1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  * INET		An implementation of the TCP/IP protocol suite for the LINUX
4  *		operating system.  INET is implemented using the  BSD Socket
5  *		interface as the means of communication with the user level.
6  *
7  *		Generic socket support routines. Memory allocators, socket lock/release
8  *		handler for protocols to use and generic option handler.
9  *
10  * Authors:	Ross Biro
11  *		Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
12  *		Florian La Roche, <flla@stud.uni-sb.de>
13  *		Alan Cox, <A.Cox@swansea.ac.uk>
14  *
15  * Fixes:
16  *		Alan Cox	: 	Numerous verify_area() problems
17  *		Alan Cox	:	Connecting on a connecting socket
18  *					now returns an error for tcp.
19  *		Alan Cox	:	sock->protocol is set correctly.
20  *					and is not sometimes left as 0.
21  *		Alan Cox	:	connect handles icmp errors on a
22  *					connect properly. Unfortunately there
23  *					is a restart syscall nasty there. I
24  *					can't match BSD without hacking the C
25  *					library. Ideas urgently sought!
26  *		Alan Cox	:	Disallow bind() to addresses that are
27  *					not ours - especially broadcast ones!!
28  *		Alan Cox	:	Socket 1024 _IS_ ok for users. (fencepost)
29  *		Alan Cox	:	sock_wfree/sock_rfree don't destroy sockets,
30  *					instead they leave that for the DESTROY timer.
31  *		Alan Cox	:	Clean up error flag in accept
32  *		Alan Cox	:	TCP ack handling is buggy, the DESTROY timer
33  *					was buggy. Put a remove_sock() in the handler
34  *					for memory when we hit 0. Also altered the timer
35  *					code. The ACK stuff can wait and needs major
36  *					TCP layer surgery.
37  *		Alan Cox	:	Fixed TCP ack bug, removed remove sock
38  *					and fixed timer/inet_bh race.
39  *		Alan Cox	:	Added zapped flag for TCP
40  *		Alan Cox	:	Move kfree_skb into skbuff.c and tidied up surplus code
41  *		Alan Cox	:	for new sk_buff allocations wmalloc/rmalloc now call alloc_skb
42  *		Alan Cox	:	kfree_s calls now are kfree_skbmem so we can track skb resources
43  *		Alan Cox	:	Supports socket option broadcast now as does udp. Packet and raw need fixing.
44  *		Alan Cox	:	Added RCVBUF,SNDBUF size setting. It suddenly occurred to me how easy it was so...
45  *		Rick Sladkey	:	Relaxed UDP rules for matching packets.
46  *		C.E.Hawkins	:	IFF_PROMISC/SIOCGHWADDR support
47  *	Pauline Middelink	:	identd support
48  *		Alan Cox	:	Fixed connect() taking signals I think.
49  *		Alan Cox	:	SO_LINGER supported
50  *		Alan Cox	:	Error reporting fixes
51  *		Anonymous	:	inet_create tidied up (sk->reuse setting)
52  *		Alan Cox	:	inet sockets don't set sk->type!
53  *		Alan Cox	:	Split socket option code
54  *		Alan Cox	:	Callbacks
55  *		Alan Cox	:	Nagle flag for Charles & Johannes stuff
56  *		Alex		:	Removed restriction on inet fioctl
57  *		Alan Cox	:	Splitting INET from NET core
58  *		Alan Cox	:	Fixed bogus SO_TYPE handling in getsockopt()
59  *		Adam Caldwell	:	Missing return in SO_DONTROUTE/SO_DEBUG code
60  *		Alan Cox	:	Split IP from generic code
61  *		Alan Cox	:	New kfree_skbmem()
62  *		Alan Cox	:	Make SO_DEBUG superuser only.
63  *		Alan Cox	:	Allow anyone to clear SO_DEBUG
64  *					(compatibility fix)
65  *		Alan Cox	:	Added optimistic memory grabbing for AF_UNIX throughput.
66  *		Alan Cox	:	Allocator for a socket is settable.
67  *		Alan Cox	:	SO_ERROR includes soft errors.
68  *		Alan Cox	:	Allow NULL arguments on some SO_ opts
69  *		Alan Cox	: 	Generic socket allocation to make hooks
70  *					easier (suggested by Craig Metz).
71  *		Michael Pall	:	SO_ERROR returns positive errno again
72  *              Steve Whitehouse:       Added default destructor to free
73  *                                      protocol private data.
74  *              Steve Whitehouse:       Added various other default routines
75  *                                      common to several socket families.
76  *              Chris Evans     :       Call suser() check last on F_SETOWN
77  *		Jay Schulist	:	Added SO_ATTACH_FILTER and SO_DETACH_FILTER.
78  *		Andi Kleen	:	Add sock_kmalloc()/sock_kfree_s()
79  *		Andi Kleen	:	Fix write_space callback
80  *		Chris Evans	:	Security fixes - signedness again
81  *		Arnaldo C. Melo :       cleanups, use skb_queue_purge
82  *
83  * To Fix:
84  */
85 
86 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
87 
88 #include <asm/unaligned.h>
89 #include <linux/capability.h>
90 #include <linux/errno.h>
91 #include <linux/errqueue.h>
92 #include <linux/types.h>
93 #include <linux/socket.h>
94 #include <linux/in.h>
95 #include <linux/kernel.h>
96 #include <linux/module.h>
97 #include <linux/proc_fs.h>
98 #include <linux/seq_file.h>
99 #include <linux/sched.h>
100 #include <linux/sched/mm.h>
101 #include <linux/timer.h>
102 #include <linux/string.h>
103 #include <linux/sockios.h>
104 #include <linux/net.h>
105 #include <linux/mm.h>
106 #include <linux/slab.h>
107 #include <linux/interrupt.h>
108 #include <linux/poll.h>
109 #include <linux/tcp.h>
110 #include <linux/init.h>
111 #include <linux/highmem.h>
112 #include <linux/user_namespace.h>
113 #include <linux/static_key.h>
114 #include <linux/memcontrol.h>
115 #include <linux/prefetch.h>
116 #include <linux/compat.h>
117 #include <linux/mroute.h>
118 #include <linux/mroute6.h>
119 #include <linux/icmpv6.h>
120 
121 #include <linux/uaccess.h>
122 
123 #include <linux/netdevice.h>
124 #include <net/protocol.h>
125 #include <linux/skbuff.h>
126 #include <net/net_namespace.h>
127 #include <net/request_sock.h>
128 #include <net/sock.h>
129 #include <linux/net_tstamp.h>
130 #include <net/xfrm.h>
131 #include <linux/ipsec.h>
132 #include <net/cls_cgroup.h>
133 #include <net/netprio_cgroup.h>
134 #include <linux/sock_diag.h>
135 
136 #include <linux/filter.h>
137 #include <net/sock_reuseport.h>
138 #include <net/bpf_sk_storage.h>
139 
140 #include <trace/events/sock.h>
141 
142 #include <net/tcp.h>
143 #include <net/busy_poll.h>
144 #include <net/phonet/phonet.h>
145 
146 #include <linux/ethtool.h>
147 
148 #include "dev.h"
149 
150 static DEFINE_MUTEX(proto_list_mutex);
151 static LIST_HEAD(proto_list);
152 
153 static void sock_def_write_space_wfree(struct sock *sk);
154 static void sock_def_write_space(struct sock *sk);
155 
156 /**
157  * sk_ns_capable - General socket capability test
158  * @sk: Socket to use a capability on or through
159  * @user_ns: The user namespace of the capability to use
160  * @cap: The capability to use
161  *
162  * Test to see if the opener of the socket had when the socket was
163  * created and the current process has the capability @cap in the user
164  * namespace @user_ns.
165  */
sk_ns_capable(const struct sock * sk,struct user_namespace * user_ns,int cap)166 bool sk_ns_capable(const struct sock *sk,
167 		   struct user_namespace *user_ns, int cap)
168 {
169 	return file_ns_capable(sk->sk_socket->file, user_ns, cap) &&
170 		ns_capable(user_ns, cap);
171 }
172 EXPORT_SYMBOL(sk_ns_capable);
173 
174 /**
175  * sk_capable - Socket global capability test
176  * @sk: Socket to use a capability on or through
177  * @cap: The global capability to use
178  *
179  * Test to see if the opener of the socket had when the socket was
180  * created and the current process has the capability @cap in all user
181  * namespaces.
182  */
sk_capable(const struct sock * sk,int cap)183 bool sk_capable(const struct sock *sk, int cap)
184 {
185 	return sk_ns_capable(sk, &init_user_ns, cap);
186 }
187 EXPORT_SYMBOL(sk_capable);
188 
189 /**
190  * sk_net_capable - Network namespace socket capability test
191  * @sk: Socket to use a capability on or through
192  * @cap: The capability to use
193  *
194  * Test to see if the opener of the socket had when the socket was created
195  * and the current process has the capability @cap over the network namespace
196  * the socket is a member of.
197  */
sk_net_capable(const struct sock * sk,int cap)198 bool sk_net_capable(const struct sock *sk, int cap)
199 {
200 	return sk_ns_capable(sk, sock_net(sk)->user_ns, cap);
201 }
202 EXPORT_SYMBOL(sk_net_capable);
203 
204 /*
205  * Each address family might have different locking rules, so we have
206  * one slock key per address family and separate keys for internal and
207  * userspace sockets.
208  */
209 static struct lock_class_key af_family_keys[AF_MAX];
210 static struct lock_class_key af_family_kern_keys[AF_MAX];
211 static struct lock_class_key af_family_slock_keys[AF_MAX];
212 static struct lock_class_key af_family_kern_slock_keys[AF_MAX];
213 
214 /*
215  * Make lock validator output more readable. (we pre-construct these
216  * strings build-time, so that runtime initialization of socket
217  * locks is fast):
218  */
219 
220 #define _sock_locks(x)						  \
221   x "AF_UNSPEC",	x "AF_UNIX"     ,	x "AF_INET"     , \
222   x "AF_AX25"  ,	x "AF_IPX"      ,	x "AF_APPLETALK", \
223   x "AF_NETROM",	x "AF_BRIDGE"   ,	x "AF_ATMPVC"   , \
224   x "AF_X25"   ,	x "AF_INET6"    ,	x "AF_ROSE"     , \
225   x "AF_DECnet",	x "AF_NETBEUI"  ,	x "AF_SECURITY" , \
226   x "AF_KEY"   ,	x "AF_NETLINK"  ,	x "AF_PACKET"   , \
227   x "AF_ASH"   ,	x "AF_ECONET"   ,	x "AF_ATMSVC"   , \
228   x "AF_RDS"   ,	x "AF_SNA"      ,	x "AF_IRDA"     , \
229   x "AF_PPPOX" ,	x "AF_WANPIPE"  ,	x "AF_LLC"      , \
230   x "27"       ,	x "28"          ,	x "AF_CAN"      , \
231   x "AF_TIPC"  ,	x "AF_BLUETOOTH",	x "IUCV"        , \
232   x "AF_RXRPC" ,	x "AF_ISDN"     ,	x "AF_PHONET"   , \
233   x "AF_IEEE802154",	x "AF_CAIF"	,	x "AF_ALG"      , \
234   x "AF_NFC"   ,	x "AF_VSOCK"    ,	x "AF_KCM"      , \
235   x "AF_QIPCRTR",	x "AF_SMC"	,	x "AF_XDP"	, \
236   x "AF_MCTP"  , \
237   x "AF_MAX"
238 
239 static const char *const af_family_key_strings[AF_MAX+1] = {
240 	_sock_locks("sk_lock-")
241 };
242 static const char *const af_family_slock_key_strings[AF_MAX+1] = {
243 	_sock_locks("slock-")
244 };
245 static const char *const af_family_clock_key_strings[AF_MAX+1] = {
246 	_sock_locks("clock-")
247 };
248 
249 static const char *const af_family_kern_key_strings[AF_MAX+1] = {
250 	_sock_locks("k-sk_lock-")
251 };
252 static const char *const af_family_kern_slock_key_strings[AF_MAX+1] = {
253 	_sock_locks("k-slock-")
254 };
255 static const char *const af_family_kern_clock_key_strings[AF_MAX+1] = {
256 	_sock_locks("k-clock-")
257 };
258 static const char *const af_family_rlock_key_strings[AF_MAX+1] = {
259 	_sock_locks("rlock-")
260 };
261 static const char *const af_family_wlock_key_strings[AF_MAX+1] = {
262 	_sock_locks("wlock-")
263 };
264 static const char *const af_family_elock_key_strings[AF_MAX+1] = {
265 	_sock_locks("elock-")
266 };
267 
268 /*
269  * sk_callback_lock and sk queues locking rules are per-address-family,
270  * so split the lock classes by using a per-AF key:
271  */
272 static struct lock_class_key af_callback_keys[AF_MAX];
273 static struct lock_class_key af_rlock_keys[AF_MAX];
274 static struct lock_class_key af_wlock_keys[AF_MAX];
275 static struct lock_class_key af_elock_keys[AF_MAX];
276 static struct lock_class_key af_kern_callback_keys[AF_MAX];
277 
278 /* Run time adjustable parameters. */
279 __u32 sysctl_wmem_max __read_mostly = SK_WMEM_MAX;
280 EXPORT_SYMBOL(sysctl_wmem_max);
281 __u32 sysctl_rmem_max __read_mostly = SK_RMEM_MAX;
282 EXPORT_SYMBOL(sysctl_rmem_max);
283 __u32 sysctl_wmem_default __read_mostly = SK_WMEM_MAX;
284 __u32 sysctl_rmem_default __read_mostly = SK_RMEM_MAX;
285 
286 /* Maximal space eaten by iovec or ancillary data plus some space */
287 int sysctl_optmem_max __read_mostly = sizeof(unsigned long)*(2*UIO_MAXIOV+512);
288 EXPORT_SYMBOL(sysctl_optmem_max);
289 
290 int sysctl_tstamp_allow_data __read_mostly = 1;
291 
292 DEFINE_STATIC_KEY_FALSE(memalloc_socks_key);
293 EXPORT_SYMBOL_GPL(memalloc_socks_key);
294 
295 /**
296  * sk_set_memalloc - sets %SOCK_MEMALLOC
297  * @sk: socket to set it on
298  *
299  * Set %SOCK_MEMALLOC on a socket for access to emergency reserves.
300  * It's the responsibility of the admin to adjust min_free_kbytes
301  * to meet the requirements
302  */
sk_set_memalloc(struct sock * sk)303 void sk_set_memalloc(struct sock *sk)
304 {
305 	sock_set_flag(sk, SOCK_MEMALLOC);
306 	sk->sk_allocation |= __GFP_MEMALLOC;
307 	static_branch_inc(&memalloc_socks_key);
308 }
309 EXPORT_SYMBOL_GPL(sk_set_memalloc);
310 
sk_clear_memalloc(struct sock * sk)311 void sk_clear_memalloc(struct sock *sk)
312 {
313 	sock_reset_flag(sk, SOCK_MEMALLOC);
314 	sk->sk_allocation &= ~__GFP_MEMALLOC;
315 	static_branch_dec(&memalloc_socks_key);
316 
317 	/*
318 	 * SOCK_MEMALLOC is allowed to ignore rmem limits to ensure forward
319 	 * progress of swapping. SOCK_MEMALLOC may be cleared while
320 	 * it has rmem allocations due to the last swapfile being deactivated
321 	 * but there is a risk that the socket is unusable due to exceeding
322 	 * the rmem limits. Reclaim the reserves and obey rmem limits again.
323 	 */
324 	sk_mem_reclaim(sk);
325 }
326 EXPORT_SYMBOL_GPL(sk_clear_memalloc);
327 
__sk_backlog_rcv(struct sock * sk,struct sk_buff * skb)328 int __sk_backlog_rcv(struct sock *sk, struct sk_buff *skb)
329 {
330 	int ret;
331 	unsigned int noreclaim_flag;
332 
333 	/* these should have been dropped before queueing */
334 	BUG_ON(!sock_flag(sk, SOCK_MEMALLOC));
335 
336 	noreclaim_flag = memalloc_noreclaim_save();
337 	ret = INDIRECT_CALL_INET(sk->sk_backlog_rcv,
338 				 tcp_v6_do_rcv,
339 				 tcp_v4_do_rcv,
340 				 sk, skb);
341 	memalloc_noreclaim_restore(noreclaim_flag);
342 
343 	return ret;
344 }
345 EXPORT_SYMBOL(__sk_backlog_rcv);
346 
sk_error_report(struct sock * sk)347 void sk_error_report(struct sock *sk)
348 {
349 	sk->sk_error_report(sk);
350 
351 	switch (sk->sk_family) {
352 	case AF_INET:
353 		fallthrough;
354 	case AF_INET6:
355 		trace_inet_sk_error_report(sk);
356 		break;
357 	default:
358 		break;
359 	}
360 }
361 EXPORT_SYMBOL(sk_error_report);
362 
sock_get_timeout(long timeo,void * optval,bool old_timeval)363 int sock_get_timeout(long timeo, void *optval, bool old_timeval)
364 {
365 	struct __kernel_sock_timeval tv;
366 
367 	if (timeo == MAX_SCHEDULE_TIMEOUT) {
368 		tv.tv_sec = 0;
369 		tv.tv_usec = 0;
370 	} else {
371 		tv.tv_sec = timeo / HZ;
372 		tv.tv_usec = ((timeo % HZ) * USEC_PER_SEC) / HZ;
373 	}
374 
375 	if (old_timeval && in_compat_syscall() && !COMPAT_USE_64BIT_TIME) {
376 		struct old_timeval32 tv32 = { tv.tv_sec, tv.tv_usec };
377 		*(struct old_timeval32 *)optval = tv32;
378 		return sizeof(tv32);
379 	}
380 
381 	if (old_timeval) {
382 		struct __kernel_old_timeval old_tv;
383 		old_tv.tv_sec = tv.tv_sec;
384 		old_tv.tv_usec = tv.tv_usec;
385 		*(struct __kernel_old_timeval *)optval = old_tv;
386 		return sizeof(old_tv);
387 	}
388 
389 	*(struct __kernel_sock_timeval *)optval = tv;
390 	return sizeof(tv);
391 }
392 EXPORT_SYMBOL(sock_get_timeout);
393 
sock_copy_user_timeval(struct __kernel_sock_timeval * tv,sockptr_t optval,int optlen,bool old_timeval)394 int sock_copy_user_timeval(struct __kernel_sock_timeval *tv,
395 			   sockptr_t optval, int optlen, bool old_timeval)
396 {
397 	if (old_timeval && in_compat_syscall() && !COMPAT_USE_64BIT_TIME) {
398 		struct old_timeval32 tv32;
399 
400 		if (optlen < sizeof(tv32))
401 			return -EINVAL;
402 
403 		if (copy_from_sockptr(&tv32, optval, sizeof(tv32)))
404 			return -EFAULT;
405 		tv->tv_sec = tv32.tv_sec;
406 		tv->tv_usec = tv32.tv_usec;
407 	} else if (old_timeval) {
408 		struct __kernel_old_timeval old_tv;
409 
410 		if (optlen < sizeof(old_tv))
411 			return -EINVAL;
412 		if (copy_from_sockptr(&old_tv, optval, sizeof(old_tv)))
413 			return -EFAULT;
414 		tv->tv_sec = old_tv.tv_sec;
415 		tv->tv_usec = old_tv.tv_usec;
416 	} else {
417 		if (optlen < sizeof(*tv))
418 			return -EINVAL;
419 		if (copy_from_sockptr(tv, optval, sizeof(*tv)))
420 			return -EFAULT;
421 	}
422 
423 	return 0;
424 }
425 EXPORT_SYMBOL(sock_copy_user_timeval);
426 
sock_set_timeout(long * timeo_p,sockptr_t optval,int optlen,bool old_timeval)427 static int sock_set_timeout(long *timeo_p, sockptr_t optval, int optlen,
428 			    bool old_timeval)
429 {
430 	struct __kernel_sock_timeval tv;
431 	int err = sock_copy_user_timeval(&tv, optval, optlen, old_timeval);
432 	long val;
433 
434 	if (err)
435 		return err;
436 
437 	if (tv.tv_usec < 0 || tv.tv_usec >= USEC_PER_SEC)
438 		return -EDOM;
439 
440 	if (tv.tv_sec < 0) {
441 		static int warned __read_mostly;
442 
443 		WRITE_ONCE(*timeo_p, 0);
444 		if (warned < 10 && net_ratelimit()) {
445 			warned++;
446 			pr_info("%s: `%s' (pid %d) tries to set negative timeout\n",
447 				__func__, current->comm, task_pid_nr(current));
448 		}
449 		return 0;
450 	}
451 	val = MAX_SCHEDULE_TIMEOUT;
452 	if ((tv.tv_sec || tv.tv_usec) &&
453 	    (tv.tv_sec < (MAX_SCHEDULE_TIMEOUT / HZ - 1)))
454 		val = tv.tv_sec * HZ + DIV_ROUND_UP((unsigned long)tv.tv_usec,
455 						    USEC_PER_SEC / HZ);
456 	WRITE_ONCE(*timeo_p, val);
457 	return 0;
458 }
459 
sock_needs_netstamp(const struct sock * sk)460 static bool sock_needs_netstamp(const struct sock *sk)
461 {
462 	switch (sk->sk_family) {
