Loading...
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * INET An implementation of the TCP/IP protocol suite for the LINUX
4 * operating system. INET is implemented using the BSD Socket
5 * interface as the means of communication with the user level.
6 *
7 * Generic socket support routines. Memory allocators, socket lock/release
8 * handler for protocols to use and generic option handler.
9 *
10 * Authors: Ross Biro
11 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
12 * Florian La Roche, <flla@stud.uni-sb.de>
13 * Alan Cox, <A.Cox@swansea.ac.uk>
14 *
15 * Fixes:
16 * Alan Cox : Numerous verify_area() problems
17 * Alan Cox : Connecting on a connecting socket
18 * now returns an error for tcp.
19 * Alan Cox : sock->protocol is set correctly.
20 * and is not sometimes left as 0.
21 * Alan Cox : connect handles icmp errors on a
22 * connect properly. Unfortunately there
23 * is a restart syscall nasty there. I
24 * can't match BSD without hacking the C
25 * library. Ideas urgently sought!
26 * Alan Cox : Disallow bind() to addresses that are
27 * not ours - especially broadcast ones!!
28 * Alan Cox : Socket 1024 _IS_ ok for users. (fencepost)
29 * Alan Cox : sock_wfree/sock_rfree don't destroy sockets,
30 * instead they leave that for the DESTROY timer.
31 * Alan Cox : Clean up error flag in accept
32 * Alan Cox : TCP ack handling is buggy, the DESTROY timer
33 * was buggy. Put a remove_sock() in the handler
34 * for memory when we hit 0. Also altered the timer
35 * code. The ACK stuff can wait and needs major
36 * TCP layer surgery.
37 * Alan Cox : Fixed TCP ack bug, removed remove sock
38 * and fixed timer/inet_bh race.
39 * Alan Cox : Added zapped flag for TCP
40 * Alan Cox : Move kfree_skb into skbuff.c and tidied up surplus code
41 * Alan Cox : for new sk_buff allocations wmalloc/rmalloc now call alloc_skb
42 * Alan Cox : kfree_s calls now are kfree_skbmem so we can track skb resources
43 * Alan Cox : Supports socket option broadcast now as does udp. Packet and raw need fixing.
44 * Alan Cox : Added RCVBUF,SNDBUF size setting. It suddenly occurred to me how easy it was so...
45 * Rick Sladkey : Relaxed UDP rules for matching packets.
46 * C.E.Hawkins : IFF_PROMISC/SIOCGHWADDR support
47 * Pauline Middelink : identd support
48 * Alan Cox : Fixed connect() taking signals I think.
49 * Alan Cox : SO_LINGER supported
50 * Alan Cox : Error reporting fixes
51 * Anonymous : inet_create tidied up (sk->reuse setting)
52 * Alan Cox : inet sockets don't set sk->type!
53 * Alan Cox : Split socket option code
54 * Alan Cox : Callbacks
55 * Alan Cox : Nagle flag for Charles & Johannes stuff
56 * Alex : Removed restriction on inet fioctl
57 * Alan Cox : Splitting INET from NET core
58 * Alan Cox : Fixed bogus SO_TYPE handling in getsockopt()
59 * Adam Caldwell : Missing return in SO_DONTROUTE/SO_DEBUG code
60 * Alan Cox : Split IP from generic code
61 * Alan Cox : New kfree_skbmem()
62 * Alan Cox : Make SO_DEBUG superuser only.
63 * Alan Cox : Allow anyone to clear SO_DEBUG
64 * (compatibility fix)
65 * Alan Cox : Added optimistic memory grabbing for AF_UNIX throughput.
66 * Alan Cox : Allocator for a socket is settable.
67 * Alan Cox : SO_ERROR includes soft errors.
68 * Alan Cox : Allow NULL arguments on some SO_ opts
69 * Alan Cox : Generic socket allocation to make hooks
70 * easier (suggested by Craig Metz).
71 * Michael Pall : SO_ERROR returns positive errno again
72 * Steve Whitehouse: Added default destructor to free
73 * protocol private data.
74 * Steve Whitehouse: Added various other default routines
75 * common to several socket families.
76 * Chris Evans : Call suser() check last on F_SETOWN
77 * Jay Schulist : Added SO_ATTACH_FILTER and SO_DETACH_FILTER.
78 * Andi Kleen : Add sock_kmalloc()/sock_kfree_s()
79 * Andi Kleen : Fix write_space callback
80 * Chris Evans : Security fixes - signedness again
81 * Arnaldo C. Melo : cleanups, use skb_queue_purge
82 *
83 * To Fix:
84 */
85
86#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
87
88#include <linux/unaligned.h>
89#include <linux/capability.h>
90#include <linux/errno.h>
91#include <linux/errqueue.h>
92#include <linux/types.h>
93#include <linux/socket.h>
94#include <linux/in.h>
95#include <linux/kernel.h>
96#include <linux/module.h>
97#include <linux/proc_fs.h>
98#include <linux/seq_file.h>
99#include <linux/sched.h>
100#include <linux/sched/mm.h>
101#include <linux/timer.h>
102#include <linux/string.h>
103#include <linux/sockios.h>
104#include <linux/net.h>
105#include <linux/mm.h>
106#include <linux/slab.h>
107#include <linux/interrupt.h>
108#include <linux/poll.h>
109#include <linux/tcp.h>
110#include <linux/udp.h>
111#include <linux/init.h>
112#include <linux/highmem.h>
113#include <linux/user_namespace.h>
114#include <linux/static_key.h>
115#include <linux/memcontrol.h>
116#include <linux/prefetch.h>
117#include <linux/compat.h>
118#include <linux/mroute.h>
119#include <linux/mroute6.h>
120#include <linux/icmpv6.h>
121
122#include <linux/uaccess.h>
123
124#include <linux/netdevice.h>
125#include <net/protocol.h>
126#include <linux/skbuff.h>
127#include <linux/skbuff_ref.h>
128#include <net/net_namespace.h>
129#include <net/request_sock.h>
130#include <net/sock.h>
131#include <net/proto_memory.h>
132#include <linux/net_tstamp.h>
133#include <net/xfrm.h>
134#include <linux/ipsec.h>
135#include <net/cls_cgroup.h>
136#include <net/netprio_cgroup.h>
137#include <linux/sock_diag.h>
138
139#include <linux/filter.h>
140#include <net/sock_reuseport.h>
141#include <net/bpf_sk_storage.h>
142
143#include <trace/events/sock.h>
144
145#include <net/tcp.h>
146#include <net/busy_poll.h>
147#include <net/phonet/phonet.h>
148
149#include <linux/ethtool.h>
150
151#include "dev.h"
152
153static DEFINE_MUTEX(proto_list_mutex);
154static LIST_HEAD(proto_list);
155
156static void sock_def_write_space_wfree(struct sock *sk);
157static void sock_def_write_space(struct sock *sk);
158
159/**
160 * sk_ns_capable - General socket capability test
161 * @sk: Socket to use a capability on or through
162 * @user_ns: The user namespace of the capability to use
163 * @cap: The capability to use
164 *
165 * Test to see if the opener of the socket had when the socket was
166 * created and the current process has the capability @cap in the user
167 * namespace @user_ns.
168 */
169bool sk_ns_capable(const struct sock *sk,
170 struct user_namespace *user_ns, int cap)
171{
172 return file_ns_capable(sk->sk_socket->file, user_ns, cap) &&
173 ns_capable(user_ns, cap);
174}
175EXPORT_SYMBOL(sk_ns_capable);
176
177/**
178 * sk_capable - Socket global capability test
179 * @sk: Socket to use a capability on or through
180 * @cap: The global capability to use
181 *
182 * Test to see if the opener of the socket had when the socket was
183 * created and the current process has the capability @cap in all user
184 * namespaces.
185 */
186bool sk_capable(const struct sock *sk, int cap)
187{
188 return sk_ns_capable(sk, &init_user_ns, cap);
189}
190EXPORT_SYMBOL(sk_capable);
191
192/**
193 * sk_net_capable - Network namespace socket capability test
194 * @sk: Socket to use a capability on or through
195 * @cap: The capability to use
196 *
197 * Test to see if the opener of the socket had when the socket was created
198 * and the current process has the capability @cap over the network namespace
199 * the socket is a member of.
200 */
201bool sk_net_capable(const struct sock *sk, int cap)
202{
203 return sk_ns_capable(sk, sock_net(sk)->user_ns, cap);
204}
205EXPORT_SYMBOL(sk_net_capable);
206
207/*
208 * Each address family might have different locking rules, so we have
209 * one slock key per address family and separate keys for internal and
210 * userspace sockets.
211 */
212static struct lock_class_key af_family_keys[AF_MAX];
213static struct lock_class_key af_family_kern_keys[AF_MAX];
214static struct lock_class_key af_family_slock_keys[AF_MAX];
215static struct lock_class_key af_family_kern_slock_keys[AF_MAX];
216
217/*
218 * Make lock validator output more readable. (we pre-construct these
219 * strings build-time, so that runtime initialization of socket
220 * locks is fast):
221 */
222
223#define _sock_locks(x) \
224 x "AF_UNSPEC", x "AF_UNIX" , x "AF_INET" , \
225 x "AF_AX25" , x "AF_IPX" , x "AF_APPLETALK", \
226 x "AF_NETROM", x "AF_BRIDGE" , x "AF_ATMPVC" , \
227 x "AF_X25" , x "AF_INET6" , x "AF_ROSE" , \
228 x "AF_DECnet", x "AF_NETBEUI" , x "AF_SECURITY" , \
229 x "AF_KEY" , x "AF_NETLINK" , x "AF_PACKET" , \
230 x "AF_ASH" , x "AF_ECONET" , x "AF_ATMSVC" , \
231 x "AF_RDS" , x "AF_SNA" , x "AF_IRDA" , \
232 x "AF_PPPOX" , x "AF_WANPIPE" , x "AF_LLC" , \
233 x "27" , x "28" , x "AF_CAN" , \
234 x "AF_TIPC" , x "AF_BLUETOOTH", x "IUCV" , \
235 x "AF_RXRPC" , x "AF_ISDN" , x "AF_PHONET" , \
236 x "AF_IEEE802154", x "AF_CAIF" , x "AF_ALG" , \
237 x "AF_NFC" , x "AF_VSOCK" , x "AF_KCM" , \
238 x "AF_QIPCRTR", x "AF_SMC" , x "AF_XDP" , \
239 x "AF_MCTP" , \
240 x "AF_MAX"
241
242static const char *const af_family_key_strings[AF_MAX+1] = {
243 _sock_locks("sk_lock-")
244};
245static const char *const af_family_slock_key_strings[AF_MAX+1] = {
246 _sock_locks("slock-")
247};
248static const char *const af_family_clock_key_strings[AF_MAX+1] = {
249 _sock_locks("clock-")
250};
251
252static const char *const af_family_kern_key_strings[AF_MAX+1] = {
253 _sock_locks("k-sk_lock-")
254};
255static const char *const af_family_kern_slock_key_strings[AF_MAX+1] = {
256 _sock_locks("k-slock-")
257};
258static const char *const af_family_kern_clock_key_strings[AF_MAX+1] = {
259 _sock_locks("k-clock-")
260};
261static const char *const af_family_rlock_key_strings[AF_MAX+1] = {
262 _sock_locks("rlock-")
263};
264static const char *const af_family_wlock_key_strings[AF_MAX+1] = {
265 _sock_locks("wlock-")
266};
267static const char *const af_family_elock_key_strings[AF_MAX+1] = {
268 _sock_locks("elock-")
269};
270
271/*
272 * sk_callback_lock and sk queues locking rules are per-address-family,
273 * so split the lock classes by using a per-AF key:
274 */
275static struct lock_class_key af_callback_keys[AF_MAX];
276static struct lock_class_key af_rlock_keys[AF_MAX];
277static struct lock_class_key af_wlock_keys[AF_MAX];
278static struct lock_class_key af_elock_keys[AF_MAX];
279static struct lock_class_key af_kern_callback_keys[AF_MAX];
280
281/* Run time adjustable parameters. */
282__u32 sysctl_wmem_max __read_mostly = SK_WMEM_MAX;
283EXPORT_SYMBOL(sysctl_wmem_max);
284__u32 sysctl_rmem_max __read_mostly = SK_RMEM_MAX;
285EXPORT_SYMBOL(sysctl_rmem_max);
286__u32 sysctl_wmem_default __read_mostly = SK_WMEM_MAX;
287__u32 sysctl_rmem_default __read_mostly = SK_RMEM_MAX;
288
289DEFINE_STATIC_KEY_FALSE(memalloc_socks_key);
290EXPORT_SYMBOL_GPL(memalloc_socks_key);
291
292/**
293 * sk_set_memalloc - sets %SOCK_MEMALLOC
294 * @sk: socket to set it on
295 *
296 * Set %SOCK_MEMALLOC on a socket for access to emergency reserves.
297 * It's the responsibility of the admin to adjust min_free_kbytes
298 * to meet the requirements
299 */
300void sk_set_memalloc(struct sock *sk)
301{
302 sock_set_flag(sk, SOCK_MEMALLOC);
303 sk->sk_allocation |= __GFP_MEMALLOC;
304 static_branch_inc(&memalloc_socks_key);
305}
306EXPORT_SYMBOL_GPL(sk_set_memalloc);
307
308void sk_clear_memalloc(struct sock *sk)
309{
310 sock_reset_flag(sk, SOCK_MEMALLOC);
311 sk->sk_allocation &= ~__GFP_MEMALLOC;
312 static_branch_dec(&memalloc_socks_key);
313
314 /*
315 * SOCK_MEMALLOC is allowed to ignore rmem limits to ensure forward
316 * progress of swapping. SOCK_MEMALLOC may be cleared while
317 * it has rmem allocations due to the last swapfile being deactivated
318 * but there is a risk that the socket is unusable due to exceeding
319 * the rmem limits. Reclaim the reserves and obey rmem limits again.
320 */
321 sk_mem_reclaim(sk);
322}
323EXPORT_SYMBOL_GPL(sk_clear_memalloc);
324
325int __sk_backlog_rcv(struct sock *sk, struct sk_buff *skb)
326{
327 int ret;
328 unsigned int noreclaim_flag;
329
330 /* these should have been dropped before queueing */
331 BUG_ON(!sock_flag(sk, SOCK_MEMALLOC));
332
333 noreclaim_flag = memalloc_noreclaim_save();
334 ret = INDIRECT_CALL_INET(sk->sk_backlog_rcv,
335 tcp_v6_do_rcv,
336 tcp_v4_do_rcv,
337 sk, skb);
338 memalloc_noreclaim_restore(noreclaim_flag);
339
340 return ret;
341}
342EXPORT_SYMBOL(__sk_backlog_rcv);
343
344void sk_error_report(struct sock *sk)
345{
346 sk->sk_error_report(sk);
347
348 switch (sk->sk_family) {
349 case AF_INET:
350 fallthrough;
351 case AF_INET6:
352 trace_inet_sk_error_report(sk);
353 break;
354 default:
355 break;
356 }
357}
358EXPORT_SYMBOL(sk_error_report);
359
360int sock_get_timeout(long timeo, void *optval, bool old_timeval)
361{
362 struct __kernel_sock_timeval tv;
363
364 if (timeo == MAX_SCHEDULE_TIMEOUT) {
365 tv.tv_sec = 0;
366 tv.tv_usec = 0;
367 } else {
368 tv.tv_sec = timeo / HZ;
369 tv.tv_usec = ((timeo % HZ) * USEC_PER_SEC) / HZ;
370 }
371
372 if (old_timeval && in_compat_syscall() && !COMPAT_USE_64BIT_TIME) {
373 struct old_timeval32 tv32 = { tv.tv_sec, tv.tv_usec };
374 *(struct old_timeval32 *)optval = tv32;
375 return sizeof(tv32);
376 }
377
378 if (old_timeval) {
379 struct __kernel_old_timeval old_tv;
380 old_tv.tv_sec = tv.tv_sec;
381 old_tv.tv_usec = tv.tv_usec;
382 *(struct __kernel_old_timeval *)optval = old_tv;
383 return sizeof(old_tv);
384 }
385
386 *(struct __kernel_sock_timeval *)optval = tv;
387 return sizeof(tv);
388}
389EXPORT_SYMBOL(sock_get_timeout);
390
391int sock_copy_user_timeval(struct __kernel_sock_timeval *tv,
392 sockptr_t optval, int optlen, bool old_timeval)
393{
394 if (old_timeval && in_compat_syscall() && !COMPAT_USE_64BIT_TIME) {
395 struct old_timeval32 tv32;
396
397 if (optlen < sizeof(tv32))
398 return -EINVAL;
399
400 if (copy_from_sockptr(&tv32, optval, sizeof(tv32)))
401 return -EFAULT;
402 tv->tv_sec = tv32.tv_sec;
403 tv->tv_usec = tv32.tv_usec;
404 } else if (old_timeval) {
405 struct __kernel_old_timeval old_tv;
406
407 if (optlen < sizeof(old_tv))
408 return -EINVAL;
409 if (copy_from_sockptr(&old_tv, optval, sizeof(old_tv)))
410 return -EFAULT;
411 tv->tv_sec = old_tv.tv_sec;
412 tv->tv_usec = old_tv.tv_usec;
413 } else {
414 if (optlen < sizeof(*tv))
415 return -EINVAL;
416 if (copy_from_sockptr(tv, optval, sizeof(*tv)))
417 return -EFAULT;
418 }
419
420 return 0;
421}
422EXPORT_SYMBOL(sock_copy_user_timeval);
423
424static int sock_set_timeout(long *timeo_p, sockptr_t optval, int optlen,
425 bool old_timeval)
426{
427 struct __kernel_sock_timeval tv;
428 int err = sock_copy_user_timeval(&tv, optval, optlen, old_timeval);
429 long val;
430
431 if (err)
432 return err;
433
434 if (tv.tv_usec < 0 || tv.tv_usec >= USEC_PER_SEC)
435 return -EDOM;
436
437 if (tv.tv_sec < 0) {
438 static int warned __read_mostly;
439
440 WRITE_ONCE(*timeo_p, 0);
441 if (warned < 10 && net_ratelimit()) {
442 warned++;
443 pr_info("%s: `%s' (pid %d) tries to set negative timeout\n",
444 __func__, current->comm, task_pid_nr(current));
445 }
446 return 0;
447 }
448 val = MAX_SCHEDULE_TIMEOUT;
449 if ((tv.tv_sec || tv.tv_usec) &&
450 (tv.tv_sec < (MAX_SCHEDULE_TIMEOUT / HZ - 1)))
451 val = tv.tv_sec * HZ + DIV_ROUND_UP((unsigned long)tv.tv_usec,
452 USEC_PER_SEC / HZ);
453 WRITE_ONCE(*timeo_p, val);
454 return 0;
455}
456
457static bool sock_needs_netstamp(const struct sock *sk)
458{
459 switch (sk->sk_family) {
460 case AF_UNSPEC:
461 case AF_UNIX:
462 return false;
463 default:
464 return true;
465 }
466}
467
468static void sock_disable_timestamp(struct sock *sk, unsigned long flags)
469{
470 if (sk->sk_flags & flags) {
471 sk->sk_flags &= ~flags;
472 if (sock_needs_netstamp(sk) &&
473 !(sk->sk_flags & SK_FLAGS_TIMESTAMP))
474 net_disable_timestamp();
475 }
476}
477
478
479int __sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
480{
481 unsigned long flags;
482 struct sk_buff_head *list = &sk->sk_receive_queue;
483
484 if (atomic_read(&sk->sk_rmem_alloc) >= READ_ONCE(sk->sk_rcvbuf)) {
485 atomic_inc(&sk->sk_drops);
486 trace_sock_rcvqueue_full(sk, skb);
487 return -ENOMEM;
488 }
489
490 if (!sk_rmem_schedule(sk, skb, skb->truesize)) {
491 atomic_inc(&sk->sk_drops);
492 return -ENOBUFS;
493 }
494
495 skb->dev = NULL;
496 skb_set_owner_r(skb, sk);
497
498 /* we escape from rcu protected region, make sure we dont leak
499 * a norefcounted dst
500 */
501 skb_dst_force(skb);
502
503 spin_lock_irqsave(&list->lock, flags);
504 sock_skb_set_dropcount(sk, skb);
505 __skb_queue_tail(list, skb);
506 spin_unlock_irqrestore(&list->lock, flags);
507
508 if (!sock_flag(sk, SOCK_DEAD))
509 sk->sk_data_ready(sk);
510 return 0;
511}
512EXPORT_SYMBOL(__sock_queue_rcv_skb);
513
514int sock_queue_rcv_skb_reason(struct sock *sk, struct sk_buff *skb,
515 enum skb_drop_reason *reason)
516{
517 enum skb_drop_reason drop_reason;
518 int err;
519
520 err = sk_filter(sk, skb);
521 if (err) {
522 drop_reason = SKB_DROP_REASON_SOCKET_FILTER;
523 goto out;
524 }
525 err = __sock_queue_rcv_skb(sk, skb);
526 switch (err) {
527 case -ENOMEM:
528 drop_reason = SKB_DROP_REASON_SOCKET_RCVBUFF;
529 break;
530 case -ENOBUFS:
531 drop_reason = SKB_DROP_REASON_PROTO_MEM;
532 break;
533 default:
534 drop_reason = SKB_NOT_DROPPED_YET;
535 break;
536 }
537out:
538 if (reason)
539 *reason = drop_reason;
540 return err;
541}
542EXPORT_SYMBOL(sock_queue_rcv_skb_reason);
543
544int __sk_receive_skb(struct sock *sk, struct sk_buff *skb,
545 const int nested, unsigned int trim_cap, bool refcounted)
546{
547 int rc = NET_RX_SUCCESS;
548
549 if (sk_filter_trim_cap(sk, skb, trim_cap))
550 goto discard_and_relse;
551
552 skb->dev = NULL;
553
554 if (sk_rcvqueues_full(sk, READ_ONCE(sk->sk_rcvbuf))) {
555 atomic_inc(&sk->sk_drops);
556 goto discard_and_relse;
557 }
558 if (nested)
559 bh_lock_sock_nested(sk);
560 else
561 bh_lock_sock(sk);
562 if (!sock_owned_by_user(sk)) {
563 /*
564 * trylock + unlock semantics:
565 */
566 mutex_acquire(&sk->sk_lock.dep_map, 0, 1, _RET_IP_);
567
568 rc = sk_backlog_rcv(sk, skb);
569
570 mutex_release(&sk->sk_lock.dep_map, _RET_IP_);
571 } else if (sk_add_backlog(sk, skb, READ_ONCE(sk->sk_rcvbuf))) {
572 bh_unlock_sock(sk);
573 atomic_inc(&sk->sk_drops);
574 goto discard_and_relse;
575 }
576
577 bh_unlock_sock(sk);
578out:
579 if (refcounted)
580 sock_put(sk);
581 return rc;
582discard_and_relse:
583 kfree_skb(skb);
584 goto out;
585}
586EXPORT_SYMBOL(__sk_receive_skb);
587
588INDIRECT_CALLABLE_DECLARE(struct dst_entry *ip6_dst_check(struct dst_entry *,
589 u32));
590INDIRECT_CALLABLE_DECLARE(struct dst_entry *ipv4_dst_check(struct dst_entry *,
591 u32));
592struct dst_entry *__sk_dst_check(struct sock *sk, u32 cookie)
593{
594 struct dst_entry *dst = __sk_dst_get(sk);
595
596 if (dst && dst->obsolete &&
597 INDIRECT_CALL_INET(dst->ops->check, ip6_dst_check, ipv4_dst_check,
598 dst, cookie) == NULL) {
599 sk_tx_queue_clear(sk);
600 WRITE_ONCE(sk->sk_dst_pending_confirm, 0);
601 RCU_INIT_POINTER(sk->sk_dst_cache, NULL);
602 dst_release(dst);
603 return NULL;
604 }
605
606 return dst;
607}
608EXPORT_SYMBOL(__sk_dst_check);
609
610struct dst_entry *sk_dst_check(struct sock *sk, u32 cookie)
611{
612 struct dst_entry *dst = sk_dst_get(sk);
613
614 if (dst && dst->obsolete &&
615 INDIRECT_CALL_INET(dst->ops->check, ip6_dst_check, ipv4_dst_check,
616 dst, cookie) == NULL) {
617 sk_dst_reset(sk);
618 dst_release(dst);
619 return NULL;
620 }
621
622 return dst;
623}
624EXPORT_SYMBOL(sk_dst_check);
625
626static int sock_bindtoindex_locked(struct sock *sk, int ifindex)
627{
628 int ret = -ENOPROTOOPT;
629#ifdef CONFIG_NETDEVICES
630 struct net *net = sock_net(sk);
631
632 /* Sorry... */
633 ret = -EPERM;
634 if (sk->sk_bound_dev_if && !ns_capable(net->user_ns, CAP_NET_RAW))
635 goto out;
636
637 ret = -EINVAL;
638 if (ifindex < 0)
639 goto out;
640
641 /* Paired with all READ_ONCE() done locklessly. */
642 WRITE_ONCE(sk->sk_bound_dev_if, ifindex);
643
644 if (sk->sk_prot->rehash)
645 sk->sk_prot->rehash(sk);
646 sk_dst_reset(sk);
647
648 ret = 0;
649
650out:
651#endif
652
653 return ret;
654}
655
656int sock_bindtoindex(struct sock *sk, int ifindex, bool lock_sk)
657{
658 int ret;
659
660 if (lock_sk)
661 lock_sock(sk);
662 ret = sock_bindtoindex_locked(sk, ifindex);
663 if (lock_sk)
664 release_sock(sk);
665
666 return ret;
667}
668EXPORT_SYMBOL(sock_bindtoindex);
669
670static int sock_setbindtodevice(struct sock *sk, sockptr_t optval, int optlen)
671{
672 int ret = -ENOPROTOOPT;
673#ifdef CONFIG_NETDEVICES
674 struct net *net = sock_net(sk);
675 char devname[IFNAMSIZ];
676 int index;
677
678 ret = -EINVAL;
679 if (optlen < 0)
680 goto out;
681
682 /* Bind this socket to a particular device like "eth0",
683 * as specified in the passed interface name. If the
684 * name is "" or the option length is zero the socket
685 * is not bound.
