2 = move_addr_to_user(&address,
1851                     msg.msg_namelen, addr, addr_len);
1852        if (err2 < 0)
1853            err = err2;
1854    }
1855
1856    fput_light(sock->file, fput_needed);
1857out:
1858    return err;
1859}
1860
1861/*
1862 * Receive a datagram from a socket.
1863 */
1864
1865asmlinkage long sys_recv(int fd, void __user *ubuf, size_t size,
1866             unsigned int flags)
1867{
1868    return sys_recvfrom(fd, ubuf, size, flags, NULL, NULL);
1869}
1870
1871/*
1872 * Set a socket option. Because we don't know the option lengths we have
1873 * to pass the user mode parameter for the protocols to sort out.
1874 */
1875
1876SYSCALL_DEFINE5(setsockopt, int, fd, int, level, int, optname,
1877        char __user *, optval, int, optlen)
1878{
1879    int err, fput_needed;
1880    struct socket *sock;
1881
1882    if (optlen < 0)
1883        return -EINVAL;
1884
1885    sock = sockfd_lookup_light(fd, &err, &fput_needed);
1886    if (sock != NULL) {
1887        err = security_socket_setsockopt(sock, level, optname);
1888        if (err)
1889            goto out_put;
1890
1891        if (level == SOL_SOCKET)
1892            err =
1893                sock_setsockopt(sock, level, optname, optval,
1894                        optlen);
1895        else
1896            err =
1897                sock->ops->setsockopt(sock, level, optname, optval,
1898                          optlen);
1899out_put:
1900        fput_light(sock->file, fput_needed);
1901    }
1902    return err;
1903}
1904
1905/*
1906 * Get a socket option. Because we don't know the option lengths we have
1907 * to pass a user mode parameter for the protocols to sort out.
1908 */
1909
1910SYSCALL_DEFINE5(getsockopt, int, fd, int, level, int, optname,
1911        char __user *, optval, int __user *, optlen)
1912{
1913    int err, fput_needed;
1914    struct socket *sock;
1915
1916    sock = sockfd_lookup_light(fd, &err, &fput_needed);
1917    if (sock != NULL) {
1918        err = security_socket_getsockopt(sock, level, optname);
1919        if (err)
1920            goto out_put;
1921
1922        if (level == SOL_SOCKET)
1923            err =
1924                sock_getsockopt(sock, level, optname, optval,
1925                        optlen);
1926        else
1927            err =
1928                sock->ops->getsockopt(sock, level, optname, optval,
1929                          optlen);
1930out_put:
1931        fput_light(sock->file, fput_needed);
1932    }
1933    return err;
1934}
1935
1936/*
1937 * Shutdown a socket.
1938 */
1939
1940SYSCALL_DEFINE2(shutdown, int, fd, int, how)
1941{
1942    int err, fput_needed;
1943    struct socket *sock;
1944
1945    sock = sockfd_lookup_light(fd, &err, &fput_needed);
1946    if (sock != NULL) {
1947        err = security_socket_shutdown(sock, how);
1948        if (!err)
1949            err = sock->ops->shutdown(sock, how);
1950        fput_light(sock->file, fput_needed);
1951    }
1952    return err;
1953}
1954
1955/* A couple of helpful macros for getting the address of the 32/64 bit
1956 * fields which are the same type (int / unsigned) on our platforms.
1957 */
1958#define COMPAT_MSG(msg, member) ((MSG_CMSG_COMPAT & flags) ? &msg##_compat->member : &msg->member)
1959#define COMPAT_NAMELEN(msg) COMPAT_MSG(msg, msg_namelen)
1960#define COMPAT_FLAGS(msg) COMPAT_MSG(msg, msg_flags)
1961
1962struct used_address {
1963    struct sockaddr_storage name;
1964    unsigned int name_len;
1965};
1966
1967static int copy_msghdr_from_user(struct msghdr *kmsg,
1968                 struct msghdr __user *umsg)
1969{
1970    if (copy_from_user(kmsg, umsg, sizeof(struct msghdr)))
1971        return -EFAULT;
1972    if (kmsg->msg_namelen > sizeof(struct sockaddr_storage))
1973        return -EINVAL;
1974    return 0;
1975}
1976
1977static int ___sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
1978             struct msghdr *msg_sys, unsigned int flags,
1979             struct used_address *used_address)
1980{
1981    struct compat_msghdr __user *msg_compat =
1982        (struct compat_msghdr __user *)msg;
1983    struct sockaddr_storage address;
1984    struct iovec iovstack[UIO_FASTIOV], *iov = iovstack;
1985    unsigned char ctl[sizeof(struct cmsghdr) + 20]
1986        __attribute__ ((aligned(sizeof(__kernel_size_t))));
1987    /* 20 is size of ipv6_pktinfo */
1988    unsigned char *ctl_buf = ctl;
1989    int err, ctl_len, total_len;
1990
1991    err = -EFAULT;
1992    if (MSG_CMSG_COMPAT & flags) {
1993        if (get_compat_msghdr(msg_sys, msg_compat))
1994            return -EFAULT;
1995    } else {
1996        err = copy_msghdr_from_user(msg_sys, msg);
1997        if (err)
1998            return err;
1999    }
2000
2001    if (msg_sys->msg_iovlen > UIO_FASTIOV) {
2002        err = -EMSGSIZE;
2003        if (msg_sys->msg_iovlen > UIO_MAXIOV)
2004            goto out;
2005        err = -ENOMEM;
2006        iov = kmalloc(msg_sys->msg_iovlen * sizeof(struct iovec),
2007                  GFP_KERNEL);
2008        if (!iov)
2009            goto out;
2010    }
2011
2012    /* This will also move the address data into kernel space */
2013    if (MSG_CMSG_COMPAT & flags) {
2014        err = verify_compat_iovec(msg_sys, iov, &address, VERIFY_READ);
2015    } else
2016        err = verify_iovec(msg_sys, iov, &address, VERIFY_READ);
2017    if (err < 0)
2018        goto out_freeiov;
2019    total_len = err;
2020
2021    err = -ENOBUFS;
2022
2023    if (msg_sys->msg_controllen > INT_MAX)
2024        goto out_freeiov;
2025    ctl_len = msg_sys->msg_controllen;
2026    if ((MSG_CMSG_COMPAT & flags) && ctl_len) {
2027        err =
2028            cmsghdr_from_user_compat_to_kern(msg_sys, sock->sk, ctl,
2029                             sizeof(ctl));
2030        if (err)
2031            goto out_freeiov;
2032        ctl_buf = msg_sys->msg_control;
2033        ctl_len = msg_sys->msg_controllen;
2034    } else if (ctl_len) {
2035        if (ctl_len > sizeof(ctl)) {
2036            ctl_buf = sock_kmalloc(sock->sk, ctl_len, GFP_KERNEL);
2037            if (ctl_buf == NULL)
2038                goto out_freeiov;
2039        }
2040        err = -EFAULT;
2041        /*
2042         * Careful! Before this, msg_sys->msg_control contains a user pointer.
2043         * Afterwards, it will be a kernel pointer. Thus the compiler-assisted
2044         * checking falls down on this.
2045         */
2046        if (copy_from_user(ctl_buf,
2047                   (void __user __force *)msg_sys->msg_control,
2048                   ctl_len))
2049            goto out_freectl;
2050        msg_sys->msg_control = ctl_buf;
2051    }
2052    msg_sys->msg_flags = flags;
2053
2054    if (sock->file->f_flags & O_NONBLOCK)
2055        msg_sys->msg_flags |= MSG_DONTWAIT;
2056    /*
2057     * If this is sendmmsg() and current destination address is same as
2058     * previously succeeded address, omit asking LSM's decision.
2059     * used_address->name_len is initialized to UINT_MAX so that the first
2060     * destination address never matches.