463 	case AF_UNSPEC:
464 	case AF_UNIX:
465 		return false;
466 	default:
467 		return true;
468 	}
469 }
470 
sock_disable_timestamp(struct sock * sk,unsigned long flags)471 static void sock_disable_timestamp(struct sock *sk, unsigned long flags)
472 {
473 	if (sk->sk_flags & flags) {
474 		sk->sk_flags &= ~flags;
475 		if (sock_needs_netstamp(sk) &&
476 		    !(sk->sk_flags & SK_FLAGS_TIMESTAMP))
477 			net_disable_timestamp();
478 	}
479 }
480 
481 
__sock_queue_rcv_skb(struct sock * sk,struct sk_buff * skb)482 int __sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
483 {
484 	unsigned long flags;
485 	struct sk_buff_head *list = &sk->sk_receive_queue;
486 
487 	if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) {
488 		atomic_inc(&sk->sk_drops);
489 		trace_sock_rcvqueue_full(sk, skb);
490 		return -ENOMEM;
491 	}
492 
493 	if (!sk_rmem_schedule(sk, skb, skb->truesize)) {
494 		atomic_inc(&sk->sk_drops);
495 		return -ENOBUFS;
496 	}
497 
498 	skb->dev = NULL;
499 	skb_set_owner_r(skb, sk);
500 
501 	/* we escape from rcu protected region, make sure we dont leak
502 	 * a norefcounted dst
503 	 */
504 	skb_dst_force(skb);
505 
506 	spin_lock_irqsave(&list->lock, flags);
507 	sock_skb_set_dropcount(sk, skb);
508 	__skb_queue_tail(list, skb);
509 	spin_unlock_irqrestore(&list->lock, flags);
510 
511 	if (!sock_flag(sk, SOCK_DEAD))
512 		sk->sk_data_ready(sk);
513 	return 0;
514 }
515 EXPORT_SYMBOL(__sock_queue_rcv_skb);
516 
sock_queue_rcv_skb_reason(struct sock * sk,struct sk_buff * skb,enum skb_drop_reason * reason)517 int sock_queue_rcv_skb_reason(struct sock *sk, struct sk_buff *skb,
518 			      enum skb_drop_reason *reason)
519 {
520 	enum skb_drop_reason drop_reason;
521 	int err;
522 
523 	err = sk_filter(sk, skb);
524 	if (err) {
525 		drop_reason = SKB_DROP_REASON_SOCKET_FILTER;
526 		goto out;
527 	}
528 	err = __sock_queue_rcv_skb(sk, skb);
529 	switch (err) {
530 	case -ENOMEM:
531 		drop_reason = SKB_DROP_REASON_SOCKET_RCVBUFF;
532 		break;
533 	case -ENOBUFS:
534 		drop_reason = SKB_DROP_REASON_PROTO_MEM;
535 		break;
536 	default:
537 		drop_reason = SKB_NOT_DROPPED_YET;
538 		break;
539 	}
540 out:
541 	if (reason)
542 		*reason = drop_reason;
543 	return err;
544 }
545 EXPORT_SYMBOL(sock_queue_rcv_skb_reason);
546 
__sk_receive_skb(struct sock * sk,struct sk_buff * skb,const int nested,unsigned int trim_cap,bool refcounted)547 int __sk_receive_skb(struct sock *sk, struct sk_buff *skb,
548 		     const int nested, unsigned int trim_cap, bool refcounted)
549 {
550 	int rc = NET_RX_SUCCESS;
551 
552 	if (sk_filter_trim_cap(sk, skb, trim_cap))
553 		goto discard_and_relse;
554 
555 	skb->dev = NULL;
556 
557 	if (sk_rcvqueues_full(sk, sk->sk_rcvbuf)) {
558 		atomic_inc(&sk->sk_drops);
559 		goto discard_and_relse;
560 	}
561 	if (nested)
562 		bh_lock_sock_nested(sk);
563 	else
564 		bh_lock_sock(sk);
565 	if (!sock_owned_by_user(sk)) {
566 		/*
567 		 * trylock + unlock semantics:
568 		 */
569 		mutex_acquire(&sk->sk_lock.dep_map, 0, 1, _RET_IP_);
570 
571 		rc = sk_backlog_rcv(sk, skb);
572 
573 		mutex_release(&sk->sk_lock.dep_map, _RET_IP_);
574 	} else if (sk_add_backlog(sk, skb, READ_ONCE(sk->sk_rcvbuf))) {
575 		bh_unlock_sock(sk);
576 		atomic_inc(&sk->sk_drops);
577 		goto discard_and_relse;
578 	}
579 
580 	bh_unlock_sock(sk);
581 out:
582 	if (refcounted)
583 		sock_put(sk);
584 	return rc;
585 discard_and_relse:
586 	kfree_skb(skb);
587 	goto out;
588 }
589 EXPORT_SYMBOL(__sk_receive_skb);
590 
591 INDIRECT_CALLABLE_DECLARE(struct dst_entry *ip6_dst_check(struct dst_entry *,
592 							  u32));
593 INDIRECT_CALLABLE_DECLARE(struct dst_entry *ipv4_dst_check(struct dst_entry *,
594 							   u32));
__sk_dst_check(struct sock * sk,u32 cookie)595 struct dst_entry *__sk_dst_check(struct sock *sk, u32 cookie)
596 {
597 	struct dst_entry *dst = __sk_dst_get(sk);
598 
599 	if (dst && dst->obsolete &&
600 	    INDIRECT_CALL_INET(dst->ops->check, ip6_dst_check, ipv4_dst_check,
601 			       dst, cookie) == NULL) {
602 		sk_tx_queue_clear(sk);
603 		sk->sk_dst_pending_confirm = 0;
604 		RCU_INIT_POINTER(sk->sk_dst_cache, NULL);
605 		dst_release(dst);
606 		return NULL;
607 	}
608 
609 	return dst;
610 }
611 EXPORT_SYMBOL(__sk_dst_check);
612 
sk_dst_check(struct sock * sk,u32 cookie)613 struct dst_entry *sk_dst_check(struct sock *sk, u32 cookie)
614 {
615 	struct dst_entry *dst = sk_dst_get(sk);
616 
617 	if (dst && dst->obsolete &&
618 	    INDIRECT_CALL_INET(dst->ops->check, ip6_dst_check, ipv4_dst_check,
619 			       dst, cookie) == NULL) {
620 		sk_dst_reset(sk);
621 		dst_release(dst);
622 		return NULL;
623 	}
624 
625 	return dst;
626 }
627 EXPORT_SYMBOL(sk_dst_check);
628 
sock_bindtoindex_locked(struct sock * sk,int ifindex)629 static int sock_bindtoindex_locked(struct sock *sk, int ifindex)
630 {
631 	int ret = -ENOPROTOOPT;
632 #ifdef CONFIG_NETDEVICES
633 	struct net *net = sock_net(sk);
634 
635 	/* Sorry... */
636 	ret = -EPERM;
637 	if (sk->sk_bound_dev_if && !ns_capable(net->user_ns, CAP_NET_RAW))
638 		goto out;
639 
640 	ret = -EINVAL;
641 	if (ifindex < 0)
642 		goto out;
643 
644 	/* Paired with all READ_ONCE() done locklessly. */
645 	WRITE_ONCE(sk->sk_bound_dev_if, ifindex);
646 
647 	if (sk->sk_prot->rehash)
648 		sk->sk_prot->rehash(sk);
649 	sk_dst_reset(sk);
650 
651 	ret = 0;
652 
653 out:
654 #endif
655 
656 	return ret;
657 }
658 
sock_bindtoindex(struct sock * sk,int ifindex,bool lock_sk)659 int sock_bindtoindex(struct sock *sk, int ifindex, bool lock_sk)
660 {
661 	int ret;
662 
663 	if (lock_sk)
664 		lock_sock(sk);
665 	ret = sock_bindtoindex_locked(sk, ifindex);
666 	if (lock_sk)
667 		release_sock(sk);
668 
669 	return ret;
670 }
671 EXPORT_SYMBOL(sock_bindtoindex);
672 
sock_setbindtodevice(struct sock * sk,sockptr_t optval,int optlen)673 static int sock_setbindtodevice(struct sock *sk, sockptr_t optval, int optlen)
674 {
675 	int ret = -ENOPROTOOPT;
676 #ifdef CONFIG_NETDEVICES
677 	struct net *net = sock_net(sk);
678 	char devname[IFNAMSIZ];
679 	int index;
680 
681 	ret = -EINVAL;
682 	if (optlen < 0)
683 		goto out;
684 
685 	/* Bind this socket to a particular device like "eth0",
686 	 * as specified in the passed interface name. If the
687 	 * name is "" or the option length is zero the socket
688 	 * is not bound.
689 	 */
690 	if (optlen > IFNAMSIZ - 1)
691 		optlen = IFNAMSIZ - 1;
692 	memset(devname, 0, sizeof(devname));
693 
694 	ret = -EFAULT;
695 	if (copy_from_sockptr(devname, optval, optlen))
696 		goto out;
697 
698 	index = 0;
699 	if (devname[0] != '\0') {
700 		struct net_device *dev;
701 
702 		rcu_read_lock();
703 		dev = dev_get_by_name_rcu(net, devname);
704 		if (dev)
705 			index = dev->ifindex;
706 		rcu_read_unlock();
707 		ret = -ENODEV;
708 		if (!dev)
709 			goto out;
710 	}
711 
712 	sockopt_lock_sock(sk);
713 	ret = sock_bindtoindex_locked(sk, index);
714 	sockopt_release_sock(sk);
715 out:
716 #endif
717 
718 	return ret;
719 }
720 
sock_getbindtodevice(struct sock * sk,sockptr_t optval,sockptr_t optlen,int len)721 static int sock_getbindtodevice(struct sock *sk, sockptr_t optval,
722 				sockptr_t optlen, int len)
723 {
724 	int ret = -ENOPROTOOPT;
725 #ifdef CONFIG_NETDEVICES
726 	int bound_dev_if = READ_ONCE(sk->sk_bound_dev_if);
727 	struct net *net = sock_net(sk);
728 	char devname[IFNAMSIZ];
729 
730 	if (bound_dev_if == 0) {
731 		len = 0;
732 		goto zero;
733 	}
734 
735 	ret = -EINVAL;
736 	if (len < IFNAMSIZ)
737 		goto out;
738 
739 	ret = netdev_get_name(net, devname, bound_dev_if);
740 	if (ret)
741 		goto out;
742 
743 	len = strlen(devname) + 1;
744 
745 	ret = -EFAULT;
746 	if (copy_to_sockptr(optval, devname, len))
747 		goto out;
748 
749 zero:
750 	ret = -EFAULT;
751 	if (copy_to_sockptr(optlen, &len, sizeof(int)))
752 		goto out;
753 
754 	ret = 0;
755 
756 out:
757 #endif
758 
759 	return ret;
760 }
761 
sk_mc_loop(struct sock * sk)762 bool sk_mc_loop(struct sock *sk)
763 {
764 	if (dev_recursion_level())
765 		return false;
766 	if (!sk)
767 		return true;
768 	/* IPV6_ADDRFORM can change sk->sk_family under us. */
769 	switch (READ_ONCE(sk->sk_family)) {
770 	case AF_INET:
771 		return inet_test_bit(MC_LOOP, sk);
772 #if IS_ENABLED(CONFIG_IPV6)
773 	case AF_INET6:
774 		return inet6_sk(sk)->mc_loop;
775 #endif
776 	}
777 	WARN_ON_ONCE(1);
778 	return true;
779 }
780 EXPORT_SYMBOL(sk_mc_loop);
781 
sock_set_reuseaddr(struct sock * sk)782 void sock_set_reuseaddr(struct sock *sk)
783 {
784 	lock_sock(sk);
785 	sk->sk_reuse = SK_CAN_REUSE;
786 	release_sock(sk);
787 }
788 EXPORT_SYMBOL(sock_set_reuseaddr);
789 
sock_set_reuseport(struct sock * sk)790 void sock_set_reuseport(struct sock *sk)
791 {
792 	lock_sock(sk);
793 	sk->sk_reuseport = true;
794 	release_sock(sk);
795 }
796 EXPORT_SYMBOL(sock_set_reuseport);
797 
sock_no_linger(struct sock * sk)798 void sock_no_linger(struct sock *sk)
799 {
800 	lock_sock(sk);
801 	WRITE_ONCE(sk->sk_lingertime, 0);
802 	sock_set_flag(sk, SOCK_LINGER);
803 	release_sock(sk);
804 }
805 EXPORT_SYMBOL(sock_no_linger);
806 
sock_set_priority(struct sock * sk,u32 priority)807 void sock_set_priority(struct sock *sk, u32 priority)
808 {
809 	lock_sock(sk);
810 	WRITE_ONCE(sk->sk_priority, priority);
811 	release_sock(sk);
812 }
813 EXPORT_SYMBOL(sock_set_priority);
814 
sock_set_sndtimeo(struct sock * sk,s64 secs)815 void sock_set_sndtimeo(struct sock *sk, s64 secs)
816 {
817 	lock_sock(sk);
818 	if (secs && secs < MAX_SCHEDULE_TIMEOUT / HZ - 1)
819 		WRITE_ONCE(sk->sk_sndtimeo, secs * HZ);
820 	else
821 		WRITE_ONCE(sk->sk_sndtimeo, MAX_SCHEDULE_TIMEOUT);
822 	release_sock(sk);
823 }
824 EXPORT_SYMBOL(sock_set_sndtimeo);
825 
__sock_set_timestamps(struct sock * sk,bool val,bool new,bool ns)826 static void __sock_set_timestamps(struct sock *sk, bool val, bool new, bool ns)
827 {
828 	if (val)  {
829 		sock_valbool_flag(sk, SOCK_TSTAMP_NEW, new);
830 		sock_valbool_flag(sk, SOCK_RCVTSTAMPNS, ns);
831 		sock_set_flag(sk, SOCK_RCVTSTAMP);
832 		sock_enable_timestamp(sk, SOCK_TIMESTAMP);
833 	} else {
834 		sock_reset_flag(sk, SOCK_RCVTSTAMP);
835 		sock_reset_flag(sk, SOCK_RCVTSTAMPNS);
836 	}
837 }
838 
sock_enable_timestamps(struct sock * sk)839 void sock_enable_timestamps(struct sock *sk)
840 {
841 	lock_sock(sk);
842 	__sock_set_timestamps(sk, true, false, true);
843 	release_sock(sk);
844 }
845 EXPORT_SYMBOL(sock_enable_timestamps);
846 
sock_set_timestamp(struct sock * sk,int optname,bool valbool)847 void sock_set_timestamp(struct sock *sk, int optname, bool valbool)
848 {
849 	switch (optname) {
850 	case SO_TIMESTAMP_OLD:
851 		__sock_set_timestamps(sk, valbool, false, false);
852 		break;
853 	case SO_TIMESTAMP_NEW:
854 		__sock_set_timestamps(sk, valbool, true, false);
855 		break;
856 	case SO_TIMESTAMPNS_OLD:
857 		__sock_set_timestamps(sk, valbool, false, true);
858 		break;
859 	case SO_TIMESTAMPNS_NEW:
860 		__sock_set_timestamps(sk, valbool, true, true);
861 		break;
862 	}
863 }
864 
sock_timestamping_bind_phc(struct sock * sk,int phc_index)865 static int sock_timestamping_bind_phc(struct sock *sk, int phc_index)
866 {
867 	struct net *net = sock_net(sk);
868 	struct net_device *dev = NULL;
869 	bool match = false;
870 	int *vclock_index;
871 	int i, num;
872 
873 	if (sk->sk_bound_dev_if)
874 		dev = dev_get_by_index(net, sk->sk_bound_dev_if);
875 
876 	if (!dev) {
877 		pr_err("%s: sock not bind to device\n", __func__);
878 		return -EOPNOTSUPP;
879 	}
880 
881 	num = ethtool_get_phc_vclocks(dev, &vclock_index);
882 	dev_put(dev);
883 
884 	for (i = 0; i < num; i++) {
885 		if (*(vclock_index + i) == phc_index) {
886 			match = true;
887 			break;
888 		}
889 	}
890 
891 	if (num > 0)
892 		kfree(vclock_index);
893 
894 	if (!match)
895 		return -EINVAL;
896 
897 	WRITE_ONCE(sk->sk_bind_phc, phc_index);
898 
899 	return 0;
900 }
901 
sock_set_timestamping(struct sock * sk,int optname,struct so_timestamping timestamping)902 int sock_set_timestamping(struct sock *sk, int optname,
903 			  struct so_timestamping timestamping)
904 {
905 	int val = timestamping.flags;
906 	int ret;
907 
908 	if (val & ~SOF_TIMESTAMPING_MASK)
909 		return -EINVAL;
910 
911 	if (val & SOF_TIMESTAMPING_OPT_ID_TCP &&
912 	    !(val & SOF_TIMESTAMPING_OPT_ID))
913 		return -EINVAL;
914 
915 	if (val & SOF_TIMESTAMPING_OPT_ID &&
916 	    !(sk->sk_tsflags & SOF_TIMESTAMPING_OPT_ID)) {
917 		if (sk_is_tcp(sk)) {
918 			if ((1 << sk->sk_state) &
919 			    (TCPF_CLOSE | TCPF_LISTEN))
920 				return -EINVAL;
921 			if (val & SOF_TIMESTAMPING_OPT_ID_TCP)
922 				atomic_set(&sk->sk_tskey, tcp_sk(sk)->write_seq);
923 			else
924 				atomic_set(&sk->sk_tskey, tcp_sk(sk)->snd_una);
925 		} else {
926 			atomic_set(&sk->sk_tskey, 0);
927 		}
928 	}
929 
930 	if (val & SOF_TIMESTAMPING_OPT_STATS &&
931 	    !(val & SOF_TIMESTAMPING_OPT_TSONLY))
932 		return -EINVAL;
933 
934 	if (val & SOF_TIMESTAMPING_BIND_PHC) {
935 		ret = sock_timestamping_bind_phc(sk, timestamping.bind_phc);
936 		if (ret)
937 			return ret;
938 	}
939 
940 	WRITE_ONCE(sk->sk_tsflags, val);
941 	sock_valbool_flag(sk, SOCK_TSTAMP_NEW, optname == SO_TIMESTAMPING_NEW);
942 
943 	if (val & SOF_TIMESTAMPING_RX_SOFTWARE)
944 		sock_enable_timestamp(sk,
945 				      SOCK_TIMESTAMPING_RX_SOFTWARE);
946 	else
947 		sock_disable_timestamp(sk,
948 				       (1UL << SOCK_TIMESTAMPING_RX_SOFTWARE));
949 	return 0;
950 }
951 
sock_set_keepalive(struct sock * sk)952 void sock_set_keepalive(struct sock *sk)
953 {
954 	lock_sock(sk);
955 	if (sk->sk_prot->keepalive)
956 		sk->sk_prot->keepalive(sk, true);
957 	sock_valbool_flag(sk, SOCK_KEEPOPEN, true);
958 	release_sock(sk);
959 }
960 EXPORT_SYMBOL(sock_set_keepalive);
961 
__sock_set_rcvbuf(struct sock * sk,int val)962 static void __sock_set_rcvbuf(struct sock *sk, int val)
963 {
964 	/* Ensure val * 2 fits into an int, to prevent max_t() from treating it
965 	 * as a negative value.
966 	 */
967 	val = min_t(int, val, INT_MAX / 2);
968 	sk->sk_userlocks |= SOCK_RCVBUF_LOCK;
969 
970 	/* We double it on the way in to account for "struct sk_buff" etc.
971 	 * overhead.   Applications assume that the SO_RCVBUF setting they make
972 	 * will allow that much actual data to be received on that socket.
973 	 *
974 	 * Applications are unaware that "struct sk_buff" and other overheads
975 	 * allocate from the receive buffer during socket buffer allocation.
976 	 *
977 	 * And after considering the possible alternatives, returning the value
978 	 * we actually used in getsockopt is the most desirable behavior.
979 	 */
980 	WRITE_ONCE(sk->sk_rcvbuf, max_t(int, val * 2, SOCK_MIN_RCVBUF));
981 }
982 
sock_set_rcvbuf(struct sock * sk,int val)983 void sock_set_rcvbuf(struct sock *sk, int val)
984 {
985 	lock_sock(sk);
986 	__sock_set_rcvbuf(sk, val);
987 	release_sock(sk);
988 }
989 EXPORT_SYMBOL(sock_set_rcvbuf);
990 
__sock_set_mark(struct sock * sk,u32 val)991 static void __sock_set_mark(struct sock *sk, u32 val)
992 {
993 	if (val != sk->sk_mark) {
994 		WRITE_ONCE(sk->sk_mark, val);
995 		sk_dst_reset(sk);
996 	}
997 }
998 
sock_set_mark(struct sock * sk,u32 val)999 void sock_set_mark(struct sock *sk, u32 val)
1000 {
1001 	lock_sock(sk);
1002 	__sock_set_mark(sk, val);
1003 	release_sock(sk);
1004 }
1005 EXPORT_SYMBOL(sock_set_mark);
1006 
sock_release_reserved_memory(struct sock * sk,int bytes)1007 static void sock_release_reserved_memory(struct sock *sk, int bytes)
1008 {
1009 	/* Round down bytes to multiple of pages */
1010 	bytes = round_down(bytes, PAGE_SIZE);
1011 
1012 	WARN_ON(bytes > sk->sk_reserved_mem);
1013 	WRITE_ONCE(sk->sk_reserved_mem, sk->sk_reserved_mem - bytes);
1014 	sk_mem_reclaim(sk);
1015 }
1016 
sock_reserve_memory(struct sock * sk,int bytes)1017 static int sock_reserve_memory(struct sock *sk, int bytes)
1018 {
1019 	long allocated;
1020 	bool charged;
1021 	int pages;
1022 
1023 	if (!mem_cgroup_sockets_enabled || !sk->sk_memcg || !sk_has_account(sk))
1024 		return -EOPNOTSUPP;
1025 
1026 	if (!bytes)
1027 		return 0;
1028 
1029 	pages = sk_mem_pages(bytes);
1030 
1031 	/* pre-charge to memcg */
1032 	charged = mem_cgroup_charge_skmem(sk->sk_memcg, pages,
1033 					  GFP_KERNEL | __GFP_RETRY_MAYFAIL);
1034 	if (!charged)
1035 		return -ENOMEM;
1036 
1037 	/* pre-charge to forward_alloc */
1038 	sk_memory_allocated_add(sk, pages);
1039 	allocated = sk_memory_allocated(sk);
1040 	/* If the system goes into memory pressure with this
1041 	 * precharge, give up and return error.
1042 	 */
1043 	if (allocated > sk_prot_mem_limits(sk, 1)) {
1044 		sk_memory_allocated_sub(sk, pages);
1045 		mem_cgroup_uncharge_skmem(sk->sk_memcg, pages);
1046 		return -ENOMEM;
1047 	}
1048 	sk_forward_alloc_add(sk, pages << PAGE_SHIFT);
1049 
1050 	WRITE_ONCE(sk->sk_reserved_mem,
1051 		   sk->sk_reserved_mem + (pages << PAGE_SHIFT));
1052 
1053 	return 0;
1054 }
1055 
sockopt_lock_sock(struct sock * sk)1056 void sockopt_lock_sock(struct sock *sk)
1057 {
1058 	/* When current->bpf_ctx is set, the setsockopt is called from
1059 	 * a bpf prog.  bpf has ensured the sk lock has been
1060 	 * acquired before calling setsockopt().