686 */
687 if (optlen > IFNAMSIZ - 1)
688 optlen = IFNAMSIZ - 1;
689 memset(devname, 0, sizeof(devname));
690
691 ret = -EFAULT;
692 if (copy_from_sockptr(devname, optval, optlen))
693 goto out;
694
695 index = 0;
696 if (devname[0] != '\0') {
697 struct net_device *dev;
698
699 rcu_read_lock();
700 dev = dev_get_by_name_rcu(net, devname);
701 if (dev)
702 index = dev->ifindex;
703 rcu_read_unlock();
704 ret = -ENODEV;
705 if (!dev)
706 goto out;
707 }
708
709 sockopt_lock_sock(sk);
710 ret = sock_bindtoindex_locked(sk, index);
711 sockopt_release_sock(sk);
712out:
713#endif
714
715 return ret;
716}
717
718static int sock_getbindtodevice(struct sock *sk, sockptr_t optval,
719 sockptr_t optlen, int len)
720{
721 int ret = -ENOPROTOOPT;
722#ifdef CONFIG_NETDEVICES
723 int bound_dev_if = READ_ONCE(sk->sk_bound_dev_if);
724 struct net *net = sock_net(sk);
725 char devname[IFNAMSIZ];
726
727 if (bound_dev_if == 0) {
728 len = 0;
729 goto zero;
730 }
731
732 ret = -EINVAL;
733 if (len < IFNAMSIZ)
734 goto out;
735
736 ret = netdev_get_name(net, devname, bound_dev_if);
737 if (ret)
738 goto out;
739
740 len = strlen(devname) + 1;
741
742 ret = -EFAULT;
743 if (copy_to_sockptr(optval, devname, len))
744 goto out;
745
746zero:
747 ret = -EFAULT;
748 if (copy_to_sockptr(optlen, &len, sizeof(int)))
749 goto out;
750
751 ret = 0;
752
753out:
754#endif
755
756 return ret;
757}
758
759bool sk_mc_loop(const struct sock *sk)
760{
761 if (dev_recursion_level())
762 return false;
763 if (!sk)
764 return true;
765 /* IPV6_ADDRFORM can change sk->sk_family under us. */
766 switch (READ_ONCE(sk->sk_family)) {
767 case AF_INET:
768 return inet_test_bit(MC_LOOP, sk);
769#if IS_ENABLED(CONFIG_IPV6)
770 case AF_INET6:
771 return inet6_test_bit(MC6_LOOP, sk);
772#endif
773 }
774 WARN_ON_ONCE(1);
775 return true;
776}
777EXPORT_SYMBOL(sk_mc_loop);
778
779void sock_set_reuseaddr(struct sock *sk)
780{
781 lock_sock(sk);
782 sk->sk_reuse = SK_CAN_REUSE;
783 release_sock(sk);
784}
785EXPORT_SYMBOL(sock_set_reuseaddr);
786
787void sock_set_reuseport(struct sock *sk)
788{
789 lock_sock(sk);
790 sk->sk_reuseport = true;
791 release_sock(sk);
792}
793EXPORT_SYMBOL(sock_set_reuseport);
794
795void sock_no_linger(struct sock *sk)
796{
797 lock_sock(sk);
798 WRITE_ONCE(sk->sk_lingertime, 0);
799 sock_set_flag(sk, SOCK_LINGER);
800 release_sock(sk);
801}
802EXPORT_SYMBOL(sock_no_linger);
803
804void sock_set_priority(struct sock *sk, u32 priority)
805{
806 WRITE_ONCE(sk->sk_priority, priority);
807}
808EXPORT_SYMBOL(sock_set_priority);
809
810void sock_set_sndtimeo(struct sock *sk, s64 secs)
811{
812 lock_sock(sk);
813 if (secs && secs < MAX_SCHEDULE_TIMEOUT / HZ - 1)
814 WRITE_ONCE(sk->sk_sndtimeo, secs * HZ);
815 else
816 WRITE_ONCE(sk->sk_sndtimeo, MAX_SCHEDULE_TIMEOUT);
817 release_sock(sk);
818}
819EXPORT_SYMBOL(sock_set_sndtimeo);
820
821static void __sock_set_timestamps(struct sock *sk, bool val, bool new, bool ns)
822{
823 sock_valbool_flag(sk, SOCK_RCVTSTAMP, val);
824 sock_valbool_flag(sk, SOCK_RCVTSTAMPNS, val && ns);
825 if (val) {
826 sock_valbool_flag(sk, SOCK_TSTAMP_NEW, new);
827 sock_enable_timestamp(sk, SOCK_TIMESTAMP);
828 }
829}
830
831void sock_enable_timestamps(struct sock *sk)
832{
833 lock_sock(sk);
834 __sock_set_timestamps(sk, true, false, true);
835 release_sock(sk);
836}
837EXPORT_SYMBOL(sock_enable_timestamps);
838
839void sock_set_timestamp(struct sock *sk, int optname, bool valbool)
840{
841 switch (optname) {
842 case SO_TIMESTAMP_OLD:
843 __sock_set_timestamps(sk, valbool, false, false);
844 break;
845 case SO_TIMESTAMP_NEW:
846 __sock_set_timestamps(sk, valbool, true, false);
847 break;
848 case SO_TIMESTAMPNS_OLD:
849 __sock_set_timestamps(sk, valbool, false, true);
850 break;
851 case SO_TIMESTAMPNS_NEW:
852 __sock_set_timestamps(sk, valbool, true, true);
853 break;
854 }
855}
856
857static int sock_timestamping_bind_phc(struct sock *sk, int phc_index)
858{
859 struct net *net = sock_net(sk);
860 struct net_device *dev = NULL;
861 bool match = false;
862 int *vclock_index;
863 int i, num;
864
865 if (sk->sk_bound_dev_if)
866 dev = dev_get_by_index(net, sk->sk_bound_dev_if);
867
868 if (!dev) {
869 pr_err("%s: sock not bind to device\n", __func__);
870 return -EOPNOTSUPP;
871 }
872
873 num = ethtool_get_phc_vclocks(dev, &vclock_index);
874 dev_put(dev);
875
876 for (i = 0; i < num; i++) {
877 if (*(vclock_index + i) == phc_index) {
878 match = true;
879 break;
880 }
881 }
882
883 if (num > 0)
884 kfree(vclock_index);
885
886 if (!match)
887 return -EINVAL;
888
889 WRITE_ONCE(sk->sk_bind_phc, phc_index);
890
891 return 0;
892}
893
894int sock_set_timestamping(struct sock *sk, int optname,
895 struct so_timestamping timestamping)
896{
897 int val = timestamping.flags;
898 int ret;
899
900 if (val & ~SOF_TIMESTAMPING_MASK)
901 return -EINVAL;
902
903 if (val & SOF_TIMESTAMPING_OPT_ID_TCP &&
904 !(val & SOF_TIMESTAMPING_OPT_ID))
905 return -EINVAL;
906
907 if (val & SOF_TIMESTAMPING_OPT_ID &&
908 !(sk->sk_tsflags & SOF_TIMESTAMPING_OPT_ID)) {
909 if (sk_is_tcp(sk)) {
910 if ((1 << sk->sk_state) &
911 (TCPF_CLOSE | TCPF_LISTEN))
912 return -EINVAL;
913 if (val & SOF_TIMESTAMPING_OPT_ID_TCP)
914 atomic_set(&sk->sk_tskey, tcp_sk(sk)->write_seq);
915 else
916 atomic_set(&sk->sk_tskey, tcp_sk(sk)->snd_una);
917 } else {
918 atomic_set(&sk->sk_tskey, 0);
919 }
920 }
921
922 if (val & SOF_TIMESTAMPING_OPT_STATS &&
923 !(val & SOF_TIMESTAMPING_OPT_TSONLY))
924 return -EINVAL;
925
926 if (val & SOF_TIMESTAMPING_BIND_PHC) {
927 ret = sock_timestamping_bind_phc(sk, timestamping.bind_phc);
928 if (ret)
929 return ret;
930 }
931
932 WRITE_ONCE(sk->sk_tsflags, val);
933 sock_valbool_flag(sk, SOCK_TSTAMP_NEW, optname == SO_TIMESTAMPING_NEW);
934
935 if (val & SOF_TIMESTAMPING_RX_SOFTWARE)
936 sock_enable_timestamp(sk,
937 SOCK_TIMESTAMPING_RX_SOFTWARE);
938 else
939 sock_disable_timestamp(sk,
940 (1UL << SOCK_TIMESTAMPING_RX_SOFTWARE));
941 return 0;
942}
943
944void sock_set_keepalive(struct sock *sk)
945{
946 lock_sock(sk);
947 if (sk->sk_prot->keepalive)
948 sk->sk_prot->keepalive(sk, true);
949 sock_valbool_flag(sk, SOCK_KEEPOPEN, true);
950 release_sock(sk);
951}
952EXPORT_SYMBOL(sock_set_keepalive);
953
954static void __sock_set_rcvbuf(struct sock *sk, int val)
955{
956 /* Ensure val * 2 fits into an int, to prevent max_t() from treating it
957 * as a negative value.
958 */
959 val = min_t(int, val, INT_MAX / 2);
960 sk->sk_userlocks |= SOCK_RCVBUF_LOCK;
961
962 /* We double it on the way in to account for "struct sk_buff" etc.
963 * overhead. Applications assume that the SO_RCVBUF setting they make
964 * will allow that much actual data to be received on that socket.
965 *
966 * Applications are unaware that "struct sk_buff" and other overheads
967 * allocate from the receive buffer during socket buffer allocation.
968 *
969 * And after considering the possible alternatives, returning the value
970 * we actually used in getsockopt is the most desirable behavior.
971 */
972 WRITE_ONCE(sk->sk_rcvbuf, max_t(int, val * 2, SOCK_MIN_RCVBUF));
973}
974
975void sock_set_rcvbuf(struct sock *sk, int val)
976{
977 lock_sock(sk);
978 __sock_set_rcvbuf(sk, val);
979 release_sock(sk);
980}
981EXPORT_SYMBOL(sock_set_rcvbuf);
982
983static void __sock_set_mark(struct sock *sk, u32 val)
984{
985 if (val != sk->sk_mark) {
986 WRITE_ONCE(sk->sk_mark, val);
987 sk_dst_reset(sk);
988 }
989}
990
991void sock_set_mark(struct sock *sk, u32 val)
992{
993 lock_sock(sk);
994 __sock_set_mark(sk, val);
995 release_sock(sk);
996}
997EXPORT_SYMBOL(sock_set_mark);
998
999static void sock_release_reserved_memory(struct sock *sk, int bytes)
1000{
1001 /* Round down bytes to multiple of pages */
1002 bytes = round_down(bytes, PAGE_SIZE);
1003
1004 WARN_ON(bytes > sk->sk_reserved_mem);
1005 WRITE_ONCE(sk->sk_reserved_mem, sk->sk_reserved_mem - bytes);
1006 sk_mem_reclaim(sk);
1007}
1008
1009static int sock_reserve_memory(struct sock *sk, int bytes)
1010{
1011 long allocated;
1012 bool charged;
1013 int pages;
1014
1015 if (!mem_cgroup_sockets_enabled || !sk->sk_memcg || !sk_has_account(sk))
1016 return -EOPNOTSUPP;
1017
1018 if (!bytes)
1019 return 0;
1020
1021 pages = sk_mem_pages(bytes);
1022
1023 /* pre-charge to memcg */
1024 charged = mem_cgroup_charge_skmem(sk->sk_memcg, pages,
1025 GFP_KERNEL | __GFP_RETRY_MAYFAIL);
1026 if (!charged)
1027 return -ENOMEM;
1028
1029 /* pre-charge to forward_alloc */
1030 sk_memory_allocated_add(sk, pages);
1031 allocated = sk_memory_allocated(sk);
1032 /* If the system goes into memory pressure with this
1033 * precharge, give up and return error.
1034 */
1035 if (allocated > sk_prot_mem_limits(sk, 1)) {
1036 sk_memory_allocated_sub(sk, pages);
1037 mem_cgroup_uncharge_skmem(sk->sk_memcg, pages);
1038 return -ENOMEM;
1039 }
1040 sk_forward_alloc_add(sk, pages << PAGE_SHIFT);
1041
1042 WRITE_ONCE(sk->sk_reserved_mem,
1043 sk->sk_reserved_mem + (pages << PAGE_SHIFT));
1044
1045 return 0;
1046}
1047
1048#ifdef CONFIG_PAGE_POOL
1049
1050/* This is the number of tokens and frags that the user can SO_DEVMEM_DONTNEED
1051 * in 1 syscall. The limit exists to limit the amount of memory the kernel
1052 * allocates to copy these tokens, and to prevent looping over the frags for
1053 * too long.
1054 */
1055#define MAX_DONTNEED_TOKENS 128
1056#define MAX_DONTNEED_FRAGS 1024
1057
1058static noinline_for_stack int
1059sock_devmem_dontneed(struct sock *sk, sockptr_t optval, unsigned int optlen)
1060{
1061 unsigned int num_tokens, i, j, k, netmem_num = 0;
1062 struct dmabuf_token *tokens;
1063 int ret = 0, num_frags = 0;
1064 netmem_ref netmems[16];
1065
1066 if (!sk_is_tcp(sk))
1067 return -EBADF;
1068
1069 if (optlen % sizeof(*tokens) ||
1070 optlen > sizeof(*tokens) * MAX_DONTNEED_TOKENS)
1071 return -EINVAL;
1072
1073 num_tokens = optlen / sizeof(*tokens);
1074 tokens = kvmalloc_array(num_tokens, sizeof(*tokens), GFP_KERNEL);
1075 if (!tokens)
1076 return -ENOMEM;
1077
1078 if (copy_from_sockptr(tokens, optval, optlen)) {
1079 kvfree(tokens);
1080 return -EFAULT;
1081 }
1082
1083 xa_lock_bh(&sk->sk_user_frags);
1084 for (i = 0; i < num_tokens; i++) {
1085 for (j = 0; j < tokens[i].token_count; j++) {
1086 if (++num_frags > MAX_DONTNEED_FRAGS)
1087 goto frag_limit_reached;
1088
1089 netmem_ref netmem = (__force netmem_ref)__xa_erase(
1090 &sk->sk_user_frags, tokens[i].token_start + j);
1091
1092 if (!netmem || WARN_ON_ONCE(!netmem_is_net_iov(netmem)))
1093 continue;
1094
1095 netmems[netmem_num++] = netmem;
1096 if (netmem_num == ARRAY_SIZE(netmems)) {
1097 xa_unlock_bh(&sk->sk_user_frags);
1098 for (k = 0; k < netmem_num; k++)
1099 WARN_ON_ONCE(!napi_pp_put_page(netmems[k]));
1100 netmem_num = 0;
1101 xa_lock_bh(&sk->sk_user_frags);
1102 }
1103 ret++;
1104 }
1105 }
1106
1107frag_limit_reached:
1108 xa_unlock_bh(&sk->sk_user_frags);
1109 for (k = 0; k < netmem_num; k++)
1110 WARN_ON_ONCE(!napi_pp_put_page(netmems[k]));
1111
1112 kvfree(tokens);
1113 return ret;
1114}
1115#endif
1116
1117void sockopt_lock_sock(struct sock *sk)
1118{
1119 /* When current->bpf_ctx is set, the setsockopt is called from
1120 * a bpf prog. bpf has ensured the sk lock has been
1121 * acquired before calling setsockopt().
1122 */
1123 if (has_current_bpf_ctx())
1124 return;
1125
1126 lock_sock(sk);
1127}
1128EXPORT_SYMBOL(sockopt_lock_sock);
1129
1130void sockopt_release_sock(struct sock *sk)
1131{
1132 if (has_current_bpf_ctx())
1133 return;
1134
1135 release_sock(sk);
1136}
1137EXPORT_SYMBOL(sockopt_release_sock);
1138
1139bool sockopt_ns_capable(struct user_namespace *ns, int cap)
1140{
1141 return has_current_bpf_ctx() || ns_capable(ns, cap);
1142}
1143EXPORT_SYMBOL(sockopt_ns_capable);
1144
1145bool sockopt_capable(int cap)
1146{
1147 return has_current_bpf_ctx() || capable(cap);
1148}
1149EXPORT_SYMBOL(sockopt_capable);
1150
1151static int sockopt_validate_clockid(__kernel_clockid_t value)
1152{
1153 switch (value) {
1154 case CLOCK_REALTIME:
1155 case CLOCK_MONOTONIC:
1156 case CLOCK_TAI:
1157 return 0;
1158 }
1159 return -EINVAL;
1160}
1161
1162/*
1163 * This is meant for all protocols to use and covers goings on
1164 * at the socket level. Everything here is generic.
1165 */
1166
1167int sk_setsockopt(struct sock *sk, int level, int optname,
1168 sockptr_t optval, unsigned int optlen)
1169{
1170 struct so_timestamping timestamping;
1171 struct socket *sock = sk->sk_socket;
1172 struct sock_txtime sk_txtime;
1173 int val;
1174 int valbool;
1175 struct linger ling;
1176 int ret = 0;
1177
1178 /*
1179 * Options without arguments
1180 */
1181
1182 if (optname == SO_BINDTODEVICE)
1183 return sock_setbindtodevice(sk, optval, optlen);
1184
1185 if (optlen < sizeof(int))
1186 return -EINVAL;
1187
1188 if (copy_from_sockptr(&val, optval, sizeof(val)))
1189 return -EFAULT;
1190
1191 valbool = val ? 1 : 0;
1192
1193 /* handle options which do not require locking the socket. */
1194 switch (optname) {
1195 case SO_PRIORITY:
1196 if ((val >= 0 && val <= 6) ||
1197 sockopt_ns_capable(sock_net(sk)->user_ns, CAP_NET_RAW) ||
1198 sockopt_ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) {
1199 sock_set_priority(sk, val);
1200 return 0;
1201 }
1202 return -EPERM;
1203 case SO_PASSSEC:
1204 assign_bit(SOCK_PASSSEC, &sock->flags, valbool);
1205 return 0;
1206 case SO_PASSCRED:
1207 assign_bit(SOCK_PASSCRED, &sock->flags, valbool);
1208 return 0;
1209 case SO_PASSPIDFD:
1210 assign_bit(SOCK_PASSPIDFD, &sock->flags, valbool);
1211 return 0;
1212 case SO_TYPE:
1213 case SO_PROTOCOL:
1214 case SO_DOMAIN:
1215 case SO_ERROR:
1216 return -ENOPROTOOPT;
1217#ifdef CONFIG_NET_RX_BUSY_POLL
1218 case SO_BUSY_POLL:
1219 if (val < 0)
1220 return -EINVAL;
1221 WRITE_ONCE(sk->sk_ll_usec, val);
1222 return 0;
1223 case SO_PREFER_BUSY_POLL:
1224 if (valbool && !sockopt_capable(CAP_NET_ADMIN))
1225 return -EPERM;
1226 WRITE_ONCE(sk->sk_prefer_busy_poll, valbool);
1227 return 0;
1228 case SO_BUSY_POLL_BUDGET:
1229 if (val > READ_ONCE(sk->sk_busy_poll_budget) &&
1230 !sockopt_capable(CAP_NET_ADMIN))
1231 return -EPERM;
1232 if (val < 0 || val > U16_MAX)
1233 return -EINVAL;
1234 WRITE_ONCE(sk->sk_busy_poll_budget, val);
1235 return 0;
1236#endif
1237 case SO_MAX_PACING_RATE:
1238 {
1239 unsigned long ulval = (val == ~0U) ? ~0UL : (unsigned int)val;
1240 unsigned long pacing_rate;
1241
1242 if (sizeof(ulval) != sizeof(val) &&
1243 optlen >= sizeof(ulval) &&
1244 copy_from_sockptr(&ulval, optval, sizeof(ulval))) {
1245 return -EFAULT;
1246 }
1247 if (ulval != ~0UL)
1248 cmpxchg(&sk->sk_pacing_status,
1249 SK_PACING_NONE,
1250 SK_PACING_NEEDED);
1251 /* Pairs with READ_ONCE() from sk_getsockopt() */
1252 WRITE_ONCE(sk->sk_max_pacing_rate, ulval);
1253 pacing_rate = READ_ONCE(sk->sk_pacing_rate);
1254 if (ulval < pacing_rate)
1255 WRITE_ONCE(sk->sk_pacing_rate, ulval);
1256 return 0;
1257 }
1258 case SO_TXREHASH:
1259 if (val < -1 || val > 1)
1260 return -EINVAL;
1261 if ((u8)val == SOCK_TXREHASH_DEFAULT)
1262 val = READ_ONCE(sock_net(sk)->core.sysctl_txrehash);
1263 /* Paired with READ_ONCE() in tcp_rtx_synack()
1264 * and sk_getsockopt().
1265 */
1266 WRITE_ONCE(sk->sk_txrehash, (u8)val);
1267 return 0;
1268 case SO_PEEK_OFF:
1269 {
1270 int (*set_peek_off)(struct sock *sk, int val);
1271
1272 set_peek_off = READ_ONCE(sock->ops)->set_peek_off;
1273 if (set_peek_off)
1274 ret = set_peek_off(sk, val);
1275 else
1276 ret = -EOPNOTSUPP;
1277 return ret;
1278 }
1279#ifdef CONFIG_PAGE_POOL
1280 case SO_DEVMEM_DONTNEED:
1281 return sock_devmem_dontneed(sk, optval, optlen);
1282#endif
1283 }
1284
1285 sockopt_lock_sock(sk);
1286
1287 switch (optname) {
1288 case SO_DEBUG:
1289 if (val && !sockopt_capable(CAP_NET_ADMIN))
1290 ret = -EACCES;
1291 else
1292 sock_valbool_flag(sk, SOCK_DBG, valbool);
1293 break;
1294 case SO_REUSEADDR:
1295 sk->sk_reuse = (valbool ? SK_CAN_REUSE : SK_NO_REUSE);
1296 break;
1297 case SO_REUSEPORT:
1298 if (valbool && !sk_is_inet(sk))
1299 ret = -EOPNOTSUPP;
1300 else
1301 sk->sk_reuseport = valbool;
1302 break;
1303 case SO_DONTROUTE:
1304 sock_valbool_flag(sk, SOCK_LOCALROUTE, valbool);
1305 sk_dst_reset(sk);
1306 break;
1307 case SO_BROADCAST:
1308 sock_valbool_flag(sk, SOCK_BROADCAST, valbool);
1309 break;
1310 case SO_SNDBUF:
1311 /* Don't error on this BSD doesn't and if you think
1312 * about it this is right. Otherwise apps have to
1313 * play 'guess the biggest size' games. RCVBUF/SNDBUF
1314 * are treated in BSD as hints
1315 */
1316 val = min_t(u32, val, READ_ONCE(sysctl_wmem_max));
1317set_sndbuf:
1318 /* Ensure val * 2 fits into an int, to prevent max_t()
1319 * from treating it as a negative value.
1320 */
1321 val = min_t(int, val, INT_MAX / 2);
1322 sk->sk_userlocks |= SOCK_SNDBUF_LOCK;
1323 WRITE_ONCE(sk->sk_sndbuf,
1324 max_t(int, val * 2, SOCK_MIN_SNDBUF));
1325 /* Wake up sending tasks if we upped the value. */
1326 sk->sk_write_space(sk);
1327 break;
1328
1329 case SO_SNDBUFFORCE:
1330 if (!sockopt_capable(CAP_NET_ADMIN)) {
1331 ret = -EPERM;
1332 break;
1333 }
1334
1335 /* No negative values (to prevent underflow, as val will be
1336 * multiplied by 2).
1337 */
1338 if (val < 0)
1339 val = 0;
1340 goto set_sndbuf;
1341
1342 case SO_RCVBUF:
1343 /* Don't error on this BSD doesn't and if you think
1344 * about it this is right. Otherwise apps have to
1345 * play 'guess the biggest size' games. RCVBUF/SNDBUF
1346 * are treated in BSD as hints
1347 */
1348 __sock_set_rcvbuf(sk, min_t(u32, val, READ_ONCE(sysctl_rmem_max)));
1349 break;
1350
1351 case SO_RCVBUFFORCE:
1352 if (!sockopt_capable(CAP_NET_ADMIN)) {
1353 ret = -EPERM;
1354 break;
1355 }
1356
1357 /* No negative values (to prevent underflow, as val will be
1358 * multiplied by 2).
1359 */
1360 __sock_set_rcvbuf(sk, max(val, 0));
1361 break;
1362
1363 case SO_KEEPALIVE:
1364 if (sk->sk_prot->keepalive)
1365 sk->sk_prot->keepalive(sk, valbool);
1366 sock_valbool_flag(sk, SOCK_KEEPOPEN, valbool);
1367 break;
1368
1369 case SO_OOBINLINE:
1370 sock_valbool_flag(sk, SOCK_URGINLINE, valbool);
1371 break;
1372
1373 case SO_NO_CHECK:
1374 sk->sk_no_check_tx = valbool;
1375 break;
1376
1377 case SO_LINGER:
1378 if (optlen < sizeof(ling)) {
1379 ret = -EINVAL; /* 1003.1g */
1380 break;
1381 }
1382 if (copy_from_sockptr(&ling, optval, sizeof(ling))) {
1383 ret = -EFAULT;
1384 break;
1385 }
1386 if (!ling.l_onoff) {
1387 sock_reset_flag(sk, SOCK_LINGER);
1388 } else {
1389 unsigned long t_sec = ling.l_linger;
1390
1391 if (t_sec >= MAX_SCHEDULE_TIMEOUT / HZ)
1392 WRITE_ONCE(sk->sk_lingertime, MAX_SCHEDULE_TIMEOUT);
1393 else
1394 WRITE_ONCE(sk->sk_lingertime, t_sec * HZ);
1395 sock_set_flag(sk, SOCK_LINGER);
1396 }
1397 break;
1398
1399 case SO_BSDCOMPAT:
1400 break;
1401
1402 case SO_TIMESTAMP_OLD:
1403 case SO_TIMESTAMP_NEW:
1404 case SO_TIMESTAMPNS_OLD:
1405 case SO_TIMESTAMPNS_NEW:
1406 sock_set_timestamp(sk, optname, valbool);
1407 break;
1408
1409 case SO_TIMESTAMPING_NEW:
1410 case SO_TIMESTAMPING_OLD:
1411 if (optlen == sizeof(timestamping)) {
1412 if (copy_from_sockptr(×tamping, optval,
1413 sizeof(timestamping))) {
1414 ret = -EFAULT;
1415 break;
1416 }
1417 } else {
1418 memset(×tamping, 0, sizeof(timestamping));
1419 timestamping.flags = val;
1420 }
1421 ret = sock_set_timestamping(sk, optname, timestamping);
1422 break;
1423
1424 case SO_RCVLOWAT:
1425 {
1426 int (*set_rcvlowat)(struct sock *sk, int val) = NULL;
1427
1428 if (val < 0)
1429 val = INT_MAX;
1430 if (sock)
1431 set_rcvlowat = READ_ONCE(sock->ops)->set_rcvlowat;
1432 if (set_rcvlowat)
1433 ret = set_rcvlowat(sk, val);
1434 else
1435 WRITE_ONCE(sk->sk_rcvlowat, val ? : 1);
1436 break;
1437 }
1438 case SO_RCVTIMEO_OLD:
1439 case SO_RCVTIMEO_NEW:
1440 ret = sock_set_timeout(&sk->sk_rcvtimeo, optval,
1441 optlen, optname == SO_RCVTIMEO_OLD);
1442 break;
1443
1444 case SO_SNDTIMEO_OLD:
1445 case SO_SNDTIMEO_NEW:
1446 ret = sock_set_timeout(&sk->sk_sndtimeo, optval,
1447 optlen, optname == SO_SNDTIMEO_OLD);
1448 break;
1449
1450 case SO_ATTACH_FILTER: {
1451 struct sock_fprog fprog;
1452
1453 ret = copy_bpf_fprog_from_user(&fprog, optval, optlen);
1454 if (!ret)
1455 ret = sk_attach_filter(&fprog, sk);
1456 break;
1457 }
1458 case SO_ATTACH_BPF:
1459 ret = -EINVAL;
1460 if (optlen == sizeof(u32)) {
1461 u32 ufd;
1462
1463 ret = -EFAULT;
1464 if (copy_from_sockptr(&ufd, optval, sizeof(ufd)))
1465 break;
1466
1467 ret = sk_attach_bpf(ufd, sk);
1468 }
1469 break;
1470
1471 case SO_ATTACH_REUSEPORT_CBPF: {
1472 struct sock_fprog fprog;
1473
1474 ret = copy_bpf_fprog_from_user(&fprog, optval, optlen);
1475 if (!ret)
1476 ret = sk_reuseport_attach_filter(&fprog, sk);
1477 break;
1478 }
1479 case SO_ATTACH_REUSEPORT_EBPF:
1480 ret = -EINVAL;
1481 if (optlen == sizeof(u32)) {
1482 u32 ufd;
1483
1484 ret = -EFAULT;
1485 if (copy_from_sockptr(&ufd, optval, sizeof(ufd)))
1486 break;
1487
1488 ret = sk_reuseport_attach_bpf(ufd, sk);
1489 }
1490 break;
1491
1492 case SO_DETACH_REUSEPORT_BPF:
1493 ret = reuseport_detach_prog(sk);
1494 break;
1495
1496 case SO_DETACH_FILTER:
1497 ret = sk_detach_filter(sk);
1498 break;
1499
1500 case SO_LOCK_FILTER:
1501 if (sock_flag(sk, SOCK_FILTER_LOCKED) && !valbool)
1502 ret = -EPERM;
1503 else
1504 sock_valbool_flag(sk, SOCK_FILTER_LOCKED, valbool);
1505 break;
1506
1507 case SO_MARK:
1508 if (!sockopt_ns_capable(sock_net(sk)->user_ns, CAP_NET_RAW) &&
1509 !sockopt_ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) {
1510 ret = -EPERM;
1511 break;
1512 }
1513
1514 __sock_set_mark(sk, val);
1515 break;
1516 case SO_RCVMARK:
1517 sock_valbool_flag(sk, SOCK_RCVMARK, valbool);
1518 break;
1519
1520 case SO_RXQ_OVFL:
1521 sock_valbool_flag(sk, SOCK_RXQ_OVFL, valbool);
1522 break;
1523
1524 case SO_WIFI_STATUS:
1525 sock_valbool_flag(sk, SOCK_WIFI_STATUS, valbool);
1526 break;
1527
1528 case SO_NOFCS:
1529 sock_valbool_flag(sk, SOCK_NOFCS, valbool);
1530 break;
1531
1532 case SO_SELECT_ERR_QUEUE:
1533 sock_valbool_flag(sk, SOCK_SELECT_ERR_QUEUE, valbool);
1534 break;
1535
1536
1537 case SO_INCOMING_CPU:
1538 reuseport_update_incoming_cpu(sk, val);
1539 break;
1540
1541 case SO_CNX_ADVICE:
1542 if (val == 1)
1543 dst_negative_advice(sk);
1544 break;
1545
1546 case SO_ZEROCOPY:
1547 if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6) {
1548 if (!(sk_is_tcp(sk) ||
1549 (sk->sk_type == SOCK_DGRAM &&
1550 sk->sk_protocol == IPPROTO_UDP)))
1551 ret = -EOPNOTSUPP;
1552 } else if (sk->sk_family != PF_RDS) {
1553 ret = -EOPNOTSUPP;
1554 }
1555 if (!ret) {
1556 if (val < 0 || val > 1)
1557 ret = -EINVAL;
1558 else
1559 sock_valbool_flag(sk, SOCK_ZEROCOPY, valbool);
1560 }
1561 break;
1562
1563 case SO_TXTIME:
1564 if (optlen != sizeof(struct sock_txtime)) {
1565 ret = -EINVAL;
1566 break;
1567 } else if (copy_from_sockptr(&sk_txtime, optval,
1568 sizeof(struct sock_txtime))) {
1569 ret = -EFAULT;
1570 break;
1571 } else if (sk_txtime.flags & ~SOF_TXTIME_FLAGS_MASK) {
1572 ret = -EINVAL;
1573 break;
1574 }
1575 /* CLOCK_MONOTONIC is only used by sch_fq, and this packet
1576 * scheduler has enough safe guards.
