166
165
static DEFINE_PER_CPU(int, sockets_in_use);
168
DEFINE_TRACE(socket_create);
169
DEFINE_TRACE(socket_bind);
170
DEFINE_TRACE(socket_connect);
171
DEFINE_TRACE(socket_listen);
172
DEFINE_TRACE(socket_accept);
173
DEFINE_TRACE(socket_getsockname);
174
DEFINE_TRACE(socket_getpeername);
175
DEFINE_TRACE(socket_socketpair);
176
DEFINE_TRACE(socket_sendmsg);
177
DEFINE_TRACE(socket_recvmsg);
178
DEFINE_TRACE(socket_setsockopt);
179
DEFINE_TRACE(socket_getsockopt);
180
DEFINE_TRACE(socket_shutdown);
181
DEFINE_TRACE(socket_call);
184
168
* Support routines.
185
169
* Move socket addresses back and forth across the kernel/user
256
240
static struct inode *sock_alloc_inode(struct super_block *sb)
258
242
struct socket_alloc *ei;
243
struct socket_wq *wq;
260
245
ei = kmem_cache_alloc(sock_inode_cachep, GFP_KERNEL);
263
ei->socket.wq = kmalloc(sizeof(struct socket_wq), GFP_KERNEL);
264
if (!ei->socket.wq) {
248
wq = kmalloc(sizeof(*wq), GFP_KERNEL);
265
250
kmem_cache_free(sock_inode_cachep, ei);
268
init_waitqueue_head(&ei->socket.wq->wait);
269
ei->socket.wq->fasync_list = NULL;
253
init_waitqueue_head(&wq->wait);
254
wq->fasync_list = NULL;
255
RCU_INIT_POINTER(ei->socket.wq, wq);
271
257
ei->socket.state = SS_UNCONNECTED;
272
258
ei->socket.flags = 0;
277
263
return &ei->vfs_inode;
282
static void wq_free_rcu(struct rcu_head *head)
284
struct socket_wq *wq = container_of(head, struct socket_wq, rcu);
289
266
static void sock_destroy_inode(struct inode *inode)
291
268
struct socket_alloc *ei;
269
struct socket_wq *wq;
293
271
ei = container_of(inode, struct socket_alloc, vfs_inode);
294
call_rcu(&ei->socket.wq->rcu, wq_free_rcu);
272
wq = rcu_dereference_protected(ei->socket.wq, 1);
295
274
kmem_cache_free(sock_inode_cachep, ei);
564
543
EXPORT_SYMBOL(sock_tx_timestamp);
545
static inline int __sock_sendmsg_nosec(struct kiocb *iocb, struct socket *sock,
546
struct msghdr *msg, size_t size)
548
struct sock_iocb *si = kiocb_to_siocb(iocb);
550
sock_update_classid(sock->sk);
557
return sock->ops->sendmsg(iocb, sock, msg, size);
566
560
static inline int __sock_sendmsg(struct kiocb *iocb, struct socket *sock,
567
561
struct msghdr *msg, size_t size)
569
struct sock_iocb *si = kiocb_to_siocb(iocb);
572
sock_update_classid(sock->sk);
579
err = security_socket_sendmsg(sock, msg, size);
583
err = sock->ops->sendmsg(iocb, sock, msg, size);
584
trace_socket_sendmsg(sock, msg, size, err);
563
int err = security_socket_sendmsg(sock, msg, size);
565
return err ?: __sock_sendmsg_nosec(iocb, sock, msg, size);
588
568
int sock_sendmsg(struct socket *sock, struct msghdr *msg, size_t size)
601
581
EXPORT_SYMBOL(sock_sendmsg);
583
int sock_sendmsg_nosec(struct socket *sock, struct msghdr *msg, size_t size)
586
struct sock_iocb siocb;
589
init_sync_kiocb(&iocb, NULL);
590
iocb.private = &siocb;
591