2061     */
2062    if (used_address && msg_sys->msg_name &&
2063        used_address->name_len == msg_sys->msg_namelen &&
2064        !memcmp(&used_address->name, msg_sys->msg_name,
2065            used_address->name_len)) {
2066        err = sock_sendmsg_nosec(sock, msg_sys, total_len);
2067        goto out_freectl;
2068    }
2069    err = sock_sendmsg(sock, msg_sys, total_len);
2070    /*
2071     * If this is sendmmsg() and sending to current destination address was
2072     * successful, remember it.
2073     */
2074    if (used_address && err >= 0) {
2075        used_address->name_len = msg_sys->msg_namelen;
2076        if (msg_sys->msg_name)
2077            memcpy(&used_address->name, msg_sys->msg_name,
2078                   used_address->name_len);
2079    }
2080
2081out_freectl:
2082    if (ctl_buf != ctl)
2083        sock_kfree_s(sock->sk, ctl_buf, ctl_len);
2084out_freeiov:
2085    if (iov != iovstack)
2086        kfree(iov);
2087out:
2088    return err;
2089}
2090
2091/*
2092 * BSD sendmsg interface
2093 */
2094
2095long __sys_sendmsg(int fd, struct msghdr __user *msg, unsigned flags)
2096{
2097    int fput_needed, err;
2098    struct msghdr msg_sys;
2099    struct socket *sock;
2100
2101    sock = sockfd_lookup_light(fd, &err, &fput_needed);
2102    if (!sock)
2103        goto out;
2104
2105    err = ___sys_sendmsg(sock, msg, &msg_sys, flags, NULL);
2106
2107    fput_light(sock->file, fput_needed);
2108out:
2109    return err;
2110}
2111
2112SYSCALL_DEFINE3(sendmsg, int, fd, struct msghdr __user *, msg, unsigned int, flags)
2113{
2114    if (flags & MSG_CMSG_COMPAT)
2115        return -EINVAL;
2116    return __sys_sendmsg(fd, msg, flags);
2117}
2118
2119/*
2120 * Linux sendmmsg interface
2121 */
2122
2123int __sys_sendmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen,
2124           unsigned int flags)
2125{
2126    int fput_needed, err, datagrams;
2127    struct socket *sock;
2128    struct mmsghdr __user *entry;
2129    struct compat_mmsghdr __user *compat_entry;
2130    struct msghdr msg_sys;
2131    struct used_address used_address;
2132
2133    if (vlen > UIO_MAXIOV)
2134        vlen = UIO_MAXIOV;
2135
2136    datagrams = 0;
2137
2138    sock = sockfd_lookup_light(fd, &err, &fput_needed);
2139    if (!sock)
2140        return err;
2141
2142    used_address.name_len = UINT_MAX;
2143    entry = mmsg;
2144    compat_entry = (struct compat_mmsghdr __user *)mmsg;
2145    err = 0;
2146
2147    while (datagrams < vlen) {
2148        if (MSG_CMSG_COMPAT & flags) {
2149            err = ___sys_sendmsg(sock, (struct msghdr __user *)compat_entry,
2150                         &msg_sys, flags, &used_address);
2151            if (err < 0)
2152                break;
2153            err = __put_user(err, &compat_entry->msg_len);
2154            ++compat_entry;
2155        } else {
2156            err = ___sys_sendmsg(sock,
2157                         (struct msghdr __user *)entry,
2158                         &msg_sys, flags, &used_address);
2159            if (err < 0)
2160                break;
2161            err = put_user(err, &entry->msg_len);
2162            ++entry;
2163        }
2164
2165        if (err)
2166            break;
2167        ++datagrams;
2168    }
2169
2170    fput_light(sock->file, fput_needed);
2171
2172    /* We only return an error if no datagrams were able to be sent */
2173    if (datagrams != 0)
2174        return datagrams;
2175
2176    return err;
2177}
2178
2179SYSCALL_DEFINE4(sendmmsg, int, fd, struct mmsghdr __user *, mmsg,
2180        unsigned int, vlen, unsigned int, flags)
2181{
2182    if (flags & MSG_CMSG_COMPAT)
2183        return -EINVAL;
2184    return __sys_sendmmsg(fd, mmsg, vlen, flags);
2185}
2186
2187static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
2188             struct msghdr *msg_sys, unsigned int flags, int nosec)
2189{
2190    struct compat_msghdr __user *msg_compat =
2191        (struct compat_msghdr __user *)msg;
2192    struct iovec iovstack[UIO_FASTIOV];
2193    struct iovec *iov = iovstack;
2194    unsigned long cmsg_ptr;
2195    int err, total_len, len;
2196
2197    /* kernel mode address */
2198    struct sockaddr_storage addr;
2199
2200    /* user mode address pointers */
2201    struct sockaddr __user *uaddr;
2202    int __user *uaddr_len;
2203
2204    if (MSG_CMSG_COMPAT & flags) {
2205        if (get_compat_msghdr(msg_sys, msg_compat))
2206            return -EFAULT;
2207    } else {
2208        err = copy_msghdr_from_user(msg_sys, msg);
2209        if (err)
2210            return err;
2211    }
2212
2213    if (msg_sys->msg_iovlen > UIO_FASTIOV) {
2214        err = -EMSGSIZE;
2215        if (msg_sys->msg_iovlen > UIO_MAXIOV)
2216            goto out;
2217        err = -ENOMEM;
2218        iov = kmalloc(msg_sys->msg_iovlen * sizeof(struct iovec),
2219                  GFP_KERNEL);
2220        if (!iov)
2221            goto out;
2222    }
2223
2224    /*
2225     * Save the user-mode address (verify_iovec will change the
2226     * kernel msghdr to use the kernel address space)
2227     */
2228
2229    uaddr = (__force void __user *)msg_sys->msg_name;
2230    uaddr_len = COMPAT_NAMELEN(msg);
2231    if (MSG_CMSG_COMPAT & flags) {
2232        err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE);
2233    } else
2234        err = verify_iovec(msg_sys, iov, &addr, VERIFY_WRITE);
2235    if (err < 0)
2236        goto out_freeiov;
2237    total_len = err;
2238
2239    cmsg_ptr = (unsigned long)msg_sys->msg_control;
2240    msg_sys->msg_flags = flags & (MSG_CMSG_CLOEXEC|MSG_CMSG_COMPAT);
2241
2242    if (sock->file->f_flags & O_NONBLOCK)
2243        flags |= MSG_DONTWAIT;
2244    err = (nosec ? sock_recvmsg_nosec : sock_recvmsg)(sock, msg_sys,
2245                              total_len, flags);
2246    if (err < 0)
2247        goto out_freeiov;
2248    len = err;
2249
2250    if (uaddr != NULL) {
2251        err = move_addr_to_user(&addr,
2252                    msg_sys->msg_namelen, uaddr,
2253                    uaddr_len);
2254        if (err < 0)
2255            goto out_freeiov;
2256    }
2257    err = __put_user((msg_sys->msg_flags & ~MSG_CMSG_COMPAT),
2258             COMPAT_FLAGS(msg));
2259    if (err)
2260        goto out_freeiov;
2261    if (MSG_CMSG_COMPAT & flags)
2262        err = __put_user((unsigned long)msg_sys->msg_control - cmsg_ptr,
2263                 &msg_compat->msg_controllen);
2264    else
2265        err = __put_user((unsigned long)msg_sys->msg_control - cmsg_ptr,
2266                 &msg->msg_controllen);
2267    if (err)
2268        goto out_freeiov;
2269    err = len;
2270
2271out_freeiov:
2272    if (iov != iovstack)
2273        kfree(iov);
2274out:
2275    return err;
2276}
2277
2278/*
2279 * BSD recvmsg interface
2280 */
2281
2282long __sys_recvmsg(int fd, struct msghdr __user *msg, unsigned flags)
2283{
2284    int fput_needed, err;
2285    struct msghdr msg_sys;
2286    struct socket *sock;
2287
2288    sock = sockfd_lookup_light(fd, &err, &fput_needed);
2289    if (!sock)
2290        goto out;
2291
2292    err = ___sys_recvmsg(sock, msg, &msg_sys, flags, 0);
2293
2294    fput_light(sock->file, fput_needed);
2295out:
2296    return err;
2297}
2298
2299SYSCALL_DEFINE3(recvmsg, int, fd, struct msghdr __user *, msg,
2300        unsigned int, flags)
2301{
2302    if (flags & MSG_CMSG_COMPAT)
2303        return -EINVAL;
2304    return __sys_recvmsg(fd, msg, flags);
2305}
2306
2307/*
2308 * Linux recvmmsg interface
2309 */
2310
2311int __sys_recvmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen,
2312           unsigned int flags, struct timespec *timeout)
2313{
2314    int fput_needed, err, datagrams;
2315    struct socket *sock;
2316    struct mmsghdr __user *entry;
2317    struct compat_mmsghdr __user *compat_entry;
2318    struct msghdr msg_sys;
2319    struct timespec end_time;
2320
2321    if (timeout &&
2322        poll_select_set_timeout(&end_time, timeout->tv_sec,
2323                    timeout->tv_nsec))
2324        return -EINVAL;
2325
2326    datagrams = 0;
2327
2328    sock = sockfd_lookup_light(fd, &err, &fput_needed);
2329    if (!sock)
2330        return err;
2331
2332    err = sock_error(sock->sk);
2333    if (err)
2334        goto out_put;
2335
2336    entry = mmsg;
2337    compat_entry = (struct compat_mmsghdr __user *)mmsg;
2338
2339    while (datagrams < vlen) {
2340        /*
2341         * No need to ask LSM for more than the first datagram.