1577 */
1578 if (sk_txtime.clockid != CLOCK_MONOTONIC &&
1579 !sockopt_ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) {
1580 ret = -EPERM;
1581 break;
1582 }
1583
1584 ret = sockopt_validate_clockid(sk_txtime.clockid);
1585 if (ret)
1586 break;
1587
1588 sock_valbool_flag(sk, SOCK_TXTIME, true);
1589 sk->sk_clockid = sk_txtime.clockid;
1590 sk->sk_txtime_deadline_mode =
1591 !!(sk_txtime.flags & SOF_TXTIME_DEADLINE_MODE);
1592 sk->sk_txtime_report_errors =
1593 !!(sk_txtime.flags & SOF_TXTIME_REPORT_ERRORS);
1594 break;
1595
1596 case SO_BINDTOIFINDEX:
1597 ret = sock_bindtoindex_locked(sk, val);
1598 break;
1599
1600 case SO_BUF_LOCK:
1601 if (val & ~SOCK_BUF_LOCK_MASK) {
1602 ret = -EINVAL;
1603 break;
1604 }
1605 sk->sk_userlocks = val | (sk->sk_userlocks &
1606 ~SOCK_BUF_LOCK_MASK);
1607 break;
1608
1609 case SO_RESERVE_MEM:
1610 {
1611 int delta;
1612
1613 if (val < 0) {
1614 ret = -EINVAL;
1615 break;
1616 }
1617
1618 delta = val - sk->sk_reserved_mem;
1619 if (delta < 0)
1620 sock_release_reserved_memory(sk, -delta);
1621 else
1622 ret = sock_reserve_memory(sk, delta);
1623 break;
1624 }
1625
1626 default:
1627 ret = -ENOPROTOOPT;
1628 break;
1629 }
1630 sockopt_release_sock(sk);
1631 return ret;
1632}
1633
1634int sock_setsockopt(struct socket *sock, int level, int optname,
1635 sockptr_t optval, unsigned int optlen)
1636{
1637 return sk_setsockopt(sock->sk, level, optname,
1638 optval, optlen);
1639}
1640EXPORT_SYMBOL(sock_setsockopt);
1641
1642static const struct cred *sk_get_peer_cred(struct sock *sk)
1643{
1644 const struct cred *cred;
1645
1646 spin_lock(&sk->sk_peer_lock);
1647 cred = get_cred(sk->sk_peer_cred);
1648 spin_unlock(&sk->sk_peer_lock);
1649
1650 return cred;
1651}
1652
1653static void cred_to_ucred(struct pid *pid, const struct cred *cred,
1654 struct ucred *ucred)
1655{
1656 ucred->pid = pid_vnr(pid);
1657 ucred->uid = ucred->gid = -1;
1658 if (cred) {
1659 struct user_namespace *current_ns = current_user_ns();
1660
1661 ucred->uid = from_kuid_munged(current_ns, cred->euid);
1662 ucred->gid = from_kgid_munged(current_ns, cred->egid);
1663 }
1664}
1665
1666static int groups_to_user(sockptr_t dst, const struct group_info *src)
1667{
1668 struct user_namespace *user_ns = current_user_ns();
1669 int i;
1670
1671 for (i = 0; i < src->ngroups; i++) {
1672 gid_t gid = from_kgid_munged(user_ns, src->gid[i]);
1673
1674 if (copy_to_sockptr_offset(dst, i * sizeof(gid), &gid, sizeof(gid)))
1675 return -EFAULT;
1676 }
1677
1678 return 0;
1679}
1680
1681int sk_getsockopt(struct sock *sk, int level, int optname,
1682 sockptr_t optval, sockptr_t optlen)
1683{
1684 struct socket *sock = sk->sk_socket;
1685
1686 union {
1687 int val;
1688 u64 val64;
1689 unsigned long ulval;
1690 struct linger ling;
1691 struct old_timeval32 tm32;
1692 struct __kernel_old_timeval tm;
1693 struct __kernel_sock_timeval stm;
1694 struct sock_txtime txtime;
1695 struct so_timestamping timestamping;
1696 } v;
1697
1698 int lv = sizeof(int);
1699 int len;
1700
1701 if (copy_from_sockptr(&len, optlen, sizeof(int)))
1702 return -EFAULT;
1703 if (len < 0)
1704 return -EINVAL;
1705
1706 memset(&v, 0, sizeof(v));
1707
1708 switch (optname) {
1709 case SO_DEBUG:
1710 v.val = sock_flag(sk, SOCK_DBG);
1711 break;
1712
1713 case SO_DONTROUTE:
1714 v.val = sock_flag(sk, SOCK_LOCALROUTE);
1715 break;
1716
1717 case SO_BROADCAST:
1718 v.val = sock_flag(sk, SOCK_BROADCAST);
1719 break;
1720
1721 case SO_SNDBUF:
1722 v.val = READ_ONCE(sk->sk_sndbuf);
1723 break;
1724
1725 case SO_RCVBUF:
1726 v.val = READ_ONCE(sk->sk_rcvbuf);
1727 break;
1728
1729 case SO_REUSEADDR:
1730 v.val = sk->sk_reuse;
1731 break;
1732
1733 case SO_REUSEPORT:
1734 v.val = sk->sk_reuseport;
1735 break;
1736
1737 case SO_KEEPALIVE:
1738 v.val = sock_flag(sk, SOCK_KEEPOPEN);
1739 break;
1740
1741 case SO_TYPE:
1742 v.val = sk->sk_type;
1743 break;
1744
1745 case SO_PROTOCOL:
1746 v.val = sk->sk_protocol;
1747 break;
1748
1749 case SO_DOMAIN:
1750 v.val = sk->sk_family;
1751 break;
1752
1753 case SO_ERROR:
1754 v.val = -sock_error(sk);
1755 if (v.val == 0)
1756 v.val = xchg(&sk->sk_err_soft, 0);
1757 break;
1758
1759 case SO_OOBINLINE:
1760 v.val = sock_flag(sk, SOCK_URGINLINE);
1761 break;
1762
1763 case SO_NO_CHECK:
1764 v.val = sk->sk_no_check_tx;
1765 break;
1766
1767 case SO_PRIORITY:
1768 v.val = READ_ONCE(sk->sk_priority);
1769 break;
1770
1771 case SO_LINGER:
1772 lv = sizeof(v.ling);
1773 v.ling.l_onoff = sock_flag(sk, SOCK_LINGER);
1774 v.ling.l_linger = READ_ONCE(sk->sk_lingertime) / HZ;
1775 break;
1776
1777 case SO_BSDCOMPAT:
1778 break;
1779
1780 case SO_TIMESTAMP_OLD:
1781 v.val = sock_flag(sk, SOCK_RCVTSTAMP) &&
1782 !sock_flag(sk, SOCK_TSTAMP_NEW) &&
1783 !sock_flag(sk, SOCK_RCVTSTAMPNS);
1784 break;
1785
1786 case SO_TIMESTAMPNS_OLD:
1787 v.val = sock_flag(sk, SOCK_RCVTSTAMPNS) && !sock_flag(sk, SOCK_TSTAMP_NEW);
1788 break;
1789
1790 case SO_TIMESTAMP_NEW:
1791 v.val = sock_flag(sk, SOCK_RCVTSTAMP) && sock_flag(sk, SOCK_TSTAMP_NEW);
1792 break;
1793
1794 case SO_TIMESTAMPNS_NEW:
1795 v.val = sock_flag(sk, SOCK_RCVTSTAMPNS) && sock_flag(sk, SOCK_TSTAMP_NEW);
1796 break;
1797
1798 case SO_TIMESTAMPING_OLD:
1799 case SO_TIMESTAMPING_NEW:
1800 lv = sizeof(v.timestamping);
1801 /* For the later-added case SO_TIMESTAMPING_NEW: Be strict about only
1802 * returning the flags when they were set through the same option.
1803 * Don't change the beviour for the old case SO_TIMESTAMPING_OLD.
1804 */
1805 if (optname == SO_TIMESTAMPING_OLD || sock_flag(sk, SOCK_TSTAMP_NEW)) {
1806 v.timestamping.flags = READ_ONCE(sk->sk_tsflags);
1807 v.timestamping.bind_phc = READ_ONCE(sk->sk_bind_phc);
1808 }
1809 break;
1810
1811 case SO_RCVTIMEO_OLD:
1812 case SO_RCVTIMEO_NEW:
1813 lv = sock_get_timeout(READ_ONCE(sk->sk_rcvtimeo), &v,
1814 SO_RCVTIMEO_OLD == optname);
1815 break;
1816
1817 case SO_SNDTIMEO_OLD:
1818 case SO_SNDTIMEO_NEW:
1819 lv = sock_get_timeout(READ_ONCE(sk->sk_sndtimeo), &v,
1820 SO_SNDTIMEO_OLD == optname);
1821 break;
1822
1823 case SO_RCVLOWAT:
1824 v.val = READ_ONCE(sk->sk_rcvlowat);
1825 break;
1826
1827 case SO_SNDLOWAT:
1828 v.val = 1;
1829 break;
1830
1831 case SO_PASSCRED:
1832 v.val = !!test_bit(SOCK_PASSCRED, &sock->flags);
1833 break;
1834
1835 case SO_PASSPIDFD:
1836 v.val = !!test_bit(SOCK_PASSPIDFD, &sock->flags);
1837 break;
1838
1839 case SO_PEERCRED:
1840 {
1841 struct ucred peercred;
1842 if (len > sizeof(peercred))
1843 len = sizeof(peercred);
1844
1845 spin_lock(&sk->sk_peer_lock);
1846 cred_to_ucred(sk->sk_peer_pid, sk->sk_peer_cred, &peercred);
1847 spin_unlock(&sk->sk_peer_lock);
1848
1849 if (copy_to_sockptr(optval, &peercred, len))
1850 return -EFAULT;
1851 goto lenout;
1852 }
1853
1854 case SO_PEERPIDFD:
1855 {
1856 struct pid *peer_pid;
1857 struct file *pidfd_file = NULL;
1858 int pidfd;
1859
1860 if (len > sizeof(pidfd))
1861 len = sizeof(pidfd);
1862
1863 spin_lock(&sk->sk_peer_lock);
1864 peer_pid = get_pid(sk->sk_peer_pid);
1865 spin_unlock(&sk->sk_peer_lock);
1866
1867 if (!peer_pid)
1868 return -ENODATA;
1869
1870 pidfd = pidfd_prepare(peer_pid, 0, &pidfd_file);
1871 put_pid(peer_pid);
1872 if (pidfd < 0)
1873 return pidfd;
1874
1875 if (copy_to_sockptr(optval, &pidfd, len) ||
1876 copy_to_sockptr(optlen, &len, sizeof(int))) {
1877 put_unused_fd(pidfd);
1878 fput(pidfd_file);
1879
1880 return -EFAULT;
1881 }
1882
1883 fd_install(pidfd, pidfd_file);
1884 return 0;
1885 }
1886
1887 case SO_PEERGROUPS:
1888 {
1889 const struct cred *cred;
1890 int ret, n;
1891
1892 cred = sk_get_peer_cred(sk);
1893 if (!cred)
1894 return -ENODATA;
1895
1896 n = cred->group_info->ngroups;
1897 if (len < n * sizeof(gid_t)) {
1898 len = n * sizeof(gid_t);
1899 put_cred(cred);
1900 return copy_to_sockptr(optlen, &len, sizeof(int)) ? -EFAULT : -ERANGE;
1901 }
1902 len = n * sizeof(gid_t);
1903
1904 ret = groups_to_user(optval, cred->group_info);
1905 put_cred(cred);
1906 if (ret)
1907 return ret;
1908 goto lenout;
1909 }
1910
1911 case SO_PEERNAME:
1912 {
1913 struct sockaddr_storage address;
1914
1915 lv = READ_ONCE(sock->ops)->getname(sock, (struct sockaddr *)&address, 2);
1916 if (lv < 0)
1917 return -ENOTCONN;
1918 if (lv < len)
1919 return -EINVAL;
1920 if (copy_to_sockptr(optval, &address, len))
1921 return -EFAULT;
1922 goto lenout;
1923 }
1924
1925 /* Dubious BSD thing... Probably nobody even uses it, but
1926 * the UNIX standard wants it for whatever reason... -DaveM
1927 */
1928 case SO_ACCEPTCONN:
1929 v.val = sk->sk_state == TCP_LISTEN;
1930 break;
1931
1932 case SO_PASSSEC:
1933 v.val = !!test_bit(SOCK_PASSSEC, &sock->flags);
1934 break;
1935
1936 case SO_PEERSEC:
1937 return security_socket_getpeersec_stream(sock,
1938 optval, optlen, len);
1939
1940 case SO_MARK:
1941 v.val = READ_ONCE(sk->sk_mark);
1942 break;
1943
1944 case SO_RCVMARK:
1945 v.val = sock_flag(sk, SOCK_RCVMARK);
1946 break;
1947
1948 case SO_RXQ_OVFL:
1949 v.val = sock_flag(sk, SOCK_RXQ_OVFL);
1950 break;
1951
1952 case SO_WIFI_STATUS:
1953 v.val = sock_flag(sk, SOCK_WIFI_STATUS);
1954 break;
1955
1956 case SO_PEEK_OFF:
1957 if (!READ_ONCE(sock->ops)->set_peek_off)
1958 return -EOPNOTSUPP;
1959
1960 v.val = READ_ONCE(sk->sk_peek_off);
1961 break;
1962 case SO_NOFCS:
1963 v.val = sock_flag(sk, SOCK_NOFCS);
1964 break;
1965
1966 case SO_BINDTODEVICE:
1967 return sock_getbindtodevice(sk, optval, optlen, len);
1968
1969 case SO_GET_FILTER:
1970 len = sk_get_filter(sk, optval, len);
1971 if (len < 0)
1972 return len;
1973
1974 goto lenout;
1975
1976 case SO_LOCK_FILTER:
1977 v.val = sock_flag(sk, SOCK_FILTER_LOCKED);
1978 break;
1979
1980 case SO_BPF_EXTENSIONS:
1981 v.val = bpf_tell_extensions();
1982 break;
1983
1984 case SO_SELECT_ERR_QUEUE:
1985 v.val = sock_flag(sk, SOCK_SELECT_ERR_QUEUE);
1986 break;
1987
1988#ifdef CONFIG_NET_RX_BUSY_POLL
1989 case SO_BUSY_POLL:
1990 v.val = READ_ONCE(sk->sk_ll_usec);
1991 break;
1992 case SO_PREFER_BUSY_POLL:
1993 v.val = READ_ONCE(sk->sk_prefer_busy_poll);
1994 break;
1995#endif
1996
1997 case SO_MAX_PACING_RATE:
1998 /* The READ_ONCE() pair with the WRITE_ONCE() in sk_setsockopt() */
1999 if (sizeof(v.ulval) != sizeof(v.val) && len >= sizeof(v.ulval)) {
2000 lv = sizeof(v.ulval);
2001 v.ulval = READ_ONCE(sk->sk_max_pacing_rate);
2002 } else {
2003 /* 32bit version */
2004 v.val = min_t(unsigned long, ~0U,
2005 READ_ONCE(sk->sk_max_pacing_rate));
2006 }
2007 break;
2008
2009 case SO_INCOMING_CPU:
2010 v.val = READ_ONCE(sk->sk_incoming_cpu);
2011 break;
2012
2013 case SO_MEMINFO:
2014 {
2015 u32 meminfo[SK_MEMINFO_VARS];
2016
2017 sk_get_meminfo(sk, meminfo);
2018
2019 len = min_t(unsigned int, len, sizeof(meminfo));
2020 if (copy_to_sockptr(optval, &meminfo, len))
2021 return -EFAULT;
2022
2023 goto lenout;
2024 }
2025
2026#ifdef CONFIG_NET_RX_BUSY_POLL
2027 case SO_INCOMING_NAPI_ID:
2028 v.val = READ_ONCE(sk->sk_napi_id);
2029
2030 /* aggregate non-NAPI IDs down to 0 */
2031 if (v.val < MIN_NAPI_ID)
2032 v.val = 0;
2033
2034 break;
2035#endif
2036
2037 case SO_COOKIE:
2038 lv = sizeof(u64);
2039 if (len < lv)
2040 return -EINVAL;
2041 v.val64 = sock_gen_cookie(sk);
2042 break;
2043
2044 case SO_ZEROCOPY:
2045 v.val = sock_flag(sk, SOCK_ZEROCOPY);
2046 break;
2047
2048 case SO_TXTIME:
2049 lv = sizeof(v.txtime);
2050 v.txtime.clockid = sk->sk_clockid;
2051 v.txtime.flags |= sk->sk_txtime_deadline_mode ?
2052 SOF_TXTIME_DEADLINE_MODE : 0;
2053 v.txtime.flags |= sk->sk_txtime_report_errors ?
2054 SOF_TXTIME_REPORT_ERRORS : 0;
2055 break;
2056
2057 case SO_BINDTOIFINDEX:
2058 v.val = READ_ONCE(sk->sk_bound_dev_if);
2059 break;
2060
2061 case SO_NETNS_COOKIE:
2062 lv = sizeof(u64);
2063 if (len != lv)
2064 return -EINVAL;
2065 v.val64 = sock_net(sk)->net_cookie;
2066 break;
2067
2068 case SO_BUF_LOCK:
2069 v.val = sk->sk_userlocks & SOCK_BUF_LOCK_MASK;
2070 break;
2071
2072 case SO_RESERVE_MEM:
2073 v.val = READ_ONCE(sk->sk_reserved_mem);
2074 break;
2075
2076 case SO_TXREHASH:
2077 /* Paired with WRITE_ONCE() in sk_setsockopt() */
2078 v.val = READ_ONCE(sk->sk_txrehash);
2079 break;
2080
2081 default:
2082 /* We implement the SO_SNDLOWAT etc to not be settable
2083 * (1003.1g 7).
2084 */
2085 return -ENOPROTOOPT;
2086 }
2087
2088 if (len > lv)
2089 len = lv;
2090 if (copy_to_sockptr(optval, &v, len))
2091 return -EFAULT;
2092lenout:
2093 if (copy_to_sockptr(optlen, &len, sizeof(int)))
2094 return -EFAULT;
2095 return 0;
2096}
2097
2098/*
2099 * Initialize an sk_lock.
2100 *
2101 * (We also register the sk_lock with the lock validator.)
2102 */
2103static inline void sock_lock_init(struct sock *sk)
2104{
2105 if (sk->sk_kern_sock)
2106 sock_lock_init_class_and_name(
2107 sk,
2108 af_family_kern_slock_key_strings[sk->sk_family],
2109 af_family_kern_slock_keys + sk->sk_family,
2110 af_family_kern_key_strings[sk->sk_family],
2111 af_family_kern_keys + sk->sk_family);
2112 else
2113 sock_lock_init_class_and_name(
2114 sk,
2115 af_family_slock_key_strings[sk->sk_family],
2116 af_family_slock_keys + sk->sk_family,
2117 af_family_key_strings[sk->sk_family],
2118 af_family_keys + sk->sk_family);
2119}
2120
2121/*
2122 * Copy all fields from osk to nsk but nsk->sk_refcnt must not change yet,
2123 * even temporarily, because of RCU lookups. sk_node should also be left as is.
2124 * We must not copy fields between sk_dontcopy_begin and sk_dontcopy_end
2125 */
2126static void sock_copy(struct sock *nsk, const struct sock *osk)
2127{
2128 const struct proto *prot = READ_ONCE(osk->sk_prot);
2129#ifdef CONFIG_SECURITY_NETWORK
2130 void *sptr = nsk->sk_security;
2131#endif
2132
2133 /* If we move sk_tx_queue_mapping out of the private section,
2134 * we must check if sk_tx_queue_clear() is called after
2135 * sock_copy() in sk_clone_lock().
2136 */
2137 BUILD_BUG_ON(offsetof(struct sock, sk_tx_queue_mapping) <
2138 offsetof(struct sock, sk_dontcopy_begin) ||
2139 offsetof(struct sock, sk_tx_queue_mapping) >=
2140 offsetof(struct sock, sk_dontcopy_end));
2141
2142 memcpy(nsk, osk, offsetof(struct sock, sk_dontcopy_begin));
2143
2144 unsafe_memcpy(&nsk->sk_dontcopy_end, &osk->sk_dontcopy_end,
2145 prot->obj_size - offsetof(struct sock, sk_dontcopy_end),
2146 /* alloc is larger than struct, see sk_prot_alloc() */);
2147
2148#ifdef CONFIG_SECURITY_NETWORK
2149 nsk->sk_security = sptr;
2150 security_sk_clone(osk, nsk);
2151#endif
2152}
2153
2154static struct sock *sk_prot_alloc(struct proto *prot, gfp_t priority,
2155 int family)
2156{
2157 struct sock *sk;
2158 struct kmem_cache *slab;
2159
2160 slab = prot->slab;
2161 if (slab != NULL) {
2162 sk = kmem_cache_alloc(slab, priority & ~__GFP_ZERO);
2163 if (!sk)
2164 return sk;
2165 if (want_init_on_alloc(priority))
2166 sk_prot_clear_nulls(sk, prot->obj_size);
2167 } else
2168 sk = kmalloc(prot->obj_size, priority);
2169
2170 if (sk != NULL) {
2171 if (security_sk_alloc(sk, family, priority))
2172 goto out_free;
2173
2174 if (!try_module_get(prot->owner))
2175 goto out_free_sec;
2176 }
2177
2178 return sk;
2179
2180out_free_sec:
2181 security_sk_free(sk);
2182out_free:
2183 if (slab != NULL)
2184 kmem_cache_free(slab, sk);
2185 else
2186 kfree(sk);
2187 return NULL;
2188}
2189
2190static void sk_prot_free(struct proto *prot, struct sock *sk)
2191{
2192 struct kmem_cache *slab;
2193 struct module *owner;
2194
2195 owner = prot->owner;
2196 slab = prot->slab;
2197
2198 cgroup_sk_free(&sk->sk_cgrp_data);
2199 mem_cgroup_sk_free(sk);
2200 security_sk_free(sk);
2201 if (slab != NULL)
2202 kmem_cache_free(slab, sk);
2203 else
2204 kfree(sk);
2205 module_put(owner);
2206}
2207
2208/**
2209 * sk_alloc - All socket objects are allocated here
2210 * @net: the applicable net namespace
2211 * @family: protocol family
2212 * @priority: for allocation (%GFP_KERNEL, %GFP_ATOMIC, etc)
2213 * @prot: struct proto associated with this new sock instance
2214 * @kern: is this to be a kernel socket?
2215 */
2216struct sock *sk_alloc(struct net *net, int family, gfp_t priority,
2217 struct proto *prot, int kern)
2218{
2219 struct sock *sk;
2220
2221 sk = sk_prot_alloc(prot, priority | __GFP_ZERO, family);
2222 if (sk) {
2223 sk->sk_family = family;
2224 /*
2225 * See comment in struct sock definition to understand
2226 * why we need sk_prot_creator -acme
2227 */
2228 sk->sk_prot = sk->sk_prot_creator = prot;
2229 sk->sk_kern_sock = kern;
2230 sock_lock_init(sk);
2231 sk->sk_net_refcnt = kern ? 0 : 1;
2232 if (likely(sk->sk_net_refcnt)) {
2233 get_net_track(net, &sk->ns_tracker, priority);
2234 sock_inuse_add(net, 1);
2235 } else {
2236 net_passive_inc(net);
2237 __netns_tracker_alloc(net, &sk->ns_tracker,
2238 false, priority);
2239 }
2240
2241 sock_net_set(sk, net);
2242 refcount_set(&sk->sk_wmem_alloc, 1);
2243
2244 mem_cgroup_sk_alloc(sk);
2245 cgroup_sk_alloc(&sk->sk_cgrp_data);
2246 sock_update_classid(&sk->sk_cgrp_data);
2247 sock_update_netprioidx(&sk->sk_cgrp_data);
2248 sk_tx_queue_clear(sk);
2249 }
2250
2251 return sk;
2252}
2253EXPORT_SYMBOL(sk_alloc);
2254
2255/* Sockets having SOCK_RCU_FREE will call this function after one RCU
2256 * grace period. This is the case for UDP sockets and TCP listeners.
2257 */
2258static void __sk_destruct(struct rcu_head *head)
2259{
2260 struct sock *sk = container_of(head, struct sock, sk_rcu);
2261 struct net *net = sock_net(sk);
2262 struct sk_filter *filter;
2263
2264 if (sk->sk_destruct)
2265 sk->sk_destruct(sk);
2266
2267 filter = rcu_dereference_check(sk->sk_filter,
2268 refcount_read(&sk->sk_wmem_alloc) == 0);
2269 if (filter) {
2270 sk_filter_uncharge(sk, filter);
2271 RCU_INIT_POINTER(sk->sk_filter, NULL);
2272 }
2273
2274 sock_disable_timestamp(sk, SK_FLAGS_TIMESTAMP);
2275
2276#ifdef CONFIG_BPF_SYSCALL
2277 bpf_sk_storage_free(sk);
2278#endif
2279
2280 if (atomic_read(&sk->sk_omem_alloc))
2281 pr_debug("%s: optmem leakage (%d bytes) detected\n",
2282 __func__, atomic_read(&sk->sk_omem_alloc));
2283
2284 if (sk->sk_frag.page) {
2285 put_page(sk->sk_frag.page);
2286 sk->sk_frag.page = NULL;
2287 }
2288
2289 /* We do not need to acquire sk->sk_peer_lock, we are the last user. */
2290 put_cred(sk->sk_peer_cred);
2291 put_pid(sk->sk_peer_pid);
2292
2293 if (likely(sk->sk_net_refcnt)) {
2294 put_net_track(net, &sk->ns_tracker);
2295 } else {
2296 __netns_tracker_free(net, &sk->ns_tracker, false);
2297 net_passive_dec(net);
2298 }
2299 sk_prot_free(sk->sk_prot_creator, sk);
2300}
2301
2302void sk_net_refcnt_upgrade(struct sock *sk)
2303{
2304 struct net *net = sock_net(sk);
2305
2306 WARN_ON_ONCE(sk->sk_net_refcnt);
2307 __netns_tracker_free(net, &sk->ns_tracker, false);
2308 net_passive_dec(net);
2309 sk->sk_net_refcnt = 1;
2310 get_net_track(net, &sk->ns_tracker, GFP_KERNEL);
2311 sock_inuse_add(net, 1);
2312}
2313EXPORT_SYMBOL_GPL(sk_net_refcnt_upgrade);
2314
2315void sk_destruct(struct sock *sk)
2316{
2317 bool use_call_rcu = sock_flag(sk, SOCK_RCU_FREE);
2318
2319 if (rcu_access_pointer(sk->sk_reuseport_cb)) {
2320 reuseport_detach_sock(sk);
2321 use_call_rcu = true;
2322 }
2323
2324 if (use_call_rcu)
2325 call_rcu(&sk->sk_rcu, __sk_destruct);
2326 else
2327 __sk_destruct(&sk->sk_rcu);
2328}
2329
2330static void __sk_free(struct sock *sk)
2331{
2332 if (likely(sk->sk_net_refcnt))
2333 sock_inuse_add(sock_net(sk), -1);
2334
2335 if (unlikely(sk->sk_net_refcnt && sock_diag_has_destroy_listeners(sk)))
2336 sock_diag_broadcast_destroy(sk);
2337 else
2338 sk_destruct(sk);
2339}
2340
2341void sk_free(struct sock *sk)
2342{
2343 /*
2344 * We subtract one from sk_wmem_alloc and can know if
2345 * some packets are still in some tx queue.
2346 * If not null, sock_wfree() will call __sk_free(sk) later
2347 */
2348 if (refcount_dec_and_test(&sk->sk_wmem_alloc))
2349 __sk_free(sk);
2350}
2351EXPORT_SYMBOL(sk_free);
2352
2353static void sk_init_common(struct sock *sk)
2354{
2355 skb_queue_head_init(&sk->sk_receive_queue);
2356 skb_queue_head_init(&sk->sk_write_queue);
2357 skb_queue_head_init(&sk->sk_error_queue);
2358
2359 rwlock_init(&sk->sk_callback_lock);
2360 lockdep_set_class_and_name(&sk->sk_receive_queue.lock,
2361 af_rlock_keys + sk->sk_family,
2362 af_family_rlock_key_strings[sk->sk_family]);
2363 lockdep_set_class_and_name(&sk->sk_write_queue.lock,
2364 af_wlock_keys + sk->sk_family,
2365 af_family_wlock_key_strings[sk->sk_family]);
2366 lockdep_set_class_and_name(&sk->sk_error_queue.lock,
2367 af_elock_keys + sk->sk_family,
2368 af_family_elock_key_strings[sk->sk_family]);
2369 if (sk->sk_kern_sock)
2370 lockdep_set_class_and_name(&sk->sk_callback_lock,
2371 af_kern_callback_keys + sk->sk_family,
2372 af_family_kern_clock_key_strings[sk->sk_family]);
2373 else
2374 lockdep_set_class_and_name(&sk->sk_callback_lock,
2375 af_callback_keys + sk->sk_family,
2376 af_family_clock_key_strings[sk->sk_family]);
2377}
2378
2379/**
2380 * sk_clone_lock - clone a socket, and lock its clone
2381 * @sk: the socket to clone
2382 * @priority: for allocation (%GFP_KERNEL, %GFP_ATOMIC, etc)
2383 *
2384 * Caller must unlock socket even in error path (bh_unlock_sock(newsk))
2385 */
2386struct sock *sk_clone_lock(const struct sock *sk, const gfp_t priority)
2387{
2388 struct proto *prot = READ_ONCE(sk->sk_prot);
2389 struct sk_filter *filter;
2390 bool is_charged = true;
2391 struct sock *newsk;
2392
2393 newsk = sk_prot_alloc(prot, priority, sk->sk_family);
2394 if (!newsk)
2395 goto out;
2396
2397 sock_copy(newsk, sk);
2398
2399 newsk->sk_prot_creator = prot;
2400
2401 /* SANITY */
2402 if (likely(newsk->sk_net_refcnt)) {
2403 get_net_track(sock_net(newsk), &newsk->ns_tracker, priority);
2404 sock_inuse_add(sock_net(newsk), 1);
2405 } else {
2406 /* Kernel sockets are not elevating the struct net refcount.
2407 * Instead, use a tracker to more easily detect if a layer
2408 * is not properly dismantling its kernel sockets at netns
2409 * destroy time.
2410 */
2411 net_passive_inc(sock_net(newsk));
2412 __netns_tracker_alloc(sock_net(newsk), &newsk->ns_tracker,
2413 false, priority);
2414 }
2415 sk_node_init(&newsk->sk_node);
2416 sock_lock_init(newsk);
2417 bh_lock_sock(newsk);
2418 newsk->sk_backlog.head = newsk->sk_backlog.tail = NULL;
2419 newsk->sk_backlog.len = 0;
2420
2421 atomic_set(&newsk->sk_rmem_alloc, 0);
2422
2423 /* sk_wmem_alloc set to one (see sk_free() and sock_wfree()) */
2424 refcount_set(&newsk->sk_wmem_alloc, 1);
2425
2426 atomic_set(&newsk->sk_omem_alloc, 0);
2427 sk_init_common(newsk);
2428
2429 newsk->sk_dst_cache = NULL;
2430 newsk->sk_dst_pending_confirm = 0;
2431 newsk->sk_wmem_queued = 0;
2432 newsk->sk_forward_alloc = 0;
2433 newsk->sk_reserved_mem = 0;
2434 atomic_set(&newsk->sk_drops, 0);
2435 newsk->sk_send_head = NULL;
2436 newsk->sk_userlocks = sk->sk_userlocks & ~SOCK_BINDPORT_LOCK;
2437 atomic_set(&newsk->sk_zckey, 0);
2438
2439 sock_reset_flag(newsk, SOCK_DONE);
2440
2441 /* sk->sk_memcg will be populated at accept() time */
2442 newsk->sk_memcg = NULL;
2443
2444 cgroup_sk_clone(&newsk->sk_cgrp_data);
2445
2446 rcu_read_lock();
2447 filter = rcu_dereference(sk->sk_filter);
2448 if (filter != NULL)
2449 /* though it's an empty new sock, the charging may fail
2450 * if sysctl_optmem_max was changed between creation of
2451 * original socket and cloning
2452 */
2453 is_charged = sk_filter_charge(newsk, filter);
2454 RCU_INIT_POINTER(newsk->sk_filter, filter);
2455 rcu_read_unlock();
2456
2457 if (unlikely(!is_charged || xfrm_sk_clone_policy(newsk, sk))) {
2458 /* We need to make sure that we don't uncharge the new
2459 * socket if we couldn't charge it in the first place
2460 * as otherwise we uncharge the parent's filter.