ret = __sock_sendmsg_nosec(&iocb, sock, msg, size);
592
if (-EIOCBQUEUED == ret)
593
ret = wait_on_sync_kiocb(&iocb);
603
597
int kernel_sendmsg(struct socket *sock, struct msghdr *msg,
604
598
struct kvec *vec, size_t num, size_t size)
711
704
si->flags = flags;
713
err = sock->ops->recvmsg(iocb, sock, msg, size, flags);
714
trace_socket_recvmsg(sock, msg, size, flags, err);
706
return sock->ops->recvmsg(iocb, sock, msg, size, flags);
718
709
static inline int __sock_recvmsg(struct kiocb *iocb, struct socket *sock,
1130
1121
struct socket *sock = filp->private_data;
1131
1122
struct sock *sk = sock->sk;
1123
struct socket_wq *wq;
1133
1125
if (sk == NULL)
1134
1126
return -EINVAL;
1138
fasync_helper(fd, filp, on, &sock->wq->fasync_list);
1140
if (!sock->wq->fasync_list)
1129
wq = rcu_dereference_protected(sock->wq, sock_owned_by_user(sk));
1130
fasync_helper(fd, filp, on, &wq->fasync_list);
1132
if (!wq->fasync_list)
1141
1133
sock_reset_flag(sk, SOCK_FASYNC);
1143
1135
sock_set_flag(sk, SOCK_FASYNC);
1899
1871
#define COMPAT_NAMELEN(msg) COMPAT_MSG(msg, msg_namelen)
1900
1872
#define COMPAT_FLAGS(msg) COMPAT_MSG(msg, msg_flags)
1903
* BSD sendmsg interface
1906
SYSCALL_DEFINE3(sendmsg, int, fd, struct msghdr __user *, msg, unsigned, flags)
1874
static int __sys_sendmsg(struct socket *sock, struct msghdr __user *msg,
1875
struct msghdr *msg_sys, unsigned flags, int nosec)
1908
1877
struct compat_msghdr __user *msg_compat =
1909
1878
(struct compat_msghdr __user *)msg;
1910
struct socket *sock;
1911
1879
struct sockaddr_storage address;
1912
1880
struct iovec iovstack[UIO_FASTIOV], *iov = iovstack;
1913
1881
unsigned char ctl[sizeof(struct cmsghdr) + 20]
1914
1882
__attribute__ ((aligned(sizeof(__kernel_size_t))));
1915
1883
/* 20 is size of ipv6_pktinfo */
1916
1884
unsigned char *ctl_buf = ctl;
1917
struct msghdr msg_sys;
1918
1885
int err, ctl_len, iov_size, total_len;
1922
1888
if (MSG_CMSG_COMPAT & flags) {
1923
if (get_compat_msghdr(&msg_sys, msg_compat))
1889
if (get_compat_msghdr(msg_sys, msg_compat))
1924
1890
return -EFAULT;
1925
} else if (copy_from_user(&msg_sys, msg, sizeof(struct msghdr)))
1891
} else if (copy_from_user(msg_sys, msg, sizeof(struct msghdr)))
1926
1892
return -EFAULT;
1928
sock = sockfd_lookup_light(fd, &err, &fput_needed);
1932
1894
/* do not move before msg_sys is valid */
1933
1895
err = -EMSGSIZE;
1934
if (msg_sys.msg_iovlen > UIO_MAXIOV)
1896
if (msg_sys->msg_iovlen > UIO_MAXIOV)
1937
1899
/* Check whether to allocate the iovec area */
1939
iov_size = msg_sys.msg_iovlen * sizeof(struct iovec);
1940
if (msg_sys.msg_iovlen > UIO_FASTIOV) {
1901
iov_size = msg_sys->msg_iovlen * sizeof(struct iovec);
1902
if (msg_sys->msg_iovlen > UIO_FASTIOV) {
1941
1903
iov = sock_kmalloc(sock->sk, iov_size, GFP_KERNEL);
1946
1908
/* This will also move the address data into kernel space */