2342         */
2343        if (MSG_CMSG_COMPAT & flags) {
2344            err = ___sys_recvmsg(sock, (struct msghdr __user *)compat_entry,
2345                         &msg_sys, flags & ~MSG_WAITFORONE,
2346                         datagrams);
2347            if (err < 0)
2348                break;
2349            err = __put_user(err, &compat_entry->msg_len);
2350            ++compat_entry;
2351        } else {
2352            err = ___sys_recvmsg(sock,
2353                         (struct msghdr __user *)entry,
2354                         &msg_sys, flags & ~MSG_WAITFORONE,
2355                         datagrams);
2356            if (err < 0)
2357                break;
2358            err = put_user(err, &entry->msg_len);
2359            ++entry;
2360        }
2361
2362        if (err)
2363            break;
2364        ++datagrams;
2365
2366        /* MSG_WAITFORONE turns on MSG_DONTWAIT after one packet */
2367        if (flags & MSG_WAITFORONE)
2368            flags |= MSG_DONTWAIT;
2369
2370        if (timeout) {
2371            ktime_get_ts(timeout);
2372            *timeout = timespec_sub(end_time, *timeout);
2373            if (timeout->tv_sec < 0) {
2374                timeout->tv_sec = timeout->tv_nsec = 0;
2375                break;
2376            }
2377
2378            /* Timeout, return less than vlen datagrams */
2379            if (timeout->tv_nsec == 0 && timeout->tv_sec == 0)
2380                break;
2381        }
2382
2383        /* Out of band data, return right away */
2384        if (msg_sys.msg_flags & MSG_OOB)
2385            break;
2386    }
2387
2388out_put:
2389    fput_light(sock->file, fput_needed);
2390
2391    if (err == 0)
2392        return datagrams;
2393
2394    if (datagrams != 0) {
2395        /*
2396         * We may return less entries than requested (vlen) if the
2397         * sock is non block and there aren't enough datagrams...
2398         */
2399        if (err != -EAGAIN) {
2400            /*
2401             * ... or if recvmsg returns an error after we
2402             * received some datagrams, where we record the
2403             * error to return on the next call or if the
2404             * app asks about it using getsockopt(SO_ERROR).
2405             */
2406            sock->sk->sk_err = -err;
2407        }
2408
2409        return datagrams;
2410    }
2411
2412    return err;
2413}
2414
2415SYSCALL_DEFINE5(recvmmsg, int, fd, struct mmsghdr __user *, mmsg,
2416        unsigned int, vlen, unsigned int, flags,
2417        struct timespec __user *, timeout)
2418{
2419    int datagrams;
2420    struct timespec timeout_sys;
2421
2422    if (flags & MSG_CMSG_COMPAT)
2423        return -EINVAL;
2424
2425    if (!timeout)
2426        return __sys_recvmmsg(fd, mmsg, vlen, flags, NULL);
2427
2428    if (copy_from_user(&timeout_sys, timeout, sizeof(timeout_sys)))
2429        return -EFAULT;
2430
2431    datagrams = __sys_recvmmsg(fd, mmsg, vlen, flags, &timeout_sys);
2432
2433    if (datagrams > 0 &&
2434        copy_to_user(timeout, &timeout_sys, sizeof(timeout_sys)))
2435        datagrams = -EFAULT;
2436
2437    return datagrams;
2438}
2439
2440#ifdef __ARCH_WANT_SYS_SOCKETCALL
2441/* Argument list sizes for sys_socketcall */
2442#define AL(x) ((x) * sizeof(unsigned long))
2443static const unsigned char nargs[21] = {
2444    AL(0), AL(3), AL(3), AL(3), AL(2), AL(3),
2445    AL(3), AL(3), AL(4), AL(4), AL(4), AL(6),
2446    AL(6), AL(2), AL(5), AL(5), AL(3), AL(3),
2447    AL(4), AL(5), AL(4)
2448};
2449
2450#undef AL
2451
2452/*
2453 * System call vectors.
2454 *
2455 * Argument checking cleaned up. Saved 20% in size.
2456 * This function doesn't need to set the kernel lock because
2457 * it is set by the callees.