2461 */
2462 if (!is_charged)
2463 RCU_INIT_POINTER(newsk->sk_filter, NULL);
2464 sk_free_unlock_clone(newsk);
2465 newsk = NULL;
2466 goto out;
2467 }
2468 RCU_INIT_POINTER(newsk->sk_reuseport_cb, NULL);
2469
2470 if (bpf_sk_storage_clone(sk, newsk)) {
2471 sk_free_unlock_clone(newsk);
2472 newsk = NULL;
2473 goto out;
2474 }
2475
2476 /* Clear sk_user_data if parent had the pointer tagged
2477 * as not suitable for copying when cloning.
2478 */
2479 if (sk_user_data_is_nocopy(newsk))
2480 newsk->sk_user_data = NULL;
2481
2482 newsk->sk_err = 0;
2483 newsk->sk_err_soft = 0;
2484 newsk->sk_priority = 0;
2485 newsk->sk_incoming_cpu = raw_smp_processor_id();
2486
2487 /* Before updating sk_refcnt, we must commit prior changes to memory
2488 * (Documentation/RCU/rculist_nulls.rst for details)
2489 */
2490 smp_wmb();
2491 refcount_set(&newsk->sk_refcnt, 2);
2492
2493 sk_set_socket(newsk, NULL);
2494 sk_tx_queue_clear(newsk);
2495 RCU_INIT_POINTER(newsk->sk_wq, NULL);
2496
2497 if (newsk->sk_prot->sockets_allocated)
2498 sk_sockets_allocated_inc(newsk);
2499
2500 if (sock_needs_netstamp(sk) && newsk->sk_flags & SK_FLAGS_TIMESTAMP)
2501 net_enable_timestamp();
2502out:
2503 return newsk;
2504}
2505EXPORT_SYMBOL_GPL(sk_clone_lock);
2506
2507void sk_free_unlock_clone(struct sock *sk)
2508{
2509 /* It is still raw copy of parent, so invalidate
2510 * destructor and make plain sk_free() */
2511 sk->sk_destruct = NULL;
2512 bh_unlock_sock(sk);
2513 sk_free(sk);
2514}
2515EXPORT_SYMBOL_GPL(sk_free_unlock_clone);
2516
2517static u32 sk_dst_gso_max_size(struct sock *sk, struct dst_entry *dst)
2518{
2519 bool is_ipv6 = false;
2520 u32 max_size;
2521
2522#if IS_ENABLED(CONFIG_IPV6)
2523 is_ipv6 = (sk->sk_family == AF_INET6 &&
2524 !ipv6_addr_v4mapped(&sk->sk_v6_rcv_saddr));
2525#endif
2526 /* pairs with the WRITE_ONCE() in netif_set_gso(_ipv4)_max_size() */
2527 max_size = is_ipv6 ? READ_ONCE(dst->dev->gso_max_size) :
2528 READ_ONCE(dst->dev->gso_ipv4_max_size);
2529 if (max_size > GSO_LEGACY_MAX_SIZE && !sk_is_tcp(sk))
2530 max_size = GSO_LEGACY_MAX_SIZE;
2531
2532 return max_size - (MAX_TCP_HEADER + 1);
2533}
2534
2535void sk_setup_caps(struct sock *sk, struct dst_entry *dst)
2536{
2537 u32 max_segs = 1;
2538
2539 sk->sk_route_caps = dst->dev->features;
2540 if (sk_is_tcp(sk))
2541 sk->sk_route_caps |= NETIF_F_GSO;
2542 if (sk->sk_route_caps & NETIF_F_GSO)
2543 sk->sk_route_caps |= NETIF_F_GSO_SOFTWARE;
2544 if (unlikely(sk->sk_gso_disabled))
2545 sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
2546 if (sk_can_gso(sk)) {
2547 if (dst->header_len && !xfrm_dst_offload_ok(dst)) {
2548 sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
2549 } else {
2550 sk->sk_route_caps |= NETIF_F_SG | NETIF_F_HW_CSUM;
2551 sk->sk_gso_max_size = sk_dst_gso_max_size(sk, dst);
2552 /* pairs with the WRITE_ONCE() in netif_set_gso_max_segs() */
2553 max_segs = max_t(u32, READ_ONCE(dst->dev->gso_max_segs), 1);
2554 }
2555 }
2556 sk->sk_gso_max_segs = max_segs;
2557 sk_dst_set(sk, dst);
2558}
2559EXPORT_SYMBOL_GPL(sk_setup_caps);
2560
2561/*
2562 * Simple resource managers for sockets.
2563 */
2564
2565
2566/*
2567 * Write buffer destructor automatically called from kfree_skb.
2568 */
2569void sock_wfree(struct sk_buff *skb)
2570{
2571 struct sock *sk = skb->sk;
2572 unsigned int len = skb->truesize;
2573 bool free;
2574
2575 if (!sock_flag(sk, SOCK_USE_WRITE_QUEUE)) {
2576 if (sock_flag(sk, SOCK_RCU_FREE) &&
2577 sk->sk_write_space == sock_def_write_space) {
2578 rcu_read_lock();
2579 free = refcount_sub_and_test(len, &sk->sk_wmem_alloc);
2580 sock_def_write_space_wfree(sk);
2581 rcu_read_unlock();
2582 if (unlikely(free))
2583 __sk_free(sk);
2584 return;
2585 }
2586
2587 /*
2588 * Keep a reference on sk_wmem_alloc, this will be released
2589 * after sk_write_space() call
2590 */
2591 WARN_ON(refcount_sub_and_test(len - 1, &sk->sk_wmem_alloc));
2592 sk->sk_write_space(sk);
2593 len = 1;
2594 }
2595 /*
2596 * if sk_wmem_alloc reaches 0, we must finish what sk_free()
2597 * could not do because of in-flight packets
2598 */
2599 if (refcount_sub_and_test(len, &sk->sk_wmem_alloc))
2600 __sk_free(sk);
2601}
2602EXPORT_SYMBOL(sock_wfree);
2603
2604/* This variant of sock_wfree() is used by TCP,
2605 * since it sets SOCK_USE_WRITE_QUEUE.
2606 */
2607void __sock_wfree(struct sk_buff *skb)
2608{
2609 struct sock *sk = skb->sk;
2610
2611 if (refcount_sub_and_test(skb->truesize, &sk->sk_wmem_alloc))
2612 __sk_free(sk);
2613}
2614
2615void skb_set_owner_w(struct sk_buff *skb, struct sock *sk)
2616{
2617 skb_orphan(skb);
2618#ifdef CONFIG_INET
2619 if (unlikely(!sk_fullsock(sk)))
2620 return skb_set_owner_edemux(skb, sk);
2621#endif
2622 skb->sk = sk;
2623 skb->destructor = sock_wfree;
2624 skb_set_hash_from_sk(skb, sk);
2625 /*
2626 * We used to take a refcount on sk, but following operation
2627 * is enough to guarantee sk_free() won't free this sock until
2628 * all in-flight packets are completed
2629 */
2630 refcount_add(skb->truesize, &sk->sk_wmem_alloc);
2631}
2632EXPORT_SYMBOL(skb_set_owner_w);
2633
2634static bool can_skb_orphan_partial(const struct sk_buff *skb)
2635{
2636 /* Drivers depend on in-order delivery for crypto offload,
2637 * partial orphan breaks out-of-order-OK logic.
2638 */
2639 if (skb_is_decrypted(skb))
2640 return false;
2641
2642 return (skb->destructor == sock_wfree ||
2643 (IS_ENABLED(CONFIG_INET) && skb->destructor == tcp_wfree));
2644}
2645
2646/* This helper is used by netem, as it can hold packets in its
2647 * delay queue. We want to allow the owner socket to send more
2648 * packets, as if they were already TX completed by a typical driver.
2649 * But we also want to keep skb->sk set because some packet schedulers
2650 * rely on it (sch_fq for example).
2651 */
2652void skb_orphan_partial(struct sk_buff *skb)
2653{
2654 if (skb_is_tcp_pure_ack(skb))
2655 return;
2656
2657 if (can_skb_orphan_partial(skb) && skb_set_owner_sk_safe(skb, skb->sk))
2658 return;
2659
2660 skb_orphan(skb);
2661}
2662EXPORT_SYMBOL(skb_orphan_partial);
2663
2664/*
2665 * Read buffer destructor automatically called from kfree_skb.
2666 */
2667void sock_rfree(struct sk_buff *skb)
2668{
2669 struct sock *sk = skb->sk;
2670 unsigned int len = skb->truesize;
2671
2672 atomic_sub(len, &sk->sk_rmem_alloc);
2673 sk_mem_uncharge(sk, len);
2674}
2675EXPORT_SYMBOL(sock_rfree);
2676
2677/*
2678 * Buffer destructor for skbs that are not used directly in read or write
2679 * path, e.g. for error handler skbs. Automatically called from kfree_skb.
2680 */
2681void sock_efree(struct sk_buff *skb)
2682{
2683 sock_put(skb->sk);
2684}
2685EXPORT_SYMBOL(sock_efree);
2686
2687/* Buffer destructor for prefetch/receive path where reference count may
2688 * not be held, e.g. for listen sockets.
2689 */
2690#ifdef CONFIG_INET
2691void sock_pfree(struct sk_buff *skb)
2692{
2693 struct sock *sk = skb->sk;
2694
2695 if (!sk_is_refcounted(sk))
2696 return;
2697
2698 if (sk->sk_state == TCP_NEW_SYN_RECV && inet_reqsk(sk)->syncookie) {
2699 inet_reqsk(sk)->rsk_listener = NULL;
2700 reqsk_free(inet_reqsk(sk));
2701 return;
2702 }
2703
2704 sock_gen_put(sk);
2705}
2706EXPORT_SYMBOL(sock_pfree);
2707#endif /* CONFIG_INET */
2708
2709kuid_t sock_i_uid(struct sock *sk)
2710{
2711 kuid_t uid;
2712
2713 read_lock_bh(&sk->sk_callback_lock);
2714 uid = sk->sk_socket ? SOCK_INODE(sk->sk_socket)->i_uid : GLOBAL_ROOT_UID;
2715 read_unlock_bh(&sk->sk_callback_lock);
2716 return uid;
2717}
2718EXPORT_SYMBOL(sock_i_uid);
2719
2720unsigned long __sock_i_ino(struct sock *sk)
2721{
2722 unsigned long ino;
2723
2724 read_lock(&sk->sk_callback_lock);
2725 ino = sk->sk_socket ? SOCK_INODE(sk->sk_socket)->i_ino : 0;
2726 read_unlock(&sk->sk_callback_lock);
2727 return ino;
2728}
2729EXPORT_SYMBOL(__sock_i_ino);
2730
2731unsigned long sock_i_ino(struct sock *sk)
2732{
2733 unsigned long ino;
2734
2735 local_bh_disable();
2736 ino = __sock_i_ino(sk);
2737 local_bh_enable();
2738 return ino;
2739}
2740EXPORT_SYMBOL(sock_i_ino);
2741
2742/*
2743 * Allocate a skb from the socket's send buffer.
2744 */
2745struct sk_buff *sock_wmalloc(struct sock *sk, unsigned long size, int force,
2746 gfp_t priority)
2747{
2748 if (force ||
2749 refcount_read(&sk->sk_wmem_alloc) < READ_ONCE(sk->sk_sndbuf)) {
2750 struct sk_buff *skb = alloc_skb(size, priority);
2751
2752 if (skb) {
2753 skb_set_owner_w(skb, sk);
2754 return skb;
2755 }
2756 }
2757 return NULL;
2758}
2759EXPORT_SYMBOL(sock_wmalloc);
2760
2761static void sock_ofree(struct sk_buff *skb)
2762{
2763 struct sock *sk = skb->sk;
2764
2765 atomic_sub(skb->truesize, &sk->sk_omem_alloc);
2766}
2767
2768struct sk_buff *sock_omalloc(struct sock *sk, unsigned long size,
2769 gfp_t priority)
2770{
2771 struct sk_buff *skb;
2772
2773 /* small safe race: SKB_TRUESIZE may differ from final skb->truesize */
2774 if (atomic_read(&sk->sk_omem_alloc) + SKB_TRUESIZE(size) >
2775 READ_ONCE(sock_net(sk)->core.sysctl_optmem_max))
2776 return NULL;
2777
2778 skb = alloc_skb(size, priority);
2779 if (!skb)
2780 return NULL;
2781
2782 atomic_add(skb->truesize, &sk->sk_omem_alloc);
2783 skb->sk = sk;
2784 skb->destructor = sock_ofree;
2785 return skb;
2786}
2787
2788/*
2789 * Allocate a memory block from the socket's option memory buffer.
2790 */
2791void *sock_kmalloc(struct sock *sk, int size, gfp_t priority)
2792{
2793 int optmem_max = READ_ONCE(sock_net(sk)->core.sysctl_optmem_max);
2794
2795 if ((unsigned int)size <= optmem_max &&
2796 atomic_read(&sk->sk_omem_alloc) + size < optmem_max) {
2797 void *mem;
2798 /* First do the add, to avoid the race if kmalloc
2799 * might sleep.
2800 */
2801 atomic_add(size, &sk->sk_omem_alloc);
2802 mem = kmalloc(size, priority);
2803 if (mem)
2804 return mem;
2805 atomic_sub(size, &sk->sk_omem_alloc);
2806 }
2807 return NULL;
2808}
2809EXPORT_SYMBOL(sock_kmalloc);
2810
2811/* Free an option memory block. Note, we actually want the inline
2812 * here as this allows gcc to detect the nullify and fold away the
2813 * condition entirely.
2814 */
2815static inline void __sock_kfree_s(struct sock *sk, void *mem, int size,
2816 const bool nullify)
2817{
2818 if (WARN_ON_ONCE(!mem))
2819 return;
2820 if (nullify)
2821 kfree_sensitive(mem);
2822 else
2823 kfree(mem);
2824 atomic_sub(size, &sk->sk_omem_alloc);
2825}
2826
2827void sock_kfree_s(struct sock *sk, void *mem, int size)
2828{
2829 __sock_kfree_s(sk, mem, size, false);
2830}
2831EXPORT_SYMBOL(sock_kfree_s);
2832
2833void sock_kzfree_s(struct sock *sk, void *mem, int size)
2834{
2835 __sock_kfree_s(sk, mem, size, true);
2836}
2837EXPORT_SYMBOL(sock_kzfree_s);
2838
2839/* It is almost wait_for_tcp_memory minus release_sock/lock_sock.
2840 I think, these locks should be removed for datagram sockets.
2841 */
2842static long sock_wait_for_wmem(struct sock *sk, long timeo)
2843{
2844 DEFINE_WAIT(wait);
2845
2846 sk_clear_bit(SOCKWQ_ASYNC_NOSPACE, sk);
2847 for (;;) {
2848 if (!timeo)
2849 break;
2850 if (signal_pending(current))
2851 break;
2852 set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
2853 prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
2854 if (refcount_read(&sk->sk_wmem_alloc) < READ_ONCE(sk->sk_sndbuf))
2855 break;
2856 if (READ_ONCE(sk->sk_shutdown) & SEND_SHUTDOWN)
2857 break;
2858 if (READ_ONCE(sk->sk_err))
2859 break;
2860 timeo = schedule_timeout(timeo);
2861 }
2862 finish_wait(sk_sleep(sk), &wait);
2863 return timeo;
2864}
2865
2866
2867/*
2868 * Generic send/receive buffer handlers
2869 */
2870
2871struct sk_buff *sock_alloc_send_pskb(struct sock *sk, unsigned long header_len,
2872 unsigned long data_len, int noblock,
2873 int *errcode, int max_page_order)
2874{
2875 struct sk_buff *skb;
2876 long timeo;
2877 int err;
2878
2879 timeo = sock_sndtimeo(sk, noblock);
2880 for (;;) {
2881 err = sock_error(sk);
2882 if (err != 0)
2883 goto failure;
2884
2885 err = -EPIPE;
2886 if (READ_ONCE(sk->sk_shutdown) & SEND_SHUTDOWN)
2887 goto failure;
2888
2889 if (sk_wmem_alloc_get(sk) < READ_ONCE(sk->sk_sndbuf))
2890 break;
2891
2892 sk_set_bit(SOCKWQ_ASYNC_NOSPACE, sk);
2893 set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
2894 err = -EAGAIN;
2895 if (!timeo)
2896 goto failure;
2897 if (signal_pending(current))
2898 goto interrupted;
2899 timeo = sock_wait_for_wmem(sk, timeo);
2900 }
2901 skb = alloc_skb_with_frags(header_len, data_len, max_page_order,
2902 errcode, sk->sk_allocation);
2903 if (skb)
2904 skb_set_owner_w(skb, sk);
2905 return skb;
2906
2907interrupted:
2908 err = sock_intr_errno(timeo);
2909failure:
2910 *errcode = err;
2911 return NULL;
2912}
2913EXPORT_SYMBOL(sock_alloc_send_pskb);
2914
2915int __sock_cmsg_send(struct sock *sk, struct cmsghdr *cmsg,
2916 struct sockcm_cookie *sockc)
2917{
2918 u32 tsflags;
2919
2920 BUILD_BUG_ON(SOF_TIMESTAMPING_LAST == (1 << 31));
2921
2922 switch (cmsg->cmsg_type) {
2923 case SO_MARK:
2924 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_RAW) &&
2925 !ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN))
2926 return -EPERM;
2927 if (cmsg->cmsg_len != CMSG_LEN(sizeof(u32)))
2928 return -EINVAL;
2929 sockc->mark = *(u32 *)CMSG_DATA(cmsg);
2930 break;
2931 case SO_TIMESTAMPING_OLD:
2932 case SO_TIMESTAMPING_NEW:
2933 if (cmsg->cmsg_len != CMSG_LEN(sizeof(u32)))
2934 return -EINVAL;
2935
2936 tsflags = *(u32 *)CMSG_DATA(cmsg);
2937 if (tsflags & ~SOF_TIMESTAMPING_TX_RECORD_MASK)
2938 return -EINVAL;
2939
2940 sockc->tsflags &= ~SOF_TIMESTAMPING_TX_RECORD_MASK;
2941 sockc->tsflags |= tsflags;
2942 break;
2943 case SCM_TXTIME:
2944 if (!sock_flag(sk, SOCK_TXTIME))
2945 return -EINVAL;
2946 if (cmsg->cmsg_len != CMSG_LEN(sizeof(u64)))
2947 return -EINVAL;
2948 sockc->transmit_time = get_unaligned((u64 *)CMSG_DATA(cmsg));
2949 break;
2950 case SCM_TS_OPT_ID:
2951 if (sk_is_tcp(sk))
2952 return -EINVAL;
2953 tsflags = READ_ONCE(sk->sk_tsflags);
2954 if (!(tsflags & SOF_TIMESTAMPING_OPT_ID))
2955 return -EINVAL;
2956 if (cmsg->cmsg_len != CMSG_LEN(sizeof(u32)))
2957 return -EINVAL;
2958 sockc->ts_opt_id = *(u32 *)CMSG_DATA(cmsg);
2959 sockc->tsflags |= SOCKCM_FLAG_TS_OPT_ID;
2960 break;
2961 /* SCM_RIGHTS and SCM_CREDENTIALS are semantically in SOL_UNIX. */
2962 case SCM_RIGHTS:
2963 case SCM_CREDENTIALS:
2964 break;
2965 default:
2966 return -EINVAL;
2967 }
2968 return 0;
2969}
2970EXPORT_SYMBOL(__sock_cmsg_send);
2971
2972int sock_cmsg_send(struct sock *sk, struct msghdr *msg,
2973 struct sockcm_cookie *sockc)
2974{
2975 struct cmsghdr *cmsg;
2976 int ret;
2977
2978 for_each_cmsghdr(cmsg, msg) {
2979 if (!CMSG_OK(msg, cmsg))
2980 return -EINVAL;
2981 if (cmsg->cmsg_level != SOL_SOCKET)
2982 continue;
2983 ret = __sock_cmsg_send(sk, cmsg, sockc);
2984 if (ret)
2985 return ret;
2986 }
2987 return 0;
2988}
2989EXPORT_SYMBOL(sock_cmsg_send);
2990
2991static void sk_enter_memory_pressure(struct sock *sk)
2992{
2993 if (!sk->sk_prot->enter_memory_pressure)
2994 return;
2995
2996 sk->sk_prot->enter_memory_pressure(sk);
2997}
2998
2999static void sk_leave_memory_pressure(struct sock *sk)
3000{
3001 if (sk->sk_prot->leave_memory_pressure) {
3002 INDIRECT_CALL_INET_1(sk->sk_prot->leave_memory_pressure,
3003 tcp_leave_memory_pressure, sk);
3004 } else {
3005 unsigned long *memory_pressure = sk->sk_prot->memory_pressure;
3006
3007 if (memory_pressure && READ_ONCE(*memory_pressure))
3008 WRITE_ONCE(*memory_pressure, 0);
3009 }
3010}
3011
3012DEFINE_STATIC_KEY_FALSE(net_high_order_alloc_disable_key);
3013
3014/**
3015 * skb_page_frag_refill - check that a page_frag contains enough room
3016 * @sz: minimum size of the fragment we want to get
3017 * @pfrag: pointer to page_frag
3018 * @gfp: priority for memory allocation
3019 *
3020 * Note: While this allocator tries to use high order pages, there is
3021 * no guarantee that allocations succeed. Therefore, @sz MUST be
3022 * less or equal than PAGE_SIZE.
3023 */
3024bool skb_page_frag_refill(unsigned int sz, struct page_frag *pfrag, gfp_t gfp)
3025{
3026 if (pfrag->page) {
3027 if (page_ref_count(pfrag->page) == 1) {
3028 pfrag->offset = 0;
3029 return true;
3030 }
3031 if (pfrag->offset + sz <= pfrag->size)
3032 return true;
3033 put_page(pfrag->page);
3034 }
3035
3036 pfrag->offset = 0;
3037 if (SKB_FRAG_PAGE_ORDER &&
3038 !static_branch_unlikely(&net_high_order_alloc_disable_key)) {
3039 /* Avoid direct reclaim but allow kswapd to wake */
3040 pfrag->page = alloc_pages((gfp & ~__GFP_DIRECT_RECLAIM) |
3041 __GFP_COMP | __GFP_NOWARN |
3042 __GFP_NORETRY,
3043 SKB_FRAG_PAGE_ORDER);
3044 if (likely(pfrag->page)) {
3045 pfrag->size = PAGE_SIZE << SKB_FRAG_PAGE_ORDER;
3046 return true;
3047 }
3048 }
3049 pfrag->page = alloc_page(gfp);
3050 if (likely(pfrag->page)) {
3051 pfrag->size = PAGE_SIZE;
3052 return true;
3053 }
3054 return false;
3055}
3056EXPORT_SYMBOL(skb_page_frag_refill);
3057
3058bool sk_page_frag_refill(struct sock *sk, struct page_frag *pfrag)
3059{
3060 if (likely(skb_page_frag_refill(32U, pfrag, sk->sk_allocation)))
3061 return true;
3062
3063 sk_enter_memory_pressure(sk);
3064 sk_stream_moderate_sndbuf(sk);
3065 return false;
3066}
3067EXPORT_SYMBOL(sk_page_frag_refill);
3068
3069void __lock_sock(struct sock *sk)
3070 __releases(&sk->sk_lock.slock)
3071 __acquires(&sk->sk_lock.slock)
3072{
3073 DEFINE_WAIT(wait);
3074
3075 for (;;) {
3076 prepare_to_wait_exclusive(&sk->sk_lock.wq, &wait,
3077 TASK_UNINTERRUPTIBLE);
3078 spin_unlock_bh(&sk->sk_lock.slock);
3079 schedule();
3080 spin_lock_bh(&sk->sk_lock.slock);
3081 if (!sock_owned_by_user(sk))
3082 break;
3083 }
3084 finish_wait(&sk->sk_lock.wq, &wait);
3085}
3086
3087void __release_sock(struct sock *sk)
3088 __releases(&sk->sk_lock.slock)
3089 __acquires(&sk->sk_lock.slock)
3090{
3091 struct sk_buff *skb, *next;
3092
3093 while ((skb = sk->sk_backlog.head) != NULL) {
3094 sk->sk_backlog.head = sk->sk_backlog.tail = NULL;
3095
3096 spin_unlock_bh(&sk->sk_lock.slock);
3097
3098 do {
3099 next = skb->next;
3100 prefetch(next);
3101 DEBUG_NET_WARN_ON_ONCE(skb_dst_is_noref(skb));
3102 skb_mark_not_on_list(skb);
3103 sk_backlog_rcv(sk, skb);
3104
3105 cond_resched();
3106
3107 skb = next;
3108 } while (skb != NULL);
3109
3110 spin_lock_bh(&sk->sk_lock.slock);
3111 }
3112
3113 /*
3114 * Doing the zeroing here guarantee we can not loop forever
3115 * while a wild producer attempts to flood us.
3116 */
3117 sk->sk_backlog.len = 0;
3118}
3119
3120void __sk_flush_backlog(struct sock *sk)
3121{
3122 spin_lock_bh(&sk->sk_lock.slock);
3123 __release_sock(sk);
3124
3125 if (sk->sk_prot->release_cb)
3126 INDIRECT_CALL_INET_1(sk->sk_prot->release_cb,
3127 tcp_release_cb, sk);
3128
3129 spin_unlock_bh(&sk->sk_lock.slock);
3130}
3131EXPORT_SYMBOL_GPL(__sk_flush_backlog);
3132
3133/**
3134 * sk_wait_data - wait for data to arrive at sk_receive_queue
3135 * @sk: sock to wait on
3136 * @timeo: for how long
3137 * @skb: last skb seen on sk_receive_queue
3138 *
3139 * Now socket state including sk->sk_err is changed only under lock,
3140 * hence we may omit checks after joining wait queue.
3141 * We check receive queue before schedule() only as optimization;
3142 * it is very likely that release_sock() added new data.
3143 */
3144int sk_wait_data(struct sock *sk, long *timeo, const struct sk_buff *skb)
3145{
3146 DEFINE_WAIT_FUNC(wait, woken_wake_function);
3147 int rc;
3148
3149 add_wait_queue(sk_sleep(sk), &wait);
3150 sk_set_bit(SOCKWQ_ASYNC_WAITDATA, sk);
3151 rc = sk_wait_event(sk, timeo, skb_peek_tail(&sk->sk_receive_queue) != skb, &wait);
3152 sk_clear_bit(SOCKWQ_ASYNC_WAITDATA, sk);
3153 remove_wait_queue(sk_sleep(sk), &wait);
3154 return rc;
3155}
3156EXPORT_SYMBOL(sk_wait_data);
3157
3158/**
3159 * __sk_mem_raise_allocated - increase memory_allocated
3160 * @sk: socket
3161 * @size: memory size to allocate
3162 * @amt: pages to allocate
3163 * @kind: allocation type
3164 *
3165 * Similar to __sk_mem_schedule(), but does not update sk_forward_alloc.
3166 *
3167 * Unlike the globally shared limits among the sockets under same protocol,
3168 * consuming the budget of a memcg won't have direct effect on other ones.
3169 * So be optimistic about memcg's tolerance, and leave the callers to decide
3170 * whether or not to raise allocated through sk_under_memory_pressure() or
3171 * its variants.
3172 */
3173int __sk_mem_raise_allocated(struct sock *sk, int size, int amt, int kind)
3174{
3175 struct mem_cgroup *memcg = mem_cgroup_sockets_enabled ? sk->sk_memcg : NULL;
3176 struct proto *prot = sk->sk_prot;
3177 bool charged = false;
3178 long allocated;
3179
3180 sk_memory_allocated_add(sk, amt);
3181 allocated = sk_memory_allocated(sk);
3182
3183 if (memcg) {
3184 if (!mem_cgroup_charge_skmem(memcg, amt, gfp_memcg_charge()))
3185 goto suppress_allocation;
3186 charged = true;
3187 }
3188
3189 /* Under limit. */
3190 if (allocated <= sk_prot_mem_limits(sk, 0)) {
3191 sk_leave_memory_pressure(sk);
3192 return 1;
3193 }
3194
3195 /* Under pressure. */
3196 if (allocated > sk_prot_mem_limits(sk, 1))
3197 sk_enter_memory_pressure(sk);
3198
3199 /* Over hard limit. */
3200 if (allocated > sk_prot_mem_limits(sk, 2))
3201 goto suppress_allocation;
3202
3203 /* Guarantee minimum buffer size under pressure (either global
3204 * or memcg) to make sure features described in RFC 7323 (TCP
3205 * Extensions for High Performance) work properly.
3206 *
3207 * This rule does NOT stand when exceeds global or memcg's hard
3208 * limit, or else a DoS attack can be taken place by spawning
3209 * lots of sockets whose usage are under minimum buffer size.