1061 	 */
1062 	if (has_current_bpf_ctx())
1063 		return;
1064 
1065 	lock_sock(sk);
1066 }
1067 EXPORT_SYMBOL(sockopt_lock_sock);
1068 
sockopt_release_sock(struct sock * sk)1069 void sockopt_release_sock(struct sock *sk)
1070 {
1071 	if (has_current_bpf_ctx())
1072 		return;
1073 
1074 	release_sock(sk);
1075 }
1076 EXPORT_SYMBOL(sockopt_release_sock);
1077 
sockopt_ns_capable(struct user_namespace * ns,int cap)1078 bool sockopt_ns_capable(struct user_namespace *ns, int cap)
1079 {
1080 	return has_current_bpf_ctx() || ns_capable(ns, cap);
1081 }
1082 EXPORT_SYMBOL(sockopt_ns_capable);
1083 
sockopt_capable(int cap)1084 bool sockopt_capable(int cap)
1085 {
1086 	return has_current_bpf_ctx() || capable(cap);
1087 }
1088 EXPORT_SYMBOL(sockopt_capable);
1089 
1090 /*
1091  *	This is meant for all protocols to use and covers goings on
1092  *	at the socket level. Everything here is generic.
1093  */
1094 
sk_setsockopt(struct sock * sk,int level,int optname,sockptr_t optval,unsigned int optlen)1095 int sk_setsockopt(struct sock *sk, int level, int optname,
1096 		  sockptr_t optval, unsigned int optlen)
1097 {
1098 	struct so_timestamping timestamping;
1099 	struct socket *sock = sk->sk_socket;
1100 	struct sock_txtime sk_txtime;
1101 	int val;
1102 	int valbool;
1103 	struct linger ling;
1104 	int ret = 0;
1105 
1106 	/*
1107 	 *	Options without arguments
1108 	 */
1109 
1110 	if (optname == SO_BINDTODEVICE)
1111 		return sock_setbindtodevice(sk, optval, optlen);
1112 
1113 	if (optlen < sizeof(int))
1114 		return -EINVAL;
1115 
1116 	if (copy_from_sockptr(&val, optval, sizeof(val)))
1117 		return -EFAULT;
1118 
1119 	valbool = val ? 1 : 0;
1120 
1121 	sockopt_lock_sock(sk);
1122 
1123 	switch (optname) {
1124 	case SO_DEBUG:
1125 		if (val && !sockopt_capable(CAP_NET_ADMIN))
1126 			ret = -EACCES;
1127 		else
1128 			sock_valbool_flag(sk, SOCK_DBG, valbool);
1129 		break;
1130 	case SO_REUSEADDR:
1131 		sk->sk_reuse = (valbool ? SK_CAN_REUSE : SK_NO_REUSE);
1132 		break;
1133 	case SO_REUSEPORT:
1134 		sk->sk_reuseport = valbool;
1135 		break;
1136 	case SO_TYPE:
1137 	case SO_PROTOCOL:
1138 	case SO_DOMAIN:
1139 	case SO_ERROR:
1140 		ret = -ENOPROTOOPT;
1141 		break;
1142 	case SO_DONTROUTE:
1143 		sock_valbool_flag(sk, SOCK_LOCALROUTE, valbool);
1144 		sk_dst_reset(sk);
1145 		break;
1146 	case SO_BROADCAST:
1147 		sock_valbool_flag(sk, SOCK_BROADCAST, valbool);
1148 		break;
1149 	case SO_SNDBUF:
1150 		/* Don't error on this BSD doesn't and if you think
1151 		 * about it this is right. Otherwise apps have to
1152 		 * play 'guess the biggest size' games. RCVBUF/SNDBUF
1153 		 * are treated in BSD as hints
1154 		 */
1155 		val = min_t(u32, val, READ_ONCE(sysctl_wmem_max));
1156 set_sndbuf:
1157 		/* Ensure val * 2 fits into an int, to prevent max_t()
1158 		 * from treating it as a negative value.
1159 		 */
1160 		val = min_t(int, val, INT_MAX / 2);
1161 		sk->sk_userlocks |= SOCK_SNDBUF_LOCK;
1162 		WRITE_ONCE(sk->sk_sndbuf,
1163 			   max_t(int, val * 2, SOCK_MIN_SNDBUF));
1164 		/* Wake up sending tasks if we upped the value. */
1165 		sk->sk_write_space(sk);
1166 		break;
1167 
1168 	case SO_SNDBUFFORCE:
1169 		if (!sockopt_capable(CAP_NET_ADMIN)) {
1170 			ret = -EPERM;
1171 			break;
1172 		}
1173 
1174 		/* No negative values (to prevent underflow, as val will be
1175 		 * multiplied by 2).
1176 		 */
1177 		if (val < 0)
1178 			val = 0;
1179 		goto set_sndbuf;
1180 
1181 	case SO_RCVBUF:
1182 		/* Don't error on this BSD doesn't and if you think
1183 		 * about it this is right. Otherwise apps have to
1184 		 * play 'guess the biggest size' games. RCVBUF/SNDBUF
1185 		 * are treated in BSD as hints
1186 		 */
1187 		__sock_set_rcvbuf(sk, min_t(u32, val, READ_ONCE(sysctl_rmem_max)));
1188 		break;
1189 
1190 	case SO_RCVBUFFORCE:
1191 		if (!sockopt_capable(CAP_NET_ADMIN)) {
1192 			ret = -EPERM;
1193 			break;
1194 		}
1195 
1196 		/* No negative values (to prevent underflow, as val will be
1197 		 * multiplied by 2).
1198 		 */
1199 		__sock_set_rcvbuf(sk, max(val, 0));
1200 		break;
1201 
1202 	case SO_KEEPALIVE:
1203 		if (sk->sk_prot->keepalive)
1204 			sk->sk_prot->keepalive(sk, valbool);
1205 		sock_valbool_flag(sk, SOCK_KEEPOPEN, valbool);
1206 		break;
1207 
1208 	case SO_OOBINLINE:
1209 		sock_valbool_flag(sk, SOCK_URGINLINE, valbool);
1210 		break;
1211 
1212 	case SO_NO_CHECK:
1213 		sk->sk_no_check_tx = valbool;
1214 		break;
1215 
1216 	case SO_PRIORITY:
1217 		if ((val >= 0 && val <= 6) ||
1218 		    sockopt_ns_capable(sock_net(sk)->user_ns, CAP_NET_RAW) ||
1219 		    sockopt_ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN))
1220 			WRITE_ONCE(sk->sk_priority, val);
1221 		else
1222 			ret = -EPERM;
1223 		break;
1224 
1225 	case SO_LINGER:
1226 		if (optlen < sizeof(ling)) {
1227 			ret = -EINVAL;	/* 1003.1g */
1228 			break;
1229 		}
1230 		if (copy_from_sockptr(&ling, optval, sizeof(ling))) {
1231 			ret = -EFAULT;
1232 			break;
1233 		}
1234 		if (!ling.l_onoff) {
1235 			sock_reset_flag(sk, SOCK_LINGER);
1236 		} else {
1237 			unsigned long t_sec = ling.l_linger;
1238 
1239 			if (t_sec >= MAX_SCHEDULE_TIMEOUT / HZ)
1240 				WRITE_ONCE(sk->sk_lingertime, MAX_SCHEDULE_TIMEOUT);
1241 			else
1242 				WRITE_ONCE(sk->sk_lingertime, t_sec * HZ);
1243 			sock_set_flag(sk, SOCK_LINGER);
1244 		}
1245 		break;
1246 
1247 	case SO_BSDCOMPAT:
1248 		break;
1249 
1250 	case SO_PASSCRED:
1251 		assign_bit(SOCK_PASSCRED, &sock->flags, valbool);
1252 		break;
1253 
1254 	case SO_PASSPIDFD:
1255 		assign_bit(SOCK_PASSPIDFD, &sock->flags, valbool);
1256 		break;
1257 
1258 	case SO_TIMESTAMP_OLD:
1259 	case SO_TIMESTAMP_NEW:
1260 	case SO_TIMESTAMPNS_OLD:
1261 	case SO_TIMESTAMPNS_NEW:
1262 		sock_set_timestamp(sk, optname, valbool);
1263 		break;
1264 
1265 	case SO_TIMESTAMPING_NEW:
1266 	case SO_TIMESTAMPING_OLD:
1267 		if (optlen == sizeof(timestamping)) {
1268 			if (copy_from_sockptr(&timestamping, optval,
1269 					      sizeof(timestamping))) {
1270 				ret = -EFAULT;
1271 				break;
1272 			}
1273 		} else {
1274 			memset(&timestamping, 0, sizeof(timestamping));
1275 			timestamping.flags = val;
1276 		}
1277 		ret = sock_set_timestamping(sk, optname, timestamping);
1278 		break;
1279 
1280 	case SO_RCVLOWAT:
1281 		{
1282 		int (*set_rcvlowat)(struct sock *sk, int val) = NULL;
1283 
1284 		if (val < 0)
1285 			val = INT_MAX;
1286 		if (sock)
1287 			set_rcvlowat = READ_ONCE(sock->ops)->set_rcvlowat;
1288 		if (set_rcvlowat)
1289 			ret = set_rcvlowat(sk, val);
1290 		else
1291 			WRITE_ONCE(sk->sk_rcvlowat, val ? : 1);
1292 		break;
1293 		}
1294 	case SO_RCVTIMEO_OLD:
1295 	case SO_RCVTIMEO_NEW:
1296 		ret = sock_set_timeout(&sk->sk_rcvtimeo, optval,
1297 				       optlen, optname == SO_RCVTIMEO_OLD);
1298 		break;
1299 
1300 	case SO_SNDTIMEO_OLD:
1301 	case SO_SNDTIMEO_NEW:
1302 		ret = sock_set_timeout(&sk->sk_sndtimeo, optval,
1303 				       optlen, optname == SO_SNDTIMEO_OLD);
1304 		break;
1305 
1306 	case SO_ATTACH_FILTER: {
1307 		struct sock_fprog fprog;
1308 
1309 		ret = copy_bpf_fprog_from_user(&fprog, optval, optlen);
1310 		if (!ret)
1311 			ret = sk_attach_filter(&fprog, sk);
1312 		break;
1313 	}
1314 	case SO_ATTACH_BPF:
1315 		ret = -EINVAL;
1316 		if (optlen == sizeof(u32)) {
1317 			u32 ufd;
1318 
1319 			ret = -EFAULT;
1320 			if (copy_from_sockptr(&ufd, optval, sizeof(ufd)))
1321 				break;
1322 
1323 			ret = sk_attach_bpf(ufd, sk);
1324 		}
1325 		break;
1326 
1327 	case SO_ATTACH_REUSEPORT_CBPF: {
1328 		struct sock_fprog fprog;
1329 
1330 		ret = copy_bpf_fprog_from_user(&fprog, optval, optlen);
1331 		if (!ret)
1332 			ret = sk_reuseport_attach_filter(&fprog, sk);
1333 		break;
1334 	}
1335 	case SO_ATTACH_REUSEPORT_EBPF:
1336 		ret = -EINVAL;
1337 		if (optlen == sizeof(u32)) {
1338 			u32 ufd;
1339 
1340 			ret = -EFAULT;
1341 			if (copy_from_sockptr(&ufd, optval, sizeof(ufd)))
1342 				break;
1343 
1344 			ret = sk_reuseport_attach_bpf(ufd, sk);
1345 		}
1346 		break;
1347 
1348 	case SO_DETACH_REUSEPORT_BPF:
1349 		ret = reuseport_detach_prog(sk);
1350 		break;
1351 
1352 	case SO_DETACH_FILTER:
1353 		ret = sk_detach_filter(sk);
1354 		break;
1355 
1356 	case SO_LOCK_FILTER:
1357 		if (sock_flag(sk, SOCK_FILTER_LOCKED) && !valbool)
1358 			ret = -EPERM;
1359 		else
1360 			sock_valbool_flag(sk, SOCK_FILTER_LOCKED, valbool);
1361 		break;
1362 
1363 	case SO_PASSSEC:
1364 		assign_bit(SOCK_PASSSEC, &sock->flags, valbool);
1365 		break;
1366 	case SO_MARK:
1367 		if (!sockopt_ns_capable(sock_net(sk)->user_ns, CAP_NET_RAW) &&
1368 		    !sockopt_ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) {
1369 			ret = -EPERM;
1370 			break;
1371 		}
1372 
1373 		__sock_set_mark(sk, val);
1374 		break;
1375 	case SO_RCVMARK:
1376 		sock_valbool_flag(sk, SOCK_RCVMARK, valbool);
1377 		break;
1378 
1379 	case SO_RXQ_OVFL:
1380 		sock_valbool_flag(sk, SOCK_RXQ_OVFL, valbool);
1381 		break;
1382 
1383 	case SO_WIFI_STATUS:
1384 		sock_valbool_flag(sk, SOCK_WIFI_STATUS, valbool);
1385 		break;
1386 
1387 	case SO_PEEK_OFF:
1388 		{
1389 		int (*set_peek_off)(struct sock *sk, int val);
1390 
1391 		set_peek_off = READ_ONCE(sock->ops)->set_peek_off;
1392 		if (set_peek_off)
1393 			ret = set_peek_off(sk, val);
1394 		else
1395 			ret = -EOPNOTSUPP;
1396 		break;
1397 		}
1398 
1399 	case SO_NOFCS:
1400 		sock_valbool_flag(sk, SOCK_NOFCS, valbool);
1401 		break;
1402 
1403 	case SO_SELECT_ERR_QUEUE:
1404 		sock_valbool_flag(sk, SOCK_SELECT_ERR_QUEUE, valbool);
1405 		break;
1406 
1407 #ifdef CONFIG_NET_RX_BUSY_POLL
1408 	case SO_BUSY_POLL:
1409 		if (val < 0)
1410 			ret = -EINVAL;
1411 		else
1412 			WRITE_ONCE(sk->sk_ll_usec, val);
1413 		break;
1414 	case SO_PREFER_BUSY_POLL:
1415 		if (valbool && !sockopt_capable(CAP_NET_ADMIN))
1416 			ret = -EPERM;
1417 		else
1418 			WRITE_ONCE(sk->sk_prefer_busy_poll, valbool);
1419 		break;
1420 	case SO_BUSY_POLL_BUDGET:
1421 		if (val > READ_ONCE(sk->sk_busy_poll_budget) && !sockopt_capable(CAP_NET_ADMIN)) {
1422 			ret = -EPERM;
1423 		} else {
1424 			if (val < 0 || val > U16_MAX)
1425 				ret = -EINVAL;
1426 			else
1427 				WRITE_ONCE(sk->sk_busy_poll_budget, val);
1428 		}
1429 		break;
1430 #endif
1431 
1432 	case SO_MAX_PACING_RATE:
1433 		{
1434 		unsigned long ulval = (val == ~0U) ? ~0UL : (unsigned int)val;
1435 
1436 		if (sizeof(ulval) != sizeof(val) &&
1437 		    optlen >= sizeof(ulval) &&
1438 		    copy_from_sockptr(&ulval, optval, sizeof(ulval))) {
1439 			ret = -EFAULT;
1440 			break;
1441 		}
1442 		if (ulval != ~0UL)
1443 			cmpxchg(&sk->sk_pacing_status,
1444 				SK_PACING_NONE,
1445 				SK_PACING_NEEDED);
1446 		/* Pairs with READ_ONCE() from sk_getsockopt() */
1447 		WRITE_ONCE(sk->sk_max_pacing_rate, ulval);
1448 		sk->sk_pacing_rate = min(sk->sk_pacing_rate, ulval);
1449 		break;
1450 		}
1451 	case SO_INCOMING_CPU:
1452 		reuseport_update_incoming_cpu(sk, val);
1453 		break;
1454 
1455 	case SO_CNX_ADVICE:
1456 		if (val == 1)
1457 			dst_negative_advice(sk);
1458 		break;
1459 
1460 	case SO_ZEROCOPY:
1461 		if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6) {
1462 			if (!(sk_is_tcp(sk) ||
1463 			      (sk->sk_type == SOCK_DGRAM &&
1464 			       sk->sk_protocol == IPPROTO_UDP)))
1465 				ret = -EOPNOTSUPP;
1466 		} else if (sk->sk_family != PF_RDS) {
1467 			ret = -EOPNOTSUPP;
1468 		}
1469 		if (!ret) {
1470 			if (val < 0 || val > 1)
1471 				ret = -EINVAL;
1472 			else
1473 				sock_valbool_flag(sk, SOCK_ZEROCOPY, valbool);
1474 		}
1475 		break;
1476 
1477 	case SO_TXTIME:
1478 		if (optlen != sizeof(struct sock_txtime)) {
1479 			ret = -EINVAL;
1480 			break;
1481 		} else if (copy_from_sockptr(&sk_txtime, optval,
1482 			   sizeof(struct sock_txtime))) {
1483 			ret = -EFAULT;
1484 			break;
1485 		} else if (sk_txtime.flags & ~SOF_TXTIME_FLAGS_MASK) {
1486 			ret = -EINVAL;
1487 			break;
1488 		}
1489 		/* CLOCK_MONOTONIC is only used by sch_fq, and this packet
1490 		 * scheduler has enough safe guards.
1491 		 */
1492 		if (sk_txtime.clockid != CLOCK_MONOTONIC &&
1493 		    !sockopt_ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) {
1494 			ret = -EPERM;
1495 			break;
1496 		}
1497 		sock_valbool_flag(sk, SOCK_TXTIME, true);
1498 		sk->sk_clockid = sk_txtime.clockid;
1499 		sk->sk_txtime_deadline_mode =
1500 			!!(sk_txtime.flags & SOF_TXTIME_DEADLINE_MODE);
1501 		sk->sk_txtime_report_errors =
1502 			!!(sk_txtime.flags & SOF_TXTIME_REPORT_ERRORS);
1503 		break;
1504 
1505 	case SO_BINDTOIFINDEX:
1506 		ret = sock_bindtoindex_locked(sk, val);
1507 		break;
1508 
1509 	case SO_BUF_LOCK:
1510 		if (val & ~SOCK_BUF_LOCK_MASK) {
1511 			ret = -EINVAL;
1512 			break;
1513 		}
1514 		sk->sk_userlocks = val | (sk->sk_userlocks &
1515 					  ~SOCK_BUF_LOCK_MASK);
1516 		break;
1517 
1518 	case SO_RESERVE_MEM:
1519 	{
1520 		int delta;
1521 
1522 		if (val < 0) {
1523 			ret = -EINVAL;
1524 			break;
1525 		}
1526 
1527 		delta = val - sk->sk_reserved_mem;
1528 		if (delta < 0)
1529 			sock_release_reserved_memory(sk, -delta);
1530 		else
1531 			ret = sock_reserve_memory(sk, delta);
1532 		break;
1533 	}
1534 
1535 	case SO_TXREHASH:
1536 		if (val < -1 || val > 1) {
1537 			ret = -EINVAL;
1538 			break;
1539 		}
1540 		if ((u8)val == SOCK_TXREHASH_DEFAULT)
1541 			val = READ_ONCE(sock_net(sk)->core.sysctl_txrehash);
1542 		/* Paired with READ_ONCE() in tcp_rtx_synack()
1543 		 * and sk_getsockopt().