2458 */
2459
2460SYSCALL_DEFINE2(socketcall, int, call, unsigned long __user *, args)
2461{
2462    unsigned long a[AUDITSC_ARGS];
2463    unsigned long a0, a1;
2464    int err;
2465    unsigned int len;
2466
2467    if (call < 1 || call > SYS_SENDMMSG)
2468        return -EINVAL;
2469
2470    len = nargs[call];
2471    if (len > sizeof(a))
2472        return -EINVAL;
2473
2474    /* copy_from_user should be SMP safe. */
2475    if (copy_from_user(a, args, len))
2476        return -EFAULT;
2477
2478    err = audit_socketcall(nargs[call] / sizeof(unsigned long), a);
2479    if (err)
2480        return err;
2481
2482    a0 = a[0];
2483    a1 = a[1];
2484
2485    switch (call) {
2486    case SYS_SOCKET:
2487        err = sys_socket(a0, a1, a[2]);
2488        break;
2489    case SYS_BIND:
2490        err = sys_bind(a0, (struct sockaddr __user *)a1, a[2]);
2491        break;
2492    case SYS_CONNECT:
2493        err = sys_connect(a0, (struct sockaddr __user *)a1, a[2]);
2494        break;
2495    case SYS_LISTEN:
2496        err = sys_listen(a0, a1);
2497        break;
2498    case SYS_ACCEPT:
2499        err = sys_accept4(a0, (struct sockaddr __user *)a1,
2500                  (int __user *)a[2], 0);
2501        break;
2502    case SYS_GETSOCKNAME:
2503        err =
2504            sys_getsockname(a0, (struct sockaddr __user *)a1,
2505                    (int __user *)a[2]);
2506        break;
2507    case SYS_GETPEERNAME:
2508        err =
2509            sys_getpeername(a0, (struct sockaddr __user *)a1,
2510                    (int __user *)a[2]);
2511        break;
2512    case SYS_SOCKETPAIR:
2513        err = sys_socketpair(a0, a1, a[2], (int __user *)a[3]);
2514        break;
2515    case SYS_SEND:
2516        err = sys_send(a0, (void __user *)a1, a[2], a[3]);
2517        break;
2518    case SYS_SENDTO:
2519        err = sys_sendto(a0, (void __user *)a1, a[2], a[3],
2520                 (struct sockaddr __user *)a[4], a[5]);
2521        break;
2522    case SYS_RECV:
2523        err = sys_recv(a0, (void __user *)a1, a[2], a[3]);
2524        break;
2525    case SYS_RECVFROM:
2526        err = sys_recvfrom(a0, (void __user *)a1, a[2], a[3],
2527                   (struct sockaddr __user *)a[4],
2528                   (int __user *)a[5]);
2529        break;
2530    case SYS_SHUTDOWN:
2531        err = sys_shutdown(a0, a1);
2532        break;
2533    case SYS_SETSOCKOPT:
2534        err = sys_setsockopt(a0, a1, a[2], (char __user *)a[3], a[4]);
2535        break;
2536    case SYS_GETSOCKOPT:
2537        err =
2538            sys_getsockopt(a0, a1, a[2], (char __user *)a[3],
2539                   (int __user *)a[4]);
2540        break;
2541    case SYS_SENDMSG:
2542        err = sys_sendmsg(a0, (struct msghdr __user *)a1, a[2]);
2543        break;
2544    case SYS_SENDMMSG:
2545        err = sys_sendmmsg(a0, (struct mmsghdr __user *)a1, a[2], a[3]);
2546        break;
2547    case SYS_RECVMSG:
2548        err = sys_recvmsg(a0, (struct msghdr __user *)a1, a[2]);
2549        break;
2550    case SYS_RECVMMSG:
2551        err = sys_recvmmsg(a0, (struct mmsghdr __user *)a1, a[2], a[3],
2552                   (struct timespec __user *)a[4]);
2553        break;
2554    case SYS_ACCEPT4:
2555        err = sys_accept4(a0, (struct sockaddr __user *)a1,
2556                  (int __user *)a[2], a[3]);
2557        break;
2558    default:
2559        err = -EINVAL;
2560        break;
2561    }
2562    return err;
2563}
2564
2565#endif /* __ARCH_WANT_SYS_SOCKETCALL */
2566
2567/**
2568 * sock_register - add a socket protocol handler
2569 * @ops: description of protocol
2570 *
2571 * This function is called by a protocol handler that wants to
2572 * advertise its address family, and have it linked into the
2573 * socket interface. The value ops->family coresponds to the
2574 * socket system call protocol family.
2575 */
2576int sock_register(const struct net_proto_family *ops)
2577{
2578    int err;
2579
2580    if (ops->family >= NPROTO) {
2581        printk(KERN_CRIT "protocol %d >= NPROTO(%d)\n", ops->family,
2582               NPROTO);
2583        return -ENOBUFS;
2584    }
2585
2586    spin_lock(&net_family_lock);
2587    if (rcu_dereference_protected(net_families[ops->family],
2588                      lockdep_is_held(&net_family_lock)))
2589        err = -EEXIST;
2590    else {
2591        rcu_assign_pointer(net_families[ops->family], ops);
2592        err = 0;
2593    }
2594    spin_unlock(&net_family_lock);
2595
2596    printk(KERN_INFO "NET: Registered protocol family %d\n", ops->family);
2597    return err;
2598}
2599EXPORT_SYMBOL(sock_register);
2600
2601/**
2602 * sock_unregister - remove a protocol handler
2603 * @family: protocol family to remove
2604 *
2605 * This function is called by a protocol handler that wants to
2606 * remove its address family, and have it unlinked from the
2607 * new socket creation.
2608 *
2609 * If protocol handler is a module, then it can use module reference
2610 * counts to protect against new references. If protocol handler is not
2611 * a module then it needs to provide its own protection in
2612 * the ops->create routine.
2613 */
2614void sock_unregister(int family)
2615{
2616    BUG_ON(family < 0 || family >= NPROTO);
2617
2618    spin_lock(&net_family_lock);
2619    RCU_INIT_POINTER(net_families[family], NULL);
2620    spin_unlock(&net_family_lock);
2621
2622    synchronize_rcu();
2623
2624    printk(KERN_INFO "NET: Unregistered protocol family %d\n", family);
2625}
2626EXPORT_SYMBOL(sock_unregister);
2627
2628static int __init sock_init(void)
2629{
2630    int err;
2631    /*
2632     * Initialize the network sysctl infrastructure.
2633     */
2634    err = net_sysctl_init();
2635    if (err)
2636        goto out;
2637
2638    /*
2639     * Initialize skbuff SLAB cache
2640     */
2641    skb_init();
2642
2643    /*
2644     * Initialize the protocols module.
2645     */
2646
2647    init_inodecache();
2648
2649    err = register_filesystem(&sock_fs_type);
2650    if (err)
2651        goto out_fs;
2652    sock_mnt = kern_mount(&sock_fs_type);
2653    if (IS_ERR(sock_mnt)) {
2654        err = PTR_ERR(sock_mnt);
2655        goto out_mount;
2656    }
2657
2658    /* The real protocol initialization is performed in later initcalls.
2659     */
2660
2661#ifdef CONFIG_NETFILTER
2662    err = netfilter_init();
2663    if (err)
2664        goto out;
2665#endif
2666
2667#ifdef CONFIG_NETWORK_PHY_TIMESTAMPING
2668    skb_timestamping_init();
2669#endif
2670
2671out:
2672    return err;
2673
2674out_mount:
2675    unregister_filesystem(&sock_fs_type);
2676out_fs:
2677    goto out;
2678}
2679
2680core_initcall(sock_init); /* early initcall */
2681
2682#ifdef CONFIG_PROC_FS
2683void socket_seq_show(struct seq_file *seq)
2684{
2685    int cpu;
2686    int counter = 0;
2687
2688    for_each_possible_cpu(cpu)
2689        counter += per_cpu(sockets_in_use, cpu);
2690
2691    /* It can be negative, by the way. 8) */
2692    if (counter < 0)
2693        counter = 0;
2694
2695    seq_printf(seq, "sockets: used %d\n", counter);
2696}
2697#endif /* CONFIG_PROC_FS */
2698
2699#ifdef CONFIG_COMPAT
2700static int do_siocgstamp(struct net *net, struct socket *sock,
2701             unsigned int cmd, void __user *up)
2702{
2703    mm_segment_t old_fs = get_fs();
2704    struct timeval ktv;
2705    int err;
2706
2707    set_fs(KERNEL_DS);
2708    err = sock_do_ioctl(net, sock, cmd, (unsigned long)&ktv);
2709    set_fs(old_fs);
2710    if (!err)
2711        err = compat_put_timeval(&ktv, up);
2712
2713    return err;
2714}
2715
2716static int do_siocgstampns(struct net *net, struct socket *sock,