3210 */
3211 if (kind == SK_MEM_RECV) {
3212 if (atomic_read(&sk->sk_rmem_alloc) < sk_get_rmem0(sk, prot))
3213 return 1;
3214
3215 } else { /* SK_MEM_SEND */
3216 int wmem0 = sk_get_wmem0(sk, prot);
3217
3218 if (sk->sk_type == SOCK_STREAM) {
3219 if (sk->sk_wmem_queued < wmem0)
3220 return 1;
3221 } else if (refcount_read(&sk->sk_wmem_alloc) < wmem0) {
3222 return 1;
3223 }
3224 }
3225
3226 if (sk_has_memory_pressure(sk)) {
3227 u64 alloc;
3228
3229 /* The following 'average' heuristic is within the
3230 * scope of global accounting, so it only makes
3231 * sense for global memory pressure.
3232 */
3233 if (!sk_under_global_memory_pressure(sk))
3234 return 1;
3235
3236 /* Try to be fair among all the sockets under global
3237 * pressure by allowing the ones that below average
3238 * usage to raise.
3239 */
3240 alloc = sk_sockets_allocated_read_positive(sk);
3241 if (sk_prot_mem_limits(sk, 2) > alloc *
3242 sk_mem_pages(sk->sk_wmem_queued +
3243 atomic_read(&sk->sk_rmem_alloc) +
3244 sk->sk_forward_alloc))
3245 return 1;
3246 }
3247
3248suppress_allocation:
3249
3250 if (kind == SK_MEM_SEND && sk->sk_type == SOCK_STREAM) {
3251 sk_stream_moderate_sndbuf(sk);
3252
3253 /* Fail only if socket is _under_ its sndbuf.
3254 * In this case we cannot block, so that we have to fail.
3255 */
3256 if (sk->sk_wmem_queued + size >= sk->sk_sndbuf) {
3257 /* Force charge with __GFP_NOFAIL */
3258 if (memcg && !charged) {
3259 mem_cgroup_charge_skmem(memcg, amt,
3260 gfp_memcg_charge() | __GFP_NOFAIL);
3261 }
3262 return 1;
3263 }
3264 }
3265
3266 if (kind == SK_MEM_SEND || (kind == SK_MEM_RECV && charged))
3267 trace_sock_exceed_buf_limit(sk, prot, allocated, kind);
3268
3269 sk_memory_allocated_sub(sk, amt);
3270
3271 if (charged)
3272 mem_cgroup_uncharge_skmem(memcg, amt);
3273
3274 return 0;
3275}
3276
3277/**
3278 * __sk_mem_schedule - increase sk_forward_alloc and memory_allocated
3279 * @sk: socket
3280 * @size: memory size to allocate
3281 * @kind: allocation type
3282 *
3283 * If kind is SK_MEM_SEND, it means wmem allocation. Otherwise it means
3284 * rmem allocation. This function assumes that protocols which have
3285 * memory_pressure use sk_wmem_queued as write buffer accounting.
3286 */
3287int __sk_mem_schedule(struct sock *sk, int size, int kind)
3288{
3289 int ret, amt = sk_mem_pages(size);
3290
3291 sk_forward_alloc_add(sk, amt << PAGE_SHIFT);
3292 ret = __sk_mem_raise_allocated(sk, size, amt, kind);
3293 if (!ret)
3294 sk_forward_alloc_add(sk, -(amt << PAGE_SHIFT));
3295 return ret;
3296}
3297EXPORT_SYMBOL(__sk_mem_schedule);
3298
3299/**
3300 * __sk_mem_reduce_allocated - reclaim memory_allocated
3301 * @sk: socket
3302 * @amount: number of quanta
3303 *
3304 * Similar to __sk_mem_reclaim(), but does not update sk_forward_alloc
3305 */
3306void __sk_mem_reduce_allocated(struct sock *sk, int amount)
3307{
3308 sk_memory_allocated_sub(sk, amount);
3309
3310 if (mem_cgroup_sockets_enabled && sk->sk_memcg)
3311 mem_cgroup_uncharge_skmem(sk->sk_memcg, amount);
3312
3313 if (sk_under_global_memory_pressure(sk) &&
3314 (sk_memory_allocated(sk) < sk_prot_mem_limits(sk, 0)))
3315 sk_leave_memory_pressure(sk);
3316}
3317
3318/**
3319 * __sk_mem_reclaim - reclaim sk_forward_alloc and memory_allocated
3320 * @sk: socket
3321 * @amount: number of bytes (rounded down to a PAGE_SIZE multiple)
3322 */
3323void __sk_mem_reclaim(struct sock *sk, int amount)
3324{
3325 amount >>= PAGE_SHIFT;
3326 sk_forward_alloc_add(sk, -(amount << PAGE_SHIFT));
3327 __sk_mem_reduce_allocated(sk, amount);
3328}
3329EXPORT_SYMBOL(__sk_mem_reclaim);
3330
3331int sk_set_peek_off(struct sock *sk, int val)
3332{
3333 WRITE_ONCE(sk->sk_peek_off, val);
3334 return 0;
3335}
3336EXPORT_SYMBOL_GPL(sk_set_peek_off);
3337
3338/*
3339 * Set of default routines for initialising struct proto_ops when
3340 * the protocol does not support a particular function. In certain
3341 * cases where it makes no sense for a protocol to have a "do nothing"
3342 * function, some default processing is provided.
3343 */
3344
3345int sock_no_bind(struct socket *sock, struct sockaddr *saddr, int len)
3346{
3347 return -EOPNOTSUPP;
3348}
3349EXPORT_SYMBOL(sock_no_bind);
3350
3351int sock_no_connect(struct socket *sock, struct sockaddr *saddr,
3352 int len, int flags)
3353{
3354 return -EOPNOTSUPP;
3355}
3356EXPORT_SYMBOL(sock_no_connect);
3357
3358int sock_no_socketpair(struct socket *sock1, struct socket *sock2)
3359{
3360 return -EOPNOTSUPP;
3361}
3362EXPORT_SYMBOL(sock_no_socketpair);
3363
3364int sock_no_accept(struct socket *sock, struct socket *newsock,
3365 struct proto_accept_arg *arg)
3366{
3367 return -EOPNOTSUPP;
3368}
3369EXPORT_SYMBOL(sock_no_accept);
3370
3371int sock_no_getname(struct socket *sock, struct sockaddr *saddr,
3372 int peer)
3373{
3374 return -EOPNOTSUPP;
3375}
3376EXPORT_SYMBOL(sock_no_getname);
3377
3378int sock_no_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
3379{
3380 return -EOPNOTSUPP;
3381}
3382EXPORT_SYMBOL(sock_no_ioctl);
3383
3384int sock_no_listen(struct socket *sock, int backlog)
3385{
3386 return -EOPNOTSUPP;
3387}
3388EXPORT_SYMBOL(sock_no_listen);
3389
3390int sock_no_shutdown(struct socket *sock, int how)
3391{
3392 return -EOPNOTSUPP;
3393}
3394EXPORT_SYMBOL(sock_no_shutdown);
3395
3396int sock_no_sendmsg(struct socket *sock, struct msghdr *m, size_t len)
3397{
3398 return -EOPNOTSUPP;
3399}
3400EXPORT_SYMBOL(sock_no_sendmsg);
3401
3402int sock_no_sendmsg_locked(struct sock *sk, struct msghdr *m, size_t len)
3403{
3404 return -EOPNOTSUPP;
3405}
3406EXPORT_SYMBOL(sock_no_sendmsg_locked);
3407
3408int sock_no_recvmsg(struct socket *sock, struct msghdr *m, size_t len,
3409 int flags)
3410{
3411 return -EOPNOTSUPP;
3412}
3413EXPORT_SYMBOL(sock_no_recvmsg);
3414
3415int sock_no_mmap(struct file *file, struct socket *sock, struct vm_area_struct *vma)
3416{
3417 /* Mirror missing mmap method error code */
3418 return -ENODEV;
3419}
3420EXPORT_SYMBOL(sock_no_mmap);
3421
3422/*
3423 * When a file is received (via SCM_RIGHTS, etc), we must bump the
3424 * various sock-based usage counts.
3425 */
3426void __receive_sock(struct file *file)
3427{
3428 struct socket *sock;
3429
3430 sock = sock_from_file(file);
3431 if (sock) {
3432 sock_update_netprioidx(&sock->sk->sk_cgrp_data);
3433 sock_update_classid(&sock->sk->sk_cgrp_data);
3434 }
3435}
3436
3437/*
3438 * Default Socket Callbacks
3439 */
3440
3441static void sock_def_wakeup(struct sock *sk)
3442{
3443 struct socket_wq *wq;
3444
3445 rcu_read_lock();
3446 wq = rcu_dereference(sk->sk_wq);
3447 if (skwq_has_sleeper(wq))
3448 wake_up_interruptible_all(&wq->wait);
3449 rcu_read_unlock();
3450}
3451
3452static void sock_def_error_report(struct sock *sk)
3453{
3454 struct socket_wq *wq;
3455
3456 rcu_read_lock();
3457 wq = rcu_dereference(sk->sk_wq);
3458 if (skwq_has_sleeper(wq))
3459 wake_up_interruptible_poll(&wq->wait, EPOLLERR);
3460 sk_wake_async_rcu(sk, SOCK_WAKE_IO, POLL_ERR);
3461 rcu_read_unlock();
3462}
3463
3464void sock_def_readable(struct sock *sk)
3465{
3466 struct socket_wq *wq;
3467
3468 trace_sk_data_ready(sk);
3469
3470 rcu_read_lock();
3471 wq = rcu_dereference(sk->sk_wq);
3472 if (skwq_has_sleeper(wq))
3473 wake_up_interruptible_sync_poll(&wq->wait, EPOLLIN | EPOLLPRI |
3474 EPOLLRDNORM | EPOLLRDBAND);
3475 sk_wake_async_rcu(sk, SOCK_WAKE_WAITD, POLL_IN);
3476 rcu_read_unlock();
3477}
3478
3479static void sock_def_write_space(struct sock *sk)
3480{
3481 struct socket_wq *wq;
3482
3483 rcu_read_lock();
3484
3485 /* Do not wake up a writer until he can make "significant"
3486 * progress. --DaveM
3487 */
3488 if (sock_writeable(sk)) {
3489 wq = rcu_dereference(sk->sk_wq);
3490 if (skwq_has_sleeper(wq))
3491 wake_up_interruptible_sync_poll(&wq->wait, EPOLLOUT |
3492 EPOLLWRNORM | EPOLLWRBAND);
3493
3494 /* Should agree with poll, otherwise some programs break */
3495 sk_wake_async_rcu(sk, SOCK_WAKE_SPACE, POLL_OUT);
3496 }
3497
3498 rcu_read_unlock();
3499}
3500
3501/* An optimised version of sock_def_write_space(), should only be called
3502 * for SOCK_RCU_FREE sockets under RCU read section and after putting
3503 * ->sk_wmem_alloc.
3504 */
3505static void sock_def_write_space_wfree(struct sock *sk)
3506{
3507 /* Do not wake up a writer until he can make "significant"
3508 * progress. --DaveM
3509 */
3510 if (sock_writeable(sk)) {
3511 struct socket_wq *wq = rcu_dereference(sk->sk_wq);
3512
3513 /* rely on refcount_sub from sock_wfree() */
3514 smp_mb__after_atomic();
3515 if (wq && waitqueue_active(&wq->wait))
3516 wake_up_interruptible_sync_poll(&wq->wait, EPOLLOUT |
3517 EPOLLWRNORM | EPOLLWRBAND);
3518
3519 /* Should agree with poll, otherwise some programs break */
3520 sk_wake_async_rcu(sk, SOCK_WAKE_SPACE, POLL_OUT);
3521 }
3522}
3523
3524static void sock_def_destruct(struct sock *sk)
3525{
3526}
3527
3528void sk_send_sigurg(struct sock *sk)
3529{
3530 if (sk->sk_socket && sk->sk_socket->file)
3531 if (send_sigurg(sk->sk_socket->file))
3532 sk_wake_async(sk, SOCK_WAKE_URG, POLL_PRI);
3533}
3534EXPORT_SYMBOL(sk_send_sigurg);
3535
3536void sk_reset_timer(struct sock *sk, struct timer_list* timer,
3537 unsigned long expires)
3538{
3539 if (!mod_timer(timer, expires))
3540 sock_hold(sk);
3541}
3542EXPORT_SYMBOL(sk_reset_timer);
3543
3544void sk_stop_timer(struct sock *sk, struct timer_list* timer)
3545{
3546 if (del_timer(timer))
3547 __sock_put(sk);
3548}
3549EXPORT_SYMBOL(sk_stop_timer);
3550
3551void sk_stop_timer_sync(struct sock *sk, struct timer_list *timer)
3552{
3553 if (del_timer_sync(timer))
3554 __sock_put(sk);
3555}
3556EXPORT_SYMBOL(sk_stop_timer_sync);
3557
3558void sock_init_data_uid(struct socket *sock, struct sock *sk, kuid_t uid)
3559{
3560 sk_init_common(sk);
3561 sk->sk_send_head = NULL;
3562
3563 timer_setup(&sk->sk_timer, NULL, 0);
3564
3565 sk->sk_allocation = GFP_KERNEL;
3566 sk->sk_rcvbuf = READ_ONCE(sysctl_rmem_default);
3567 sk->sk_sndbuf = READ_ONCE(sysctl_wmem_default);
3568 sk->sk_state = TCP_CLOSE;
3569 sk->sk_use_task_frag = true;
3570 sk_set_socket(sk, sock);
3571
3572 sock_set_flag(sk, SOCK_ZAPPED);
3573
3574 if (sock) {
3575 sk->sk_type = sock->type;
3576 RCU_INIT_POINTER(sk->sk_wq, &sock->wq);
3577 sock->sk = sk;
3578 } else {
3579 RCU_INIT_POINTER(sk->sk_wq, NULL);
3580 }
3581 sk->sk_uid = uid;
3582
3583 sk->sk_state_change = sock_def_wakeup;
3584 sk->sk_data_ready = sock_def_readable;
3585 sk->sk_write_space = sock_def_write_space;
3586 sk->sk_error_report = sock_def_error_report;
3587 sk->sk_destruct = sock_def_destruct;
3588
3589 sk->sk_frag.page = NULL;
3590 sk->sk_frag.offset = 0;
3591 sk->sk_peek_off = -1;
3592
3593 sk->sk_peer_pid = NULL;
3594 sk->sk_peer_cred = NULL;
3595 spin_lock_init(&sk->sk_peer_lock);
3596
3597 sk->sk_write_pending = 0;
3598 sk->sk_rcvlowat = 1;
3599 sk->sk_rcvtimeo = MAX_SCHEDULE_TIMEOUT;
3600 sk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
3601
3602 sk->sk_stamp = SK_DEFAULT_STAMP;
3603#if BITS_PER_LONG==32
3604 seqlock_init(&sk->sk_stamp_seq);
3605#endif
3606 atomic_set(&sk->sk_zckey, 0);
3607
3608#ifdef CONFIG_NET_RX_BUSY_POLL
3609 sk->sk_napi_id = 0;
3610 sk->sk_ll_usec = READ_ONCE(sysctl_net_busy_read);
3611#endif
3612
3613 sk->sk_max_pacing_rate = ~0UL;
3614 sk->sk_pacing_rate = ~0UL;
3615 WRITE_ONCE(sk->sk_pacing_shift, 10);
3616 sk->sk_incoming_cpu = -1;
3617
3618 sk_rx_queue_clear(sk);
3619 /*
3620 * Before updating sk_refcnt, we must commit prior changes to memory
3621 * (Documentation/RCU/rculist_nulls.rst for details)
3622 */
3623 smp_wmb();
3624 refcount_set(&sk->sk_refcnt, 1);
3625 atomic_set(&sk->sk_drops, 0);
3626}
3627EXPORT_SYMBOL(sock_init_data_uid);
3628
3629void sock_init_data(struct socket *sock, struct sock *sk)
3630{
3631 kuid_t uid = sock ?
3632 SOCK_INODE(sock)->i_uid :
3633 make_kuid(sock_net(sk)->user_ns, 0);
3634
3635 sock_init_data_uid(sock, sk, uid);
3636}
3637EXPORT_SYMBOL(sock_init_data);
3638
3639void lock_sock_nested(struct sock *sk, int subclass)
3640{
3641 /* The sk_lock has mutex_lock() semantics here. */
3642 mutex_acquire(&sk->sk_lock.dep_map, subclass, 0, _RET_IP_);
3643
3644 might_sleep();
3645 spin_lock_bh(&sk->sk_lock.slock);
3646 if (sock_owned_by_user_nocheck(sk))
3647 __lock_sock(sk);
3648 sk->sk_lock.owned = 1;
3649 spin_unlock_bh(&sk->sk_lock.slock);
3650}
3651EXPORT_SYMBOL(lock_sock_nested);
3652
3653void release_sock(struct sock *sk)
3654{
3655 spin_lock_bh(&sk->sk_lock.slock);
3656 if (sk->sk_backlog.tail)
3657 __release_sock(sk);
3658
3659 if (sk->sk_prot->release_cb)
3660 INDIRECT_CALL_INET_1(sk->sk_prot->release_cb,
3661 tcp_release_cb, sk);
3662
3663 sock_release_ownership(sk);
3664 if (waitqueue_active(&sk->sk_lock.wq))
3665 wake_up(&sk->sk_lock.wq);
3666 spin_unlock_bh(&sk->sk_lock.slock);
3667}
3668EXPORT_SYMBOL(release_sock);
3669
3670bool __lock_sock_fast(struct sock *sk) __acquires(&sk->sk_lock.slock)
3671{
3672 might_sleep();
3673 spin_lock_bh(&sk->sk_lock.slock);
3674
3675 if (!sock_owned_by_user_nocheck(sk)) {
3676 /*
3677 * Fast path return with bottom halves disabled and
3678 * sock::sk_lock.slock held.
3679 *
3680 * The 'mutex' is not contended and holding
3681 * sock::sk_lock.slock prevents all other lockers to
3682 * proceed so the corresponding unlock_sock_fast() can
3683 * avoid the slow path of release_sock() completely and
3684 * just release slock.
3685 *
3686 * From a semantical POV this is equivalent to 'acquiring'
3687 * the 'mutex', hence the corresponding lockdep
3688 * mutex_release() has to happen in the fast path of
3689 * unlock_sock_fast().
3690 */
3691 return false;
3692 }
3693
3694 __lock_sock(sk);
3695 sk->sk_lock.owned = 1;
3696 __acquire(&sk->sk_lock.slock);
3697 spin_unlock_bh(&sk->sk_lock.slock);
3698 return true;
3699}
3700EXPORT_SYMBOL(__lock_sock_fast);
3701
3702int sock_gettstamp(struct socket *sock, void __user *userstamp,
3703 bool timeval, bool time32)
3704{
3705 struct sock *sk = sock->sk;
3706 struct timespec64 ts;
3707
3708 sock_enable_timestamp(sk, SOCK_TIMESTAMP);
3709 ts = ktime_to_timespec64(sock_read_timestamp(sk));
3710 if (ts.tv_sec == -1)
3711 return -ENOENT;
3712 if (ts.tv_sec == 0) {
3713 ktime_t kt = ktime_get_real();
3714 sock_write_timestamp(sk, kt);
3715 ts = ktime_to_timespec64(kt);
3716 }
3717
3718 if (timeval)
3719 ts.tv_nsec /= 1000;
3720
3721#ifdef CONFIG_COMPAT_32BIT_TIME
3722 if (time32)
3723 return put_old_timespec32(&ts, userstamp);
3724#endif
3725#ifdef CONFIG_SPARC64
3726 /* beware of padding in sparc64 timeval */
3727 if (timeval && !in_compat_syscall()) {
3728 struct __kernel_old_timeval __user tv = {
3729 .tv_sec = ts.tv_sec,
3730 .tv_usec = ts.tv_nsec,
3731 };
3732 if (copy_to_user(userstamp, &tv, sizeof(tv)))
3733 return -EFAULT;
3734 return 0;
3735 }
3736#endif
3737 return put_timespec64(&ts, userstamp);
3738}
3739EXPORT_SYMBOL(sock_gettstamp);
3740
3741void sock_enable_timestamp(struct sock *sk, enum sock_flags flag)
3742{
3743 if (!sock_flag(sk, flag)) {
3744 unsigned long previous_flags = sk->sk_flags;
3745
3746 sock_set_flag(sk, flag);
3747 /*
3748 * we just set one of the two flags which require net
3749 * time stamping, but time stamping might have been on
3750 * already because of the other one
3751 */
3752 if (sock_needs_netstamp(sk) &&
3753 !(previous_flags & SK_FLAGS_TIMESTAMP))
3754 net_enable_timestamp();
3755 }
3756}
3757
3758int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len,
3759 int level, int type)
3760{
3761 struct sock_exterr_skb *serr;
3762 struct sk_buff *skb;
3763 int copied, err;
3764
3765 err = -EAGAIN;
3766 skb = sock_dequeue_err_skb(sk);
3767 if (skb == NULL)
3768 goto out;
3769
3770 copied = skb->len;
3771 if (copied > len) {
3772 msg->msg_flags |= MSG_TRUNC;
3773 copied = len;
3774 }
3775 err = skb_copy_datagram_msg(skb, 0, msg, copied);
3776 if (err)
3777 goto out_free_skb;
3778
3779 sock_recv_timestamp(msg, sk, skb);
3780
3781 serr = SKB_EXT_ERR(skb);
3782 put_cmsg(msg, level, type, sizeof(serr->ee), &serr->ee);
3783
3784 msg->msg_flags |= MSG_ERRQUEUE;
3785 err = copied;
3786
3787out_free_skb:
3788 kfree_skb(skb);
3789out:
3790 return err;
3791}
3792EXPORT_SYMBOL(sock_recv_errqueue);
3793
3794/*
3795 * Get a socket option on an socket.
3796 *
3797 * FIX: POSIX 1003.1g is very ambiguous here. It states that
3798 * asynchronous errors should be reported by getsockopt. We assume
3799 * this means if you specify SO_ERROR (otherwise what is the point of it).
3800 */
3801int sock_common_getsockopt(struct socket *sock, int level, int optname,
3802 char __user *optval, int __user *optlen)
3803{
3804 struct sock *sk = sock->sk;
3805
3806 /* IPV6_ADDRFORM can change sk->sk_prot under us. */
3807 return READ_ONCE(sk->sk_prot)->getsockopt(sk, level, optname, optval, optlen);
3808}
3809EXPORT_SYMBOL(sock_common_getsockopt);
3810
3811int sock_common_recvmsg(struct socket *sock, struct msghdr *msg, size_t size,
3812 int flags)
3813{
3814 struct sock *sk = sock->sk;
3815 int addr_len = 0;
3816 int err;
3817
3818 err = sk->sk_prot->recvmsg(sk, msg, size, flags, &addr_len);
3819 if (err >= 0)
3820 msg->msg_namelen = addr_len;
3821 return err;
3822}
3823EXPORT_SYMBOL(sock_common_recvmsg);
3824
3825/*
3826 * Set socket options on an inet socket.
3827 */
3828int sock_common_setsockopt(struct socket *sock, int level, int optname,
3829 sockptr_t optval, unsigned int optlen)
3830{
3831 struct sock *sk = sock->sk;
3832
3833 /* IPV6_ADDRFORM can change sk->sk_prot under us. */
3834 return READ_ONCE(sk->sk_prot)->setsockopt(sk, level, optname, optval, optlen);
3835}
3836EXPORT_SYMBOL(sock_common_setsockopt);
3837
3838void sk_common_release(struct sock *sk)
3839{
3840 if (sk->sk_prot->destroy)
3841 sk->sk_prot->destroy(sk);
3842
3843 /*
3844 * Observation: when sk_common_release is called, processes have
3845 * no access to socket. But net still has.
3846 * Step one, detach it from networking:
3847 *
3848 * A. Remove from hash tables.
3849 */
3850
3851 sk->sk_prot->unhash(sk);
3852
3853 /*
3854 * In this point socket cannot receive new packets, but it is possible
3855 * that some packets are in flight because some CPU runs receiver and
3856 * did hash table lookup before we unhashed socket. They will achieve
3857 * receive queue and will be purged by socket destructor.
3858 *
3859 * Also we still have packets pending on receive queue and probably,
3860 * our own packets waiting in device queues. sock_destroy will drain
3861 * receive queue, but transmitted packets will delay socket destruction
3862 * until the last reference will be released.
3863 */
3864
3865 sock_orphan(sk);
3866
3867 xfrm_sk_free_policy(sk);
3868
3869 sock_put(sk);
3870}
3871EXPORT_SYMBOL(sk_common_release);
3872
3873void sk_get_meminfo(const struct sock *sk, u32 *mem)
3874{
3875 memset(mem, 0, sizeof(*mem) * SK_MEMINFO_VARS);
3876
3877 mem[SK_MEMINFO_RMEM_ALLOC] = sk_rmem_alloc_get(sk);
3878 mem[SK_MEMINFO_RCVBUF] = READ_ONCE(sk->sk_rcvbuf);
3879 mem[SK_MEMINFO_WMEM_ALLOC] = sk_wmem_alloc_get(sk);
3880 mem[SK_MEMINFO_SNDBUF] = READ_ONCE(sk->sk_sndbuf);
3881 mem[SK_MEMINFO_FWD_ALLOC] = sk_forward_alloc_get(sk);
3882 mem[SK_MEMINFO_WMEM_QUEUED] = READ_ONCE(sk->sk_wmem_queued);
3883 mem[SK_MEMINFO_OPTMEM] = atomic_read(&sk->sk_omem_alloc);
3884 mem[SK_MEMINFO_BACKLOG] = READ_ONCE(sk->sk_backlog.len);
3885 mem[SK_MEMINFO_DROPS] = atomic_read(&sk->sk_drops);
3886}
3887
3888#ifdef CONFIG_PROC_FS
3889static DECLARE_BITMAP(proto_inuse_idx, PROTO_INUSE_NR);
3890
3891int sock_prot_inuse_get(struct net *net, struct proto *prot)
3892{
3893 int cpu, idx = prot->inuse_idx;
3894 int res = 0;
3895
3896 for_each_possible_cpu(cpu)
3897 res += per_cpu_ptr(net->core.prot_inuse, cpu)->val[idx];
3898
3899 return res >= 0 ? res : 0;
3900}
3901EXPORT_SYMBOL_GPL(sock_prot_inuse_get);
3902
3903int sock_inuse_get(struct net *net)
3904{
3905 int cpu, res = 0;
3906
3907 for_each_possible_cpu(cpu)
3908 res += per_cpu_ptr(net->core.prot_inuse, cpu)->all;
3909
3910 return res;
3911}
3912
3913EXPORT_SYMBOL_GPL(sock_inuse_get);
3914
3915static int __net_init sock_inuse_init_net(struct net *net)
3916{
3917 net->core.prot_inuse = alloc_percpu(struct prot_inuse);
3918 if (net->core.prot_inuse == NULL)
3919 return -ENOMEM;
3920 return 0;
3921}
3922
3923static void __net_exit sock_inuse_exit_net(struct net *net)
3924{
3925 free_percpu(net->core.prot_inuse);
3926}
3927
3928static struct pernet_operations net_inuse_ops = {
3929 .init = sock_inuse_init_net,
3930 .exit = sock_inuse_exit_net,
3931};
3932
3933static __init int net_inuse_init(void)
3934{
3935 if (register_pernet_subsys(&net_inuse_ops))
3936 panic("Cannot initialize net inuse counters");
3937
3938 return 0;
3939}
3940
3941core_initcall(net_inuse_init);
3942
3943static int assign_proto_idx(struct proto *prot)
3944{
3945 prot->inuse_idx = find_first_zero_bit(proto_inuse_idx, PROTO_INUSE_NR);
3946
3947 if (unlikely(prot->inuse_idx == PROTO_INUSE_NR - 1)) {
3948 pr_err("PROTO_INUSE_NR exhausted\n");
3949 return -ENOSPC;
3950 }
3951
3952 set_bit(prot->inuse_idx, proto_inuse_idx);
3953 return 0;
3954}
3955
3956static void release_proto_idx(struct proto *prot)
3957{
3958 if (prot->inuse_idx != PROTO_INUSE_NR - 1)
3959 clear_bit(prot->inuse_idx, proto_inuse_idx);
3960}
3961#else
3962static inline int assign_proto_idx(struct proto *prot)
3963{
3964 return 0;
3965}
3966
3967static inline void release_proto_idx(struct proto *prot)
3968{
3969}
3970
3971#endif
3972
3973static void tw_prot_cleanup(struct timewait_sock_ops *twsk_prot)
3974{
3975 if (!twsk_prot)
3976 return;
3977 kfree(twsk_prot->twsk_slab_name);
3978 twsk_prot->twsk_slab_name = NULL;
3979 kmem_cache_destroy(twsk_prot->twsk_slab);
3980 twsk_prot->twsk_slab = NULL;
3981}
3982
3983static int tw_prot_init(const struct proto *prot)
3984{
3985 struct timewait_sock_ops *twsk_prot = prot->twsk_prot;
3986
3987 if (!twsk_prot)
3988 return 0;
3989
3990 twsk_prot->twsk_slab_name = kasprintf(GFP_KERNEL, "tw_sock_%s",
3991 prot->name);
3992 if (!twsk_prot->twsk_slab_name)
3993 return -ENOMEM;
3994
3995 twsk_prot->twsk_slab =
3996 kmem_cache_create(twsk_prot->twsk_slab_name,
3997 twsk_prot->twsk_obj_size, 0,
3998 SLAB_ACCOUNT | prot->slab_flags,
3999 NULL);
4000 if (!twsk_prot->twsk_slab) {
4001 pr_crit("%s: Can't create timewait sock SLAB cache!\n",
4002 prot->name);
4003 return -ENOMEM;
4004 }
4005
4006 return 0;
4007}
4008
4009static void req_prot_cleanup(struct request_sock_ops *rsk_prot)
4010{
4011 if (!rsk_prot)
4012 return;
4013 kfree(rsk_prot->slab_name);
4014 rsk_prot->slab_name = NULL;
4015 kmem_cache_destroy(rsk_prot->slab);
4016 rsk_prot->slab = NULL;
4017}
4018
4019static int req_prot_init(const struct proto *prot)
4020{
4021 struct request_sock_ops *rsk_prot = prot->rsk_prot;
4022
4023 if (!rsk_prot)
4024 return 0;
4025
4026 rsk_prot->slab_name = kasprintf(GFP_KERNEL, "request_sock_%s",
4027 prot->name);
4028 if (!rsk_prot->slab_name)
4029 return -ENOMEM;
4030
4031 rsk_prot->slab = kmem_cache_create(rsk_prot->slab_name,
4032 rsk_prot->obj_size, 0,
4033 SLAB_ACCOUNT | prot->slab_flags,
4034 NULL);
4035
4036 if (!rsk_prot->slab) {
4037 pr_crit("%s: Can't create request sock SLAB cache!\n",
4038 prot->name);
4039 return -ENOMEM;
4040 }
4041 return 0;
4042}
4043
4044int proto_register(struct proto *prot, int alloc_slab)
4045{
4046 int ret = -ENOBUFS;
4047
4048 if (prot->memory_allocated && !prot->sysctl_mem) {
4049 pr_err("%s: missing sysctl_mem\n", prot->name);
4050 return -EINVAL;
4051 }
4052 if (prot->memory_allocated && !prot->per_cpu_fw_alloc) {
4053 pr_err("%s: missing per_cpu_fw_alloc\n", prot->name);
4054 return -EINVAL;
4055 }
4056 if (alloc_slab) {
4057 prot->slab = kmem_cache_create_usercopy(prot->name,
4058 prot->obj_size, 0,
4059 SLAB_HWCACHE_ALIGN | SLAB_ACCOUNT |
4060 prot->slab_flags,
4061 prot->useroffset, prot->usersize,
4062 NULL);
4063
4064 if (prot->slab == NULL) {
4065 pr_crit("%s: Can't create sock SLAB cache!\n",
4066 prot->name);
4067 goto out;
4068 }
4069
4070 if (req_prot_init(prot))
4071 goto out_free_request_sock_slab;
4072
4073 if (tw_prot_init(prot))
4074 goto out_free_timewait_sock_slab;
4075 }
4076
4077 mutex_lock(&proto_list_mutex);
4078 ret = assign_proto_idx(prot);
4079 if (ret) {
4080 mutex_unlock(&proto_list_mutex);
4081 goto out_free_timewait_sock_slab;
4082 }
4083 list_add(&prot->node, &proto_list);
4084 mutex_unlock(&proto_list_mutex);
4085 return ret;
4086
4087out_free_timewait_sock_slab:
4088 if (alloc_slab)
4089 tw_prot_cleanup(prot->twsk_prot);
4090out_free_request_sock_slab:
4091 if (alloc_slab) {
4092 req_prot_cleanup(prot->rsk_prot);
4093
4094 kmem_cache_destroy(prot->slab);
4095 prot->slab = NULL;
4096 }
4097out:
4098 return ret;
4099}
4100EXPORT_SYMBOL(proto_register);
4101
4102void proto_unregister(struct proto *prot)
4103{
4104 mutex_lock(&proto_list_mutex);
4105 release_proto_idx(prot);
4106 list_del(&prot->node);
4107 mutex_unlock(&proto_list_mutex);
4108
4109 kmem_cache_destroy(prot->slab);
4110 prot->slab = NULL;
4111
4112 req_prot_cleanup(prot->rsk_prot);
4113 tw_prot_cleanup(prot->twsk_prot);
4114}
4115EXPORT_SYMBOL(proto_unregister);
4116
4117int sock_load_diag_module(int family, int protocol)
4118{
4119 if (!protocol) {
4120 if (!sock_is_registered(family))
4121 return -ENOENT;
4122
4123 return request_module("net-pf-%d-proto-%d-type-%d", PF_NETLINK,
4124 NETLINK_SOCK_DIAG, family);
4125 }
4126
4127#ifdef CONFIG_INET
4128 if (family == AF_INET &&
4129 protocol != IPPROTO_RAW &&
4130 protocol < MAX_INET_PROTOS &&
4131 !rcu_access_pointer(inet_protos[protocol]))
4132 return -ENOENT;
4133#endif
4134
4135 return request_module("net-pf-%d-proto-%d-type-%d-%d", PF_NETLINK,
4136 NETLINK_SOCK_DIAG, family, protocol);
4137}
4138EXPORT_SYMBOL(sock_load_diag_module);
4139
4140#ifdef CONFIG_PROC_FS
4141static void *proto_seq_start(struct seq_file *seq, loff_t *pos)
4142 __acquires(proto_list_mutex)
4143{
4144 mutex_lock(&proto_list_mutex);
4145 return seq_list_start_head(&proto_list, *pos);
4146}
4147
4148static void *proto_seq_next(struct seq_file *seq, void *v, loff_t *pos)
4149{
4150 return seq_list_next(v, &proto_list, pos);
4151}
4152
4153static void proto_seq_stop(struct seq_file *seq, void *v)
4154 __releases(proto_list_mutex)
4155{
4156 mutex_unlock(&proto_list_mutex);
4157}
4158
4159static char proto_method_implemented(const void *method)
4160{
4161 return method == NULL ? 'n' : 'y';
4162}
4163static long sock_prot_memory_allocated(struct proto *proto)
4164{
4165 return proto->memory_allocated != NULL ? proto_memory_allocated(proto) : -1L;
4166}
4167
4168static const char *sock_prot_memory_pressure(struct proto *proto)
4169{
4170 return proto->memory_pressure != NULL ?