1544 		 */
1545 		WRITE_ONCE(sk->sk_txrehash, (u8)val);
1546 		break;
1547 
1548 	default:
1549 		ret = -ENOPROTOOPT;
1550 		break;
1551 	}
1552 	sockopt_release_sock(sk);
1553 	return ret;
1554 }
1555 
sock_setsockopt(struct socket * sock,int level,int optname,sockptr_t optval,unsigned int optlen)1556 int sock_setsockopt(struct socket *sock, int level, int optname,
1557 		    sockptr_t optval, unsigned int optlen)
1558 {
1559 	return sk_setsockopt(sock->sk, level, optname,
1560 			     optval, optlen);
1561 }
1562 EXPORT_SYMBOL(sock_setsockopt);
1563 
sk_get_peer_cred(struct sock * sk)1564 static const struct cred *sk_get_peer_cred(struct sock *sk)
1565 {
1566 	const struct cred *cred;
1567 
1568 	spin_lock(&sk->sk_peer_lock);
1569 	cred = get_cred(sk->sk_peer_cred);
1570 	spin_unlock(&sk->sk_peer_lock);
1571 
1572 	return cred;
1573 }
1574 
cred_to_ucred(struct pid * pid,const struct cred * cred,struct ucred * ucred)1575 static void cred_to_ucred(struct pid *pid, const struct cred *cred,
1576 			  struct ucred *ucred)
1577 {
1578 	ucred->pid = pid_vnr(pid);
1579 	ucred->uid = ucred->gid = -1;
1580 	if (cred) {
1581 		struct user_namespace *current_ns = current_user_ns();
1582 
1583 		ucred->uid = from_kuid_munged(current_ns, cred->euid);
1584 		ucred->gid = from_kgid_munged(current_ns, cred->egid);
1585 	}
1586 }
1587 
groups_to_user(sockptr_t dst,const struct group_info * src)1588 static int groups_to_user(sockptr_t dst, const struct group_info *src)
1589 {
1590 	struct user_namespace *user_ns = current_user_ns();
1591 	int i;
1592 
1593 	for (i = 0; i < src->ngroups; i++) {
1594 		gid_t gid = from_kgid_munged(user_ns, src->gid[i]);
1595 
1596 		if (copy_to_sockptr_offset(dst, i * sizeof(gid), &gid, sizeof(gid)))
1597 			return -EFAULT;
1598 	}
1599 
1600 	return 0;
1601 }
1602 
sk_getsockopt(struct sock * sk,int level,int optname,sockptr_t optval,sockptr_t optlen)1603 int sk_getsockopt(struct sock *sk, int level, int optname,
1604 		  sockptr_t optval, sockptr_t optlen)
1605 {
1606 	struct socket *sock = sk->sk_socket;
1607 
1608 	union {
1609 		int val;
1610 		u64 val64;
1611 		unsigned long ulval;
1612 		struct linger ling;
1613 		struct old_timeval32 tm32;
1614 		struct __kernel_old_timeval tm;
1615 		struct  __kernel_sock_timeval stm;
1616 		struct sock_txtime txtime;
1617 		struct so_timestamping timestamping;
1618 	} v;
1619 
1620 	int lv = sizeof(int);
1621 	int len;
1622 
1623 	if (copy_from_sockptr(&len, optlen, sizeof(int)))
1624 		return -EFAULT;
1625 	if (len < 0)
1626 		return -EINVAL;
1627 
1628 	memset(&v, 0, sizeof(v));
1629 
1630 	switch (optname) {
1631 	case SO_DEBUG:
1632 		v.val = sock_flag(sk, SOCK_DBG);
1633 		break;
1634 
1635 	case SO_DONTROUTE:
1636 		v.val = sock_flag(sk, SOCK_LOCALROUTE);
1637 		break;
1638 
1639 	case SO_BROADCAST:
1640 		v.val = sock_flag(sk, SOCK_BROADCAST);
1641 		break;
1642 
1643 	case SO_SNDBUF:
1644 		v.val = READ_ONCE(sk->sk_sndbuf);
1645 		break;
1646 
1647 	case SO_RCVBUF:
1648 		v.val = READ_ONCE(sk->sk_rcvbuf);
1649 		break;
1650 
1651 	case SO_REUSEADDR:
1652 		v.val = sk->sk_reuse;
1653 		break;
1654 
1655 	case SO_REUSEPORT:
1656 		v.val = sk->sk_reuseport;
1657 		break;
1658 
1659 	case SO_KEEPALIVE:
1660 		v.val = sock_flag(sk, SOCK_KEEPOPEN);
1661 		break;
1662 
1663 	case SO_TYPE:
1664 		v.val = sk->sk_type;
1665 		break;
1666 
1667 	case SO_PROTOCOL:
1668 		v.val = sk->sk_protocol;
1669 		break;
1670 
1671 	case SO_DOMAIN:
1672 		v.val = sk->sk_family;
1673 		break;
1674 
1675 	case SO_ERROR:
1676 		v.val = -sock_error(sk);
1677 		if (v.val == 0)
1678 			v.val = xchg(&sk->sk_err_soft, 0);
1679 		break;
1680 
1681 	case SO_OOBINLINE:
1682 		v.val = sock_flag(sk, SOCK_URGINLINE);
1683 		break;
1684 
1685 	case SO_NO_CHECK:
1686 		v.val = sk->sk_no_check_tx;
1687 		break;
1688 
1689 	case SO_PRIORITY:
1690 		v.val = READ_ONCE(sk->sk_priority);
1691 		break;
1692 
1693 	case SO_LINGER:
1694 		lv		= sizeof(v.ling);
1695 		v.ling.l_onoff	= sock_flag(sk, SOCK_LINGER);
1696 		v.ling.l_linger	= READ_ONCE(sk->sk_lingertime) / HZ;
1697 		break;
1698 
1699 	case SO_BSDCOMPAT:
1700 		break;
1701 
1702 	case SO_TIMESTAMP_OLD:
1703 		v.val = sock_flag(sk, SOCK_RCVTSTAMP) &&
1704 				!sock_flag(sk, SOCK_TSTAMP_NEW) &&
1705 				!sock_flag(sk, SOCK_RCVTSTAMPNS);
1706 		break;
1707 
1708 	case SO_TIMESTAMPNS_OLD:
1709 		v.val = sock_flag(sk, SOCK_RCVTSTAMPNS) && !sock_flag(sk, SOCK_TSTAMP_NEW);
1710 		break;
1711 
1712 	case SO_TIMESTAMP_NEW:
1713 		v.val = sock_flag(sk, SOCK_RCVTSTAMP) && sock_flag(sk, SOCK_TSTAMP_NEW);
1714 		break;
1715 
1716 	case SO_TIMESTAMPNS_NEW:
1717 		v.val = sock_flag(sk, SOCK_RCVTSTAMPNS) && sock_flag(sk, SOCK_TSTAMP_NEW);
1718 		break;
1719 
1720 	case SO_TIMESTAMPING_OLD:
1721 		lv = sizeof(v.timestamping);
1722 		v.timestamping.flags = READ_ONCE(sk->sk_tsflags);
1723 		v.timestamping.bind_phc = READ_ONCE(sk->sk_bind_phc);
1724 		break;
1725 
1726 	case SO_RCVTIMEO_OLD:
1727 	case SO_RCVTIMEO_NEW:
1728 		lv = sock_get_timeout(READ_ONCE(sk->sk_rcvtimeo), &v,
1729 				      SO_RCVTIMEO_OLD == optname);
1730 		break;
1731 
1732 	case SO_SNDTIMEO_OLD:
1733 	case SO_SNDTIMEO_NEW:
1734 		lv = sock_get_timeout(READ_ONCE(sk->sk_sndtimeo), &v,
1735 				      SO_SNDTIMEO_OLD == optname);
1736 		break;
1737 
1738 	case SO_RCVLOWAT:
1739 		v.val = READ_ONCE(sk->sk_rcvlowat);
1740 		break;
1741 
1742 	case SO_SNDLOWAT:
1743 		v.val = 1;
1744 		break;
1745 
1746 	case SO_PASSCRED:
1747 		v.val = !!test_bit(SOCK_PASSCRED, &sock->flags);
1748 		break;
1749 
1750 	case SO_PASSPIDFD:
1751 		v.val = !!test_bit(SOCK_PASSPIDFD, &sock->flags);
1752 		break;
1753 
1754 	case SO_PEERCRED:
1755 	{
1756 		struct ucred peercred;
1757 		if (len > sizeof(peercred))
1758 			len = sizeof(peercred);
1759 
1760 		spin_lock(&sk->sk_peer_lock);
1761 		cred_to_ucred(sk->sk_peer_pid, sk->sk_peer_cred, &peercred);
1762 		spin_unlock(&sk->sk_peer_lock);
1763 
1764 		if (copy_to_sockptr(optval, &peercred, len))
1765 			return -EFAULT;
1766 		goto lenout;
1767 	}
1768 
1769 	case SO_PEERPIDFD:
1770 	{
1771 		struct pid *peer_pid;
1772 		struct file *pidfd_file = NULL;
1773 		int pidfd;
1774 
1775 		if (len > sizeof(pidfd))
1776 			len = sizeof(pidfd);
1777 
1778 		spin_lock(&sk->sk_peer_lock);
1779 		peer_pid = get_pid(sk->sk_peer_pid);
1780 		spin_unlock(&sk->sk_peer_lock);
1781 
1782 		if (!peer_pid)
1783 			return -ENODATA;
1784 
1785 		pidfd = pidfd_prepare(peer_pid, 0, &pidfd_file);
1786 		put_pid(peer_pid);
1787 		if (pidfd < 0)
1788 			return pidfd;
1789 
1790 		if (copy_to_sockptr(optval, &pidfd, len) ||
1791 		    copy_to_sockptr(optlen, &len, sizeof(int))) {
1792 			put_unused_fd(pidfd);
1793 			fput(pidfd_file);
1794 
1795 			return -EFAULT;
1796 		}
1797 
1798 		fd_install(pidfd, pidfd_file);
1799 		return 0;
1800 	}
1801 
1802 	case SO_PEERGROUPS:
1803 	{
1804 		const struct cred *cred;
1805 		int ret, n;
1806 
1807 		cred = sk_get_peer_cred(sk);
1808 		if (!cred)
1809 			return -ENODATA;
1810 
1811 		n = cred->group_info->ngroups;
1812 		if (len < n * sizeof(gid_t)) {
1813 			len = n * sizeof(gid_t);
1814 			put_cred(cred);
1815 			return copy_to_sockptr(optlen, &len, sizeof(int)) ? -EFAULT : -ERANGE;
1816 		}
1817 		len = n * sizeof(gid_t);
1818 
1819 		ret = groups_to_user(optval, cred->group_info);
1820 		put_cred(cred);
1821 		if (ret)
1822 			return ret;
1823 		goto lenout;
1824 	}
1825 
1826 	case SO_PEERNAME:
1827 	{
1828 		struct sockaddr_storage address;
1829 
1830 		lv = READ_ONCE(sock->ops)->getname(sock, (struct sockaddr *)&address, 2);
1831 		if (lv < 0)
1832 			return -ENOTCONN;
1833 		if (lv < len)
1834 			return -EINVAL;
1835 		if (copy_to_sockptr(optval, &address, len))
1836 			return -EFAULT;
1837 		goto lenout;
1838 	}
1839 
1840 	/* Dubious BSD thing... Probably nobody even uses it, but
1841 	 * the UNIX standard wants it for whatever reason... -DaveM
1842 	 */
1843 	case SO_ACCEPTCONN:
1844 		v.val = sk->sk_state == TCP_LISTEN;
1845 		break;
1846 
1847 	case SO_PASSSEC:
1848 		v.val = !!test_bit(SOCK_PASSSEC, &sock->flags);
1849 		break;
1850 
1851 	case SO_PEERSEC:
1852 		return security_socket_getpeersec_stream(sock,
1853 							 optval, optlen, len);
1854 
1855 	case SO_MARK:
1856 		v.val = READ_ONCE(sk->sk_mark);
1857 		break;
1858 
1859 	case SO_RCVMARK:
1860 		v.val = sock_flag(sk, SOCK_RCVMARK);
1861 		break;
1862 
1863 	case SO_RXQ_OVFL:
1864 		v.val = sock_flag(sk, SOCK_RXQ_OVFL);
1865 		break;
1866 
1867 	case SO_WIFI_STATUS:
1868 		v.val = sock_flag(sk, SOCK_WIFI_STATUS);
1869 		break;
1870 
1871 	case SO_PEEK_OFF:
1872 		if (!READ_ONCE(sock->ops)->set_peek_off)
1873 			return -EOPNOTSUPP;
1874 
1875 		v.val = READ_ONCE(sk->sk_peek_off);
1876 		break;
1877 	case SO_NOFCS:
1878 		v.val = sock_flag(sk, SOCK_NOFCS);
1879 		break;
1880 
1881 	case SO_BINDTODEVICE:
1882 		return sock_getbindtodevice(sk, optval, optlen, len);
1883 
1884 	case SO_GET_FILTER:
1885 		len = sk_get_filter(sk, optval, len);
1886 		if (len < 0)
1887 			return len;
1888 
1889 		goto lenout;
1890 
1891 	case SO_LOCK_FILTER:
1892 		v.val = sock_flag(sk, SOCK_FILTER_LOCKED);
1893 		break;
1894 
1895 	case SO_BPF_EXTENSIONS:
1896 		v.val = bpf_tell_extensions();
1897 		break;
1898 
1899 	case SO_SELECT_ERR_QUEUE:
1900 		v.val = sock_flag(sk, SOCK_SELECT_ERR_QUEUE);
1901 		break;
1902 
1903 #ifdef CONFIG_NET_RX_BUSY_POLL
1904 	case SO_BUSY_POLL:
1905 		v.val = READ_ONCE(sk->sk_ll_usec);
1906 		break;
1907 	case SO_PREFER_BUSY_POLL:
1908 		v.val = READ_ONCE(sk->sk_prefer_busy_poll);
1909 		break;
1910 #endif
1911 
1912 	case SO_MAX_PACING_RATE:
1913 		/* The READ_ONCE() pair with the WRITE_ONCE() in sk_setsockopt() */
1914 		if (sizeof(v.ulval) != sizeof(v.val) && len >= sizeof(v.ulval)) {
1915 			lv = sizeof(v.ulval);
1916 			v.ulval = READ_ONCE(sk->sk_max_pacing_rate);
1917 		} else {
1918 			/* 32bit version */
1919 			v.val = min_t(unsigned long, ~0U,
1920 				      READ_ONCE(sk->sk_max_pacing_rate));
1921 		}
1922 		break;
1923 
1924 	case SO_INCOMING_CPU:
1925 		v.val = READ_ONCE(sk->sk_incoming_cpu);
1926 		break;
1927 
1928 	case SO_MEMINFO:
1929 	{
1930 		u32 meminfo[SK_MEMINFO_VARS];
1931 
1932 		sk_get_meminfo(sk, meminfo);
1933 
1934 		len = min_t(unsigned int, len, sizeof(meminfo));
1935 		if (copy_to_sockptr(optval, &meminfo, len))
1936 			return -EFAULT;
1937 
1938 		goto lenout;
1939 	}
1940 
1941 #ifdef CONFIG_NET_RX_BUSY_POLL
1942 	case SO_INCOMING_NAPI_ID:
1943 		v.val = READ_ONCE(sk->sk_napi_id);
1944 
1945 		/* aggregate non-NAPI IDs down to 0 */
1946 		if (v.val < MIN_NAPI_ID)
1947 			v.val = 0;
1948 
1949 		break;
1950 #endif
1951 
1952 	case SO_COOKIE:
1953 		lv = sizeof(u64);
1954 		if (len < lv)
1955 			return -EINVAL;
1956 		v.val64 = sock_gen_cookie(sk);
1957 		break;
1958 
1959 	case SO_ZEROCOPY:
1960 		v.val = sock_flag(sk, SOCK_ZEROCOPY);
1961 		break;
1962 
1963 	case SO_TXTIME:
1964 		lv = sizeof(v.txtime);
1965 		v.txtime.clockid = sk->sk_clockid;
1966 		v.txtime.flags |= sk->sk_txtime_deadline_mode ?
1967 				  SOF_TXTIME_DEADLINE_MODE : 0;
1968 		v.txtime.flags |= sk->sk_txtime_report_errors ?
1969 				  SOF_TXTIME_REPORT_ERRORS : 0;
1970 		break;
1971 
1972 	case SO_BINDTOIFINDEX:
1973 		v.val = READ_ONCE(sk->sk_bound_dev_if);
1974 		break;
1975 
1976 	case SO_NETNS_COOKIE:
1977 		lv = sizeof(u64);
1978 		if (len != lv)
1979 			return -EINVAL;
1980 		v.val64 = sock_net(sk)->net_cookie;
1981 		break;
1982 
1983 	case SO_BUF_LOCK:
1984 		v.val = sk->sk_userlocks & SOCK_BUF_LOCK_MASK;
1985 		break;
1986 
1987 	case SO_RESERVE_MEM:
1988 		v.val = READ_ONCE(sk->sk_reserved_mem);
1989 		break;
1990 
1991 	case SO_TXREHASH:
1992 		/* Paired with WRITE_ONCE() in sk_setsockopt() */
1993 		v.val = READ_ONCE(sk->sk_txrehash);
1994 		break;
1995 
1996 	default:
1997 		/* We implement the SO_SNDLOWAT etc to not be settable
1998 		 * (1003.1g 7).
1999 		 */
2000 		return -ENOPROTOOPT;
2001 	}
2002 
2003 	if (len > lv)
2004 		len = lv;
2005 	if (copy_to_sockptr(optval, &v, len))
2006 		return -EFAULT;
2007 lenout:
2008 	if (copy_to_sockptr(optlen, &len, sizeof(int)))
2009 		return -EFAULT;
2010 	return 0;
2011 }
2012 
sock_getsockopt(struct socket * sock,int level,int optname,char __user * optval,int __user * optlen)2013 int sock_getsockopt(struct socket *sock, int level, int optname,
2014 		    char __user *optval, int __user *optlen)
2015 {
2016 	return sk_getsockopt(sock->sk, level, optname,
2017 			     USER_SOCKPTR(optval),
2018 			     USER_SOCKPTR(optlen));
2019 }
2020 
2021 /*
2022  * Initialize an sk_lock.
2023  *
2024  * (We also register the sk_lock with the lock validator.)
2025  */
sock_lock_init(struct sock * sk)2026 static inline void sock_lock_init(struct sock *sk)
2027 {
2028 	if (sk->sk_kern_sock)
2029 		sock_lock_init_class_and_name(
2030 			sk,
2031 			af_family_kern_slock_key_strings[sk->sk_family],
2032 			af_family_kern_slock_keys + sk->sk_family,
2033 			af_family_kern_key_strings[sk->sk_family],
2034 			af_family_kern_keys + sk->sk_family);
2035 	else
2036 		sock_lock_init_class_and_name(
2037 			sk,
2038 			af_family_slock_key_strings[sk->sk_family],
2039 			af_family_slock_keys + sk->sk_family,
2040 			af_family_key_strings[sk->sk_family],
2041 			af_family_keys + sk->sk_family);
2042 }
2043 
2044 /*
2045  * Copy all fields from osk to nsk but nsk->sk_refcnt must not change yet,
2046  * even temporarly, because of RCU lookups. sk_node should also be left as is.
2047  * We must not copy fields between sk_dontcopy_begin and sk_dontcopy_end
2048  */
sock_copy(struct sock * nsk,const struct sock * osk)2049 static void sock_copy(struct sock *nsk, const struct sock *osk)
2050 {
2051 	const struct proto *prot = READ_ONCE(osk->sk_prot);
2052 #ifdef CONFIG_SECURITY_NETWORK
2053 	void *sptr = nsk->sk_security;
2054 #endif
2055 
2056 	/* If we move sk_tx_queue_mapping out of the private section,
2057 	 * we must check if sk_tx_queue_clear() is called after
2058 	 * sock_copy() in sk_clone_lock().
2059 	 */
2060 	BUILD_BUG_ON(offsetof(struct sock, sk_tx_queue_mapping) <
2061 		     offsetof(struct sock, sk_dontcopy_begin) ||
2062 		     offsetof(struct sock, sk_tx_queue_mapping) >=
2063 		     offsetof(struct sock, sk_dontcopy_end));
2064 
2065 	memcpy(nsk, osk, offsetof(struct sock, sk_dontcopy_begin));
2066 
2067 	memcpy(&nsk->sk_dontcopy_end, &osk->sk_dontcopy_end,
2068 	       prot->obj_size - offsetof(struct sock, sk_dontcopy_end));
2069 
2070 #ifdef CONFIG_SECURITY_NETWORK
2071 	nsk->sk_security = sptr;
2072 	security_sk_clone(osk, nsk);
2073 #endif
2074 }
2075 
sk_prot_alloc(struct proto * prot,gfp_t priority,int family)2076 static struct sock *sk_prot_alloc(struct proto *prot, gfp_t priority,
2077 		int family)
2078 {
2079 	struct sock *sk;
2080 	struct kmem_cache *slab;
2081 
2082 	slab = prot->slab;
2083 	if (slab != NULL) {
2084 		sk = kmem_cache_alloc(slab, priority & ~__GFP_ZERO);
2085 		if (!sk)
2086 			return sk;
2087 		if (want_init_on_alloc(priority))
2088 			sk_prot_clear_nulls(sk, prot->obj_size);
2089 	} else
2090 		sk = kmalloc(prot->obj_size, priority);
2091 
2092 	if (sk != NULL) {
2093 		if (security_sk_alloc(sk, family, priority))
2094 			goto out_free;
2095 
2096 		if (!try_module_get(prot->owner))
2097 			goto out_free_sec;
2098 	}
2099 
2100 	return sk;
2101 
2102 out_free_sec:
2103 	security_sk_free(sk);
2104 out_free:
2105 	if (slab != NULL)
2106 		kmem_cache_free(slab, sk);
2107 	else
2108 		kfree(sk);
2109 	return NULL;
2110 }
2111 
sk_prot_free(struct proto * prot,struct sock * sk)2112 static void sk_prot_free(struct proto *prot, struct sock *sk)
2113 {
2114 	struct kmem_cache *slab;
2115 	struct module *owner;
2116 
2117 	owner = prot->owner;
2118 	slab = prot->slab;
2119 
2120 	cgroup_sk_free(&sk->sk_cgrp_data);
2121 	mem_cgroup_sk_free(sk);
2122 	security_sk_free(sk);
2123 	if (slab != NULL)
2124 		kmem_cache_free(slab, sk);
2125 	else
2126 		kfree(sk);
2127 	module_put(owner);
2128 }
2129 
2130 /**
2131  *	sk_alloc - All socket objects are allocated here
2132  *	@net: the applicable net namespace
2133  *	@family: protocol family
2134  *	@priority: for allocation (%GFP_KERNEL, %GFP_ATOMIC, etc)
2135  *	@prot: struct proto associated with this new sock instance
2136  *	@kern: is this to be a kernel socket?
2137  */
sk_alloc(struct net * net,int family,gfp_t priority,struct proto * prot,int kern)2138 struct sock *sk_alloc(struct net *net, int family, gfp_t priority,
2139 		      struct proto *prot, int kern)
2140 {
2141 	struct sock *sk;
2142 
2143 	sk = sk_prot_alloc(prot, priority | __GFP_ZERO, family);
2144 	if (sk) {
2145 		sk->sk_family = family;
2146 		/*
2147 		 * See comment in struct sock definition to understand
2148 		 * why we need sk_prot_creator -acme
2149 		 */
2150 		sk->sk_prot = sk->sk_prot_creator = prot;
2151 		sk->sk_kern_sock = kern;
2152 		sock_lock_init(sk);
2153 		sk->sk_net_refcnt = kern ? 0 : 1;
2154 		if (likely(sk->sk_net_refcnt)) {
2155 			get_net_track(net, &sk->ns_tracker, priority);
2156 			sock_inuse_add(net, 1);
2157 		} else {
2158 			__netns_tracker_alloc(net, &sk->ns_tracker,
2159 					      false, priority);
2160 		}
2161 
2162 		sock_net_set(sk, net);
2163 		refcount_set(&sk->sk_wmem_alloc, 1);
2164 
2165 		mem_cgroup_sk_alloc(sk);
2166 		cgroup_sk_alloc(&sk->sk_cgrp_data);
2167 		sock_update_classid(&sk->sk_cgrp_data);
2168 		sock_update_netprioidx(&sk->sk_cgrp_data);
2169 		sk_tx_queue_clear(sk);
2170 	}
2171 
2172 	return sk;
2173 }
2174 EXPORT_SYMBOL(sk_alloc);
2175 
2176 /* Sockets having SOCK_RCU_FREE will call this function after one RCU
2177  * grace period. This is the case for UDP sockets and TCP listeners.