2717               unsigned int cmd, void __user *up)
2718{
2719    mm_segment_t old_fs = get_fs();
2720    struct timespec kts;
2721    int err;
2722
2723    set_fs(KERNEL_DS);
2724    err = sock_do_ioctl(net, sock, cmd, (unsigned long)&kts);
2725    set_fs(old_fs);
2726    if (!err)
2727        err = compat_put_timespec(&kts, up);
2728
2729    return err;
2730}
2731
2732static int dev_ifname32(struct net *net, struct compat_ifreq __user *uifr32)
2733{
2734    struct ifreq __user *uifr;
2735    int err;
2736
2737    uifr = compat_alloc_user_space(sizeof(struct ifreq));
2738    if (copy_in_user(uifr, uifr32, sizeof(struct compat_ifreq)))
2739        return -EFAULT;
2740
2741    err = dev_ioctl(net, SIOCGIFNAME, uifr);
2742    if (err)
2743        return err;
2744
2745    if (copy_in_user(uifr32, uifr, sizeof(struct compat_ifreq)))
2746        return -EFAULT;
2747
2748    return 0;
2749}
2750
2751static int dev_ifconf(struct net *net, struct compat_ifconf __user *uifc32)
2752{
2753    struct compat_ifconf ifc32;
2754    struct ifconf ifc;
2755    struct ifconf __user *uifc;
2756    struct compat_ifreq __user *ifr32;
2757    struct ifreq __user *ifr;
2758    unsigned int i, j;
2759    int err;
2760
2761    if (copy_from_user(&ifc32, uifc32, sizeof(struct compat_ifconf)))
2762        return -EFAULT;
2763
2764    memset(&ifc, 0, sizeof(ifc));
2765    if (ifc32.ifcbuf == 0) {
2766        ifc32.ifc_len = 0;
2767        ifc.ifc_len = 0;
2768        ifc.ifc_req = NULL;
2769        uifc = compat_alloc_user_space(sizeof(struct ifconf));
2770    } else {
2771        size_t len = ((ifc32.ifc_len / sizeof(struct compat_ifreq)) + 1) *
2772            sizeof(struct ifreq);
2773        uifc = compat_alloc_user_space(sizeof(struct ifconf) + len);
2774        ifc.ifc_len = len;
2775        ifr = ifc.ifc_req = (void __user *)(uifc + 1);
2776        ifr32 = compat_ptr(ifc32.ifcbuf);
2777        for (i = 0; i < ifc32.ifc_len; i += sizeof(struct compat_ifreq)) {
2778            if (copy_in_user(ifr, ifr32, sizeof(struct compat_ifreq)))
2779                return -EFAULT;
2780            ifr++;
2781            ifr32++;
2782        }
2783    }
2784    if (copy_to_user(uifc, &ifc, sizeof(struct ifconf)))
2785        return -EFAULT;
2786
2787    err = dev_ioctl(net, SIOCGIFCONF, uifc);
2788    if (err)
2789        return err;
2790
2791    if (copy_from_user(&ifc, uifc, sizeof(struct ifconf)))
2792        return -EFAULT;
2793
2794    ifr = ifc.ifc_req;
2795    ifr32 = compat_ptr(ifc32.ifcbuf);
2796    for (i = 0, j = 0;
2797         i + sizeof(struct compat_ifreq) <= ifc32.ifc_len && j < ifc.ifc_len;
2798         i += sizeof(struct compat_ifreq), j += sizeof(struct ifreq)) {
2799        if (copy_in_user(ifr32, ifr, sizeof(struct compat_ifreq)))
2800            return -EFAULT;
2801        ifr32++;
2802        ifr++;
2803    }
2804
2805    if (ifc32.ifcbuf == 0) {
2806        /* Translate from 64-bit structure multiple to
2807         * a 32-bit one.
2808         */
2809        i = ifc.ifc_len;
2810        i = ((i / sizeof(struct ifreq)) * sizeof(struct compat_ifreq));
2811        ifc32.ifc_len = i;
2812    } else {
2813        ifc32.ifc_len = i;
2814    }
2815    if (copy_to_user(uifc32, &ifc32, sizeof(struct compat_ifconf)))
2816        return -EFAULT;
2817
2818    return 0;
2819}
2820
2821static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32)
2822{
2823    struct compat_ethtool_rxnfc __user *compat_rxnfc;
2824    bool convert_in = false, convert_out = false;
2825    size_t buf_size = ALIGN(sizeof(struct ifreq), 8);
2826    struct ethtool_rxnfc __user *rxnfc;
2827    struct ifreq __user *ifr;
2828    u32 rule_cnt = 0, actual_rule_cnt;
2829    u32 ethcmd;
2830    u32 data;
2831    int ret;
2832
2833    if (get_user(data, &ifr32->ifr_ifru.ifru_data))
2834        return -EFAULT;
2835
2836    compat_rxnfc = compat_ptr(data);
2837
2838    if (get_user(ethcmd, &compat_rxnfc->cmd))
2839        return -EFAULT;
2840
2841    /* Most ethtool structures are defined without padding.
2842     * Unfortunately struct ethtool_rxnfc is an exception.
2843     */
2844    switch (ethcmd) {
2845    default:
2846        break;
2847    case ETHTOOL_GRXCLSRLALL:
2848        /* Buffer size is variable */
2849        if (get_user(rule_cnt, &compat_rxnfc->rule_cnt))
2850            return -EFAULT;
2851        if (rule_cnt > KMALLOC_MAX_SIZE / sizeof(u32))
2852            return -ENOMEM;
2853        buf_size += rule_cnt * sizeof(u32);
2854        /* fall through */
2855    case ETHTOOL_GRXRINGS:
2856    case ETHTOOL_GRXCLSRLCNT:
2857    case ETHTOOL_GRXCLSRULE:
2858    case ETHTOOL_SRXCLSRLINS:
2859        convert_out = true;
2860        /* fall through */
2861    case ETHTOOL_SRXCLSRLDEL:
2862        buf_size += sizeof(struct ethtool_rxnfc);
2863        convert_in = true;
2864        break;
2865    }
2866
2867    ifr = compat_alloc_user_space(buf_size);
2868    rxnfc = (void __user *)ifr + ALIGN(sizeof(struct ifreq), 8);
2869
2870    if (copy_in_user(&ifr->ifr_name, &ifr32->ifr_name, IFNAMSIZ))
2871        return -EFAULT;
2872
2873    if (put_user(convert_in ? rxnfc : compat_ptr(data),
2874             &ifr->ifr_ifru.ifru_data))
2875        return -EFAULT;
2876
2877    if (convert_in) {
2878        /* We expect there to be holes between fs.m_ext and
2879         * fs.ring_cookie and at the end of fs, but nowhere else.
2880         */
2881        BUILD_BUG_ON(offsetof(struct compat_ethtool_rxnfc, fs.m_ext) +
2882                 sizeof(compat_rxnfc->fs.m_ext) !=
2883                 offsetof(struct ethtool_rxnfc, fs.m_ext) +
2884                 sizeof(rxnfc->fs.m_ext));
2885        BUILD_BUG_ON(
2886            offsetof(struct compat_ethtool_rxnfc, fs.location) -
2887            offsetof(struct compat_ethtool_rxnfc, fs.ring_cookie) !=
2888            offsetof(struct ethtool_rxnfc, fs.location) -
2889            offsetof(struct ethtool_rxnfc, fs.ring_cookie));
2890
2891        if (copy_in_user(rxnfc, compat_rxnfc,
2892                 (void __user *)(&rxnfc->fs.m_ext + 1) -
2893                 (void __user *)rxnfc) ||
2894            copy_in_user(&rxnfc->fs.ring_cookie,
2895                 &compat_rxnfc->fs.ring_cookie,
2896                 (void __user *)(&rxnfc->fs.location + 1) -
2897                 (void __user *)&rxnfc->fs.ring_cookie) ||
2898            copy_in_user(&rxnfc->rule_cnt, &compat_rxnfc->rule_cnt,
2899                 sizeof(rxnfc->rule_cnt)))
2900            return -EFAULT;
2901    }
2902
2903    ret = dev_ioctl(net, SIOCETHTOOL, ifr);
2904    if (ret)
2905        return ret;
2906
2907    if (convert_out) {
2908        if (copy_in_user(compat_rxnfc, rxnfc,
2909                 (const void __user *)(&rxnfc->fs.m_ext + 1) -
2910                 (const void __user *)rxnfc) ||
2911            copy_in_user(&compat_rxnfc->fs.ring_cookie,
2912                 &rxnfc->fs.ring_cookie,
2913                 (const void __user *)(&rxnfc->fs.location + 1) -
2914                 (const void __user *)&rxnfc->fs.ring_cookie) ||
2915            copy_in_user(&compat_rxnfc->rule_cnt, &rxnfc->rule_cnt,
2916                 sizeof(rxnfc->rule_cnt)))
2917            return -EFAULT;
2918
2919        if (ethcmd == ETHTOOL_GRXCLSRLALL) {
2920            /* As an optimisation, we only copy the actual
2921             * number of rules that the underlying
2922             * function returned. Since Mallory might
2923             * change the rule count in user memory, we
2924             * check that it is less than the rule count
2925             * originally given (as the user buffer size),
2926             * which has been range-checked.