4171 proto_memory_pressure(proto) ? "yes" : "no" : "NI";
4172}
4173
4174static void proto_seq_printf(struct seq_file *seq, struct proto *proto)
4175{
4176
4177 seq_printf(seq, "%-9s %4u %6d %6ld %-3s %6u %-3s %-10s "
4178 "%2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c\n",
4179 proto->name,
4180 proto->obj_size,
4181 sock_prot_inuse_get(seq_file_net(seq), proto),
4182 sock_prot_memory_allocated(proto),
4183 sock_prot_memory_pressure(proto),
4184 proto->max_header,
4185 proto->slab == NULL ? "no" : "yes",
4186 module_name(proto->owner),
4187 proto_method_implemented(proto->close),
4188 proto_method_implemented(proto->connect),
4189 proto_method_implemented(proto->disconnect),
4190 proto_method_implemented(proto->accept),
4191 proto_method_implemented(proto->ioctl),
4192 proto_method_implemented(proto->init),
4193 proto_method_implemented(proto->destroy),
4194 proto_method_implemented(proto->shutdown),
4195 proto_method_implemented(proto->setsockopt),
4196 proto_method_implemented(proto->getsockopt),
4197 proto_method_implemented(proto->sendmsg),
4198 proto_method_implemented(proto->recvmsg),
4199 proto_method_implemented(proto->bind),
4200 proto_method_implemented(proto->backlog_rcv),
4201 proto_method_implemented(proto->hash),
4202 proto_method_implemented(proto->unhash),
4203 proto_method_implemented(proto->get_port),
4204 proto_method_implemented(proto->enter_memory_pressure));
4205}
4206
4207static int proto_seq_show(struct seq_file *seq, void *v)
4208{
4209 if (v == &proto_list)
4210 seq_printf(seq, "%-9s %-4s %-8s %-6s %-5s %-7s %-4s %-10s %s",
4211 "protocol",
4212 "size",
4213 "sockets",
4214 "memory",
4215 "press",
4216 "maxhdr",
4217 "slab",
4218 "module",
4219 "cl co di ac io in de sh ss gs se re bi br ha uh gp em\n");
4220 else
4221 proto_seq_printf(seq, list_entry(v, struct proto, node));
4222 return 0;
4223}
4224
4225static const struct seq_operations proto_seq_ops = {
4226 .start = proto_seq_start,
4227 .next = proto_seq_next,
4228 .stop = proto_seq_stop,
4229 .show = proto_seq_show,
4230};
4231
4232static __net_init int proto_init_net(struct net *net)
4233{
4234 if (!proc_create_net("protocols", 0444, net->proc_net, &proto_seq_ops,
4235 sizeof(struct seq_net_private)))
4236 return -ENOMEM;
4237
4238 return 0;
4239}
4240
4241static __net_exit void proto_exit_net(struct net *net)
4242{
4243 remove_proc_entry("protocols", net->proc_net);
4244}
4245
4246
4247static __net_initdata struct pernet_operations proto_net_ops = {
4248 .init = proto_init_net,
4249 .exit = proto_exit_net,
4250};
4251
4252static int __init proto_init(void)
4253{
4254 return register_pernet_subsys(&proto_net_ops);
4255}
4256
4257subsys_initcall(proto_init);
4258
4259#endif /* PROC_FS */
4260
4261#ifdef CONFIG_NET_RX_BUSY_POLL
4262bool sk_busy_loop_end(void *p, unsigned long start_time)
4263{
4264 struct sock *sk = p;
4265
4266 if (!skb_queue_empty_lockless(&sk->sk_receive_queue))
4267 return true;
4268
4269 if (sk_is_udp(sk) &&
4270 !skb_queue_empty_lockless(&udp_sk(sk)->reader_queue))
4271 return true;
4272
4273 return sk_busy_loop_timeout(sk, start_time);
4274}
4275EXPORT_SYMBOL(sk_busy_loop_end);
4276#endif /* CONFIG_NET_RX_BUSY_POLL */
4277
4278int sock_bind_add(struct sock *sk, struct sockaddr *addr, int addr_len)
4279{
4280 if (!sk->sk_prot->bind_add)
4281 return -EOPNOTSUPP;
4282 return sk->sk_prot->bind_add(sk, addr, addr_len);
4283}
4284EXPORT_SYMBOL(sock_bind_add);
4285
4286/* Copy 'size' bytes from userspace and return `size` back to userspace */
4287int sock_ioctl_inout(struct sock *sk, unsigned int cmd,
4288 void __user *arg, void *karg, size_t size)
4289{
4290 int ret;
4291
4292 if (copy_from_user(karg, arg, size))
4293 return -EFAULT;
4294
4295 ret = READ_ONCE(sk->sk_prot)->ioctl(sk, cmd, karg);
4296 if (ret)
4297 return ret;
4298
4299 if (copy_to_user(arg, karg, size))
4300 return -EFAULT;
4301
4302 return 0;
4303}
4304EXPORT_SYMBOL(sock_ioctl_inout);
4305
4306/* This is the most common ioctl prep function, where the result (4 bytes) is
4307 * copied back to userspace if the ioctl() returns successfully. No input is
4308 * copied from userspace as input argument.
4309 */
4310static int sock_ioctl_out(struct sock *sk, unsigned int cmd, void __user *arg)
4311{
4312 int ret, karg = 0;
4313
4314 ret = READ_ONCE(sk->sk_prot)->ioctl(sk, cmd, &karg);
4315 if (ret)
4316 return ret;
4317
4318 return put_user(karg, (int __user *)arg);
4319}
4320
4321/* A wrapper around sock ioctls, which copies the data from userspace
4322 * (depending on the protocol/ioctl), and copies back the result to userspace.
4323 * The main motivation for this function is to pass kernel memory to the
4324 * protocol ioctl callbacks, instead of userspace memory.
4325 */
4326int sk_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
4327{
4328 int rc = 1;
4329
4330 if (sk->sk_type == SOCK_RAW && sk->sk_family == AF_INET)
4331 rc = ipmr_sk_ioctl(sk, cmd, arg);
4332 else if (sk->sk_type == SOCK_RAW && sk->sk_family == AF_INET6)
4333 rc = ip6mr_sk_ioctl(sk, cmd, arg);
4334 else if (sk_is_phonet(sk))
4335 rc = phonet_sk_ioctl(sk, cmd, arg);
4336
4337 /* If ioctl was processed, returns its value */
4338 if (rc <= 0)
4339 return rc;
4340
4341 /* Otherwise call the default handler */
4342 return sock_ioctl_out(sk, cmd, arg);
4343}
4344EXPORT_SYMBOL(sk_ioctl);
4345
4346static int __init sock_struct_check(void)
4347{
4348 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_rx, sk_drops);
4349 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_rx, sk_peek_off);
4350 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_rx, sk_error_queue);
4351 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_rx, sk_receive_queue);
4352 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_rx, sk_backlog);
4353
4354 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_rx, sk_rx_dst);
4355 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_rx, sk_rx_dst_ifindex);
4356 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_rx, sk_rx_dst_cookie);
4357 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_rx, sk_rcvbuf);
4358 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_rx, sk_filter);
4359 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_rx, sk_wq);
4360 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_rx, sk_data_ready);
4361 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_rx, sk_rcvtimeo);
4362 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_rx, sk_rcvlowat);
4363
4364 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_rxtx, sk_err);
4365 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_rxtx, sk_socket);
4366 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_rxtx, sk_memcg);
4367
4368 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_rxtx, sk_lock);
4369 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_rxtx, sk_reserved_mem);
4370 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_rxtx, sk_forward_alloc);
4371 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_rxtx, sk_tsflags);
4372
4373 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_tx, sk_omem_alloc);
4374 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_tx, sk_omem_alloc);
4375 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_tx, sk_sndbuf);
4376 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_tx, sk_wmem_queued);
4377 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_tx, sk_wmem_alloc);
4378 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_tx, sk_tsq_flags);
4379 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_tx, sk_send_head);
4380 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_tx, sk_write_queue);
4381 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_tx, sk_write_pending);
4382 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_tx, sk_dst_pending_confirm);
4383 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_tx, sk_pacing_status);
4384 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_tx, sk_frag);
4385 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_tx, sk_timer);
4386 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_tx, sk_pacing_rate);
4387 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_tx, sk_zckey);
4388 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_tx, sk_tskey);
4389
4390 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_tx, sk_max_pacing_rate);
4391 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_tx, sk_sndtimeo);
4392 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_tx, sk_priority);
4393 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_tx, sk_mark);
4394 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_tx, sk_dst_cache);
4395 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_tx, sk_route_caps);
4396 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_tx, sk_gso_type);
4397 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_tx, sk_gso_max_size);
4398 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_tx, sk_allocation);
4399 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_tx, sk_txhash);
4400 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_tx, sk_gso_max_segs);
4401 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_tx, sk_pacing_shift);
4402 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_tx, sk_use_task_frag);
4403 return 0;
4404}
4405
4406core_initcall(sock_struct_check);
1/*
2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
5 *
6 * Generic socket support routines. Memory allocators, socket lock/release
7 * handler for protocols to use and generic option handler.
8 *
9 *
10 * Authors: Ross Biro
11 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
12 * Florian La Roche, <flla@stud.uni-sb.de>
13 * Alan Cox, <A.Cox@swansea.ac.uk>
14 *
15 * Fixes:
16 * Alan Cox : Numerous verify_area() problems
17 * Alan Cox : Connecting on a connecting socket
18 * now returns an error for tcp.
19 * Alan Cox : sock->protocol is set correctly.
20 * and is not sometimes left as 0.
21 * Alan Cox : connect handles icmp errors on a
22 * connect properly. Unfortunately there
23 * is a restart syscall nasty there. I
24 * can't match BSD without hacking the C
25 * library. Ideas urgently sought!
26 * Alan Cox : Disallow bind() to addresses that are
27 * not ours - especially broadcast ones!!
28 * Alan Cox : Socket 1024 _IS_ ok for users. (fencepost)
29 * Alan Cox : sock_wfree/sock_rfree don't destroy sockets,
30 * instead they leave that for the DESTROY timer.
31 * Alan Cox : Clean up error flag in accept
32 * Alan Cox : TCP ack handling is buggy, the DESTROY timer
33 * was buggy. Put a remove_sock() in the handler
34 * for memory when we hit 0. Also altered the timer
35 * code. The ACK stuff can wait and needs major
36 * TCP layer surgery.
37 * Alan Cox : Fixed TCP ack bug, removed remove sock
38 * and fixed timer/inet_bh race.
39 * Alan Cox : Added zapped flag for TCP
40 * Alan Cox : Move kfree_skb into skbuff.c and tidied up surplus code
41 * Alan Cox : for new sk_buff allocations wmalloc/rmalloc now call alloc_skb
42 * Alan Cox : kfree_s calls now are kfree_skbmem so we can track skb resources
43 * Alan Cox : Supports socket option broadcast now as does udp. Packet and raw need fixing.
44 * Alan Cox : Added RCVBUF,SNDBUF size setting. It suddenly occurred to me how easy it was so...
45 * Rick Sladkey : Relaxed UDP rules for matching packets.
46 * C.E.Hawkins : IFF_PROMISC/SIOCGHWADDR support
47 * Pauline Middelink : identd support
48 * Alan Cox : Fixed connect() taking signals I think.
49 * Alan Cox : SO_LINGER supported
50 * Alan Cox : Error reporting fixes
51 * Anonymous : inet_create tidied up (sk->reuse setting)
52 * Alan Cox : inet sockets don't set sk->type!
53 * Alan Cox : Split socket option code
54 * Alan Cox : Callbacks
55 * Alan Cox : Nagle flag for Charles & Johannes stuff
56 * Alex : Removed restriction on inet fioctl
57 * Alan Cox : Splitting INET from NET core
58 * Alan Cox : Fixed bogus SO_TYPE handling in getsockopt()
59 * Adam Caldwell : Missing return in SO_DONTROUTE/SO_DEBUG code
60 * Alan Cox : Split IP from generic code
61 * Alan Cox : New kfree_skbmem()
62 * Alan Cox : Make SO_DEBUG superuser only.
63 * Alan Cox : Allow anyone to clear SO_DEBUG
64 * (compatibility fix)
65 * Alan Cox : Added optimistic memory grabbing for AF_UNIX throughput.
66 * Alan Cox : Allocator for a socket is settable.
67 * Alan Cox : SO_ERROR includes soft errors.
68 * Alan Cox : Allow NULL arguments on some SO_ opts
69 * Alan Cox : Generic socket allocation to make hooks
70 * easier (suggested by Craig Metz).
71 * Michael Pall : SO_ERROR returns positive errno again
72 * Steve Whitehouse: Added default destructor to free
73 * protocol private data.
74 * Steve Whitehouse: Added various other default routines
75 * common to several socket families.
76 * Chris Evans : Call suser() check last on F_SETOWN
77 * Jay Schulist : Added SO_ATTACH_FILTER and SO_DETACH_FILTER.
78 * Andi Kleen : Add sock_kmalloc()/sock_kfree_s()
79 * Andi Kleen : Fix write_space callback
80 * Chris Evans : Security fixes - signedness again
81 * Arnaldo C. Melo : cleanups, use skb_queue_purge
82 *
83 * To Fix:
84 *
85 *
86 * This program is free software; you can redistribute it and/or
87 * modify it under the terms of the GNU General Public License
88 * as published by the Free Software Foundation; either version
89 * 2 of the License, or (at your option) any later version.
90 */
91
92#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
93
94#include <linux/capability.h>
95#include <linux/errno.h>
96#include <linux/errqueue.h>
97#include <linux/types.h>
98#include <linux/socket.h>
99#include <linux/in.h>
100#include <linux/kernel.h>
101#include <linux/module.h>
102#include <linux/proc_fs.h>
103#include <linux/seq_file.h>
104#include <linux/sched.h>
105#include <linux/timer.h>
106#include <linux/string.h>
107#include <linux/sockios.h>
108#include <linux/net.h>
109#include <linux/mm.h>
110#include <linux/slab.h>
111#include <linux/interrupt.h>
112#include <linux/poll.h>
113#include <linux/tcp.h>
114#include <linux/init.h>
115#include <linux/highmem.h>
116#include <linux/user_namespace.h>
117#include <linux/static_key.h>
118#include <linux/memcontrol.h>
119#include <linux/prefetch.h>
120
121#include <asm/uaccess.h>
122
123#include <linux/netdevice.h>
124#include <net/protocol.h>
125#include <linux/skbuff.h>
126#include <net/net_namespace.h>
127#include <net/request_sock.h>
128#include <net/sock.h>
129#include <linux/net_tstamp.h>
130#include <net/xfrm.h>
131#include <linux/ipsec.h>
132#include <net/cls_cgroup.h>
133#include <net/netprio_cgroup.h>
134
135#include <linux/filter.h>
136
137#include <trace/events/sock.h>
138
139#ifdef CONFIG_INET
140#include <net/tcp.h>
141#endif
142
143#include <net/busy_poll.h>
144
145static DEFINE_MUTEX(proto_list_mutex);
146static LIST_HEAD(proto_list);
147
148/**
149 * sk_ns_capable - General socket capability test
150 * @sk: Socket to use a capability on or through
151 * @user_ns: The user namespace of the capability to use
152 * @cap: The capability to use
153 *
154 * Test to see if the opener of the socket had when the socket was
155 * created and the current process has the capability @cap in the user
156 * namespace @user_ns.
157 */
158bool sk_ns_capable(const struct sock *sk,
159 struct user_namespace *user_ns, int cap)
160{
161 return file_ns_capable(sk->sk_socket->file, user_ns, cap) &&
162 ns_capable(user_ns, cap);
163}
164EXPORT_SYMBOL(sk_ns_capable);
165
166/**
167 * sk_capable - Socket global capability test
168 * @sk: Socket to use a capability on or through
169 * @cap: The global capbility to use
170 *
171 * Test to see if the opener of the socket had when the socket was
172 * created and the current process has the capability @cap in all user
173 * namespaces.
174 */
175bool sk_capable(const struct sock *sk, int cap)
176{
177 return sk_ns_capable(sk, &init_user_ns, cap);
178}
179EXPORT_SYMBOL(sk_capable);
180
181/**
182 * sk_net_capable - Network namespace socket capability test
183 * @sk: Socket to use a capability on or through
184 * @cap: The capability to use
185 *
186 * Test to see if the opener of the socket had when the socke was created
187 * and the current process has the capability @cap over the network namespace
188 * the socket is a member of.
189 */
190bool sk_net_capable(const struct sock *sk, int cap)
191{
192 return sk_ns_capable(sk, sock_net(sk)->user_ns, cap);
193}
194EXPORT_SYMBOL(sk_net_capable);
195
196
197#ifdef CONFIG_MEMCG_KMEM
198int mem_cgroup_sockets_init(struct mem_cgroup *memcg, struct cgroup_subsys *ss)
199{
200 struct proto *proto;
201 int ret = 0;
202
203 mutex_lock(&proto_list_mutex);
204 list_for_each_entry(proto, &proto_list, node) {
205 if (proto->init_cgroup) {
206 ret = proto->init_cgroup(memcg, ss);
207 if (ret)
208 goto out;
209 }
210 }
211
212 mutex_unlock(&proto_list_mutex);
213 return ret;
214out:
215 list_for_each_entry_continue_reverse(proto, &proto_list, node)
216 if (proto->destroy_cgroup)
217 proto->destroy_cgroup(memcg);
218 mutex_unlock(&proto_list_mutex);
219 return ret;
220}
221
222void mem_cgroup_sockets_destroy(struct mem_cgroup *memcg)
223{
224 struct proto *proto;
225
226 mutex_lock(&proto_list_mutex);
227 list_for_each_entry_reverse(proto, &proto_list, node)
228 if (proto->destroy_cgroup)
229 proto->destroy_cgroup(memcg);
230 mutex_unlock(&proto_list_mutex);
231}
232#endif
233
234/*
235 * Each address family might have different locking rules, so we have
236 * one slock key per address family:
237 */
238static struct lock_class_key af_family_keys[AF_MAX];
239static struct lock_class_key af_family_slock_keys[AF_MAX];
240
241#if defined(CONFIG_MEMCG_KMEM)
242struct static_key memcg_socket_limit_enabled;
243EXPORT_SYMBOL(memcg_socket_limit_enabled);
244#endif
245
246/*
247 * Make lock validator output more readable. (we pre-construct these
248 * strings build-time, so that runtime initialization of socket
249 * locks is fast):
250 */
251static const char *const af_family_key_strings[AF_MAX+1] = {
252 "sk_lock-AF_UNSPEC", "sk_lock-AF_UNIX" , "sk_lock-AF_INET" ,
253 "sk_lock-AF_AX25" , "sk_lock-AF_IPX" , "sk_lock-AF_APPLETALK",
254 "sk_lock-AF_NETROM", "sk_lock-AF_BRIDGE" , "sk_lock-AF_ATMPVC" ,
255 "sk_lock-AF_X25" , "sk_lock-AF_INET6" , "sk_lock-AF_ROSE" ,
256 "sk_lock-AF_DECnet", "sk_lock-AF_NETBEUI" , "sk_lock-AF_SECURITY" ,
257 "sk_lock-AF_KEY" , "sk_lock-AF_NETLINK" , "sk_lock-AF_PACKET" ,
258 "sk_lock-AF_ASH" , "sk_lock-AF_ECONET" , "sk_lock-AF_ATMSVC" ,
259 "sk_lock-AF_RDS" , "sk_lock-AF_SNA" , "sk_lock-AF_IRDA" ,
260 "sk_lock-AF_PPPOX" , "sk_lock-AF_WANPIPE" , "sk_lock-AF_LLC" ,
261 "sk_lock-27" , "sk_lock-28" , "sk_lock-AF_CAN" ,
262 "sk_lock-AF_TIPC" , "sk_lock-AF_BLUETOOTH", "sk_lock-IUCV" ,
263 "sk_lock-AF_RXRPC" , "sk_lock-AF_ISDN" , "sk_lock-AF_PHONET" ,
264 "sk_lock-AF_IEEE802154", "sk_lock-AF_CAIF" , "sk_lock-AF_ALG" ,
265 "sk_lock-AF_NFC" , "sk_lock-AF_VSOCK" , "sk_lock-AF_MAX"
266};
267static const char *const af_family_slock_key_strings[AF_MAX+1] = {
268 "slock-AF_UNSPEC", "slock-AF_UNIX" , "slock-AF_INET" ,
269 "slock-AF_AX25" , "slock-AF_IPX" , "slock-AF_APPLETALK",
270 "slock-AF_NETROM", "slock-AF_BRIDGE" , "slock-AF_ATMPVC" ,
271 "slock-AF_X25" , "slock-AF_INET6" , "slock-AF_ROSE" ,
272 "slock-AF_DECnet", "slock-AF_NETBEUI" , "slock-AF_SECURITY" ,
273 "slock-AF_KEY" , "slock-AF_NETLINK" , "slock-AF_PACKET" ,
274 "slock-AF_ASH" , "slock-AF_ECONET" , "slock-AF_ATMSVC" ,
275 "slock-AF_RDS" , "slock-AF_SNA" , "slock-AF_IRDA" ,
276 "slock-AF_PPPOX" , "slock-AF_WANPIPE" , "slock-AF_LLC" ,
277 "slock-27" , "slock-28" , "slock-AF_CAN" ,
278 "slock-AF_TIPC" , "slock-AF_BLUETOOTH", "slock-AF_IUCV" ,
279 "slock-AF_RXRPC" , "slock-AF_ISDN" , "slock-AF_PHONET" ,
280 "slock-AF_IEEE802154", "slock-AF_CAIF" , "slock-AF_ALG" ,
281 "slock-AF_NFC" , "slock-AF_VSOCK" ,"slock-AF_MAX"
282};
283static const char *const af_family_clock_key_strings[AF_MAX+1] = {
284 "clock-AF_UNSPEC", "clock-AF_UNIX" , "clock-AF_INET" ,
285 "clock-AF_AX25" , "clock-AF_IPX" , "clock-AF_APPLETALK",
286 "clock-AF_NETROM", "clock-AF_BRIDGE" , "clock-AF_ATMPVC" ,
287 "clock-AF_X25" , "clock-AF_INET6" , "clock-AF_ROSE" ,
288 "clock-AF_DECnet", "clock-AF_NETBEUI" , "clock-AF_SECURITY" ,
289 "clock-AF_KEY" , "clock-AF_NETLINK" , "clock-AF_PACKET" ,
290 "clock-AF_ASH" , "clock-AF_ECONET" , "clock-AF_ATMSVC" ,
291 "clock-AF_RDS" , "clock-AF_SNA" , "clock-AF_IRDA" ,
292 "clock-AF_PPPOX" , "clock-AF_WANPIPE" , "clock-AF_LLC" ,
293 "clock-27" , "clock-28" , "clock-AF_CAN" ,
294 "clock-AF_TIPC" , "clock-AF_BLUETOOTH", "clock-AF_IUCV" ,
295 "clock-AF_RXRPC" , "clock-AF_ISDN" , "clock-AF_PHONET" ,
296 "clock-AF_IEEE802154", "clock-AF_CAIF" , "clock-AF_ALG" ,
297 "clock-AF_NFC" , "clock-AF_VSOCK" , "clock-AF_MAX"
298};
299
300/*
301 * sk_callback_lock locking rules are per-address-family,
302 * so split the lock classes by using a per-AF key:
303 */
304static struct lock_class_key af_callback_keys[AF_MAX];
305
306/* Take into consideration the size of the struct sk_buff overhead in the
307 * determination of these values, since that is non-constant across
308 * platforms. This makes socket queueing behavior and performance
309 * not depend upon such differences.
310 */
311#define _SK_MEM_PACKETS 256
312#define _SK_MEM_OVERHEAD SKB_TRUESIZE(256)
313#define SK_WMEM_MAX (_SK_MEM_OVERHEAD * _SK_MEM_PACKETS)
314#define SK_RMEM_MAX (_SK_MEM_OVERHEAD * _SK_MEM_PACKETS)
315
316/* Run time adjustable parameters. */
317__u32 sysctl_wmem_max __read_mostly = SK_WMEM_MAX;
318EXPORT_SYMBOL(sysctl_wmem_max);
319__u32 sysctl_rmem_max __read_mostly = SK_RMEM_MAX;
320EXPORT_SYMBOL(sysctl_rmem_max);
321__u32 sysctl_wmem_default __read_mostly = SK_WMEM_MAX;
322__u32 sysctl_rmem_default __read_mostly = SK_RMEM_MAX;
323
324/* Maximal space eaten by iovec or ancillary data plus some space */
325int sysctl_optmem_max __read_mostly = sizeof(unsigned long)*(2*UIO_MAXIOV+512);
326EXPORT_SYMBOL(sysctl_optmem_max);
327
328struct static_key memalloc_socks = STATIC_KEY_INIT_FALSE;
329EXPORT_SYMBOL_GPL(memalloc_socks);
330
331/**
332 * sk_set_memalloc - sets %SOCK_MEMALLOC
333 * @sk: socket to set it on
334 *
335 * Set %SOCK_MEMALLOC on a socket for access to emergency reserves.