2178  */
__sk_destruct(struct rcu_head * head)2179 static void __sk_destruct(struct rcu_head *head)
2180 {
2181 	struct sock *sk = container_of(head, struct sock, sk_rcu);
2182 	struct sk_filter *filter;
2183 
2184 	if (sk->sk_destruct)
2185 		sk->sk_destruct(sk);
2186 
2187 	filter = rcu_dereference_check(sk->sk_filter,
2188 				       refcount_read(&sk->sk_wmem_alloc) == 0);
2189 	if (filter) {
2190 		sk_filter_uncharge(sk, filter);
2191 		RCU_INIT_POINTER(sk->sk_filter, NULL);
2192 	}
2193 
2194 	sock_disable_timestamp(sk, SK_FLAGS_TIMESTAMP);
2195 
2196 #ifdef CONFIG_BPF_SYSCALL
2197 	bpf_sk_storage_free(sk);
2198 #endif
2199 
2200 	if (atomic_read(&sk->sk_omem_alloc))
2201 		pr_debug("%s: optmem leakage (%d bytes) detected\n",
2202 			 __func__, atomic_read(&sk->sk_omem_alloc));
2203 
2204 	if (sk->sk_frag.page) {
2205 		put_page(sk->sk_frag.page);
2206 		sk->sk_frag.page = NULL;
2207 	}
2208 
2209 	/* We do not need to acquire sk->sk_peer_lock, we are the last user. */
2210 	put_cred(sk->sk_peer_cred);
2211 	put_pid(sk->sk_peer_pid);
2212 
2213 	if (likely(sk->sk_net_refcnt))
2214 		put_net_track(sock_net(sk), &sk->ns_tracker);
2215 	else
2216 		__netns_tracker_free(sock_net(sk), &sk->ns_tracker, false);
2217 
2218 	sk_prot_free(sk->sk_prot_creator, sk);
2219 }
2220 
sk_destruct(struct sock * sk)2221 void sk_destruct(struct sock *sk)
2222 {
2223 	bool use_call_rcu = sock_flag(sk, SOCK_RCU_FREE);
2224 
2225 	if (rcu_access_pointer(sk->sk_reuseport_cb)) {
2226 		reuseport_detach_sock(sk);
2227 		use_call_rcu = true;
2228 	}
2229 
2230 	if (use_call_rcu)
2231 		call_rcu(&sk->sk_rcu, __sk_destruct);
2232 	else
2233 		__sk_destruct(&sk->sk_rcu);
2234 }
2235 
__sk_free(struct sock * sk)2236 static void __sk_free(struct sock *sk)
2237 {
2238 	if (likely(sk->sk_net_refcnt))
2239 		sock_inuse_add(sock_net(sk), -1);
2240 
2241 	if (unlikely(sk->sk_net_refcnt && sock_diag_has_destroy_listeners(sk)))
2242 		sock_diag_broadcast_destroy(sk);
2243 	else
2244 		sk_destruct(sk);
2245 }
2246 
sk_free(struct sock * sk)2247 void sk_free(struct sock *sk)
2248 {
2249 	/*
2250 	 * We subtract one from sk_wmem_alloc and can know if
2251 	 * some packets are still in some tx queue.
2252 	 * If not null, sock_wfree() will call __sk_free(sk) later
2253 	 */
2254 	if (refcount_dec_and_test(&sk->sk_wmem_alloc))
2255 		__sk_free(sk);
2256 }
2257 EXPORT_SYMBOL(sk_free);
2258 
sk_init_common(struct sock * sk)2259 static void sk_init_common(struct sock *sk)
2260 {
2261 	skb_queue_head_init(&sk->sk_receive_queue);
2262 	skb_queue_head_init(&sk->sk_write_queue);
2263 	skb_queue_head_init(&sk->sk_error_queue);
2264 
2265 	rwlock_init(&sk->sk_callback_lock);
2266 	lockdep_set_class_and_name(&sk->sk_receive_queue.lock,
2267 			af_rlock_keys + sk->sk_family,
2268 			af_family_rlock_key_strings[sk->sk_family]);
2269 	lockdep_set_class_and_name(&sk->sk_write_queue.lock,
2270 			af_wlock_keys + sk->sk_family,
2271 			af_family_wlock_key_strings[sk->sk_family]);
2272 	lockdep_set_class_and_name(&sk->sk_error_queue.lock,
2273 			af_elock_keys + sk->sk_family,
2274 			af_family_elock_key_strings[sk->sk_family]);
2275 	lockdep_set_class_and_name(&sk->sk_callback_lock,
2276 			af_callback_keys + sk->sk_family,
2277 			af_family_clock_key_strings[sk->sk_family]);
2278 }
2279 
2280 /**
2281  *	sk_clone_lock - clone a socket, and lock its clone
2282  *	@sk: the socket to clone
2283  *	@priority: for allocation (%GFP_KERNEL, %GFP_ATOMIC, etc)
2284  *
2285  *	Caller must unlock socket even in error path (bh_unlock_sock(newsk))
2286  */
sk_clone_lock(const struct sock * sk,const gfp_t priority)2287 struct sock *sk_clone_lock(const struct sock *sk, const gfp_t priority)
2288 {
2289 	struct proto *prot = READ_ONCE(sk->sk_prot);
2290 	struct sk_filter *filter;
2291 	bool is_charged = true;
2292 	struct sock *newsk;
2293 
2294 	newsk = sk_prot_alloc(prot, priority, sk->sk_family);
2295 	if (!newsk)
2296 		goto out;
2297 
2298 	sock_copy(newsk, sk);
2299 
2300 	newsk->sk_prot_creator = prot;
2301 
2302 	/* SANITY */
2303 	if (likely(newsk->sk_net_refcnt)) {
2304 		get_net_track(sock_net(newsk), &newsk->ns_tracker, priority);
2305 		sock_inuse_add(sock_net(newsk), 1);
2306 	} else {
2307 		/* Kernel sockets are not elevating the struct net refcount.
2308 		 * Instead, use a tracker to more easily detect if a layer
2309 		 * is not properly dismantling its kernel sockets at netns
2310 		 * destroy time.
2311 		 */
2312 		__netns_tracker_alloc(sock_net(newsk), &newsk->ns_tracker,
2313 				      false, priority);
2314 	}
2315 	sk_node_init(&newsk->sk_node);
2316 	sock_lock_init(newsk);
2317 	bh_lock_sock(newsk);
2318 	newsk->sk_backlog.head	= newsk->sk_backlog.tail = NULL;
2319 	newsk->sk_backlog.len = 0;
2320 
2321 	atomic_set(&newsk->sk_rmem_alloc, 0);
2322 
2323 	/* sk_wmem_alloc set to one (see sk_free() and sock_wfree()) */
2324 	refcount_set(&newsk->sk_wmem_alloc, 1);
2325 
2326 	atomic_set(&newsk->sk_omem_alloc, 0);
2327 	sk_init_common(newsk);
2328 
2329 	newsk->sk_dst_cache	= NULL;
2330 	newsk->sk_dst_pending_confirm = 0;
2331 	newsk->sk_wmem_queued	= 0;
2332 	newsk->sk_forward_alloc = 0;
2333 	newsk->sk_reserved_mem  = 0;
2334 	atomic_set(&newsk->sk_drops, 0);
2335 	newsk->sk_send_head	= NULL;
2336 	newsk->sk_userlocks	= sk->sk_userlocks & ~SOCK_BINDPORT_LOCK;
2337 	atomic_set(&newsk->sk_zckey, 0);
2338 
2339 	sock_reset_flag(newsk, SOCK_DONE);
2340 
2341 	/* sk->sk_memcg will be populated at accept() time */
2342 	newsk->sk_memcg = NULL;
2343 
2344 	cgroup_sk_clone(&newsk->sk_cgrp_data);
2345 
2346 	rcu_read_lock();
2347 	filter = rcu_dereference(sk->sk_filter);
2348 	if (filter != NULL)
2349 		/* though it's an empty new sock, the charging may fail
2350 		 * if sysctl_optmem_max was changed between creation of
2351 		 * original socket and cloning
2352 		 */
2353 		is_charged = sk_filter_charge(newsk, filter);
2354 	RCU_INIT_POINTER(newsk->sk_filter, filter);
2355 	rcu_read_unlock();
2356 
2357 	if (unlikely(!is_charged || xfrm_sk_clone_policy(newsk, sk))) {
2358 		/* We need to make sure that we don't uncharge the new
2359 		 * socket if we couldn't charge it in the first place
2360 		 * as otherwise we uncharge the parent's filter.
2361 		 */
2362 		if (!is_charged)
2363 			RCU_INIT_POINTER(newsk->sk_filter, NULL);
2364 		sk_free_unlock_clone(newsk);
2365 		newsk = NULL;
2366 		goto out;
2367 	}
2368 	RCU_INIT_POINTER(newsk->sk_reuseport_cb, NULL);
2369 
2370 	if (bpf_sk_storage_clone(sk, newsk)) {
2371 		sk_free_unlock_clone(newsk);
2372 		newsk = NULL;
2373 		goto out;
2374 	}
2375 
2376 	/* Clear sk_user_data if parent had the pointer tagged
2377 	 * as not suitable for copying when cloning.
2378 	 */
2379 	if (sk_user_data_is_nocopy(newsk))
2380 		newsk->sk_user_data = NULL;
2381 
2382 	newsk->sk_err	   = 0;
2383 	newsk->sk_err_soft = 0;
2384 	newsk->sk_priority = 0;
2385 	newsk->sk_incoming_cpu = raw_smp_processor_id();
2386 
2387 	/* Before updating sk_refcnt, we must commit prior changes to memory
2388 	 * (Documentation/RCU/rculist_nulls.rst for details)
2389 	 */
2390 	smp_wmb();
2391 	refcount_set(&newsk->sk_refcnt, 2);
2392 
2393 	sk_set_socket(newsk, NULL);
2394 	sk_tx_queue_clear(newsk);
2395 	RCU_INIT_POINTER(newsk->sk_wq, NULL);
2396 
2397 	if (newsk->sk_prot->sockets_allocated)
2398 		sk_sockets_allocated_inc(newsk);
2399 
2400 	if (sock_needs_netstamp(sk) && newsk->sk_flags & SK_FLAGS_TIMESTAMP)
2401 		net_enable_timestamp();
2402 out:
2403 	return newsk;
2404 }
2405 EXPORT_SYMBOL_GPL(sk_clone_lock);
2406 
sk_free_unlock_clone(struct sock * sk)2407 void sk_free_unlock_clone(struct sock *sk)
2408 {
2409 	/* It is still raw copy of parent, so invalidate
2410 	 * destructor and make plain sk_free() */
2411 	sk->sk_destruct = NULL;
2412 	bh_unlock_sock(sk);
2413 	sk_free(sk);
2414 }
2415 EXPORT_SYMBOL_GPL(sk_free_unlock_clone);
2416 
sk_dst_gso_max_size(struct sock * sk,struct dst_entry * dst)2417 static u32 sk_dst_gso_max_size(struct sock *sk, struct dst_entry *dst)
2418 {
2419 	bool is_ipv6 = false;
2420 	u32 max_size;
2421 
2422 #if IS_ENABLED(CONFIG_IPV6)
2423 	is_ipv6 = (sk->sk_family == AF_INET6 &&
2424 		   !ipv6_addr_v4mapped(&sk->sk_v6_rcv_saddr));
2425 #endif
2426 	/* pairs with the WRITE_ONCE() in netif_set_gso(_ipv4)_max_size() */
2427 	max_size = is_ipv6 ? READ_ONCE(dst->dev->gso_max_size) :
2428 			READ_ONCE(dst->dev->gso_ipv4_max_size);
2429 	if (max_size > GSO_LEGACY_MAX_SIZE && !sk_is_tcp(sk))
2430 		max_size = GSO_LEGACY_MAX_SIZE;
2431 
2432 	return max_size - (MAX_TCP_HEADER + 1);
2433 }
2434 
sk_setup_caps(struct sock * sk,struct dst_entry * dst)2435 void sk_setup_caps(struct sock *sk, struct dst_entry *dst)
2436 {
2437 	u32 max_segs = 1;
2438 
2439 	sk->sk_route_caps = dst->dev->features;
2440 	if (sk_is_tcp(sk))
2441 		sk->sk_route_caps |= NETIF_F_GSO;
2442 	if (sk->sk_route_caps & NETIF_F_GSO)
2443 		sk->sk_route_caps |= NETIF_F_GSO_SOFTWARE;
2444 	if (unlikely(sk->sk_gso_disabled))
2445 		sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
2446 	if (sk_can_gso(sk)) {
2447 		if (dst->header_len && !xfrm_dst_offload_ok(dst)) {
2448 			sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
2449 		} else {
2450 			sk->sk_route_caps |= NETIF_F_SG | NETIF_F_HW_CSUM;
2451 			sk->sk_gso_max_size = sk_dst_gso_max_size(sk, dst);
2452 			/* pairs with the WRITE_ONCE() in netif_set_gso_max_segs() */
2453 			max_segs = max_t(u32, READ_ONCE(dst->dev->gso_max_segs), 1);
2454 		}
2455 	}
2456 	sk->sk_gso_max_segs = max_segs;
2457 	sk_dst_set(sk, dst);
2458 }
2459 EXPORT_SYMBOL_GPL(sk_setup_caps);
2460 
2461 /*
2462  *	Simple resource managers for sockets.
2463  */
2464 
2465 
2466 /*
2467  * Write buffer destructor automatically called from kfree_skb.
2468  */
sock_wfree(struct sk_buff * skb)2469 void sock_wfree(struct sk_buff *skb)
2470 {
2471 	struct sock *sk = skb->sk;
2472 	unsigned int len = skb->truesize;
2473 	bool free;
2474 
2475 	if (!sock_flag(sk, SOCK_USE_WRITE_QUEUE)) {
2476 		if (sock_flag(sk, SOCK_RCU_FREE) &&
2477 		    sk->sk_write_space == sock_def_write_space) {
2478 			rcu_read_lock();
2479 			free = refcount_sub_and_test(len, &sk->sk_wmem_alloc);
2480 			sock_def_write_space_wfree(sk);
2481 			rcu_read_unlock();
2482 			if (unlikely(free))
2483 				__sk_free(sk);
2484 			return;
2485 		}
2486 
2487 		/*
2488 		 * Keep a reference on sk_wmem_alloc, this will be released
2489 		 * after sk_write_space() call
2490 		 */
2491 		WARN_ON(refcount_sub_and_test(len - 1, &sk->sk_wmem_alloc));
2492 		sk->sk_write_space(sk);
2493 		len = 1;
2494 	}
2495 	/*
2496 	 * if sk_wmem_alloc reaches 0, we must finish what sk_free()
2497 	 * could not do because of in-flight packets
2498 	 */
2499 	if (refcount_sub_and_test(len, &sk->sk_wmem_alloc))
2500 		__sk_free(sk);
2501 }
2502 EXPORT_SYMBOL(sock_wfree);
2503 
2504 /* This variant of sock_wfree() is used by TCP,
2505  * since it sets SOCK_USE_WRITE_QUEUE.
2506  */
__sock_wfree(struct sk_buff * skb)2507 void __sock_wfree(struct sk_buff *skb)
2508 {
2509 	struct sock *sk = skb->sk;
2510 
2511 	if (refcount_sub_and_test(skb->truesize, &sk->sk_wmem_alloc))
2512 		__sk_free(sk);
2513 }
2514 
skb_set_owner_w(struct sk_buff * skb,struct sock * sk)2515 void skb_set_owner_w(struct sk_buff *skb, struct sock *sk)
2516 {
2517 	skb_orphan(skb);
2518 	skb->sk = sk;
2519 #ifdef CONFIG_INET
2520 	if (unlikely(!sk_fullsock(sk))) {
2521 		skb->destructor = sock_edemux;
2522 		sock_hold(sk);
2523 		return;
2524 	}
2525 #endif
2526 	skb->destructor = sock_wfree;
2527 	skb_set_hash_from_sk(skb, sk);
2528 	/*
2529 	 * We used to take a refcount on sk, but following operation
2530 	 * is enough to guarantee sk_free() wont free this sock until
2531 	 * all in-flight packets are completed
2532 	 */
2533 	refcount_add(skb->truesize, &sk->sk_wmem_alloc);
2534 }
2535 EXPORT_SYMBOL(skb_set_owner_w);
2536 
can_skb_orphan_partial(const struct sk_buff * skb)2537 static bool can_skb_orphan_partial(const struct sk_buff *skb)
2538 {
2539 #ifdef CONFIG_TLS_DEVICE
2540 	/* Drivers depend on in-order delivery for crypto offload,
2541 	 * partial orphan breaks out-of-order-OK logic.
2542 	 */
2543 	if (skb->decrypted)
2544 		return false;
2545 #endif
2546 	return (skb->destructor == sock_wfree ||
2547 		(IS_ENABLED(CONFIG_INET) && skb->destructor == tcp_wfree));
2548 }
2549 
2550 /* This helper is used by netem, as it can hold packets in its
2551  * delay queue. We want to allow the owner socket to send more
2552  * packets, as if they were already TX completed by a typical driver.
2553  * But we also want to keep skb->sk set because some packet schedulers
2554  * rely on it (sch_fq for example).
2555  */
skb_orphan_partial(struct sk_buff * skb)2556 void skb_orphan_partial(struct sk_buff *skb)
2557 {
2558 	if (skb_is_tcp_pure_ack(skb))
2559 		return;
2560 
2561 	if (can_skb_orphan_partial(skb) && skb_set_owner_sk_safe(skb, skb->sk))
2562 		return;
2563 
2564 	skb_orphan(skb);
2565 }
2566 EXPORT_SYMBOL(skb_orphan_partial);
2567 
2568 /*
2569  * Read buffer destructor automatically called from kfree_skb.
2570  */
sock_rfree(struct sk_buff * skb)2571 void sock_rfree(struct sk_buff *skb)
2572 {
2573 	struct sock *sk = skb->sk;
2574 	unsigned int len = skb->truesize;
2575 
2576 	atomic_sub(len, &sk->sk_rmem_alloc);
2577 	sk_mem_uncharge(sk, len);
2578 }
2579 EXPORT_SYMBOL(sock_rfree);
2580 
2581 /*
2582  * Buffer destructor for skbs that are not used directly in read or write
2583  * path, e.g. for error handler skbs. Automatically called from kfree_skb.
2584  */
sock_efree(struct sk_buff * skb)2585 void sock_efree(struct sk_buff *skb)
2586 {
2587 	sock_put(skb->sk);
2588 }
2589 EXPORT_SYMBOL(sock_efree);
2590 
2591 /* Buffer destructor for prefetch/receive path where reference count may
2592  * not be held, e.g. for listen sockets.
2593  */
2594 #ifdef CONFIG_INET
sock_pfree(struct sk_buff * skb)2595 void sock_pfree(struct sk_buff *skb)
2596 {
2597 	if (sk_is_refcounted(skb->sk))
2598 		sock_gen_put(skb->sk);
2599 }
2600 EXPORT_SYMBOL(sock_pfree);
2601 #endif /* CONFIG_INET */
2602 
sock_i_uid(struct sock * sk)2603 kuid_t sock_i_uid(struct sock *sk)
2604 {
2605 	kuid_t uid;
2606 
2607 	read_lock_bh(&sk->sk_callback_lock);
2608 	uid = sk->sk_socket ? SOCK_INODE(sk->sk_socket)->i_uid : GLOBAL_ROOT_UID;
2609 	read_unlock_bh(&sk->sk_callback_lock);
2610 	return uid;
2611 }
2612 EXPORT_SYMBOL(sock_i_uid);
2613 
__sock_i_ino(struct sock * sk)2614 unsigned long __sock_i_ino(struct sock *sk)
2615 {
2616 	unsigned long ino;
2617 
2618 	read_lock(&sk->sk_callback_lock);
2619 	ino = sk->sk_socket ? SOCK_INODE(sk->sk_socket)->i_ino : 0;
2620 	read_unlock(&sk->sk_callback_lock);
2621 	return ino;
2622 }
2623 EXPORT_SYMBOL(__sock_i_ino);
2624 
sock_i_ino(struct sock * sk)2625 unsigned long sock_i_ino(struct sock *sk)
2626 {
2627 	unsigned long ino;
2628 
2629 	local_bh_disable();
2630 	ino = __sock_i_ino(sk);
2631 	local_bh_enable();
2632 	return ino;
2633 }
2634 EXPORT_SYMBOL(sock_i_ino);
2635 
2636 /*
2637  * Allocate a skb from the socket's send buffer.
2638  */
sock_wmalloc(struct sock * sk,unsigned long size,int force,gfp_t priority)2639 struct sk_buff *sock_wmalloc(struct sock *sk, unsigned long size, int force,
2640 			     gfp_t priority)
2641 {
2642 	if (force ||
2643 	    refcount_read(&sk->sk_wmem_alloc) < READ_ONCE(sk->sk_sndbuf)) {
2644 		struct sk_buff *skb = alloc_skb(size, priority);
2645 
2646 		if (skb) {
2647 			skb_set_owner_w(skb, sk);
2648 			return skb;
2649 		}
2650 	}
2651 	return NULL;
2652 }
2653 EXPORT_SYMBOL(sock_wmalloc);
2654 
sock_ofree(struct sk_buff * skb)2655 static void sock_ofree(struct sk_buff *skb)
2656 {
2657 	struct sock *sk = skb->sk;
2658 
2659 	atomic_sub(skb->truesize, &sk->sk_omem_alloc);
2660 }
2661 
sock_omalloc(struct sock * sk,unsigned long size,gfp_t priority)2662 struct sk_buff *sock_omalloc(struct sock *sk, unsigned long size,
2663 			     gfp_t priority)
2664 {
2665 	struct sk_buff *skb;
2666 
2667 	/* small safe race: SKB_TRUESIZE may differ from final skb->truesize */
2668 	if (atomic_read(&sk->sk_omem_alloc) + SKB_TRUESIZE(size) >
2669 	    READ_ONCE(sysctl_optmem_max))
2670 		return NULL;
2671 
2672 	skb = alloc_skb(size, priority);
2673 	if (!skb)
2674 		return NULL;
2675 
2676 	atomic_add(skb->truesize, &sk->sk_omem_alloc);
2677 	skb->sk = sk;
2678 	skb->destructor = sock_ofree;
2679 	return skb;
2680 }
2681 
2682 /*
2683  * Allocate a memory block from the socket's option memory buffer.