2927             */
2928            if (get_user(actual_rule_cnt, &rxnfc->rule_cnt))
2929                return -EFAULT;
2930            if (actual_rule_cnt < rule_cnt)
2931                rule_cnt = actual_rule_cnt;
2932            if (copy_in_user(&compat_rxnfc->rule_locs[0],
2933                     &rxnfc->rule_locs[0],
2934                     rule_cnt * sizeof(u32)))
2935                return -EFAULT;
2936        }
2937    }
2938
2939    return 0;
2940}
2941
2942static int compat_siocwandev(struct net *net, struct compat_ifreq __user *uifr32)
2943{
2944    void __user *uptr;
2945    compat_uptr_t uptr32;
2946    struct ifreq __user *uifr;
2947
2948    uifr = compat_alloc_user_space(sizeof(*uifr));
2949    if (copy_in_user(uifr, uifr32, sizeof(struct compat_ifreq)))
2950        return -EFAULT;
2951
2952    if (get_user(uptr32, &uifr32->ifr_settings.ifs_ifsu))
2953        return -EFAULT;
2954
2955    uptr = compat_ptr(uptr32);
2956
2957    if (put_user(uptr, &uifr->ifr_settings.ifs_ifsu.raw_hdlc))
2958        return -EFAULT;
2959
2960    return dev_ioctl(net, SIOCWANDEV, uifr);
2961}
2962
2963static int bond_ioctl(struct net *net, unsigned int cmd,
2964             struct compat_ifreq __user *ifr32)
2965{
2966    struct ifreq kifr;
2967    struct ifreq __user *uifr;
2968    mm_segment_t old_fs;
2969    int err;
2970    u32 data;
2971    void __user *datap;
2972
2973    switch (cmd) {
2974    case SIOCBONDENSLAVE:
2975    case SIOCBONDRELEASE:
2976    case SIOCBONDSETHWADDR:
2977    case SIOCBONDCHANGEACTIVE:
2978        if (copy_from_user(&kifr, ifr32, sizeof(struct compat_ifreq)))
2979            return -EFAULT;
2980
2981        old_fs = get_fs();
2982        set_fs(KERNEL_DS);
2983        err = dev_ioctl(net, cmd,
2984                (struct ifreq __user __force *) &kifr);
2985        set_fs(old_fs);
2986
2987        return err;
2988    case SIOCBONDSLAVEINFOQUERY:
2989    case SIOCBONDINFOQUERY:
2990        uifr = compat_alloc_user_space(sizeof(*uifr));
2991        if (copy_in_user(&uifr->ifr_name, &ifr32->ifr_name, IFNAMSIZ))
2992            return -EFAULT;
2993
2994        if (get_user(data, &ifr32->ifr_ifru.ifru_data))
2995            return -EFAULT;
2996
2997        datap = compat_ptr(data);
2998        if (put_user(datap, &uifr->ifr_ifru.ifru_data))
2999            return -EFAULT;
3000
3001        return dev_ioctl(net, cmd, uifr);
3002    default:
3003        return -ENOIOCTLCMD;
3004    }
3005}
3006
3007static int siocdevprivate_ioctl(struct net *net, unsigned int cmd,
3008                 struct compat_ifreq __user *u_ifreq32)
3009{
3010    struct ifreq __user *u_ifreq64;
3011    char tmp_buf[IFNAMSIZ];
3012    void __user *data64;
3013    u32 data32;
3014
3015    if (copy_from_user(&tmp_buf[0], &(u_ifreq32->ifr_ifrn.ifrn_name[0]),
3016               IFNAMSIZ))
3017        return -EFAULT;
3018    if (__get_user(data32, &u_ifreq32->ifr_ifru.ifru_data))
3019        return -EFAULT;
3020    data64 = compat_ptr(data32);
3021
3022    u_ifreq64 = compat_alloc_user_space(sizeof(*u_ifreq64));
3023
3024    /* Don't check these user accesses, just let that get trapped
3025     * in the ioctl handler instead.
3026     */
3027    if (copy_to_user(&u_ifreq64->ifr_ifrn.ifrn_name[0], &tmp_buf[0],
3028             IFNAMSIZ))
3029        return -EFAULT;
3030    if (__put_user(data64, &u_ifreq64->ifr_ifru.ifru_data))
3031        return -EFAULT;
3032
3033    return dev_ioctl(net, cmd, u_ifreq64);
3034}
3035
3036static int dev_ifsioc(struct net *net, struct socket *sock,
3037             unsigned int cmd, struct compat_ifreq __user *uifr32)
3038{
3039    struct ifreq __user *uifr;
3040    int err;
3041
3042    uifr = compat_alloc_user_space(sizeof(*uifr));
3043    if (copy_in_user(uifr, uifr32, sizeof(*uifr32)))
3044        return -EFAULT;
3045
3046    err = sock_do_ioctl(net, sock, cmd, (unsigned long)uifr);
3047
3048    if (!err) {
3049        switch (cmd) {
3050        case SIOCGIFFLAGS:
3051        case SIOCGIFMETRIC:
3052        case SIOCGIFMTU:
3053        case SIOCGIFMEM:
3054        case SIOCGIFHWADDR:
3055        case SIOCGIFINDEX:
3056        case SIOCGIFADDR:
3057        case SIOCGIFBRDADDR:
3058        case SIOCGIFDSTADDR:
3059        case SIOCGIFNETMASK:
3060        case SIOCGIFPFLAGS:
3061        case SIOCGIFTXQLEN:
3062        case SIOCGMIIPHY:
3063        case SIOCGMIIREG:
3064            if (copy_in_user(uifr32, uifr, sizeof(*uifr32)))
3065                err = -EFAULT;
3066            break;
3067        }
3068    }
3069    return err;
3070}
3071
3072static int compat_sioc_ifmap(struct net *net, unsigned int cmd,
3073            struct compat_ifreq __user *uifr32)
3074{
3075    struct ifreq ifr;
3076    struct compat_ifmap __user *uifmap32;
3077    mm_segment_t old_fs;
3078    int err;
3079
3080    uifmap32 = &uifr32->ifr_ifru.ifru_map;
3081    err = copy_from_user(&ifr, uifr32, sizeof(ifr.ifr_name));
3082    err |= get_user(ifr.ifr_map.mem_start, &uifmap32->mem_start);
3083    err |= get_user(ifr.ifr_map.mem_end, &uifmap32->mem_end);
3084    err |= get_user(ifr.ifr_map.base_addr, &uifmap32->base_addr);
3085    err |= get_user(ifr.ifr_map.irq, &uifmap32->irq);
3086    err |= get_user(ifr.ifr_map.dma, &uifmap32->dma);
3087    err |= get_user(ifr.ifr_map.port, &uifmap32->port);
3088    if (err)
3089        return -EFAULT;
3090
3091    old_fs = get_fs();
3092    set_fs(KERNEL_DS);
3093    err = dev_ioctl(net, cmd, (void __user __force *)&ifr);
3094    set_fs(old_fs);
3095
3096    if (cmd == SIOCGIFMAP && !err) {
3097        err = copy_to_user(uifr32, &ifr, sizeof(ifr.ifr_name));
3098        err |= put_user(ifr.ifr_map.mem_start, &uifmap32->mem_start);
3099        err |= put_user(ifr.ifr_map.mem_end, &uifmap32->mem_end);
3100        err |= put_user(ifr.ifr_map.base_addr, &uifmap32->base_addr);
3101        err |= put_user(ifr.ifr_map.irq, &uifmap32->irq);
3102        err |= put_user(ifr.ifr_map.dma, &uifmap32->dma);