336 * It's the responsibility of the admin to adjust min_free_kbytes
337 * to meet the requirements
338 */
339void sk_set_memalloc(struct sock *sk)
340{
341 sock_set_flag(sk, SOCK_MEMALLOC);
342 sk->sk_allocation |= __GFP_MEMALLOC;
343 static_key_slow_inc(&memalloc_socks);
344}
345EXPORT_SYMBOL_GPL(sk_set_memalloc);
346
347void sk_clear_memalloc(struct sock *sk)
348{
349 sock_reset_flag(sk, SOCK_MEMALLOC);
350 sk->sk_allocation &= ~__GFP_MEMALLOC;
351 static_key_slow_dec(&memalloc_socks);
352
353 /*
354 * SOCK_MEMALLOC is allowed to ignore rmem limits to ensure forward
355 * progress of swapping. However, if SOCK_MEMALLOC is cleared while
356 * it has rmem allocations there is a risk that the user of the
357 * socket cannot make forward progress due to exceeding the rmem
358 * limits. By rights, sk_clear_memalloc() should only be called
359 * on sockets being torn down but warn and reset the accounting if
360 * that assumption breaks.
361 */
362 if (WARN_ON(sk->sk_forward_alloc))
363 sk_mem_reclaim(sk);
364}
365EXPORT_SYMBOL_GPL(sk_clear_memalloc);
366
367int __sk_backlog_rcv(struct sock *sk, struct sk_buff *skb)
368{
369 int ret;
370 unsigned long pflags = current->flags;
371
372 /* these should have been dropped before queueing */
373 BUG_ON(!sock_flag(sk, SOCK_MEMALLOC));
374
375 current->flags |= PF_MEMALLOC;
376 ret = sk->sk_backlog_rcv(sk, skb);
377 tsk_restore_flags(current, pflags, PF_MEMALLOC);
378
379 return ret;
380}
381EXPORT_SYMBOL(__sk_backlog_rcv);
382
383static int sock_set_timeout(long *timeo_p, char __user *optval, int optlen)
384{
385 struct timeval tv;
386
387 if (optlen < sizeof(tv))
388 return -EINVAL;
389 if (copy_from_user(&tv, optval, sizeof(tv)))
390 return -EFAULT;
391 if (tv.tv_usec < 0 || tv.tv_usec >= USEC_PER_SEC)
392 return -EDOM;
393
394 if (tv.tv_sec < 0) {
395 static int warned __read_mostly;
396
397 *timeo_p = 0;
398 if (warned < 10 && net_ratelimit()) {
399 warned++;
400 pr_info("%s: `%s' (pid %d) tries to set negative timeout\n",
401 __func__, current->comm, task_pid_nr(current));
402 }
403 return 0;
404 }
405 *timeo_p = MAX_SCHEDULE_TIMEOUT;
406 if (tv.tv_sec == 0 && tv.tv_usec == 0)
407 return 0;
408 if (tv.tv_sec < (MAX_SCHEDULE_TIMEOUT/HZ - 1))
409 *timeo_p = tv.tv_sec*HZ + (tv.tv_usec+(1000000/HZ-1))/(1000000/HZ);
410 return 0;
411}
412
413static void sock_warn_obsolete_bsdism(const char *name)
414{
415 static int warned;
416 static char warncomm[TASK_COMM_LEN];
417 if (strcmp(warncomm, current->comm) && warned < 5) {
418 strcpy(warncomm, current->comm);
419 pr_warn("process `%s' is using obsolete %s SO_BSDCOMPAT\n",
420 warncomm, name);
421 warned++;
422 }
423}
424
425#define SK_FLAGS_TIMESTAMP ((1UL << SOCK_TIMESTAMP) | (1UL << SOCK_TIMESTAMPING_RX_SOFTWARE))
426
427static void sock_disable_timestamp(struct sock *sk, unsigned long flags)
428{
429 if (sk->sk_flags & flags) {
430 sk->sk_flags &= ~flags;
431 if (!(sk->sk_flags & SK_FLAGS_TIMESTAMP))
432 net_disable_timestamp();
433 }
434}
435
436
437int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
438{
439 int err;
440 int skb_len;
441 unsigned long flags;
442 struct sk_buff_head *list = &sk->sk_receive_queue;
443
444 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) {
445 atomic_inc(&sk->sk_drops);
446 trace_sock_rcvqueue_full(sk, skb);
447 return -ENOMEM;
448 }
449
450 err = sk_filter(sk, skb);
451 if (err)
452 return err;
453
454 if (!sk_rmem_schedule(sk, skb, skb->truesize)) {
455 atomic_inc(&sk->sk_drops);
456 return -ENOBUFS;
457 }
458
459 skb->dev = NULL;
460 skb_set_owner_r(skb, sk);
461
462 /* Cache the SKB length before we tack it onto the receive
463 * queue. Once it is added it no longer belongs to us and
464 * may be freed by other threads of control pulling packets
465 * from the queue.
466 */
467 skb_len = skb->len;
468
469 /* we escape from rcu protected region, make sure we dont leak
470 * a norefcounted dst
471 */
472 skb_dst_force(skb);
473
474 spin_lock_irqsave(&list->lock, flags);
475 skb->dropcount = atomic_read(&sk->sk_drops);
476 __skb_queue_tail(list, skb);
477 spin_unlock_irqrestore(&list->lock, flags);
478
479 if (!sock_flag(sk, SOCK_DEAD))
480 sk->sk_data_ready(sk);
481 return 0;
482}
483EXPORT_SYMBOL(sock_queue_rcv_skb);
484
485int sk_receive_skb(struct sock *sk, struct sk_buff *skb, const int nested)
486{
487 int rc = NET_RX_SUCCESS;
488
489 if (sk_filter(sk, skb))
490 goto discard_and_relse;
491
492 skb->dev = NULL;
493
494 if (sk_rcvqueues_full(sk, skb, sk->sk_rcvbuf)) {
495 atomic_inc(&sk->sk_drops);
496 goto discard_and_relse;
497 }
498 if (nested)
499 bh_lock_sock_nested(sk);
500 else
501 bh_lock_sock(sk);
502 if (!sock_owned_by_user(sk)) {
503 /*
504 * trylock + unlock semantics:
505 */
506 mutex_acquire(&sk->sk_lock.dep_map, 0, 1, _RET_IP_);
507
508 rc = sk_backlog_rcv(sk, skb);
509
510 mutex_release(&sk->sk_lock.dep_map, 1, _RET_IP_);
511 } else if (sk_add_backlog(sk, skb, sk->sk_rcvbuf)) {
512 bh_unlock_sock(sk);
513 atomic_inc(&sk->sk_drops);
514 goto discard_and_relse;
515 }
516
517 bh_unlock_sock(sk);
518out:
519 sock_put(sk);
520 return rc;
521discard_and_relse:
522 kfree_skb(skb);
523 goto out;
524}
525EXPORT_SYMBOL(sk_receive_skb);
526
527struct dst_entry *__sk_dst_check(struct sock *sk, u32 cookie)
528{
529 struct dst_entry *dst = __sk_dst_get(sk);
530
531 if (dst && dst->obsolete && dst->ops->check(dst, cookie) == NULL) {
532 sk_tx_queue_clear(sk);
533 RCU_INIT_POINTER(sk->sk_dst_cache, NULL);
534 dst_release(dst);
535 return NULL;
536 }
537
538 return dst;
539}
540EXPORT_SYMBOL(__sk_dst_check);
541
542struct dst_entry *sk_dst_check(struct sock *sk, u32 cookie)
543{
544 struct dst_entry *dst = sk_dst_get(sk);
545
546 if (dst && dst->obsolete && dst->ops->check(dst, cookie) == NULL) {
547 sk_dst_reset(sk);
548 dst_release(dst);
549 return NULL;
550 }
551
552 return dst;
553}
554EXPORT_SYMBOL(sk_dst_check);
555
556static int sock_setbindtodevice(struct sock *sk, char __user *optval,
557 int optlen)
558{
559 int ret = -ENOPROTOOPT;
560#ifdef CONFIG_NETDEVICES
561 struct net *net = sock_net(sk);
562 char devname[IFNAMSIZ];
563 int index;
564
565 /* Sorry... */
566 ret = -EPERM;
567 if (!ns_capable(net->user_ns, CAP_NET_RAW))
568 goto out;
569
570 ret = -EINVAL;
571 if (optlen < 0)
572 goto out;
573
574 /* Bind this socket to a particular device like "eth0",
575 * as specified in the passed interface name. If the
576 * name is "" or the option length is zero the socket
577 * is not bound.
578 */
579 if (optlen > IFNAMSIZ - 1)
580 optlen = IFNAMSIZ - 1;
581 memset(devname, 0, sizeof(devname));
582
583 ret = -EFAULT;
584 if (copy_from_user(devname, optval, optlen))
585 goto out;
586
587 index = 0;
588 if (devname[0] != '\0') {
589 struct net_device *dev;
590
591 rcu_read_lock();
592 dev = dev_get_by_name_rcu(net, devname);
593 if (dev)
594 index = dev->ifindex;
595 rcu_read_unlock();
596 ret = -ENODEV;
597 if (!dev)
598 goto out;
599 }
600
601 lock_sock(sk);
602 sk->sk_bound_dev_if = index;
603 sk_dst_reset(sk);
604 release_sock(sk);
605
606 ret = 0;
607
608out:
609#endif
610
611 return ret;
612}
613
614static int sock_getbindtodevice(struct sock *sk, char __user *optval,
615 int __user *optlen, int len)
616{
617 int ret = -ENOPROTOOPT;
618#ifdef CONFIG_NETDEVICES
619 struct net *net = sock_net(sk);
620 char devname[IFNAMSIZ];
621
622 if (sk->sk_bound_dev_if == 0) {
623 len = 0;
624 goto zero;
625 }
626
627 ret = -EINVAL;
628 if (len < IFNAMSIZ)
629 goto out;
630
631 ret = netdev_get_name(net, devname, sk->sk_bound_dev_if);
632 if (ret)
633 goto out;
634
635 len = strlen(devname) + 1;
636
637 ret = -EFAULT;
638 if (copy_to_user(optval, devname, len))
639 goto out;
640
641zero:
642 ret = -EFAULT;
643 if (put_user(len, optlen))
644 goto out;
645
646 ret = 0;
647
648out:
649#endif
650
651 return ret;
652}
653
654static inline void sock_valbool_flag(struct sock *sk, int bit, int valbool)
655{
656 if (valbool)
657 sock_set_flag(sk, bit);
658 else
659 sock_reset_flag(sk, bit);
660}
661
662/*
663 * This is meant for all protocols to use and covers goings on
664 * at the socket level. Everything here is generic.
665 */
666
667int sock_setsockopt(struct socket *sock, int level, int optname,
668 char __user *optval, unsigned int optlen)
669{
670 struct sock *sk = sock->sk;
671 int val;
672 int valbool;
673 struct linger ling;
674 int ret = 0;
675
676 /*
677 * Options without arguments
678 */
679
680 if (optname == SO_BINDTODEVICE)
681 return sock_setbindtodevice(sk, optval, optlen);
682
683 if (optlen < sizeof(int))
684 return -EINVAL;
685
686 if (get_user(val, (int __user *)optval))
687 return -EFAULT;
688
689 valbool = val ? 1 : 0;
690
691 lock_sock(sk);
692
693 switch (optname) {
694 case SO_DEBUG:
695 if (val && !capable(CAP_NET_ADMIN))
696 ret = -EACCES;
697 else
698 sock_valbool_flag(sk, SOCK_DBG, valbool);
699 break;
700 case SO_REUSEADDR:
701 sk->sk_reuse = (valbool ? SK_CAN_REUSE : SK_NO_REUSE);
702 break;
703 case SO_REUSEPORT:
704 sk->sk_reuseport = valbool;
705 break;
706 case SO_TYPE:
707 case SO_PROTOCOL:
708 case SO_DOMAIN:
709 case SO_ERROR:
710 ret = -ENOPROTOOPT;
711 break;
712 case SO_DONTROUTE:
713 sock_valbool_flag(sk, SOCK_LOCALROUTE, valbool);
714 break;
715 case SO_BROADCAST:
716 sock_valbool_flag(sk, SOCK_BROADCAST, valbool);
717 break;
718 case SO_SNDBUF:
719 /* Don't error on this BSD doesn't and if you think
720 * about it this is right. Otherwise apps have to
721 * play 'guess the biggest size' games. RCVBUF/SNDBUF
722 * are treated in BSD as hints
723 */
724 val = min_t(u32, val, sysctl_wmem_max);
725set_sndbuf:
726 sk->sk_userlocks |= SOCK_SNDBUF_LOCK;
727 sk->sk_sndbuf = max_t(u32, val * 2, SOCK_MIN_SNDBUF);
728 /* Wake up sending tasks if we upped the value. */
729 sk->sk_write_space(sk);
730 break;
731
732 case SO_SNDBUFFORCE:
733 if (!capable(CAP_NET_ADMIN)) {
734 ret = -EPERM;
735 break;
736 }
737 goto set_sndbuf;
738
739 case SO_RCVBUF:
740 /* Don't error on this BSD doesn't and if you think
741 * about it this is right. Otherwise apps have to
742 * play 'guess the biggest size' games. RCVBUF/SNDBUF
743 * are treated in BSD as hints
744 */
745 val = min_t(u32, val, sysctl_rmem_max);
746set_rcvbuf:
747 sk->sk_userlocks |= SOCK_RCVBUF_LOCK;
748 /*
749 * We double it on the way in to account for
750 * "struct sk_buff" etc. overhead. Applications
751 * assume that the SO_RCVBUF setting they make will
752 * allow that much actual data to be received on that
753 * socket.
754 *
755 * Applications are unaware that "struct sk_buff" and
756 * other overheads allocate from the receive buffer
757 * during socket buffer allocation.
758 *
759 * And after considering the possible alternatives,
760 * returning the value we actually used in getsockopt
761 * is the most desirable behavior.
762 */
763 sk->sk_rcvbuf = max_t(u32, val * 2, SOCK_MIN_RCVBUF);
764 break;
765
766 case SO_RCVBUFFORCE:
767 if (!capable(CAP_NET_ADMIN)) {
768 ret = -EPERM;
769 break;
770 }
771 goto set_rcvbuf;
772
773 case SO_KEEPALIVE:
774#ifdef CONFIG_INET
775 if (sk->sk_protocol == IPPROTO_TCP &&
776 sk->sk_type == SOCK_STREAM)
777 tcp_set_keepalive(sk, valbool);
778#endif
779 sock_valbool_flag(sk, SOCK_KEEPOPEN, valbool);
780 break;
781
782 case SO_OOBINLINE:
783 sock_valbool_flag(sk, SOCK_URGINLINE, valbool);
784 break;
785
786 case SO_NO_CHECK:
787 sk->sk_no_check = valbool;
788 break;
789
790 case SO_PRIORITY:
791 if ((val >= 0 && val <= 6) ||
792 ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN))
793 sk->sk_priority = val;
794 else
795 ret = -EPERM;
796 break;
797
798 case SO_LINGER:
799 if (optlen < sizeof(ling)) {
800 ret = -EINVAL; /* 1003.1g */
801 break;
802 }
803 if (copy_from_user(&ling, optval, sizeof(ling))) {
804 ret = -EFAULT;
805 break;
806 }
807 if (!ling.l_onoff)
808 sock_reset_flag(sk, SOCK_LINGER);
809 else {
810#if (BITS_PER_LONG == 32)
811 if ((unsigned int)ling.l_linger >= MAX_SCHEDULE_TIMEOUT/HZ)
812 sk->sk_lingertime = MAX_SCHEDULE_TIMEOUT;
813 else
814#endif
815 sk->sk_lingertime = (unsigned int)ling.l_linger * HZ;
816 sock_set_flag(sk, SOCK_LINGER);
817 }
818 break;
819
820 case SO_BSDCOMPAT:
821 sock_warn_obsolete_bsdism("setsockopt");
822 break;
823
824 case SO_PASSCRED:
825 if (valbool)
826 set_bit(SOCK_PASSCRED, &sock->flags);
827 else
828 clear_bit(SOCK_PASSCRED, &sock->flags);
829 break;
830
831 case SO_TIMESTAMP:
832 case SO_TIMESTAMPNS:
833 if (valbool) {
834 if (optname == SO_TIMESTAMP)
835 sock_reset_flag(sk, SOCK_RCVTSTAMPNS);
836 else
837 sock_set_flag(sk, SOCK_RCVTSTAMPNS);
838 sock_set_flag(sk, SOCK_RCVTSTAMP);
839 sock_enable_timestamp(sk, SOCK_TIMESTAMP);
840 } else {
841 sock_reset_flag(sk, SOCK_RCVTSTAMP);
842 sock_reset_flag(sk, SOCK_RCVTSTAMPNS);
843 }
844 break;
845
846 case SO_TIMESTAMPING:
847 if (val & ~SOF_TIMESTAMPING_MASK) {
848 ret = -EINVAL;
849 break;
850 }
851 sock_valbool_flag(sk, SOCK_TIMESTAMPING_TX_HARDWARE,
852 val & SOF_TIMESTAMPING_TX_HARDWARE);
853 sock_valbool_flag(sk, SOCK_TIMESTAMPING_TX_SOFTWARE,
854 val & SOF_TIMESTAMPING_TX_SOFTWARE);
855 sock_valbool_flag(sk, SOCK_TIMESTAMPING_RX_HARDWARE,
856 val & SOF_TIMESTAMPING_RX_HARDWARE);
857 if (val & SOF_TIMESTAMPING_RX_SOFTWARE)
858 sock_enable_timestamp(sk,
859 SOCK_TIMESTAMPING_RX_SOFTWARE);
860 else
861 sock_disable_timestamp(sk,
862 (1UL << SOCK_TIMESTAMPING_RX_SOFTWARE));
863 sock_valbool_flag(sk, SOCK_TIMESTAMPING_SOFTWARE,
864 val & SOF_TIMESTAMPING_SOFTWARE);
865 sock_valbool_flag(sk, SOCK_TIMESTAMPING_SYS_HARDWARE,
866 val & SOF_TIMESTAMPING_SYS_HARDWARE);
867 sock_valbool_flag(sk, SOCK_TIMESTAMPING_RAW_HARDWARE,
868 val & SOF_TIMESTAMPING_RAW_HARDWARE);
869 break;
870
871 case SO_RCVLOWAT:
872 if (val < 0)
873 val = INT_MAX;
874 sk->sk_rcvlowat = val ? : 1;
875 break;
876
877 case SO_RCVTIMEO:
878 ret = sock_set_timeout(&sk->sk_rcvtimeo, optval, optlen);
879 break;
880
881 case SO_SNDTIMEO:
882 ret = sock_set_timeout(&sk->sk_sndtimeo, optval, optlen);
883 break;
884
885 case SO_ATTACH_FILTER:
886 ret = -EINVAL;
887 if (optlen == sizeof(struct sock_fprog)) {
888 struct sock_fprog fprog;
889
890 ret = -EFAULT;
891 if (copy_from_user(&fprog, optval, sizeof(fprog)))
892 break;
893
894 ret = sk_attach_filter(&fprog, sk);
895 }
896 break;
897
898 case SO_DETACH_FILTER:
899 ret = sk_detach_filter(sk);
900 break;
901
902 case SO_LOCK_FILTER:
903 if (sock_flag(sk, SOCK_FILTER_LOCKED) && !valbool)
904 ret = -EPERM;
905 else
906 sock_valbool_flag(sk, SOCK_FILTER_LOCKED, valbool);
907 break;
908
909 case SO_PASSSEC:
910 if (valbool)
911 set_bit(SOCK_PASSSEC, &sock->flags);
912 else
913 clear_bit(SOCK_PASSSEC, &sock->flags);
914 break;
915 case SO_MARK:
916 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN))
917 ret = -EPERM;
918 else
919 sk->sk_mark = val;
920 break;
921
922 /* We implement the SO_SNDLOWAT etc to
923 not be settable (1003.1g 5.3) */
924 case SO_RXQ_OVFL:
925 sock_valbool_flag(sk, SOCK_RXQ_OVFL, valbool);
926 break;
927
928 case SO_WIFI_STATUS:
929 sock_valbool_flag(sk, SOCK_WIFI_STATUS, valbool);
930 break;
931
932 case SO_PEEK_OFF:
933 if (sock->ops->set_peek_off)
934 ret = sock->ops->set_peek_off(sk, val);
935 else
936 ret = -EOPNOTSUPP;
937 break;
938
939 case SO_NOFCS:
940 sock_valbool_flag(sk, SOCK_NOFCS, valbool);
941 break;
942
943 case SO_SELECT_ERR_QUEUE:
944 sock_valbool_flag(sk, SOCK_SELECT_ERR_QUEUE, valbool);
945 break;
946
947#ifdef CONFIG_NET_RX_BUSY_POLL
948 case SO_BUSY_POLL:
949 /* allow unprivileged users to decrease the value */
950 if ((val > sk->sk_ll_usec) && !capable(CAP_NET_ADMIN))
951 ret = -EPERM;
952 else {
953 if (val < 0)
954 ret = -EINVAL;
955 else
956 sk->sk_ll_usec = val;
957 }
958 break;
959#endif
960
961 case SO_MAX_PACING_RATE:
962 sk->sk_max_pacing_rate = val;
963 sk->sk_pacing_rate = min(sk->sk_pacing_rate,
964 sk->sk_max_pacing_rate);
965 break;
966
967 default:
968 ret = -ENOPROTOOPT;
969 break;
970 }
971 release_sock(sk);
972 return ret;
973}
974EXPORT_SYMBOL(sock_setsockopt);
975
976
977static void cred_to_ucred(struct pid *pid, const struct cred *cred,
978 struct ucred *ucred)
979{
980 ucred->pid = pid_vnr(pid);
981 ucred->uid = ucred->gid = -1;
982 if (cred) {
983 struct user_namespace *current_ns = current_user_ns();
984
985 ucred->uid = from_kuid_munged(current_ns, cred->euid);
986 ucred->gid = from_kgid_munged(current_ns, cred->egid);
987 }
988}
989
990int sock_getsockopt(struct socket *sock, int level, int optname,
991 char __user *optval, int __user *optlen)
992{
993 struct sock *sk = sock->sk;
994
995 union {
996 int val;
997 struct linger ling;
998 struct timeval tm;
999 } v;
1000
1001 int lv = sizeof(int);
1002 int len;
1003
1004 if (get_user(len, optlen))
1005 return -EFAULT;
1006 if (len < 0)
1007 return -EINVAL;
1008
1009 memset(&v, 0, sizeof(v));
1010
1011 switch (optname) {
1012 case SO_DEBUG:
1013 v.val = sock_flag(sk, SOCK_DBG);
1014 break;
1015
1016 case SO_DONTROUTE:
1017 v.val = sock_flag(sk, SOCK_LOCALROUTE);
1018 break;
1019
1020 case SO_BROADCAST:
1021 v.val = sock_flag(sk, SOCK_BROADCAST);
1022 break;
1023
1024 case SO_SNDBUF:
1025 v.val = sk->sk_sndbuf;
1026 break;
1027
1028 case SO_RCVBUF:
1029 v.val = sk->sk_rcvbuf;
1030 break;
1031
1032 case SO_REUSEADDR:
1033 v.val = sk->sk_reuse;
1034 break;
1035
1036 case SO_REUSEPORT:
1037 v.val = sk->sk_reuseport;
1038 break;
1039
1040 case SO_KEEPALIVE:
1041 v.val = sock_flag(sk, SOCK_KEEPOPEN);
1042 break;
1043
1044 case SO_TYPE:
1045 v.val = sk->sk_type;
1046 break;
1047
1048 case SO_PROTOCOL:
1049 v.val = sk->sk_protocol;
1050 break;
1051
1052 case SO_DOMAIN:
1053 v.val = sk->sk_family;
1054 break;
1055
1056 case SO_ERROR:
1057 v.val = -sock_error(sk);
1058 if (v.val == 0)
1059 v.val = xchg(&sk->sk_err_soft, 0);
1060 break;
1061
1062 case SO_OOBINLINE:
1063 v.val = sock_flag(sk, SOCK_URGINLINE);
1064 break;
1065
1066 case SO_NO_CHECK:
1067 v.val = sk->sk_no_check;
1068 break;
1069
1070 case SO_PRIORITY:
1071 v.val = sk->sk_priority;
1072 break;
1073
1074 case SO_LINGER:
1075 lv = sizeof(v.ling);
1076 v.ling.l_onoff = sock_flag(sk, SOCK_LINGER);
1077 v.ling.l_linger = sk->sk_lingertime / HZ;
1078 break;
1079
1080 case SO_BSDCOMPAT:
1081 sock_warn_obsolete_bsdism("getsockopt");
1082 break;
1083
1084 case SO_TIMESTAMP:
1085 v.val = sock_flag(sk, SOCK_RCVTSTAMP) &&
1086 !sock_flag(sk, SOCK_RCVTSTAMPNS);
1087 break;
1088
1089 case SO_TIMESTAMPNS:
1090 v.val = sock_flag(sk, SOCK_RCVTSTAMPNS);
1091 break;
1092
1093 case SO_TIMESTAMPING:
1094 v.val = 0;
1095 if (sock_flag(sk, SOCK_TIMESTAMPING_TX_HARDWARE))
1096 v.val |= SOF_TIMESTAMPING_TX_HARDWARE;
1097 if (sock_flag(sk, SOCK_TIMESTAMPING_TX_SOFTWARE))
1098 v.val |= SOF_TIMESTAMPING_TX_SOFTWARE;
1099 if (sock_flag(sk, SOCK_TIMESTAMPING_RX_HARDWARE))
1100 v.val |= SOF_TIMESTAMPING_RX_HARDWARE;
1101 if (sock_flag(sk, SOCK_TIMESTAMPING_RX_SOFTWARE))
1102 v.val |= SOF_TIMESTAMPING_RX_SOFTWARE;
1103 if (sock_flag(sk, SOCK_TIMESTAMPING_SOFTWARE))
1104 v.val |= SOF_TIMESTAMPING_SOFTWARE;
1105 if (sock_flag(sk, SOCK_TIMESTAMPING_SYS_HARDWARE))
1106 v.val |= SOF_TIMESTAMPING_SYS_HARDWARE;
1107 if (sock_flag(sk, SOCK_TIMESTAMPING_RAW_HARDWARE))
1108 v.val |= SOF_TIMESTAMPING_RAW_HARDWARE;
1109 break;
1110
1111 case SO_RCVTIMEO:
1112 lv = sizeof(struct timeval);
1113 if (sk->sk_rcvtimeo == MAX_SCHEDULE_TIMEOUT) {
1114 v.tm.tv_sec = 0;
1115 v.tm.tv_usec = 0;
1116 } else {
1117 v.tm.tv_sec = sk->sk_rcvtimeo / HZ;
1118 v.tm.tv_usec = ((sk->sk_rcvtimeo % HZ) * 1000000) / HZ;
1119 }
1120 break;
1121
1122 case SO_SNDTIMEO:
1123 lv = sizeof(struct timeval);
1124 if (sk->sk_sndtimeo == MAX_SCHEDULE_TIMEOUT) {
1125 v.tm.tv_sec = 0;
1126 v.tm.tv_usec = 0;
1127 } else {
1128 v.tm.tv_sec = sk->sk_sndtimeo / HZ;
1129 v.tm.tv_usec = ((sk->sk_sndtimeo % HZ) * 1000000) / HZ;
1130 }
1131 break;
1132
1133 case SO_RCVLOWAT:
1134 v.val = sk->sk_rcvlowat;
1135 break;
1136
1137 case SO_SNDLOWAT:
1138 v.val = 1;
1139 break;
1140
1141 case SO_PASSCRED:
1142 v.val = !!test_bit(SOCK_PASSCRED, &sock->flags);
1143 break;
1144
1145 case SO_PEERCRED:
1146 {
1147 struct ucred peercred;
1148 if (len > sizeof(peercred))
1149 len = sizeof(peercred);
1150 cred_to_ucred(sk->sk_peer_pid, sk->sk_peer_cred, &peercred);
1151 if (copy_to_user(optval, &peercred, len))
1152 return -EFAULT;
1153 goto lenout;
1154 }
1155
1156 case SO_PEERNAME:
1157 {
1158 char address[128];
1159
1160 if (sock->ops->getname(sock, (struct sockaddr *)address, &lv, 2))
1161 return -ENOTCONN;
1162 if (lv < len)
1163 return -EINVAL;
1164 if (copy_to_user(optval, address, len))
1165 return -EFAULT;
1166 goto lenout;
1167 }
1168
1169 /* Dubious BSD thing... Probably nobody even uses it, but
1170 * the UNIX standard wants it for whatever reason... -DaveM
1171 */
1172 case SO_ACCEPTCONN:
1173 v.val = sk->sk_state == TCP_LISTEN;
1174 break;
1175
1176 case SO_PASSSEC:
1177 v.val = !!test_bit(SOCK_PASSSEC, &sock->flags);
1178 break;
1179
1180 case SO_PEERSEC:
1181 return security_socket_getpeersec_stream(sock, optval, optlen, len);
1182
1183 case SO_MARK:
1184 v.val = sk->sk_mark;
1185 break;
1186
1187 case SO_RXQ_OVFL:
1188 v.val = sock_flag(sk, SOCK_RXQ_OVFL);
1189 break;
1190
1191 case SO_WIFI_STATUS:
1192 v.val = sock_flag(sk, SOCK_WIFI_STATUS);
1193 break;
1194
1195 case SO_PEEK_OFF:
1196 if (!sock->ops->set_peek_off)
1197 return -EOPNOTSUPP;
1198
1199 v.val = sk->sk_peek_off;
1200 break;
1201 case SO_NOFCS:
1202 v.val = sock_flag(sk, SOCK_NOFCS);
1203 break;
1204
1205 case SO_BINDTODEVICE:
1206 return sock_getbindtodevice(sk, optval, optlen, len);
1207
1208 case SO_GET_FILTER:
1209 len = sk_get_filter(sk, (struct sock_filter __user *)optval, len);
1210 if (len < 0)
1211 return len;
1212
1213 goto lenout;
1214
1215 case SO_LOCK_FILTER:
1216 v.val = sock_flag(sk, SOCK_FILTER_LOCKED);
1217 break;
1218
1219 case SO_BPF_EXTENSIONS:
1220 v.val = bpf_tell_extensions();
1221 break;
1222
1223 case SO_SELECT_ERR_QUEUE:
1224 v.val = sock_flag(sk, SOCK_SELECT_ERR_QUEUE);
1225 break;
1226
1227#ifdef CONFIG_NET_RX_BUSY_POLL
1228 case SO_BUSY_POLL:
1229 v.val = sk->sk_ll_usec;
1230 break;
1231#endif
1232
1233 case SO_MAX_PACING_RATE:
1234 v.val = sk->sk_max_pacing_rate;
1235 break;
1236
1237 default:
1238 return -ENOPROTOOPT;
1239 }
1240
1241 if (len > lv)
1242 len = lv;
1243 if (copy_to_user(optval, &v, len))
1244 return -EFAULT;
1245lenout:
1246 if (put_user(len, optlen))
1247 return -EFAULT;
1248 return 0;
1249}
1250
1251/*
1252 * Initialize an sk_lock.