2684  */
sock_kmalloc(struct sock * sk,int size,gfp_t priority)2685 void *sock_kmalloc(struct sock *sk, int size, gfp_t priority)
2686 {
2687 	int optmem_max = READ_ONCE(sysctl_optmem_max);
2688 
2689 	if ((unsigned int)size <= optmem_max &&
2690 	    atomic_read(&sk->sk_omem_alloc) + size < optmem_max) {
2691 		void *mem;
2692 		/* First do the add, to avoid the race if kmalloc
2693 		 * might sleep.
2694 		 */
2695 		atomic_add(size, &sk->sk_omem_alloc);
2696 		mem = kmalloc(size, priority);
2697 		if (mem)
2698 			return mem;
2699 		atomic_sub(size, &sk->sk_omem_alloc);
2700 	}
2701 	return NULL;
2702 }
2703 EXPORT_SYMBOL(sock_kmalloc);
2704 
2705 /* Free an option memory block. Note, we actually want the inline
2706  * here as this allows gcc to detect the nullify and fold away the
2707  * condition entirely.
2708  */
__sock_kfree_s(struct sock * sk,void * mem,int size,const bool nullify)2709 static inline void __sock_kfree_s(struct sock *sk, void *mem, int size,
2710 				  const bool nullify)
2711 {
2712 	if (WARN_ON_ONCE(!mem))
2713 		return;
2714 	if (nullify)
2715 		kfree_sensitive(mem);
2716 	else
2717 		kfree(mem);
2718 	atomic_sub(size, &sk->sk_omem_alloc);
2719 }
2720 
sock_kfree_s(struct sock * sk,void * mem,int size)2721 void sock_kfree_s(struct sock *sk, void *mem, int size)
2722 {
2723 	__sock_kfree_s(sk, mem, size, false);
2724 }
2725 EXPORT_SYMBOL(sock_kfree_s);
2726 
sock_kzfree_s(struct sock * sk,void * mem,int size)2727 void sock_kzfree_s(struct sock *sk, void *mem, int size)
2728 {
2729 	__sock_kfree_s(sk, mem, size, true);
2730 }
2731 EXPORT_SYMBOL(sock_kzfree_s);
2732 
2733 /* It is almost wait_for_tcp_memory minus release_sock/lock_sock.
2734    I think, these locks should be removed for datagram sockets.
2735  */
sock_wait_for_wmem(struct sock * sk,long timeo)2736 static long sock_wait_for_wmem(struct sock *sk, long timeo)
2737 {
2738 	DEFINE_WAIT(wait);
2739 
2740 	sk_clear_bit(SOCKWQ_ASYNC_NOSPACE, sk);
2741 	for (;;) {
2742 		if (!timeo)
2743 			break;
2744 		if (signal_pending(current))
2745 			break;
2746 		set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
2747 		prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
2748 		if (refcount_read(&sk->sk_wmem_alloc) < READ_ONCE(sk->sk_sndbuf))
2749 			break;
2750 		if (READ_ONCE(sk->sk_shutdown) & SEND_SHUTDOWN)
2751 			break;
2752 		if (READ_ONCE(sk->sk_err))
2753 			break;
2754 		timeo = schedule_timeout(timeo);
2755 	}
2756 	finish_wait(sk_sleep(sk), &wait);
2757 	return timeo;
2758 }
2759 
2760 
2761 /*
2762  *	Generic send/receive buffer handlers
2763  */
2764 
sock_alloc_send_pskb(struct sock * sk,unsigned long header_len,unsigned long data_len,int noblock,int * errcode,int max_page_order)2765 struct sk_buff *sock_alloc_send_pskb(struct sock *sk, unsigned long header_len,
2766 				     unsigned long data_len, int noblock,
2767 				     int *errcode, int max_page_order)
2768 {
2769 	struct sk_buff *skb;
2770 	long timeo;
2771 	int err;
2772 
2773 	timeo = sock_sndtimeo(sk, noblock);
2774 	for (;;) {
2775 		err = sock_error(sk);
2776 		if (err != 0)
2777 			goto failure;
2778 
2779 		err = -EPIPE;
2780 		if (READ_ONCE(sk->sk_shutdown) & SEND_SHUTDOWN)
2781 			goto failure;
2782 
2783 		if (sk_wmem_alloc_get(sk) < READ_ONCE(sk->sk_sndbuf))
2784 			break;
2785 
2786 		sk_set_bit(SOCKWQ_ASYNC_NOSPACE, sk);
2787 		set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
2788 		err = -EAGAIN;
2789 		if (!timeo)
2790 			goto failure;
2791 		if (signal_pending(current))
2792 			goto interrupted;
2793 		timeo = sock_wait_for_wmem(sk, timeo);
2794 	}
2795 	skb = alloc_skb_with_frags(header_len, data_len, max_page_order,
2796 				   errcode, sk->sk_allocation);
2797 	if (skb)
2798 		skb_set_owner_w(skb, sk);
2799 	return skb;
2800 
2801 interrupted:
2802 	err = sock_intr_errno(timeo);
2803 failure:
2804 	*errcode = err;
2805 	return NULL;
2806 }
2807 EXPORT_SYMBOL(sock_alloc_send_pskb);
2808 
__sock_cmsg_send(struct sock * sk,struct cmsghdr * cmsg,struct sockcm_cookie * sockc)2809 int __sock_cmsg_send(struct sock *sk, struct cmsghdr *cmsg,
2810 		     struct sockcm_cookie *sockc)
2811 {
2812 	u32 tsflags;
2813 
2814 	switch (cmsg->cmsg_type) {
2815 	case SO_MARK:
2816 		if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_RAW) &&
2817 		    !ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN))
2818 			return -EPERM;
2819 		if (cmsg->cmsg_len != CMSG_LEN(sizeof(u32)))
2820 			return -EINVAL;
2821 		sockc->mark = *(u32 *)CMSG_DATA(cmsg);
2822 		break;
2823 	case SO_TIMESTAMPING_OLD:
2824 		if (cmsg->cmsg_len != CMSG_LEN(sizeof(u32)))
2825 			return -EINVAL;
2826 
2827 		tsflags = *(u32 *)CMSG_DATA(cmsg);
2828 		if (tsflags & ~SOF_TIMESTAMPING_TX_RECORD_MASK)
2829 			return -EINVAL;
2830 
2831 		sockc->tsflags &= ~SOF_TIMESTAMPING_TX_RECORD_MASK;
2832 		sockc->tsflags |= tsflags;
2833 		break;
2834 	case SCM_TXTIME:
2835 		if (!sock_flag(sk, SOCK_TXTIME))
2836 			return -EINVAL;
2837 		if (cmsg->cmsg_len != CMSG_LEN(sizeof(u64)))
2838 			return -EINVAL;
2839 		sockc->transmit_time = get_unaligned((u64 *)CMSG_DATA(cmsg));
2840 		break;
2841 	/* SCM_RIGHTS and SCM_CREDENTIALS are semantically in SOL_UNIX. */
2842 	case SCM_RIGHTS:
2843 	case SCM_CREDENTIALS:
2844 		break;
2845 	default:
2846 		return -EINVAL;
2847 	}
2848 	return 0;
2849 }
2850 EXPORT_SYMBOL(__sock_cmsg_send);
2851 
sock_cmsg_send(struct sock * sk,struct msghdr * msg,struct sockcm_cookie * sockc)2852 int sock_cmsg_send(struct sock *sk, struct msghdr *msg,
2853 		   struct sockcm_cookie *sockc)
2854 {
2855 	struct cmsghdr *cmsg;
2856 	int ret;
2857 
2858 	for_each_cmsghdr(cmsg, msg) {
2859 		if (!CMSG_OK(msg, cmsg))
2860 			return -EINVAL;
2861 		if (cmsg->cmsg_level != SOL_SOCKET)
2862 			continue;
2863 		ret = __sock_cmsg_send(sk, cmsg, sockc);
2864 		if (ret)
2865 			return ret;
2866 	}
2867 	return 0;
2868 }
2869 EXPORT_SYMBOL(sock_cmsg_send);
2870 
sk_enter_memory_pressure(struct sock * sk)2871 static void sk_enter_memory_pressure(struct sock *sk)
2872 {
2873 	if (!sk->sk_prot->enter_memory_pressure)
2874 		return;
2875 
2876 	sk->sk_prot->enter_memory_pressure(sk);
2877 }
2878 
sk_leave_memory_pressure(struct sock * sk)2879 static void sk_leave_memory_pressure(struct sock *sk)
2880 {
2881 	if (sk->sk_prot->leave_memory_pressure) {
2882 		INDIRECT_CALL_INET_1(sk->sk_prot->leave_memory_pressure,
2883 				     tcp_leave_memory_pressure, sk);
2884 	} else {
2885 		unsigned long *memory_pressure = sk->sk_prot->memory_pressure;
2886 
2887 		if (memory_pressure && READ_ONCE(*memory_pressure))
2888 			WRITE_ONCE(*memory_pressure, 0);
2889 	}
2890 }
2891 
2892 DEFINE_STATIC_KEY_FALSE(net_high_order_alloc_disable_key);
2893 
2894 /**
2895  * skb_page_frag_refill - check that a page_frag contains enough room
2896  * @sz: minimum size of the fragment we want to get
2897  * @pfrag: pointer to page_frag
2898  * @gfp: priority for memory allocation
2899  *
2900  * Note: While this allocator tries to use high order pages, there is
2901  * no guarantee that allocations succeed. Therefore, @sz MUST be
2902  * less or equal than PAGE_SIZE.
2903  */
skb_page_frag_refill(unsigned int sz,struct page_frag * pfrag,gfp_t gfp)2904 bool skb_page_frag_refill(unsigned int sz, struct page_frag *pfrag, gfp_t gfp)
2905 {
2906 	if (pfrag->page) {
2907 		if (page_ref_count(pfrag->page) == 1) {
2908 			pfrag->offset = 0;
2909 			return true;
2910 		}
2911 		if (pfrag->offset + sz <= pfrag->size)
2912 			return true;
2913 		put_page(pfrag->page);
2914 	}
2915 
2916 	pfrag->offset = 0;
2917 	if (SKB_FRAG_PAGE_ORDER &&
2918 	    !static_branch_unlikely(&net_high_order_alloc_disable_key)) {
2919 		/* Avoid direct reclaim but allow kswapd to wake */
2920 		pfrag->page = alloc_pages((gfp & ~__GFP_DIRECT_RECLAIM) |
2921 					  __GFP_COMP | __GFP_NOWARN |
2922 					  __GFP_NORETRY,
2923 					  SKB_FRAG_PAGE_ORDER);
2924 		if (likely(pfrag->page)) {
2925 			pfrag->size = PAGE_SIZE << SKB_FRAG_PAGE_ORDER;
2926 			return true;
2927 		}
2928 	}
2929 	pfrag->page = alloc_page(gfp);
2930 	if (likely(pfrag->page)) {
2931 		pfrag->size = PAGE_SIZE;
2932 		return true;
2933 	}
2934 	return false;
2935 }
2936 EXPORT_SYMBOL(skb_page_frag_refill);
2937 
sk_page_frag_refill(struct sock * sk,struct page_frag * pfrag)2938 bool sk_page_frag_refill(struct sock *sk, struct page_frag *pfrag)
2939 {
2940 	if (likely(skb_page_frag_refill(32U, pfrag, sk->sk_allocation)))
2941 		return true;
2942 
2943 	sk_enter_memory_pressure(sk);
2944 	sk_stream_moderate_sndbuf(sk);
2945 	return false;
2946 }
2947 EXPORT_SYMBOL(sk_page_frag_refill);
2948 
__lock_sock(struct sock * sk)2949 void __lock_sock(struct sock *sk)
2950 	__releases(&sk->sk_lock.slock)
2951 	__acquires(&sk->sk_lock.slock)
2952 {
2953 	DEFINE_WAIT(wait);
2954 
2955 	for (;;) {
2956 		prepare_to_wait_exclusive(&sk->sk_lock.wq, &wait,
2957 					TASK_UNINTERRUPTIBLE);
2958 		spin_unlock_bh(&sk->sk_lock.slock);
2959 		schedule();
2960 		spin_lock_bh(&sk->sk_lock.slock);
2961 		if (!sock_owned_by_user(sk))
2962 			break;
2963 	}
2964 	finish_wait(&sk->sk_lock.wq, &wait);
2965 }
2966 
__release_sock(struct sock * sk)2967 void __release_sock(struct sock *sk)
2968 	__releases(&sk->sk_lock.slock)
2969 	__acquires(&sk->sk_lock.slock)
2970 {
2971 	struct sk_buff *skb, *next;
2972 
2973 	while ((skb = sk->sk_backlog.head) != NULL) {
2974 		sk->sk_backlog.head = sk->sk_backlog.tail = NULL;
2975 
2976 		spin_unlock_bh(&sk->sk_lock.slock);
2977 
2978 		do {
2979 			next = skb->next;
2980 			prefetch(next);
2981 			DEBUG_NET_WARN_ON_ONCE(skb_dst_is_noref(skb));
2982 			skb_mark_not_on_list(skb);
2983 			sk_backlog_rcv(sk, skb);
2984 
2985 			cond_resched();
2986 
2987 			skb = next;
2988 		} while (skb != NULL);
2989 
2990 		spin_lock_bh(&sk->sk_lock.slock);
2991 	}
2992 
2993 	/*
2994 	 * Doing the zeroing here guarantee we can not loop forever
2995 	 * while a wild producer attempts to flood us.
2996 	 */
2997 	sk->sk_backlog.len = 0;
2998 }
2999 
__sk_flush_backlog(struct sock * sk)3000 void __sk_flush_backlog(struct sock *sk)
3001 {
3002 	spin_lock_bh(&sk->sk_lock.slock);
3003 	__release_sock(sk);
3004 	spin_unlock_bh(&sk->sk_lock.slock);
3005 }
3006 EXPORT_SYMBOL_GPL(__sk_flush_backlog);
3007 
3008 /**
3009  * sk_wait_data - wait for data to arrive at sk_receive_queue
3010  * @sk:    sock to wait on
3011  * @timeo: for how long
3012  * @skb:   last skb seen on sk_receive_queue
3013  *
3014  * Now socket state including sk->sk_err is changed only under lock,
3015  * hence we may omit checks after joining wait queue.
3016  * We check receive queue before schedule() only as optimization;
3017  * it is very likely that release_sock() added new data.
3018  */
sk_wait_data(struct sock * sk,long * timeo,const struct sk_buff * skb)3019 int sk_wait_data(struct sock *sk, long *timeo, const struct sk_buff *skb)
3020 {
3021 	DEFINE_WAIT_FUNC(wait, woken_wake_function);
3022 	int rc;
3023 
3024 	add_wait_queue(sk_sleep(sk), &wait);
3025 	sk_set_bit(SOCKWQ_ASYNC_WAITDATA, sk);
3026 	rc = sk_wait_event(sk, timeo, skb_peek_tail(&sk->sk_receive_queue) != skb, &wait);
3027 	sk_clear_bit(SOCKWQ_ASYNC_WAITDATA, sk);
3028 	remove_wait_queue(sk_sleep(sk), &wait);
3029 	return rc;
3030 }
3031 EXPORT_SYMBOL(sk_wait_data);
3032 
3033 /**
3034  *	__sk_mem_raise_allocated - increase memory_allocated
3035  *	@sk: socket
3036  *	@size: memory size to allocate
3037  *	@amt: pages to allocate
3038  *	@kind: allocation type
3039  *
3040  *	Similar to __sk_mem_schedule(), but does not update sk_forward_alloc
3041  */
__sk_mem_raise_allocated(struct sock * sk,int size,int amt,int kind)3042 int __sk_mem_raise_allocated(struct sock *sk, int size, int amt, int kind)
3043 {
3044 	bool memcg_charge = mem_cgroup_sockets_enabled && sk->sk_memcg;
3045 	struct proto *prot = sk->sk_prot;
3046 	bool charged = true;
3047 	long allocated;
3048 
3049 	sk_memory_allocated_add(sk, amt);
3050 	allocated = sk_memory_allocated(sk);
3051 	if (memcg_charge &&
3052 	    !(charged = mem_cgroup_charge_skmem(sk->sk_memcg, amt,
3053 						gfp_memcg_charge())))
3054 		goto suppress_allocation;
3055 
3056 	/* Under limit. */
3057 	if (allocated <= sk_prot_mem_limits(sk, 0)) {
3058 		sk_leave_memory_pressure(sk);
3059 		return 1;
3060 	}
3061 
3062 	/* Under pressure. */
3063 	if (allocated > sk_prot_mem_limits(sk, 1))
3064 		sk_enter_memory_pressure(sk);
3065 
3066 	/* Over hard limit. */
3067 	if (allocated > sk_prot_mem_limits(sk, 2))
3068 		goto suppress_allocation;
3069 
3070 	/* guarantee minimum buffer size under pressure */
3071 	if (kind == SK_MEM_RECV) {
3072 		if (atomic_read(&sk->sk_rmem_alloc) < sk_get_rmem0(sk, prot))
3073 			return 1;
3074 
3075 	} else { /* SK_MEM_SEND */
3076 		int wmem0 = sk_get_wmem0(sk, prot);
3077 
3078 		if (sk->sk_type == SOCK_STREAM) {
3079 			if (sk->sk_wmem_queued < wmem0)
3080 				return 1;
3081 		} else if (refcount_read(&sk->sk_wmem_alloc) < wmem0) {
3082 				return 1;
3083 		}
3084 	}
3085 
3086 	if (sk_has_memory_pressure(sk)) {
3087 		u64 alloc;
3088 
3089 		if (!sk_under_memory_pressure(sk))
3090 			return 1;
3091 		alloc = sk_sockets_allocated_read_positive(sk);
3092 		if (sk_prot_mem_limits(sk, 2) > alloc *
3093 		    sk_mem_pages(sk->sk_wmem_queued +
3094 				 atomic_read(&sk->sk_rmem_alloc) +
3095 				 sk->sk_forward_alloc))
3096 			return 1;
3097 	}
3098 
3099 suppress_allocation:
3100 
3101 	if (kind == SK_MEM_SEND && sk->sk_type == SOCK_STREAM) {
3102 		sk_stream_moderate_sndbuf(sk);
3103 
3104 		/* Fail only if socket is _under_ its sndbuf.
3105 		 * In this case we cannot block, so that we have to fail.
3106 		 */
3107 		if (sk->sk_wmem_queued + size >= sk->sk_sndbuf) {
3108 			/* Force charge with __GFP_NOFAIL */
3109 			if (memcg_charge && !charged) {
3110 				mem_cgroup_charge_skmem(sk->sk_memcg, amt,
3111 					gfp_memcg_charge() | __GFP_NOFAIL);
3112 			}
3113 			return 1;
3114 		}
3115 	}
3116 
3117 	if (kind == SK_MEM_SEND || (kind == SK_MEM_RECV && charged))
3118 		trace_sock_exceed_buf_limit(sk, prot, allocated, kind);
3119 
3120 	sk_memory_allocated_sub(sk, amt);
3121 
3122 	if (memcg_charge && charged)
3123 		mem_cgroup_uncharge_skmem(sk->sk_memcg, amt);
3124 
3125 	return 0;
3126 }
3127 
3128 /**
3129  *	__sk_mem_schedule - increase sk_forward_alloc and memory_allocated
3130  *	@sk: socket
3131  *	@size: memory size to allocate
3132  *	@kind: allocation type
3133  *
3134  *	If kind is SK_MEM_SEND, it means wmem allocation. Otherwise it means
3135  *	rmem allocation. This function assumes that protocols which have
3136  *	memory_pressure use sk_wmem_queued as write buffer accounting.
3137  */
__sk_mem_schedule(struct sock * sk,int size,int kind)3138 int __sk_mem_schedule(struct sock *sk, int size, int kind)
3139 {
3140 	int ret, amt = sk_mem_pages(size);
3141 
3142 	sk_forward_alloc_add(sk, amt << PAGE_SHIFT);
3143 	ret = __sk_mem_raise_allocated(sk, size, amt, kind);
3144 	if (!ret)
3145 		sk_forward_alloc_add(sk, -(amt << PAGE_SHIFT));
3146 	return ret;
3147 }
3148 EXPORT_SYMBOL(__sk_mem_schedule);
3149 
3150 /**
3151  *	__sk_mem_reduce_allocated - reclaim memory_allocated
3152  *	@sk: socket
3153  *	@amount: number of quanta
3154  *
3155  *	Similar to __sk_mem_reclaim(), but does not update sk_forward_alloc
3156  */
__sk_mem_reduce_allocated(struct sock * sk,int amount)3157 void __sk_mem_reduce_allocated(struct sock *sk, int amount)
3158 {
3159 	sk_memory_allocated_sub(sk, amount);
3160 
3161 	if (mem_cgroup_sockets_enabled && sk->sk_memcg)
3162 		mem_cgroup_uncharge_skmem(sk->sk_memcg, amount);
3163 
3164 	if (sk_under_global_memory_pressure(sk) &&
3165 	    (sk_memory_allocated(sk) < sk_prot_mem_limits(sk, 0)))
3166 		sk_leave_memory_pressure(sk);
3167 }
3168 
3169 /**
3170  *	__sk_mem_reclaim - reclaim sk_forward_alloc and memory_allocated
3171  *	@sk: socket
3172  *	@amount: number of bytes (rounded down to a PAGE_SIZE multiple)
3173  */
__sk_mem_reclaim(struct sock * sk,int amount)3174 void __sk_mem_reclaim(struct sock *sk, int amount)
3175 {
3176 	amount >>= PAGE_SHIFT;
3177 	sk_forward_alloc_add(sk, -(amount << PAGE_SHIFT));
3178 	__sk_mem_reduce_allocated(sk, amount);
3179 }
3180 EXPORT_SYMBOL(__sk_mem_reclaim);
3181 
sk_set_peek_off(struct sock * sk,int val)3182 int sk_set_peek_off(struct sock *sk, int val)
3183 {
3184 	WRITE_ONCE(sk->sk_peek_off, val);
3185 	return 0;
3186 }
3187 EXPORT_SYMBOL_GPL(sk_set_peek_off);
3188 
3189 /*
3190  * Set of default routines for initialising struct proto_ops when
3191  * the protocol does not support a particular function. In certain
3192  * cases where it makes no sense for a protocol to have a "do nothing"
3193  * function, some default processing is provided.