1947
1909
if (MSG_CMSG_COMPAT & flags) {
1948
err = verify_compat_iovec(&msg_sys, iov,
1910
err = verify_compat_iovec(msg_sys, iov,
1949
1911
(struct sockaddr *)&address,
1952
err = verify_iovec(&msg_sys, iov,
1914
err = verify_iovec(msg_sys, iov,
1953
1915
(struct sockaddr *)&address,
1959
1921
err = -ENOBUFS;
1961
if (msg_sys.msg_controllen > INT_MAX)
1923
if (msg_sys->msg_controllen > INT_MAX)
1962
1924
goto out_freeiov;
1963
ctl_len = msg_sys.msg_controllen;
1925
ctl_len = msg_sys->msg_controllen;
1964
1926
if ((MSG_CMSG_COMPAT & flags) && ctl_len) {
1966
cmsghdr_from_user_compat_to_kern(&msg_sys, sock->sk, ctl,
1928
cmsghdr_from_user_compat_to_kern(msg_sys, sock->sk, ctl,
1969
1931
goto out_freeiov;
1970
ctl_buf = msg_sys.msg_control;
1971
ctl_len = msg_sys.msg_controllen;
1932
ctl_buf = msg_sys->msg_control;
1933
ctl_len = msg_sys->msg_controllen;
1972
1934
} else if (ctl_len) {
1973
1935
if (ctl_len > sizeof(ctl)) {
1974
1936
ctl_buf = sock_kmalloc(sock->sk, ctl_len, GFP_KERNEL);
1980
* Careful! Before this, msg_sys.msg_control contains a user pointer.
1942
* Careful! Before this, msg_sys->msg_control contains a user pointer.
1981
1943
* Afterwards, it will be a kernel pointer. Thus the compiler-assisted
1982
1944
* checking falls down on this.
1984
1946
if (copy_from_user(ctl_buf,
1985
(void __user __force *)msg_sys.msg_control,
1947
(void __user __force *)msg_sys->msg_control,
1987
1949
goto out_freectl;
1988
msg_sys.msg_control = ctl_buf;
1950
msg_sys->msg_control = ctl_buf;
1990
msg_sys.msg_flags = flags;
1952
msg_sys->msg_flags = flags;
1992
1954
if (sock->file->f_flags & O_NONBLOCK)
1993
msg_sys.msg_flags |= MSG_DONTWAIT;
1994
err = sock_sendmsg(sock, &msg_sys, total_len);
1955
msg_sys->msg_flags |= MSG_DONTWAIT;
1956
err = (nosec ? sock_sendmsg_nosec : sock_sendmsg)(sock, msg_sys,
1997
1960
if (ctl_buf != ctl)
2000
1963
if (iov != iovstack)
2001
1964
sock_kfree_s(sock->sk, iov, iov_size);
1970
* BSD sendmsg interface
1973
SYSCALL_DEFINE3(sendmsg, int, fd, struct msghdr __user *, msg, unsigned, flags)
1975
int fput_needed, err;
1976
struct msghdr msg_sys;
1977
struct socket *sock = sockfd_lookup_light(fd, &err, &fput_needed);
1982
err = __sys_sendmsg(sock, msg, &msg_sys, flags, 0);
1984
fput_light(sock->file, fput_needed);
1990
* Linux sendmmsg interface
1993
int __sys_sendmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen,
1996
int fput_needed, err, datagrams;
1997
struct socket *sock;
1998
struct mmsghdr __user *entry;
1999
struct compat_mmsghdr __user *compat_entry;
2000
struct msghdr msg_sys;
2004
sock = sockfd_lookup_light(fd, &err, &fput_needed);
2008
err = sock_error(sock->sk);
2013
compat_entry = (struct compat_mmsghdr __user *)mmsg;
2015
while (datagrams < vlen) {
2017
* No need to ask LSM for more than the first datagram.