3103        err |= put_user(ifr.ifr_map.port, &uifmap32->port);
3104        if (err)
3105            err = -EFAULT;
3106    }
3107    return err;
3108}
3109
3110static int compat_siocshwtstamp(struct net *net, struct compat_ifreq __user *uifr32)
3111{
3112    void __user *uptr;
3113    compat_uptr_t uptr32;
3114    struct ifreq __user *uifr;
3115
3116    uifr = compat_alloc_user_space(sizeof(*uifr));
3117    if (copy_in_user(uifr, uifr32, sizeof(struct compat_ifreq)))
3118        return -EFAULT;
3119
3120    if (get_user(uptr32, &uifr32->ifr_data))
3121        return -EFAULT;
3122
3123    uptr = compat_ptr(uptr32);
3124
3125    if (put_user(uptr, &uifr->ifr_data))
3126        return -EFAULT;
3127
3128    return dev_ioctl(net, SIOCSHWTSTAMP, uifr);
3129}
3130
3131struct rtentry32 {
3132    u32 rt_pad1;
3133    struct sockaddr rt_dst; /* target address */
3134    struct sockaddr rt_gateway; /* gateway addr (RTF_GATEWAY) */
3135    struct sockaddr rt_genmask; /* target network mask (IP) */
3136    unsigned short rt_flags;
3137    short rt_pad2;
3138    u32 rt_pad3;
3139    unsigned char rt_tos;
3140    unsigned char rt_class;
3141    short rt_pad4;
3142    short rt_metric; /* +1 for binary compatibility! */
3143    /* char * */ u32 rt_dev; /* forcing the device at add */
3144    u32 rt_mtu; /* per route MTU/Window */
3145    u32 rt_window; /* Window clamping */
3146    unsigned short rt_irtt; /* Initial RTT */
3147};
3148
3149struct in6_rtmsg32 {
3150    struct in6_addr rtmsg_dst;
3151    struct in6_addr rtmsg_src;
3152    struct in6_addr rtmsg_gateway;
3153    u32 rtmsg_type;
3154    u16 rtmsg_dst_len;
3155    u16 rtmsg_src_len;
3156    u32 rtmsg_metric;
3157    u32 rtmsg_info;
3158    u32 rtmsg_flags;
3159    s32 rtmsg_ifindex;
3160};
3161
3162static int routing_ioctl(struct net *net, struct socket *sock,
3163             unsigned int cmd, void __user *argp)
3164{
3165    int ret;
3166    void *r = NULL;
3167    struct in6_rtmsg r6;
3168    struct rtentry r4;
3169    char devname[16];
3170    u32 rtdev;
3171    mm_segment_t old_fs = get_fs();
3172
3173    if (sock && sock->sk && sock->sk->sk_family == AF_INET6) { /* ipv6 */
3174        struct in6_rtmsg32 __user *ur6 = argp;
3175        ret = copy_from_user(&r6.rtmsg_dst, &(ur6->rtmsg_dst),
3176            3 * sizeof(struct in6_addr));
3177        ret |= get_user(r6.rtmsg_type, &(ur6->rtmsg_type));
3178        ret |= get_user(r6.rtmsg_dst_len, &(ur6->rtmsg_dst_len));
3179        ret |= get_user(r6.rtmsg_src_len, &(ur6->rtmsg_src_len));
3180        ret |= get_user(r6.rtmsg_metric, &(ur6->rtmsg_metric));
3181        ret |= get_user(r6.rtmsg_info, &(ur6->rtmsg_info));
3182        ret |= get_user(r6.rtmsg_flags, &(ur6->rtmsg_flags));
3183        ret |= get_user(r6.rtmsg_ifindex, &(ur6->rtmsg_ifindex));
3184
3185        r = (void *) &r6;
3186    } else { /* ipv4 */
3187        struct rtentry32 __user *ur4 = argp;
3188        ret = copy_from_user(&r4.rt_dst, &(ur4->rt_dst),
3189                    3 * sizeof(struct sockaddr));
3190        ret |= get_user(r4.rt_flags, &(ur4->rt_flags));
3191        ret |= get_user(r4.rt_metric, &(ur4->rt_metric));
3192        ret |= get_user(r4.rt_mtu, &(ur4->rt_mtu));
3193        ret |= get_user(r4.rt_window, &(ur4->rt_window));
3194        ret |= get_user(r4.rt_irtt, &(ur4->rt_irtt));
3195        ret |= get_user(rtdev, &(ur4->rt_dev));
3196        if (rtdev) {
3197            ret |= copy_from_user(devname, compat_ptr(rtdev), 15);
3198            r4.rt_dev = (char __user __force *)devname;
3199            devname[15] = 0;
3200        } else
3201            r4.rt_dev = NULL;
3202
3203        r = (void *) &r4;
3204    }
3205
3206    if (ret) {
3207        ret = -EFAULT;
3208        goto out;
3209    }
3210
3211    set_fs(KERNEL_DS);
3212    ret = sock_do_ioctl(net, sock, cmd, (unsigned long) r);
3213    set_fs(old_fs);
3214
3215out:
3216    return ret;
3217}
3218
3219/* Since old style bridge ioctl's endup using SIOCDEVPRIVATE
3220 * for some operations; this forces use of the newer bridge-utils that
3221 * use compatible ioctls
3222 */
3223static int old_bridge_ioctl(compat_ulong_t __user *argp)
3224{
3225    compat_ulong_t tmp;
3226
3227    if (get_user(tmp, argp))
3228        return -EFAULT;
3229    if (tmp == BRCTL_GET_VERSION)
3230        return BRCTL_VERSION + 1;
3231    return -EINVAL;
3232}
3233
3234static int compat_sock_ioctl_trans(struct file *file, struct socket *sock,
3235             unsigned int cmd, unsigned long arg)
3236{
3237    void __user *argp = compat_ptr(arg);
3238    struct sock *sk = sock->sk;
3239    struct net *net = sock_net(sk);
3240
3241    if (cmd >= SIOCDEVPRIVATE && cmd <= (SIOCDEVPRIVATE + 15))
3242        return siocdevprivate_ioctl(net, cmd, argp);
3243
3244    switch (cmd) {
3245    case SIOCSIFBR:
3246    case SIOCGIFBR:
3247        return old_bridge_ioctl(argp);
3248    case SIOCGIFNAME:
3249        return dev_ifname32(net, argp);
3250    case SIOCGIFCONF:
3251        return dev_ifconf(net, argp);
3252    case SIOCETHTOOL:
3253        return ethtool_ioctl(net, argp);
3254    case SIOCWANDEV:
3255        return compat_siocwandev(net, argp);
3256    case SIOCGIFMAP:
3257    case SIOCSIFMAP:
3258        return compat_sioc_ifmap(net, cmd, argp);
3259    case SIOCBONDENSLAVE:
3260    case SIOCBONDRELEASE:
3261    case SIOCBONDSETHWADDR:
3262    case SIOCBONDSLAVEINFOQUERY:
3263    case SIOCBONDINFOQUERY:
3264    case SIOCBONDCHANGEACTIVE:
3265        return bond_ioctl(net, cmd, argp);
3266    case SIOCADDRT:
3267    case SIOCDELRT:
3268        return routing_ioctl(net, sock, cmd, argp);
3269    case SIOCGSTAMP:
3270        return do_siocgstamp(net, sock, cmd, argp);
3271    case SIOCGSTAMPNS:
3272        return do_siocgstampns(net, sock, cmd, argp);
3273    case SIOCSHWTSTAMP:
3274        return compat_siocshwtstamp(net, argp);
3275
3276    case FIOSETOWN:
3277    case SIOCSPGRP:
3278    case FIOGETOWN:
3279    case SIOCGPGRP:
3280    case SIOCBRADDBR:
3281    case SIOCBRDELBR:
3282    case SIOCGIFVLAN:
3283    case SIOCSIFVLAN:
3284    case SIOCADDDLCI:
3285    case SIOCDELDLCI:
3286        return sock_ioctl(file, cmd, arg);
3287
3288    case SIOCGIFFLAGS:
3289    case SIOCSIFFLAGS:
3290    case SIOCGIFMETRIC:
3291    case SIOCSIFMETRIC:
3292    case SIOCGIFMTU:
3293    case SIOCSIFMTU:
3294    case SIOCGIFMEM:
3295    case SIOCSIFMEM:
3296    case SIOCGIFHWADDR:
3297    case SIOCSIFHWADDR:
3298    case SIOCADDMULTI:
3299    case SIOCDELMULTI:
3300    case SIOCGIFINDEX:
3301    case SIOCGIFADDR:
3302    case SIOCSIFADDR:
3303    case SIOCSIFHWBROADCAST:
3304    case SIOCDIFADDR:
3305    case SIOCGIFBRDADDR:
3306    case SIOCSIFBRDADDR:
3307    case SIOCGIFDSTADDR:
3308    case SIOCSIFDSTADDR:
3309    case SIOCGIFNETMASK:
3310    case SIOCSIFNETMASK:
3311    case SIOCSIFPFLAGS:
3312    case SIOCGIFPFLAGS:
3313    case SIOCGIFTXQLEN:
3314    case SIOCSIFTXQLEN:
3315    case SIOCBRADDIF:
3316    case SIOCBRDELIF:
3317    case SIOCSIFNAME:
3318    case SIOCGMIIPHY:
3319    case SIOCGMIIREG:
3320    case SIOCSMIIREG:
3321        return dev_ifsioc(net, sock, cmd, argp);
3322
3323    case SIOCSARP:
3324    case SIOCGARP:
3325    case SIOCDARP:
3326    case SIOCATMARK:
3327        return sock_do_ioctl(net, sock, cmd, arg);
3328    }
3329
3330    return -ENOIOCTLCMD;
3331}
3332
3333static long compat_sock_ioctl(struct file *file, unsigned int cmd,
3334                  unsigned long arg)
3335{
3336    struct socket *sock = file->private_data;
3337    int ret = -ENOIOCTLCMD;
3338    struct sock *sk;
3339    struct net *net;
3340
3341    sk = sock->sk;
3342    net = sock_net(sk);
3343
3344    if (sock->ops->compat_ioctl)
3345        ret = sock->ops->compat_ioctl(sock, cmd, arg);
3346
3347    if (ret == -ENOIOCTLCMD &&
3348        (cmd >= SIOCIWFIRST && cmd <= SIOCIWLAST))
3349        ret = compat_wext_handle_ioctl(net, cmd, arg);
3350
3351    if (ret == -ENOIOCTLCMD)
3352        ret = compat_sock_ioctl_trans(file, sock, cmd, arg);
3353
3354    return ret;
3355}
3356#endif
3357
3358int kernel_bind(struct socket *sock, struct sockaddr *addr, int addrlen)
3359{
3360    return sock->ops->bind(sock, addr, addrlen);
3361}
3362EXPORT_SYMBOL(kernel_bind);
3363
3364int kernel_listen(struct socket *sock, int backlog)
3365{
3366    return sock->ops->listen(sock, backlog);
3367}
3368EXPORT_SYMBOL(kernel_listen);
3369
3370int kernel_accept(struct socket *sock, struct socket **newsock, int flags)
3371{
3372    struct sock *sk = sock->sk;
3373    int err;
3374
3375    err = sock_create_lite(sk->sk_family, sk->sk_type, sk->sk_protocol,
3376                   newsock);
3377    if (err < 0)
3378        goto done;
3379
3380    err = sock->ops->accept(sock, *newsock, flags);
3381    if (err < 0) {
3382        sock_release(*newsock);
3383        *newsock = NULL;
3384        goto done;
3385    }
3386
3387    (*newsock)->ops = sock->ops;
3388    __module_get((*newsock)->ops->owner);
3389
3390done:
3391    return err;
3392}
3393EXPORT_SYMBOL(kernel_accept);
3394
3395int kernel_connect(struct socket *sock, struct sockaddr *addr, int addrlen,
3396           int flags)
3397{
3398    return sock->ops->connect(sock, addr, addrlen, flags);
3399}
3400EXPORT_SYMBOL(kernel_connect);
3401
3402int kernel_getsockname(struct socket *sock, struct sockaddr *addr,
3403             int *addrlen)
3404{
3405    return sock->ops->getname(sock, addr, addrlen, 0);
3406}
3407EXPORT_SYMBOL(kernel_getsockname);
3408
3409int kernel_getpeername(struct socket *sock, struct sockaddr *addr,
3410             int *addrlen)
3411{
3412    return sock->ops->getname(sock, addr, addrlen, 1);
3413}
3414EXPORT_SYMBOL(kernel_getpeername);
3415
3416int kernel_getsockopt(struct socket *sock, int level, int optname,
3417            char *optval, int *optlen)
3418{
3419    mm_segment_t oldfs = get_fs();
3420    char __user *uoptval;
3421    int __user *uoptlen;
3422    int err;
3423
3424    uoptval = (char __user __force *) optval;
3425    uoptlen = (int __user __force *) optlen;
3426
3427    set_fs(KERNEL_DS);
3428    if (level == SOL_SOCKET)
3429        err = sock_getsockopt(sock, level, optname, uoptval, uoptlen);
3430    else
3431        err = sock->ops->getsockopt(sock, level, optname, uoptval,
3432                        uoptlen);
3433    set_fs(oldfs);
3434    return err;
3435}
3436EXPORT_SYMBOL(kernel_getsockopt);
3437
3438int kernel_setsockopt(struct socket *sock, int level, int optname,
3439            char *optval, unsigned int optlen)
3440{
3441    mm_segment_t oldfs = get_fs();
3442    char __user *uoptval;
3443    int err;
3444
3445    uoptval = (char __user __force *) optval;
3446
3447    set_fs(KERNEL_DS);
3448    if (level == SOL_SOCKET)
3449        err = sock_setsockopt(sock, level, optname, uoptval, optlen);
3450    else
3451        err = sock->ops->setsockopt(sock, level, optname, uoptval,
3452                        optlen);
3453    set_fs(oldfs);
3454    return err;
3455}
3456EXPORT_SYMBOL(kernel_setsockopt);
3457
3458int kernel_sendpage(struct socket *sock, struct page *page, int offset,
3459            size_t size, int flags)
3460{
3461    if (sock->ops->sendpage)
3462        return sock->ops->sendpage(sock, page, offset, size, flags);
3463
3464    return sock_no_sendpage(sock, page, offset, size, flags);
3465}
3466EXPORT_SYMBOL(kernel_sendpage);
3467
3468int kernel_sock_ioctl(struct socket *sock, int cmd, unsigned long arg)
3469{
3470    mm_segment_t oldfs = get_fs();
3471    int err;
3472
3473    set_fs(KERNEL_DS);
3474    err = sock->ops->ioctl(sock, cmd, arg);
3475    set_fs(oldfs);
3476
3477    return err;
3478}
3479EXPORT_SYMBOL(kernel_sock_ioctl);
3480
3481int kernel_sock_shutdown(struct socket *sock, enum sock_shutdown_cmd how)
3482{
3483    return sock->ops->shutdown(sock, how);
3484}
3485EXPORT_SYMBOL(kernel_sock_shutdown);
3486

Archive Download this file



interactive