3194  */
3195 
sock_no_bind(struct socket * sock,struct sockaddr * saddr,int len)3196 int sock_no_bind(struct socket *sock, struct sockaddr *saddr, int len)
3197 {
3198 	return -EOPNOTSUPP;
3199 }
3200 EXPORT_SYMBOL(sock_no_bind);
3201 
sock_no_connect(struct socket * sock,struct sockaddr * saddr,int len,int flags)3202 int sock_no_connect(struct socket *sock, struct sockaddr *saddr,
3203 		    int len, int flags)
3204 {
3205 	return -EOPNOTSUPP;
3206 }
3207 EXPORT_SYMBOL(sock_no_connect);
3208 
sock_no_socketpair(struct socket * sock1,struct socket * sock2)3209 int sock_no_socketpair(struct socket *sock1, struct socket *sock2)
3210 {
3211 	return -EOPNOTSUPP;
3212 }
3213 EXPORT_SYMBOL(sock_no_socketpair);
3214 
sock_no_accept(struct socket * sock,struct socket * newsock,int flags,bool kern)3215 int sock_no_accept(struct socket *sock, struct socket *newsock, int flags,
3216 		   bool kern)
3217 {
3218 	return -EOPNOTSUPP;
3219 }
3220 EXPORT_SYMBOL(sock_no_accept);
3221 
sock_no_getname(struct socket * sock,struct sockaddr * saddr,int peer)3222 int sock_no_getname(struct socket *sock, struct sockaddr *saddr,
3223 		    int peer)
3224 {
3225 	return -EOPNOTSUPP;
3226 }
3227 EXPORT_SYMBOL(sock_no_getname);
3228 
sock_no_ioctl(struct socket * sock,unsigned int cmd,unsigned long arg)3229 int sock_no_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
3230 {
3231 	return -EOPNOTSUPP;
3232 }
3233 EXPORT_SYMBOL(sock_no_ioctl);
3234 
sock_no_listen(struct socket * sock,int backlog)3235 int sock_no_listen(struct socket *sock, int backlog)
3236 {
3237 	return -EOPNOTSUPP;
3238 }
3239 EXPORT_SYMBOL(sock_no_listen);
3240 
sock_no_shutdown(struct socket * sock,int how)3241 int sock_no_shutdown(struct socket *sock, int how)
3242 {
3243 	return -EOPNOTSUPP;
3244 }
3245 EXPORT_SYMBOL(sock_no_shutdown);
3246 
sock_no_sendmsg(struct socket * sock,struct msghdr * m,size_t len)3247 int sock_no_sendmsg(struct socket *sock, struct msghdr *m, size_t len)
3248 {
3249 	return -EOPNOTSUPP;
3250 }
3251 EXPORT_SYMBOL(sock_no_sendmsg);
3252 
sock_no_sendmsg_locked(struct sock * sk,struct msghdr * m,size_t len)3253 int sock_no_sendmsg_locked(struct sock *sk, struct msghdr *m, size_t len)
3254 {
3255 	return -EOPNOTSUPP;
3256 }
3257 EXPORT_SYMBOL(sock_no_sendmsg_locked);
3258 
sock_no_recvmsg(struct socket * sock,struct msghdr * m,size_t len,int flags)3259 int sock_no_recvmsg(struct socket *sock, struct msghdr *m, size_t len,
3260 		    int flags)
3261 {
3262 	return -EOPNOTSUPP;
3263 }
3264 EXPORT_SYMBOL(sock_no_recvmsg);
3265 
sock_no_mmap(struct file * file,struct socket * sock,struct vm_area_struct * vma)3266 int sock_no_mmap(struct file *file, struct socket *sock, struct vm_area_struct *vma)
3267 {
3268 	/* Mirror missing mmap method error code */
3269 	return -ENODEV;
3270 }
3271 EXPORT_SYMBOL(sock_no_mmap);
3272 
3273 /*
3274  * When a file is received (via SCM_RIGHTS, etc), we must bump the
3275  * various sock-based usage counts.
3276  */
__receive_sock(struct file * file)3277 void __receive_sock(struct file *file)
3278 {
3279 	struct socket *sock;
3280 
3281 	sock = sock_from_file(file);
3282 	if (sock) {
3283 		sock_update_netprioidx(&sock->sk->sk_cgrp_data);
3284 		sock_update_classid(&sock->sk->sk_cgrp_data);
3285 	}
3286 }
3287 
3288 /*
3289  *	Default Socket Callbacks
3290  */
3291 
sock_def_wakeup(struct sock * sk)3292 static void sock_def_wakeup(struct sock *sk)
3293 {
3294 	struct socket_wq *wq;
3295 
3296 	rcu_read_lock();
3297 	wq = rcu_dereference(sk->sk_wq);
3298 	if (skwq_has_sleeper(wq))
3299 		wake_up_interruptible_all(&wq->wait);
3300 	rcu_read_unlock();
3301 }
3302 
sock_def_error_report(struct sock * sk)3303 static void sock_def_error_report(struct sock *sk)
3304 {
3305 	struct socket_wq *wq;
3306 
3307 	rcu_read_lock();
3308 	wq = rcu_dereference(sk->sk_wq);
3309 	if (skwq_has_sleeper(wq))
3310 		wake_up_interruptible_poll(&wq->wait, EPOLLERR);
3311 	sk_wake_async(sk, SOCK_WAKE_IO, POLL_ERR);
3312 	rcu_read_unlock();
3313 }
3314 
sock_def_readable(struct sock * sk)3315 void sock_def_readable(struct sock *sk)
3316 {
3317 	struct socket_wq *wq;
3318 
3319 	trace_sk_data_ready(sk);
3320 
3321 	rcu_read_lock();
3322 	wq = rcu_dereference(sk->sk_wq);
3323 	if (skwq_has_sleeper(wq))
3324 		wake_up_interruptible_sync_poll(&wq->wait, EPOLLIN | EPOLLPRI |
3325 						EPOLLRDNORM | EPOLLRDBAND);
3326 	sk_wake_async(sk, SOCK_WAKE_WAITD, POLL_IN);
3327 	rcu_read_unlock();
3328 }
3329 
sock_def_write_space(struct sock * sk)3330 static void sock_def_write_space(struct sock *sk)
3331 {
3332 	struct socket_wq *wq;
3333 
3334 	rcu_read_lock();
3335 
3336 	/* Do not wake up a writer until he can make "significant"
3337 	 * progress.  --DaveM
3338 	 */
3339 	if (sock_writeable(sk)) {
3340 		wq = rcu_dereference(sk->sk_wq);
3341 		if (skwq_has_sleeper(wq))
3342 			wake_up_interruptible_sync_poll(&wq->wait, EPOLLOUT |
3343 						EPOLLWRNORM | EPOLLWRBAND);
3344 
3345 		/* Should agree with poll, otherwise some programs break */
3346 		sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);
3347 	}
3348 
3349 	rcu_read_unlock();
3350 }
3351 
3352 /* An optimised version of sock_def_write_space(), should only be called
3353  * for SOCK_RCU_FREE sockets under RCU read section and after putting
3354  * ->sk_wmem_alloc.
3355  */
sock_def_write_space_wfree(struct sock * sk)3356 static void sock_def_write_space_wfree(struct sock *sk)
3357 {
3358 	/* Do not wake up a writer until he can make "significant"
3359 	 * progress.  --DaveM
3360 	 */
3361 	if (sock_writeable(sk)) {
3362 		struct socket_wq *wq = rcu_dereference(sk->sk_wq);
3363 
3364 		/* rely on refcount_sub from sock_wfree() */
3365 		smp_mb__after_atomic();
3366 		if (wq && waitqueue_active(&wq->wait))
3367 			wake_up_interruptible_sync_poll(&wq->wait, EPOLLOUT |
3368 						EPOLLWRNORM | EPOLLWRBAND);
3369 
3370 		/* Should agree with poll, otherwise some programs break */
3371 		sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);
3372 	}
3373 }
3374 
sock_def_destruct(struct sock * sk)3375 static void sock_def_destruct(struct sock *sk)
3376 {
3377 }
3378 
sk_send_sigurg(struct sock * sk)3379 void sk_send_sigurg(struct sock *sk)
3380 {
3381 	if (sk->sk_socket && sk->sk_socket->file)
3382 		if (send_sigurg(&sk->sk_socket->file->f_owner))
3383 			sk_wake_async(sk, SOCK_WAKE_URG, POLL_PRI);
3384 }
3385 EXPORT_SYMBOL(sk_send_sigurg);
3386 
sk_reset_timer(struct sock * sk,struct timer_list * timer,unsigned long expires)3387 void sk_reset_timer(struct sock *sk, struct timer_list* timer,
3388 		    unsigned long expires)
3389 {
3390 	if (!mod_timer(timer, expires))
3391 		sock_hold(sk);
3392 }
3393 EXPORT_SYMBOL(sk_reset_timer);
3394 
sk_stop_timer(struct sock * sk,struct timer_list * timer)3395 void sk_stop_timer(struct sock *sk, struct timer_list* timer)
3396 {
3397 	if (del_timer(timer))
3398 		__sock_put(sk);
3399 }
3400 EXPORT_SYMBOL(sk_stop_timer);
3401 
sk_stop_timer_sync(struct sock * sk,struct timer_list * timer)3402 void sk_stop_timer_sync(struct sock *sk, struct timer_list *timer)
3403 {
3404 	if (del_timer_sync(timer))
3405 		__sock_put(sk);
3406 }
3407 EXPORT_SYMBOL(sk_stop_timer_sync);
3408 
sock_init_data_uid(struct socket * sock,struct sock * sk,kuid_t uid)3409 void sock_init_data_uid(struct socket *sock, struct sock *sk, kuid_t uid)
3410 {
3411 	sk_init_common(sk);
3412 	sk->sk_send_head	=	NULL;
3413 
3414 	timer_setup(&sk->sk_timer, NULL, 0);
3415 
3416 	sk->sk_allocation	=	GFP_KERNEL;
3417 	sk->sk_rcvbuf		=	READ_ONCE(sysctl_rmem_default);
3418 	sk->sk_sndbuf		=	READ_ONCE(sysctl_wmem_default);
3419 	sk->sk_state		=	TCP_CLOSE;
3420 	sk->sk_use_task_frag	=	true;
3421 	sk_set_socket(sk, sock);
3422 
3423 	sock_set_flag(sk, SOCK_ZAPPED);
3424 
3425 	if (sock) {
3426 		sk->sk_type	=	sock->type;
3427 		RCU_INIT_POINTER(sk->sk_wq, &sock->wq);
3428 		sock->sk	=	sk;
3429 	} else {
3430 		RCU_INIT_POINTER(sk->sk_wq, NULL);
3431 	}
3432 	sk->sk_uid	=	uid;
3433 
3434 	rwlock_init(&sk->sk_callback_lock);
3435 	if (sk->sk_kern_sock)
3436 		lockdep_set_class_and_name(
3437 			&sk->sk_callback_lock,
3438 			af_kern_callback_keys + sk->sk_family,
3439 			af_family_kern_clock_key_strings[sk->sk_family]);
3440 	else
3441 		lockdep_set_class_and_name(
3442 			&sk->sk_callback_lock,
3443 			af_callback_keys + sk->sk_family,
3444 			af_family_clock_key_strings[sk->sk_family]);
3445 
3446 	sk->sk_state_change	=	sock_def_wakeup;
3447 	sk->sk_data_ready	=	sock_def_readable;
3448 	sk->sk_write_space	=	sock_def_write_space;
3449 	sk->sk_error_report	=	sock_def_error_report;
3450 	sk->sk_destruct		=	sock_def_destruct;
3451 
3452 	sk->sk_frag.page	=	NULL;
3453 	sk->sk_frag.offset	=	0;
3454 	sk->sk_peek_off		=	-1;
3455 
3456 	sk->sk_peer_pid 	=	NULL;
3457 	sk->sk_peer_cred	=	NULL;
3458 	spin_lock_init(&sk->sk_peer_lock);
3459 
3460 	sk->sk_write_pending	=	0;
3461 	sk->sk_rcvlowat		=	1;
3462 	sk->sk_rcvtimeo		=	MAX_SCHEDULE_TIMEOUT;
3463 	sk->sk_sndtimeo		=	MAX_SCHEDULE_TIMEOUT;
3464 
3465 	sk->sk_stamp = SK_DEFAULT_STAMP;
3466 #if BITS_PER_LONG==32
3467 	seqlock_init(&sk->sk_stamp_seq);
3468 #endif
3469 	atomic_set(&sk->sk_zckey, 0);
3470 
3471 #ifdef CONFIG_NET_RX_BUSY_POLL
3472 	sk->sk_napi_id		=	0;
3473 	sk->sk_ll_usec		=	READ_ONCE(sysctl_net_busy_read);
3474 #endif
3475 
3476 	sk->sk_max_pacing_rate = ~0UL;
3477 	sk->sk_pacing_rate = ~0UL;
3478 	WRITE_ONCE(sk->sk_pacing_shift, 10);
3479 	sk->sk_incoming_cpu = -1;
3480 
3481 	sk_rx_queue_clear(sk);
3482 	/*
3483 	 * Before updating sk_refcnt, we must commit prior changes to memory
3484 	 * (Documentation/RCU/rculist_nulls.rst for details)
3485 	 */
3486 	smp_wmb();
3487 	refcount_set(&sk->sk_refcnt, 1);
3488 	atomic_set(&sk->sk_drops, 0);
3489 }
3490 EXPORT_SYMBOL(sock_init_data_uid);
3491 
sock_init_data(struct socket * sock,struct sock * sk)3492 void sock_init_data(struct socket *sock, struct sock *sk)
3493 {
3494 	kuid_t uid = sock ?
3495 		SOCK_INODE(sock)->i_uid :
3496 		make_kuid(sock_net(sk)->user_ns, 0);
3497 
3498 	sock_init_data_uid(sock, sk, uid);
3499 }
3500 EXPORT_SYMBOL(sock_init_data);
3501 
lock_sock_nested(struct sock * sk,int subclass)3502 void lock_sock_nested(struct sock *sk, int subclass)
3503 {
3504 	/* The sk_lock has mutex_lock() semantics here. */
3505 	mutex_acquire(&sk->sk_lock.dep_map, subclass, 0, _RET_IP_);
3506 
3507 	might_sleep();
3508 	spin_lock_bh(&sk->sk_lock.slock);
3509 	if (sock_owned_by_user_nocheck(sk))
3510 		__lock_sock(sk);
3511 	sk->sk_lock.owned = 1;
3512 	spin_unlock_bh(&sk->sk_lock.slock);
3513 }
3514 EXPORT_SYMBOL(lock_sock_nested);
3515 
release_sock(struct sock * sk)3516 void release_sock(struct sock *sk)
3517 {
3518 	spin_lock_bh(&sk->sk_lock.slock);
3519 	if (sk->sk_backlog.tail)
3520 		__release_sock(sk);
3521 
3522 	/* Warning : release_cb() might need to release sk ownership,
3523 	 * ie call sock_release_ownership(sk) before us.
3524 	 */
3525 	if (sk->sk_prot->release_cb)
3526 		sk->sk_prot->release_cb(sk);
3527 
3528 	sock_release_ownership(sk);
3529 	if (waitqueue_active(&sk->sk_lock.wq))
3530 		wake_up(&sk->sk_lock.wq);
3531 	spin_unlock_bh(&sk->sk_lock.slock);
3532 }
3533 EXPORT_SYMBOL(release_sock);
3534 
__lock_sock_fast(struct sock * sk)3535 bool __lock_sock_fast(struct sock *sk) __acquires(&sk->sk_lock.slock)
3536 {
3537 	might_sleep();
3538 	spin_lock_bh(&sk->sk_lock.slock);
3539 
3540 	if (!sock_owned_by_user_nocheck(sk)) {
3541 		/*
3542 		 * Fast path return with bottom halves disabled and
3543 		 * sock::sk_lock.slock held.
3544 		 *
3545 		 * The 'mutex' is not contended and holding
3546 		 * sock::sk_lock.slock prevents all other lockers to
3547 		 * proceed so the corresponding unlock_sock_fast() can
3548 		 * avoid the slow path of release_sock() completely and
3549 		 * just release slock.
3550 		 *
3551 		 * From a semantical POV this is equivalent to 'acquiring'
3552 		 * the 'mutex', hence the corresponding lockdep
3553 		 * mutex_release() has to happen in the fast path of
3554 		 * unlock_sock_fast().
3555 		 */
3556 		return false;
3557 	}
3558 
3559 	__lock_sock(sk);
3560 	sk->sk_lock.owned = 1;
3561 	__acquire(&sk->sk_lock.slock);
3562 	spin_unlock_bh(&sk->sk_lock.slock);
3563 	return true;
3564 }
3565 EXPORT_SYMBOL(__lock_sock_fast);
3566 
sock_gettstamp(struct socket * sock,void __user * userstamp,bool timeval,bool time32)3567 int sock_gettstamp(struct socket *sock, void __user *userstamp,
3568 		   bool timeval, bool time32)
3569 {
3570 	struct sock *sk = sock->sk;
3571 	struct timespec64 ts;
3572 
3573 	sock_enable_timestamp(sk, SOCK_TIMESTAMP);
3574 	ts = ktime_to_timespec64(sock_read_timestamp(sk));
3575 	if (ts.tv_sec == -1)
3576 		return -ENOENT;
3577 	if (ts.tv_sec == 0) {
3578 		ktime_t kt = ktime_get_real();
3579 		sock_write_timestamp(sk, kt);
3580 		ts = ktime_to_timespec64(kt);
3581 	}
3582 
3583 	if (timeval)
3584 		ts.tv_nsec /= 1000;
3585 
3586 #ifdef CONFIG_COMPAT_32BIT_TIME
3587 	if (time32)
3588 		return put_old_timespec32(&ts, userstamp);
3589 #endif
3590 #ifdef CONFIG_SPARC64
3591 	/* beware of padding in sparc64 timeval */
3592 	if (timeval && !in_compat_syscall()) {
3593 		struct __kernel_old_timeval __user tv = {
3594 			.tv_sec = ts.tv_sec,
3595 			.tv_usec = ts.tv_nsec,
3596 		};
3597 		if (copy_to_user(userstamp, &tv, sizeof(tv)))
3598 			return -EFAULT;
3599 		return 0;
3600 	}
3601 #endif
3602 	return put_timespec64(&ts, userstamp);
3603 }
3604 EXPORT_SYMBOL(sock_gettstamp);
3605 
sock_enable_timestamp(struct sock * sk,enum sock_flags flag)3606 void sock_enable_timestamp(struct sock *sk, enum sock_flags flag)
3607 {
3608 	if (!sock_flag(sk, flag)) {
3609 		unsigned long previous_flags = sk->sk_flags;
3610 
3611 		sock_set_flag(sk, flag);
3612 		/*
3613 		 * we just set one of the two flags which require net
3614 		 * time stamping, but time stamping might have been on
3615 		 * already because of the other one
3616 		 */
3617 		if (sock_needs_netstamp(sk) &&
3618 		    !(previous_flags & SK_FLAGS_TIMESTAMP))
3619 			net_enable_timestamp();
3620 	}
3621 }
3622 
sock_recv_errqueue(struct sock * sk,struct msghdr * msg,int len,int level,int type)3623 int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len,
3624 		       int level, int type)
3625 {
3626 	struct sock_exterr_skb *serr;
3627 	struct sk_buff *skb;
3628 	int copied, err;
3629 
3630 	err = -EAGAIN;
3631 	skb = sock_dequeue_err_skb(sk);
3632 	if (skb == NULL)
3633 		goto out;
3634 
3635 	copied = skb->len;
3636 	if (copied > len) {
3637 		msg->msg_flags |= MSG_TRUNC;
3638 		copied = len;
3639 	}
3640 	err = skb_copy_datagram_msg(skb, 0, msg, copied);
3641 	if (err)
3642 		goto out_free_skb;
3643 
3644 	sock_recv_timestamp(msg, sk, skb);
3645 
3646 	serr = SKB_EXT_ERR(skb);
3647 	put_cmsg(msg, level, type, sizeof(serr->ee), &serr->ee);
3648 
3649 	msg->msg_flags |= MSG_ERRQUEUE;
3650 	err = copied;
3651 
3652 out_free_skb:
3653 	kfree_skb(skb);
3654 out:
3655 	return err;
3656 }
3657 EXPORT_SYMBOL(sock_recv_errqueue);
3658 
3659 /*
3660  *	Get a socket option on an socket.
3661  *
3662  *	FIX: POSIX 1003.1g is very ambiguous here. It states that
3663  *	asynchronous errors should be reported by getsockopt. We assume
3664  *	this means if you specify SO_ERROR (otherwise whats the point of it).
3665  */
sock_common_getsockopt(struct socket * sock,int level,int optname,char __user * optval,int __user * optlen)3666 int sock_common_getsockopt(struct socket *sock, int level, int optname,
3667 			   char __user *optval, int __user *optlen)
3668 {
3669 	struct sock *sk = sock->sk;
3670 
3671 	/* IPV6_ADDRFORM can change sk->sk_prot under us. */
3672 	return READ_ONCE(sk->sk_prot)->getsockopt(sk, level, optname, optval, optlen);
3673 }
3674 EXPORT_SYMBOL(sock_common_getsockopt);
3675 
sock_common_recvmsg(struct socket * sock,struct msghdr * msg,size_t size,int flags)3676 int sock_common_recvmsg(struct socket *sock, struct msghdr *msg, size_t size,
3677 			int flags)
3678 {
3679 	struct sock *sk = sock->sk;
3680 	int addr_len = 0;
3681 	int err;
3682 
3683 	err = sk->sk_prot->recvmsg(sk, msg, size, flags, &addr_len);
3684 	if (err >= 0)
3685 		msg->msg_namelen = addr_len;
3686 	return err;
3687 }
3688 EXPORT_SYMBOL(sock_common_recvmsg);
3689 
3690 /*
3691  *	Set socket options on an inet socket.