2019
if (MSG_CMSG_COMPAT & flags) {
2020
err = __sys_sendmsg(sock, (struct msghdr __user *)compat_entry,
2021
&msg_sys, flags, datagrams);
2024
err = __put_user(err, &compat_entry->msg_len);
2027
err = __sys_sendmsg(sock, (struct msghdr __user *)entry,
2028
&msg_sys, flags, datagrams);
2031
err = put_user(err, &entry->msg_len);
2003
2041
fput_light(sock->file, fput_needed);
2046
if (datagrams != 0) {
2048
* We may send less entries than requested (vlen) if the
2049
* sock is non blocking...
2051
if (err != -EAGAIN) {
2053
* ... or if sendmsg returns an error after we
2054
* send some datagrams, where we record the
2055
* error to return on the next call or if the
2056
* app asks about it using getsockopt(SO_ERROR).
2058
sock->sk->sk_err = -err;
2067
SYSCALL_DEFINE4(sendmmsg, int, fd, struct mmsghdr __user *, mmsg,
2068
unsigned int, vlen, unsigned int, flags)
2070
return __sys_sendmmsg(fd, mmsg, vlen, flags);
2008
2073
static int __sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
2009
2074
struct msghdr *msg_sys, unsigned flags, int nosec)
2159
2224
if (MSG_CMSG_COMPAT & flags) {
2160
2225
err = __sys_recvmsg(sock, (struct msghdr __user *)compat_entry,
2161
&msg_sys, flags, datagrams);
2226
&msg_sys, flags & ~MSG_WAITFORONE,
2164
2230
err = __put_user(err, &compat_entry->msg_len);
2165
2231
++compat_entry;
2167
2233
err = __sys_recvmsg(sock, (struct msghdr __user *)entry,
2168
&msg_sys, flags, datagrams);
2234
&msg_sys, flags & ~MSG_WAITFORONE,
2171
2238
err = put_user(err, &entry->msg_len);
2250
2317
#ifdef __ARCH_WANT_SYS_SOCKETCALL
2251
2318
/* Argument list sizes for sys_socketcall */
2252
2319
#define AL(x) ((x) * sizeof(unsigned long))
2253
static const unsigned char nargs[20] = {
2320
static const unsigned char nargs[21] = {
2254
2321
AL(0), AL(3), AL(3), AL(3), AL(2), AL(3),
2255
2322
AL(3), AL(3), AL(4), AL(4), AL(4), AL(6),
2256
2323
AL(6), AL(2), AL(5), AL(5), AL(3), AL(3),
2681
2749
return -EFAULT;
2683
2751
if (convert_in) {
2684
/* We expect there to be holes between fs.m_u and
2752
/* We expect there to be holes between fs.m_ext and
2685
2753
* fs.ring_cookie and at the end of fs, but nowhere else.
2687
BUILD_BUG_ON(offsetof(struct compat_ethtool_rxnfc, fs.m_u) +
2688
sizeof(compat_rxnfc->fs.m_u) !=
2689
offsetof(struct ethtool_rxnfc, fs.m_u) +
2690
sizeof(rxnfc->fs.m_u));
2755
BUILD_BUG_ON(offsetof(struct compat_ethtool_rxnfc, fs.m_ext) +
2756
sizeof(compat_rxnfc->fs.m_ext) !=
2757
offsetof(struct ethtool_rxnfc, fs.m_ext) +
2758
sizeof(rxnfc->fs.m_ext));
2692
2760
offsetof(struct compat_ethtool_rxnfc, fs.location) -
2693
2761
offsetof(struct compat_ethtool_rxnfc, fs.ring_cookie) !=
2695
2763
offsetof(struct ethtool_rxnfc, fs.ring_cookie));
2697
2765
if (copy_in_user(rxnfc, compat_rxnfc,
2698
(void *)(&rxnfc->fs.m_u + 1) -
2766
(void *)(&rxnfc->fs.m_ext + 1) -
2699
2767
(void *)rxnfc) ||
2700
2768
copy_in_user(&rxnfc->fs.ring_cookie,
2701
2769
&compat_rxnfc->fs.ring_cookie,