3692  */
sock_common_setsockopt(struct socket * sock,int level,int optname,sockptr_t optval,unsigned int optlen)3693 int sock_common_setsockopt(struct socket *sock, int level, int optname,
3694 			   sockptr_t optval, unsigned int optlen)
3695 {
3696 	struct sock *sk = sock->sk;
3697 
3698 	/* IPV6_ADDRFORM can change sk->sk_prot under us. */
3699 	return READ_ONCE(sk->sk_prot)->setsockopt(sk, level, optname, optval, optlen);
3700 }
3701 EXPORT_SYMBOL(sock_common_setsockopt);
3702 
sk_common_release(struct sock * sk)3703 void sk_common_release(struct sock *sk)
3704 {
3705 	if (sk->sk_prot->destroy)
3706 		sk->sk_prot->destroy(sk);
3707 
3708 	/*
3709 	 * Observation: when sk_common_release is called, processes have
3710 	 * no access to socket. But net still has.
3711 	 * Step one, detach it from networking:
3712 	 *
3713 	 * A. Remove from hash tables.
3714 	 */
3715 
3716 	sk->sk_prot->unhash(sk);
3717 
3718 	/*
3719 	 * In this point socket cannot receive new packets, but it is possible
3720 	 * that some packets are in flight because some CPU runs receiver and
3721 	 * did hash table lookup before we unhashed socket. They will achieve
3722 	 * receive queue and will be purged by socket destructor.
3723 	 *
3724 	 * Also we still have packets pending on receive queue and probably,
3725 	 * our own packets waiting in device queues. sock_destroy will drain
3726 	 * receive queue, but transmitted packets will delay socket destruction
3727 	 * until the last reference will be released.
3728 	 */
3729 
3730 	sock_orphan(sk);
3731 
3732 	xfrm_sk_free_policy(sk);
3733 
3734 	sock_put(sk);
3735 }
3736 EXPORT_SYMBOL(sk_common_release);
3737 
sk_get_meminfo(const struct sock * sk,u32 * mem)3738 void sk_get_meminfo(const struct sock *sk, u32 *mem)
3739 {
3740 	memset(mem, 0, sizeof(*mem) * SK_MEMINFO_VARS);
3741 
3742 	mem[SK_MEMINFO_RMEM_ALLOC] = sk_rmem_alloc_get(sk);
3743 	mem[SK_MEMINFO_RCVBUF] = READ_ONCE(sk->sk_rcvbuf);
3744 	mem[SK_MEMINFO_WMEM_ALLOC] = sk_wmem_alloc_get(sk);
3745 	mem[SK_MEMINFO_SNDBUF] = READ_ONCE(sk->sk_sndbuf);
3746 	mem[SK_MEMINFO_FWD_ALLOC] = sk_forward_alloc_get(sk);
3747 	mem[SK_MEMINFO_WMEM_QUEUED] = READ_ONCE(sk->sk_wmem_queued);
3748 	mem[SK_MEMINFO_OPTMEM] = atomic_read(&sk->sk_omem_alloc);
3749 	mem[SK_MEMINFO_BACKLOG] = READ_ONCE(sk->sk_backlog.len);
3750 	mem[SK_MEMINFO_DROPS] = atomic_read(&sk->sk_drops);
3751 }
3752 
3753 #ifdef CONFIG_PROC_FS
3754 static DECLARE_BITMAP(proto_inuse_idx, PROTO_INUSE_NR);
3755 
sock_prot_inuse_get(struct net * net,struct proto * prot)3756 int sock_prot_inuse_get(struct net *net, struct proto *prot)
3757 {
3758 	int cpu, idx = prot->inuse_idx;
3759 	int res = 0;
3760 
3761 	for_each_possible_cpu(cpu)
3762 		res += per_cpu_ptr(net->core.prot_inuse, cpu)->val[idx];
3763 
3764 	return res >= 0 ? res : 0;
3765 }
3766 EXPORT_SYMBOL_GPL(sock_prot_inuse_get);
3767 
sock_inuse_get(struct net * net)3768 int sock_inuse_get(struct net *net)
3769 {
3770 	int cpu, res = 0;
3771 
3772 	for_each_possible_cpu(cpu)
3773 		res += per_cpu_ptr(net->core.prot_inuse, cpu)->all;
3774 
3775 	return res;
3776 }
3777 
3778 EXPORT_SYMBOL_GPL(sock_inuse_get);
3779 
sock_inuse_init_net(struct net * net)3780 static int __net_init sock_inuse_init_net(struct net *net)
3781 {
3782 	net->core.prot_inuse = alloc_percpu(struct prot_inuse);
3783 	if (net->core.prot_inuse == NULL)
3784 		return -ENOMEM;
3785 	return 0;
3786 }
3787 
sock_inuse_exit_net(struct net * net)3788 static void __net_exit sock_inuse_exit_net(struct net *net)
3789 {
3790 	free_percpu(net->core.prot_inuse);
3791 }
3792 
3793 static struct pernet_operations net_inuse_ops = {
3794 	.init = sock_inuse_init_net,
3795 	.exit = sock_inuse_exit_net,
3796 };
3797 
net_inuse_init(void)3798 static __init int net_inuse_init(void)
3799 {
3800 	if (register_pernet_subsys(&net_inuse_ops))
3801 		panic("Cannot initialize net inuse counters");
3802 
3803 	return 0;
3804 }
3805 
3806 core_initcall(net_inuse_init);
3807 
assign_proto_idx(struct proto * prot)3808 static int assign_proto_idx(struct proto *prot)
3809 {
3810 	prot->inuse_idx = find_first_zero_bit(proto_inuse_idx, PROTO_INUSE_NR);
3811 
3812 	if (unlikely(prot->inuse_idx == PROTO_INUSE_NR - 1)) {
3813 		pr_err("PROTO_INUSE_NR exhausted\n");
3814 		return -ENOSPC;
3815 	}
3816 
3817 	set_bit(prot->inuse_idx, proto_inuse_idx);
3818 	return 0;
3819 }
3820 
release_proto_idx(struct proto * prot)3821 static void release_proto_idx(struct proto *prot)
3822 {
3823 	if (prot->inuse_idx != PROTO_INUSE_NR - 1)
3824 		clear_bit(prot->inuse_idx, proto_inuse_idx);
3825 }
3826 #else
assign_proto_idx(struct proto * prot)3827 static inline int assign_proto_idx(struct proto *prot)
3828 {
3829 	return 0;
3830 }
3831 
release_proto_idx(struct proto * prot)3832 static inline void release_proto_idx(struct proto *prot)
3833 {
3834 }
3835 
3836 #endif
3837 
tw_prot_cleanup(struct timewait_sock_ops * twsk_prot)3838 static void tw_prot_cleanup(struct timewait_sock_ops *twsk_prot)
3839 {
3840 	if (!twsk_prot)
3841 		return;
3842 	kfree(twsk_prot->twsk_slab_name);
3843 	twsk_prot->twsk_slab_name = NULL;
3844 	kmem_cache_destroy(twsk_prot->twsk_slab);
3845 	twsk_prot->twsk_slab = NULL;
3846 }
3847 
tw_prot_init(const struct proto * prot)3848 static int tw_prot_init(const struct proto *prot)
3849 {
3850 	struct timewait_sock_ops *twsk_prot = prot->twsk_prot;
3851 
3852 	if (!twsk_prot)
3853 		return 0;
3854 
3855 	twsk_prot->twsk_slab_name = kasprintf(GFP_KERNEL, "tw_sock_%s",
3856 					      prot->name);
3857 	if (!twsk_prot->twsk_slab_name)
3858 		return -ENOMEM;
3859 
3860 	twsk_prot->twsk_slab =
3861 		kmem_cache_create(twsk_prot->twsk_slab_name,
3862 				  twsk_prot->twsk_obj_size, 0,
3863 				  SLAB_ACCOUNT | prot->slab_flags,
3864 				  NULL);
3865 	if (!twsk_prot->twsk_slab) {
3866 		pr_crit("%s: Can't create timewait sock SLAB cache!\n",
3867 			prot->name);
3868 		return -ENOMEM;
3869 	}
3870 
3871 	return 0;
3872 }
3873 
req_prot_cleanup(struct request_sock_ops * rsk_prot)3874 static void req_prot_cleanup(struct request_sock_ops *rsk_prot)
3875 {
3876 	if (!rsk_prot)
3877 		return;
3878 	kfree(rsk_prot->slab_name);
3879 	rsk_prot->slab_name = NULL;
3880 	kmem_cache_destroy(rsk_prot->slab);
3881 	rsk_prot->slab = NULL;
3882 }
3883 
req_prot_init(const struct proto * prot)3884 static int req_prot_init(const struct proto *prot)
3885 {
3886 	struct request_sock_ops *rsk_prot = prot->rsk_prot;
3887 
3888 	if (!rsk_prot)
3889 		return 0;
3890 
3891 	rsk_prot->slab_name = kasprintf(GFP_KERNEL, "request_sock_%s",
3892 					prot->name);
3893 	if (!rsk_prot->slab_name)
3894 		return -ENOMEM;
3895 
3896 	rsk_prot->slab = kmem_cache_create(rsk_prot->slab_name,
3897 					   rsk_prot->obj_size, 0,
3898 					   SLAB_ACCOUNT | prot->slab_flags,
3899 					   NULL);
3900 
3901 	if (!rsk_prot->slab) {
3902 		pr_crit("%s: Can't create request sock SLAB cache!\n",
3903 			prot->name);
3904 		return -ENOMEM;
3905 	}
3906 	return 0;
3907 }
3908 
proto_register(struct proto * prot,int alloc_slab)3909 int proto_register(struct proto *prot, int alloc_slab)
3910 {
3911 	int ret = -ENOBUFS;
3912 
3913 	if (prot->memory_allocated && !prot->sysctl_mem) {
3914 		pr_err("%s: missing sysctl_mem\n", prot->name);
3915 		return -EINVAL;
3916 	}
3917 	if (prot->memory_allocated && !prot->per_cpu_fw_alloc) {
3918 		pr_err("%s: missing per_cpu_fw_alloc\n", prot->name);
3919 		return -EINVAL;
3920 	}
3921 	if (alloc_slab) {
3922 		prot->slab = kmem_cache_create_usercopy(prot->name,
3923 					prot->obj_size, 0,
3924 					SLAB_HWCACHE_ALIGN | SLAB_ACCOUNT |
3925 					prot->slab_flags,
3926 					prot->useroffset, prot->usersize,
3927 					NULL);
3928 
3929 		if (prot->slab == NULL) {
3930 			pr_crit("%s: Can't create sock SLAB cache!\n",
3931 				prot->name);
3932 			goto out;
3933 		}
3934 
3935 		if (req_prot_init(prot))
3936 			goto out_free_request_sock_slab;
3937 
3938 		if (tw_prot_init(prot))
3939 			goto out_free_timewait_sock_slab;
3940 	}
3941 
3942 	mutex_lock(&proto_list_mutex);
3943 	ret = assign_proto_idx(prot);
3944 	if (ret) {
3945 		mutex_unlock(&proto_list_mutex);
3946 		goto out_free_timewait_sock_slab;
3947 	}
3948 	list_add(&prot->node, &proto_list);
3949 	mutex_unlock(&proto_list_mutex);
3950 	return ret;
3951 
3952 out_free_timewait_sock_slab:
3953 	if (alloc_slab)
3954 		tw_prot_cleanup(prot->twsk_prot);
3955 out_free_request_sock_slab:
3956 	if (alloc_slab) {
3957 		req_prot_cleanup(prot->rsk_prot);
3958 
3959 		kmem_cache_destroy(prot->slab);
3960 		prot->slab = NULL;
3961 	}
3962 out:
3963 	return ret;
3964 }
3965 EXPORT_SYMBOL(proto_register);
3966 
proto_unregister(struct proto * prot)3967 void proto_unregister(struct proto *prot)
3968 {
3969 	mutex_lock(&proto_list_mutex);
3970 	release_proto_idx(prot);
3971 	list_del(&prot->node);
3972 	mutex_unlock(&proto_list_mutex);
3973 
3974 	kmem_cache_destroy(prot->slab);
3975 	prot->slab = NULL;
3976 
3977 	req_prot_cleanup(prot->rsk_prot);
3978 	tw_prot_cleanup(prot->twsk_prot);
3979 }
3980 EXPORT_SYMBOL(proto_unregister);
3981 
sock_load_diag_module(int family,int protocol)3982 int sock_load_diag_module(int family, int protocol)
3983 {
3984 	if (!protocol) {
3985 		if (!sock_is_registered(family))
3986 			return -ENOENT;
3987 
3988 		return request_module("net-pf-%d-proto-%d-type-%d", PF_NETLINK,
3989 				      NETLINK_SOCK_DIAG, family);
3990 	}
3991 
3992 #ifdef CONFIG_INET
3993 	if (family == AF_INET &&
3994 	    protocol != IPPROTO_RAW &&
3995 	    protocol < MAX_INET_PROTOS &&
3996 	    !rcu_access_pointer(inet_protos[protocol]))
3997 		return -ENOENT;
3998 #endif
3999 
4000 	return request_module("net-pf-%d-proto-%d-type-%d-%d", PF_NETLINK,
4001 			      NETLINK_SOCK_DIAG, family, protocol);
4002 }
4003 EXPORT_SYMBOL(sock_load_diag_module);
4004 
4005 #ifdef CONFIG_PROC_FS
proto_seq_start(struct seq_file * seq,loff_t * pos)4006 static void *proto_seq_start(struct seq_file *seq, loff_t *pos)
4007 	__acquires(proto_list_mutex)
4008 {
4009 	mutex_lock(&proto_list_mutex);
4010 	return seq_list_start_head(&proto_list, *pos);
4011 }
4012 
proto_seq_next(struct seq_file * seq,void * v,loff_t * pos)4013 static void *proto_seq_next(struct seq_file *seq, void *v, loff_t *pos)
4014 {
4015 	return seq_list_next(v, &proto_list, pos);
4016 }
4017 
proto_seq_stop(struct seq_file * seq,void * v)4018 static void proto_seq_stop(struct seq_file *seq, void *v)
4019 	__releases(proto_list_mutex)
4020 {
4021 	mutex_unlock(&proto_list_mutex);
4022 }
4023 
proto_method_implemented(const void * method)4024 static char proto_method_implemented(const void *method)
4025 {
4026 	return method == NULL ? 'n' : 'y';
4027 }
sock_prot_memory_allocated(struct proto * proto)4028 static long sock_prot_memory_allocated(struct proto *proto)
4029 {
4030 	return proto->memory_allocated != NULL ? proto_memory_allocated(proto) : -1L;
4031 }
4032 
sock_prot_memory_pressure(struct proto * proto)4033 static const char *sock_prot_memory_pressure(struct proto *proto)
4034 {
4035 	return proto->memory_pressure != NULL ?
4036 	proto_memory_pressure(proto) ? "yes" : "no" : "NI";
4037 }
4038 
proto_seq_printf(struct seq_file * seq,struct proto * proto)4039 static void proto_seq_printf(struct seq_file *seq, struct proto *proto)
4040 {
4041 
4042 	seq_printf(seq, "%-9s %4u %6d  %6ld   %-3s %6u   %-3s  %-10s "
4043 			"%2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c\n",
4044 		   proto->name,
4045 		   proto->obj_size,
4046 		   sock_prot_inuse_get(seq_file_net(seq), proto),
4047 		   sock_prot_memory_allocated(proto),
4048 		   sock_prot_memory_pressure(proto),
4049 		   proto->max_header,
4050 		   proto->slab == NULL ? "no" : "yes",
4051 		   module_name(proto->owner),
4052 		   proto_method_implemented(proto->close),
4053 		   proto_method_implemented(proto->connect),
4054 		   proto_method_implemented(proto->disconnect),
4055 		   proto_method_implemented(proto->accept),
4056 		   proto_method_implemented(proto->ioctl),
4057 		   proto_method_implemented(proto->init),
4058 		   proto_method_implemented(proto->destroy),
4059 		   proto_method_implemented(proto->shutdown),
4060 		   proto_method_implemented(proto->setsockopt),
4061 		   proto_method_implemented(proto->getsockopt),
4062 		   proto_method_implemented(proto->sendmsg),
4063 		   proto_method_implemented(proto->recvmsg),
4064 		   proto_method_implemented(proto->bind),
4065 		   proto_method_implemented(proto->backlog_rcv),
4066 		   proto_method_implemented(proto->hash),
4067 		   proto_method_implemented(proto->unhash),
4068 		   proto_method_implemented(proto->get_port),
4069 		   proto_method_implemented(proto->enter_memory_pressure));
4070 }
4071 
proto_seq_show(struct seq_file * seq,void * v)4072 static int proto_seq_show(struct seq_file *seq, void *v)
4073 {
4074 	if (v == &proto_list)
4075 		seq_printf(seq, "%-9s %-4s %-8s %-6s %-5s %-7s %-4s %-10s %s",
4076 			   "protocol",
4077 			   "size",
4078 			   "sockets",
4079 			   "memory",
4080 			   "press",
4081 			   "maxhdr",
4082 			   "slab",
4083 			   "module",
4084 			   "cl co di ac io in de sh ss gs se re bi br ha uh gp em\n");
4085 	else
4086 		proto_seq_printf(seq, list_entry(v, struct proto, node));
4087 	return 0;
4088 }
4089 
4090 static const struct seq_operations proto_seq_ops = {
4091 	.start  = proto_seq_start,
4092 	.next   = proto_seq_next,
4093 	.stop   = proto_seq_stop,
4094 	.show   = proto_seq_show,
4095 };
4096 
proto_init_net(struct net * net)4097 static __net_init int proto_init_net(struct net *net)
4098 {
4099 	if (!proc_create_net("protocols", 0444, net->proc_net, &proto_seq_ops,
4100 			sizeof(struct seq_net_private)))
4101 		return -ENOMEM;
4102 
4103 	return 0;
4104 }
4105 
proto_exit_net(struct net * net)4106 static __net_exit void proto_exit_net(struct net *net)
4107 {
4108 	remove_proc_entry("protocols", net->proc_net);
4109 }
4110 
4111 
4112 static __net_initdata struct pernet_operations proto_net_ops = {
4113 	.init = proto_init_net,
4114 	.exit = proto_exit_net,
4115 };
4116 
proto_init(void)4117 static int __init proto_init(void)
4118 {
4119 	return register_pernet_subsys(&proto_net_ops);
4120 }
4121 
4122 subsys_initcall(proto_init);
4123 
4124 #endif /* PROC_FS */
4125 
4126 #ifdef CONFIG_NET_RX_BUSY_POLL
sk_busy_loop_end(void * p,unsigned long start_time)4127 bool sk_busy_loop_end(void *p, unsigned long start_time)
4128 {
4129 	struct sock *sk = p;
4130 
4131 	return !skb_queue_empty_lockless(&sk->sk_receive_queue) ||
4132 	       sk_busy_loop_timeout(sk, start_time);
4133 }
4134 EXPORT_SYMBOL(sk_busy_loop_end);
4135 #endif /* CONFIG_NET_RX_BUSY_POLL */
4136 
sock_bind_add(struct sock * sk,struct sockaddr * addr,int addr_len)4137 int sock_bind_add(struct sock *sk, struct sockaddr *addr, int addr_len)
4138 {
4139 	if (!sk->sk_prot->bind_add)
4140 		return -EOPNOTSUPP;
4141 	return sk->sk_prot->bind_add(sk, addr, addr_len);
4142 }
4143 EXPORT_SYMBOL(sock_bind_add);
4144 
4145 /* Copy 'size' bytes from userspace and return `size` back to userspace */
sock_ioctl_inout(struct sock * sk,unsigned int cmd,void __user * arg,void * karg,size_t size)4146 int sock_ioctl_inout(struct sock *sk, unsigned int cmd,
4147 		     void __user *arg, void *karg, size_t size)
4148 {
4149 	int ret;
4150 
4151 	if (copy_from_user(karg, arg, size))
4152 		return -EFAULT;
4153 
4154 	ret = READ_ONCE(sk->sk_prot)->ioctl(sk, cmd, karg);
4155 	if (ret)
4156 		return ret;
4157 
4158 	if (copy_to_user(arg, karg, size))
4159 		return -EFAULT;
4160 
4161 	return 0;
4162 }
4163 EXPORT_SYMBOL(sock_ioctl_inout);
4164 
4165 /* This is the most common ioctl prep function, where the result (4 bytes) is
4166  * copied back to userspace if the ioctl() returns successfully. No input is
4167  * copied from userspace as input argument.
4168  */
sock_ioctl_out(struct sock * sk,unsigned int cmd,void __user * arg)4169 static int sock_ioctl_out(struct sock *sk, unsigned int cmd, void __user *arg)
4170 {
4171 	int ret, karg = 0;
4172 
4173 	ret = READ_ONCE(sk->sk_prot)->ioctl(sk, cmd, &karg);
4174 	if (ret)
4175 		return ret;
4176 
4177 	return put_user(karg, (int __user *)arg);
4178 }
4179 
4180 /* A wrapper around sock ioctls, which copies the data from userspace
4181  * (depending on the protocol/ioctl), and copies back the result to userspace.
4182  * The main motivation for this function is to pass kernel memory to the
4183  * protocol ioctl callbacks, instead of userspace memory.
4184  */
sk_ioctl(struct sock * sk,unsigned int cmd,void __user * arg)4185 int sk_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
4186 {
4187 	int rc = 1;
4188 
4189 	if (sk->sk_type == SOCK_RAW && sk->sk_family == AF_INET)
4190 		rc = ipmr_sk_ioctl(sk, cmd, arg);
4191 	else if (sk->sk_type == SOCK_RAW && sk->sk_family == AF_INET6)
4192 		rc = ip6mr_sk_ioctl(sk, cmd, arg);
4193 	else if (sk_is_phonet(sk))
4194 		rc = phonet_sk_ioctl(sk, cmd, arg);
4195 
4196 	/* If ioctl was processed, returns its value */
4197 	if (rc <= 0)
4198 		return rc;
4199 
4200 	/* Otherwise call the default handler */
4201 	return sock_ioctl_out(sk, cmd, arg);
4202 }
4203 EXPORT_SYMBOL(sk_ioctl);
4204