1253 *
1254 * (We also register the sk_lock with the lock validator.)
1255 */
1256static inline void sock_lock_init(struct sock *sk)
1257{
1258 sock_lock_init_class_and_name(sk,
1259 af_family_slock_key_strings[sk->sk_family],
1260 af_family_slock_keys + sk->sk_family,
1261 af_family_key_strings[sk->sk_family],
1262 af_family_keys + sk->sk_family);
1263}
1264
1265/*
1266 * Copy all fields from osk to nsk but nsk->sk_refcnt must not change yet,
1267 * even temporarly, because of RCU lookups. sk_node should also be left as is.
1268 * We must not copy fields between sk_dontcopy_begin and sk_dontcopy_end
1269 */
1270static void sock_copy(struct sock *nsk, const struct sock *osk)
1271{
1272#ifdef CONFIG_SECURITY_NETWORK
1273 void *sptr = nsk->sk_security;
1274#endif
1275 memcpy(nsk, osk, offsetof(struct sock, sk_dontcopy_begin));
1276
1277 memcpy(&nsk->sk_dontcopy_end, &osk->sk_dontcopy_end,
1278 osk->sk_prot->obj_size - offsetof(struct sock, sk_dontcopy_end));
1279
1280#ifdef CONFIG_SECURITY_NETWORK
1281 nsk->sk_security = sptr;
1282 security_sk_clone(osk, nsk);
1283#endif
1284}
1285
1286void sk_prot_clear_portaddr_nulls(struct sock *sk, int size)
1287{
1288 unsigned long nulls1, nulls2;
1289
1290 nulls1 = offsetof(struct sock, __sk_common.skc_node.next);
1291 nulls2 = offsetof(struct sock, __sk_common.skc_portaddr_node.next);
1292 if (nulls1 > nulls2)
1293 swap(nulls1, nulls2);
1294
1295 if (nulls1 != 0)
1296 memset((char *)sk, 0, nulls1);
1297 memset((char *)sk + nulls1 + sizeof(void *), 0,
1298 nulls2 - nulls1 - sizeof(void *));
1299 memset((char *)sk + nulls2 + sizeof(void *), 0,
1300 size - nulls2 - sizeof(void *));
1301}
1302EXPORT_SYMBOL(sk_prot_clear_portaddr_nulls);
1303
1304static struct sock *sk_prot_alloc(struct proto *prot, gfp_t priority,
1305 int family)
1306{
1307 struct sock *sk;
1308 struct kmem_cache *slab;
1309
1310 slab = prot->slab;
1311 if (slab != NULL) {
1312 sk = kmem_cache_alloc(slab, priority & ~__GFP_ZERO);
1313 if (!sk)
1314 return sk;
1315 if (priority & __GFP_ZERO) {
1316 if (prot->clear_sk)
1317 prot->clear_sk(sk, prot->obj_size);
1318 else
1319 sk_prot_clear_nulls(sk, prot->obj_size);
1320 }
1321 } else
1322 sk = kmalloc(prot->obj_size, priority);
1323
1324 if (sk != NULL) {
1325 kmemcheck_annotate_bitfield(sk, flags);
1326
1327 if (security_sk_alloc(sk, family, priority))
1328 goto out_free;
1329
1330 if (!try_module_get(prot->owner))
1331 goto out_free_sec;
1332 sk_tx_queue_clear(sk);
1333 }
1334
1335 return sk;
1336
1337out_free_sec:
1338 security_sk_free(sk);
1339out_free:
1340 if (slab != NULL)
1341 kmem_cache_free(slab, sk);
1342 else
1343 kfree(sk);
1344 return NULL;
1345}
1346
1347static void sk_prot_free(struct proto *prot, struct sock *sk)
1348{
1349 struct kmem_cache *slab;
1350 struct module *owner;
1351
1352 owner = prot->owner;
1353 slab = prot->slab;
1354
1355 security_sk_free(sk);
1356 if (slab != NULL)
1357 kmem_cache_free(slab, sk);
1358 else
1359 kfree(sk);
1360 module_put(owner);
1361}
1362
1363#if IS_ENABLED(CONFIG_CGROUP_NET_PRIO)
1364void sock_update_netprioidx(struct sock *sk)
1365{
1366 if (in_interrupt())
1367 return;
1368
1369 sk->sk_cgrp_prioidx = task_netprioidx(current);
1370}
1371EXPORT_SYMBOL_GPL(sock_update_netprioidx);
1372#endif
1373
1374/**
1375 * sk_alloc - All socket objects are allocated here
1376 * @net: the applicable net namespace
1377 * @family: protocol family
1378 * @priority: for allocation (%GFP_KERNEL, %GFP_ATOMIC, etc)
1379 * @prot: struct proto associated with this new sock instance
1380 */
1381struct sock *sk_alloc(struct net *net, int family, gfp_t priority,
1382 struct proto *prot)
1383{
1384 struct sock *sk;
1385
1386 sk = sk_prot_alloc(prot, priority | __GFP_ZERO, family);
1387 if (sk) {
1388 sk->sk_family = family;
1389 /*
1390 * See comment in struct sock definition to understand
1391 * why we need sk_prot_creator -acme
1392 */
1393 sk->sk_prot = sk->sk_prot_creator = prot;
1394 sock_lock_init(sk);
1395 sock_net_set(sk, get_net(net));
1396 atomic_set(&sk->sk_wmem_alloc, 1);
1397
1398 sock_update_classid(sk);
1399 sock_update_netprioidx(sk);
1400 }
1401
1402 return sk;
1403}
1404EXPORT_SYMBOL(sk_alloc);
1405
1406static void __sk_free(struct sock *sk)
1407{
1408 struct sk_filter *filter;
1409
1410 if (sk->sk_destruct)
1411 sk->sk_destruct(sk);
1412
1413 filter = rcu_dereference_check(sk->sk_filter,
1414 atomic_read(&sk->sk_wmem_alloc) == 0);
1415 if (filter) {
1416 sk_filter_uncharge(sk, filter);
1417 RCU_INIT_POINTER(sk->sk_filter, NULL);
1418 }
1419
1420 sock_disable_timestamp(sk, SK_FLAGS_TIMESTAMP);
1421
1422 if (atomic_read(&sk->sk_omem_alloc))
1423 pr_debug("%s: optmem leakage (%d bytes) detected\n",
1424 __func__, atomic_read(&sk->sk_omem_alloc));
1425
1426 if (sk->sk_peer_cred)
1427 put_cred(sk->sk_peer_cred);
1428 put_pid(sk->sk_peer_pid);
1429 put_net(sock_net(sk));
1430 sk_prot_free(sk->sk_prot_creator, sk);
1431}
1432
1433void sk_free(struct sock *sk)
1434{
1435 /*
1436 * We subtract one from sk_wmem_alloc and can know if
1437 * some packets are still in some tx queue.
1438 * If not null, sock_wfree() will call __sk_free(sk) later
1439 */
1440 if (atomic_dec_and_test(&sk->sk_wmem_alloc))
1441 __sk_free(sk);
1442}
1443EXPORT_SYMBOL(sk_free);
1444
1445/*
1446 * Last sock_put should drop reference to sk->sk_net. It has already
1447 * been dropped in sk_change_net. Taking reference to stopping namespace
1448 * is not an option.
1449 * Take reference to a socket to remove it from hash _alive_ and after that
1450 * destroy it in the context of init_net.
1451 */
1452void sk_release_kernel(struct sock *sk)
1453{
1454 if (sk == NULL || sk->sk_socket == NULL)
1455 return;
1456
1457 sock_hold(sk);
1458 sock_release(sk->sk_socket);
1459 release_net(sock_net(sk));
1460 sock_net_set(sk, get_net(&init_net));
1461 sock_put(sk);
1462}
1463EXPORT_SYMBOL(sk_release_kernel);
1464
1465static void sk_update_clone(const struct sock *sk, struct sock *newsk)
1466{
1467 if (mem_cgroup_sockets_enabled && sk->sk_cgrp)
1468 sock_update_memcg(newsk);
1469}
1470
1471/**
1472 * sk_clone_lock - clone a socket, and lock its clone
1473 * @sk: the socket to clone
1474 * @priority: for allocation (%GFP_KERNEL, %GFP_ATOMIC, etc)
1475 *
1476 * Caller must unlock socket even in error path (bh_unlock_sock(newsk))
1477 */
1478struct sock *sk_clone_lock(const struct sock *sk, const gfp_t priority)
1479{
1480 struct sock *newsk;
1481
1482 newsk = sk_prot_alloc(sk->sk_prot, priority, sk->sk_family);
1483 if (newsk != NULL) {
1484 struct sk_filter *filter;
1485
1486 sock_copy(newsk, sk);
1487
1488 /* SANITY */
1489 get_net(sock_net(newsk));
1490 sk_node_init(&newsk->sk_node);
1491 sock_lock_init(newsk);
1492 bh_lock_sock(newsk);
1493 newsk->sk_backlog.head = newsk->sk_backlog.tail = NULL;
1494 newsk->sk_backlog.len = 0;
1495
1496 atomic_set(&newsk->sk_rmem_alloc, 0);
1497 /*
1498 * sk_wmem_alloc set to one (see sk_free() and sock_wfree())
1499 */
1500 atomic_set(&newsk->sk_wmem_alloc, 1);
1501 atomic_set(&newsk->sk_omem_alloc, 0);
1502 skb_queue_head_init(&newsk->sk_receive_queue);
1503 skb_queue_head_init(&newsk->sk_write_queue);
1504#ifdef CONFIG_NET_DMA
1505 skb_queue_head_init(&newsk->sk_async_wait_queue);
1506#endif
1507
1508 spin_lock_init(&newsk->sk_dst_lock);
1509 rwlock_init(&newsk->sk_callback_lock);
1510 lockdep_set_class_and_name(&newsk->sk_callback_lock,
1511 af_callback_keys + newsk->sk_family,
1512 af_family_clock_key_strings[newsk->sk_family]);
1513
1514 newsk->sk_dst_cache = NULL;
1515 newsk->sk_wmem_queued = 0;
1516 newsk->sk_forward_alloc = 0;
1517 newsk->sk_send_head = NULL;
1518 newsk->sk_userlocks = sk->sk_userlocks & ~SOCK_BINDPORT_LOCK;
1519
1520 sock_reset_flag(newsk, SOCK_DONE);
1521 skb_queue_head_init(&newsk->sk_error_queue);
1522
1523 filter = rcu_dereference_protected(newsk->sk_filter, 1);
1524 if (filter != NULL)
1525 sk_filter_charge(newsk, filter);
1526
1527 if (unlikely(xfrm_sk_clone_policy(newsk))) {
1528 /* It is still raw copy of parent, so invalidate
1529 * destructor and make plain sk_free() */
1530 newsk->sk_destruct = NULL;
1531 bh_unlock_sock(newsk);
1532 sk_free(newsk);
1533 newsk = NULL;
1534 goto out;
1535 }
1536
1537 newsk->sk_err = 0;
1538 newsk->sk_priority = 0;
1539 /*
1540 * Before updating sk_refcnt, we must commit prior changes to memory
1541 * (Documentation/RCU/rculist_nulls.txt for details)
1542 */
1543 smp_wmb();
1544 atomic_set(&newsk->sk_refcnt, 2);
1545
1546 /*
1547 * Increment the counter in the same struct proto as the master
1548 * sock (sk_refcnt_debug_inc uses newsk->sk_prot->socks, that
1549 * is the same as sk->sk_prot->socks, as this field was copied
1550 * with memcpy).
1551 *
1552 * This _changes_ the previous behaviour, where
1553 * tcp_create_openreq_child always was incrementing the
1554 * equivalent to tcp_prot->socks (inet_sock_nr), so this have
1555 * to be taken into account in all callers. -acme
1556 */
1557 sk_refcnt_debug_inc(newsk);
1558 sk_set_socket(newsk, NULL);
1559 newsk->sk_wq = NULL;
1560
1561 sk_update_clone(sk, newsk);
1562
1563 if (newsk->sk_prot->sockets_allocated)
1564 sk_sockets_allocated_inc(newsk);
1565
1566 if (newsk->sk_flags & SK_FLAGS_TIMESTAMP)
1567 net_enable_timestamp();
1568 }
1569out:
1570 return newsk;
1571}
1572EXPORT_SYMBOL_GPL(sk_clone_lock);
1573
1574void sk_setup_caps(struct sock *sk, struct dst_entry *dst)
1575{
1576 __sk_dst_set(sk, dst);
1577 sk->sk_route_caps = dst->dev->features;
1578 if (sk->sk_route_caps & NETIF_F_GSO)
1579 sk->sk_route_caps |= NETIF_F_GSO_SOFTWARE;
1580 sk->sk_route_caps &= ~sk->sk_route_nocaps;
1581 if (sk_can_gso(sk)) {
1582 if (dst->header_len) {
1583 sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
1584 } else {
1585 sk->sk_route_caps |= NETIF_F_SG | NETIF_F_HW_CSUM;
1586 sk->sk_gso_max_size = dst->dev->gso_max_size;
1587 sk->sk_gso_max_segs = dst->dev->gso_max_segs;
1588 }
1589 }
1590}
1591EXPORT_SYMBOL_GPL(sk_setup_caps);
1592
1593/*
1594 * Simple resource managers for sockets.
1595 */
1596
1597
1598/*
1599 * Write buffer destructor automatically called from kfree_skb.
1600 */
1601void sock_wfree(struct sk_buff *skb)
1602{
1603 struct sock *sk = skb->sk;
1604 unsigned int len = skb->truesize;
1605
1606 if (!sock_flag(sk, SOCK_USE_WRITE_QUEUE)) {
1607 /*
1608 * Keep a reference on sk_wmem_alloc, this will be released
1609 * after sk_write_space() call
1610 */
1611 atomic_sub(len - 1, &sk->sk_wmem_alloc);
1612 sk->sk_write_space(sk);
1613 len = 1;
1614 }
1615 /*
1616 * if sk_wmem_alloc reaches 0, we must finish what sk_free()
1617 * could not do because of in-flight packets
1618 */
1619 if (atomic_sub_and_test(len, &sk->sk_wmem_alloc))
1620 __sk_free(sk);
1621}
1622EXPORT_SYMBOL(sock_wfree);
1623
1624void skb_orphan_partial(struct sk_buff *skb)
1625{
1626 /* TCP stack sets skb->ooo_okay based on sk_wmem_alloc,
1627 * so we do not completely orphan skb, but transfert all
1628 * accounted bytes but one, to avoid unexpected reorders.
1629 */
1630 if (skb->destructor == sock_wfree
1631#ifdef CONFIG_INET
1632 || skb->destructor == tcp_wfree
1633#endif
1634 ) {
1635 atomic_sub(skb->truesize - 1, &skb->sk->sk_wmem_alloc);
1636 skb->truesize = 1;
1637 } else {
1638 skb_orphan(skb);
1639 }
1640}
1641EXPORT_SYMBOL(skb_orphan_partial);
1642
1643/*
1644 * Read buffer destructor automatically called from kfree_skb.
1645 */
1646void sock_rfree(struct sk_buff *skb)
1647{
1648 struct sock *sk = skb->sk;
1649 unsigned int len = skb->truesize;
1650
1651 atomic_sub(len, &sk->sk_rmem_alloc);
1652 sk_mem_uncharge(sk, len);
1653}
1654EXPORT_SYMBOL(sock_rfree);
1655
1656void sock_edemux(struct sk_buff *skb)
1657{
1658 struct sock *sk = skb->sk;
1659
1660#ifdef CONFIG_INET
1661 if (sk->sk_state == TCP_TIME_WAIT)
1662 inet_twsk_put(inet_twsk(sk));
1663 else
1664#endif
1665 sock_put(sk);
1666}
1667EXPORT_SYMBOL(sock_edemux);
1668
1669kuid_t sock_i_uid(struct sock *sk)
1670{
1671 kuid_t uid;
1672
1673 read_lock_bh(&sk->sk_callback_lock);
1674 uid = sk->sk_socket ? SOCK_INODE(sk->sk_socket)->i_uid : GLOBAL_ROOT_UID;
1675 read_unlock_bh(&sk->sk_callback_lock);
1676 return uid;
1677}
1678EXPORT_SYMBOL(sock_i_uid);
1679
1680unsigned long sock_i_ino(struct sock *sk)
1681{
1682 unsigned long ino;
1683
1684 read_lock_bh(&sk->sk_callback_lock);
1685 ino = sk->sk_socket ? SOCK_INODE(sk->sk_socket)->i_ino : 0;
1686 read_unlock_bh(&sk->sk_callback_lock);
1687 return ino;
1688}
1689EXPORT_SYMBOL(sock_i_ino);
1690
1691/*
1692 * Allocate a skb from the socket's send buffer.
1693 */
1694struct sk_buff *sock_wmalloc(struct sock *sk, unsigned long size, int force,
1695 gfp_t priority)
1696{
1697 if (force || atomic_read(&sk->sk_wmem_alloc) < sk->sk_sndbuf) {
1698 struct sk_buff *skb = alloc_skb(size, priority);
1699 if (skb) {
1700 skb_set_owner_w(skb, sk);
1701 return skb;
1702 }
1703 }
1704 return NULL;
1705}
1706EXPORT_SYMBOL(sock_wmalloc);
1707
1708/*
1709 * Allocate a memory block from the socket's option memory buffer.
1710 */
1711void *sock_kmalloc(struct sock *sk, int size, gfp_t priority)
1712{
1713 if ((unsigned int)size <= sysctl_optmem_max &&
1714 atomic_read(&sk->sk_omem_alloc) + size < sysctl_optmem_max) {
1715 void *mem;
1716 /* First do the add, to avoid the race if kmalloc
1717 * might sleep.
1718 */
1719 atomic_add(size, &sk->sk_omem_alloc);
1720 mem = kmalloc(size, priority);
1721 if (mem)
1722 return mem;
1723 atomic_sub(size, &sk->sk_omem_alloc);
1724 }
1725 return NULL;
1726}
1727EXPORT_SYMBOL(sock_kmalloc);
1728
1729/*
1730 * Free an option memory block.
1731 */
1732void sock_kfree_s(struct sock *sk, void *mem, int size)
1733{
1734 kfree(mem);
1735 atomic_sub(size, &sk->sk_omem_alloc);
1736}
1737EXPORT_SYMBOL(sock_kfree_s);
1738
1739/* It is almost wait_for_tcp_memory minus release_sock/lock_sock.
1740 I think, these locks should be removed for datagram sockets.
1741 */
1742static long sock_wait_for_wmem(struct sock *sk, long timeo)
1743{
1744 DEFINE_WAIT(wait);
1745
1746 clear_bit(SOCK_ASYNC_NOSPACE, &sk->sk_socket->flags);
1747 for (;;) {
1748 if (!timeo)
1749 break;
1750 if (signal_pending(current))
1751 break;
1752 set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
1753 prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
1754 if (atomic_read(&sk->sk_wmem_alloc) < sk->sk_sndbuf)
1755 break;
1756 if (sk->sk_shutdown & SEND_SHUTDOWN)
1757 break;
1758 if (sk->sk_err)
1759 break;
1760 timeo = schedule_timeout(timeo);
1761 }
1762 finish_wait(sk_sleep(sk), &wait);
1763 return timeo;
1764}
1765
1766
1767/*
1768 * Generic send/receive buffer handlers
1769 */
1770
1771struct sk_buff *sock_alloc_send_pskb(struct sock *sk, unsigned long header_len,
1772 unsigned long data_len, int noblock,
1773 int *errcode, int max_page_order)
1774{
1775 struct sk_buff *skb = NULL;
1776 unsigned long chunk;
1777 gfp_t gfp_mask;
1778 long timeo;
1779 int err;
1780 int npages = (data_len + (PAGE_SIZE - 1)) >> PAGE_SHIFT;
1781 struct page *page;
1782 int i;
1783
1784 err = -EMSGSIZE;
1785 if (npages > MAX_SKB_FRAGS)
1786 goto failure;
1787
1788 timeo = sock_sndtimeo(sk, noblock);
1789 while (!skb) {
1790 err = sock_error(sk);
1791 if (err != 0)
1792 goto failure;
1793
1794 err = -EPIPE;
1795 if (sk->sk_shutdown & SEND_SHUTDOWN)
1796 goto failure;
1797
1798 if (atomic_read(&sk->sk_wmem_alloc) >= sk->sk_sndbuf) {
1799 set_bit(SOCK_ASYNC_NOSPACE, &sk->sk_socket->flags);
1800 set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
1801 err = -EAGAIN;
1802 if (!timeo)
1803 goto failure;
1804 if (signal_pending(current))
1805 goto interrupted;
1806 timeo = sock_wait_for_wmem(sk, timeo);
1807 continue;
1808 }
1809
1810 err = -ENOBUFS;
1811 gfp_mask = sk->sk_allocation;
1812 if (gfp_mask & __GFP_WAIT)
1813 gfp_mask |= __GFP_REPEAT;
1814
1815 skb = alloc_skb(header_len, gfp_mask);
1816 if (!skb)
1817 goto failure;
1818
1819 skb->truesize += data_len;
1820
1821 for (i = 0; npages > 0; i++) {
1822 int order = max_page_order;
1823
1824 while (order) {
1825 if (npages >= 1 << order) {
1826 page = alloc_pages(sk->sk_allocation |
1827 __GFP_COMP |
1828 __GFP_NOWARN |
1829 __GFP_NORETRY,
1830 order);
1831 if (page)
1832 goto fill_page;
1833 }
1834 order--;
1835 }
1836 page = alloc_page(sk->sk_allocation);
1837 if (!page)
1838 goto failure;
1839fill_page:
1840 chunk = min_t(unsigned long, data_len,
1841 PAGE_SIZE << order);
1842 skb_fill_page_desc(skb, i, page, 0, chunk);
1843 data_len -= chunk;
1844 npages -= 1 << order;
1845 }
1846 }
1847
1848 skb_set_owner_w(skb, sk);
1849 return skb;
1850
1851interrupted:
1852 err = sock_intr_errno(timeo);
1853failure:
1854 kfree_skb(skb);
1855 *errcode = err;
1856 return NULL;
1857}
1858EXPORT_SYMBOL(sock_alloc_send_pskb);
1859
1860struct sk_buff *sock_alloc_send_skb(struct sock *sk, unsigned long size,
1861 int noblock, int *errcode)
1862{
1863 return sock_alloc_send_pskb(sk, size, 0, noblock, errcode, 0);
1864}
1865EXPORT_SYMBOL(sock_alloc_send_skb);
1866
1867/* On 32bit arches, an skb frag is limited to 2^15 */
1868#define SKB_FRAG_PAGE_ORDER get_order(32768)
1869
1870/**
1871 * skb_page_frag_refill - check that a page_frag contains enough room
1872 * @sz: minimum size of the fragment we want to get
1873 * @pfrag: pointer to page_frag
1874 * @prio: priority for memory allocation
1875 *
1876 * Note: While this allocator tries to use high order pages, there is
1877 * no guarantee that allocations succeed. Therefore, @sz MUST be
1878 * less or equal than PAGE_SIZE.
1879 */
1880bool skb_page_frag_refill(unsigned int sz, struct page_frag *pfrag, gfp_t prio)
1881{
1882 int order;
1883
1884 if (pfrag->page) {
1885 if (atomic_read(&pfrag->page->_count) == 1) {
1886 pfrag->offset = 0;
1887 return true;
1888 }
1889 if (pfrag->offset + sz <= pfrag->size)
1890 return true;
1891 put_page(pfrag->page);
1892 }
1893
1894 order = SKB_FRAG_PAGE_ORDER;
1895 do {
1896 gfp_t gfp = prio;
1897
1898 if (order)
1899 gfp |= __GFP_COMP | __GFP_NOWARN | __GFP_NORETRY;
1900 pfrag->page = alloc_pages(gfp, order);
1901 if (likely(pfrag->page)) {
1902 pfrag->offset = 0;
1903 pfrag->size = PAGE_SIZE << order;
1904 return true;
1905 }
1906 } while (--order >= 0);
1907
1908 return false;
1909}
1910EXPORT_SYMBOL(skb_page_frag_refill);
1911
1912bool sk_page_frag_refill(struct sock *sk, struct page_frag *pfrag)
1913{
1914 if (likely(skb_page_frag_refill(32U, pfrag, sk->sk_allocation)))
1915 return true;
1916
1917 sk_enter_memory_pressure(sk);
1918 sk_stream_moderate_sndbuf(sk);
1919 return false;
1920}
1921EXPORT_SYMBOL(sk_page_frag_refill);
1922
1923static void __lock_sock(struct sock *sk)
1924 __releases(&sk->sk_lock.slock)
1925 __acquires(&sk->sk_lock.slock)
1926{
1927 DEFINE_WAIT(wait);
1928
1929 for (;;) {
1930 prepare_to_wait_exclusive(&sk->sk_lock.wq, &wait,
1931 TASK_UNINTERRUPTIBLE);
1932 spin_unlock_bh(&sk->sk_lock.slock);
1933 schedule();
1934 spin_lock_bh(&sk->sk_lock.slock);
1935 if (!sock_owned_by_user(sk))
1936 break;
1937 }
1938 finish_wait(&sk->sk_lock.wq, &wait);
1939}
1940
1941static void __release_sock(struct sock *sk)
1942 __releases(&sk->sk_lock.slock)
1943 __acquires(&sk->sk_lock.slock)
1944{
1945 struct sk_buff *skb = sk->sk_backlog.head;
1946
1947 do {
1948 sk->sk_backlog.head = sk->sk_backlog.tail = NULL;
1949 bh_unlock_sock(sk);
1950
1951 do {
1952 struct sk_buff *next = skb->next;
1953
1954 prefetch(next);
1955 WARN_ON_ONCE(skb_dst_is_noref(skb));
1956 skb->next = NULL;
1957 sk_backlog_rcv(sk, skb);
1958
1959 /*
1960 * We are in process context here with softirqs
1961 * disabled, use cond_resched_softirq() to preempt.
1962 * This is safe to do because we've taken the backlog
1963 * queue private:
1964 */
1965 cond_resched_softirq();
1966
1967 skb = next;
1968 } while (skb != NULL);
1969
1970 bh_lock_sock(sk);
1971 } while ((skb = sk->sk_backlog.head) != NULL);
1972
1973 /*
1974 * Doing the zeroing here guarantee we can not loop forever
1975 * while a wild producer attempts to flood us.
1976 */
1977 sk->sk_backlog.len = 0;
1978}
1979
1980/**
1981 * sk_wait_data - wait for data to arrive at sk_receive_queue
1982 * @sk: sock to wait on
1983 * @timeo: for how long
1984 *
1985 * Now socket state including sk->sk_err is changed only under lock,
1986 * hence we may omit checks after joining wait queue.
1987 * We check receive queue before schedule() only as optimization;
1988 * it is very likely that release_sock() added new data.
1989 */
1990int sk_wait_data(struct sock *sk, long *timeo)
1991{
1992 int rc;
1993 DEFINE_WAIT(wait);
1994
1995 prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
1996 set_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
1997 rc = sk_wait_event(sk, timeo, !skb_queue_empty(&sk->sk_receive_queue));
1998 clear_bit(SOCK_ASYNC_WAITDATA, &sk->sk_socket->flags);
1999 finish_wait(sk_sleep(sk), &wait);
2000 return rc;
2001}
2002EXPORT_SYMBOL(sk_wait_data);
2003
2004/**
2005 * __sk_mem_schedule - increase sk_forward_alloc and memory_allocated
2006 * @sk: socket
2007 * @size: memory size to allocate
2008 * @kind: allocation type
2009 *
2010 * If kind is SK_MEM_SEND, it means wmem allocation. Otherwise it means
2011 * rmem allocation. This function assumes that protocols which have
2012 * memory_pressure use sk_wmem_queued as write buffer accounting.
2013 */
2014int __sk_mem_schedule(struct sock *sk, int size, int kind)
2015{
2016 struct proto *prot = sk->sk_prot;
2017 int amt = sk_mem_pages(size);
2018 long allocated;
2019 int parent_status = UNDER_LIMIT;
2020
2021 sk->sk_forward_alloc += amt * SK_MEM_QUANTUM;
2022
2023 allocated = sk_memory_allocated_add(sk, amt, &parent_status);
2024
2025 /* Under limit. */
2026 if (parent_status == UNDER_LIMIT &&
2027 allocated <= sk_prot_mem_limits(sk, 0)) {
2028 sk_leave_memory_pressure(sk);
2029 return 1;
2030 }
2031
2032 /* Under pressure. (we or our parents) */
2033 if ((parent_status > SOFT_LIMIT) ||
2034 allocated > sk_prot_mem_limits(sk, 1))
2035 sk_enter_memory_pressure(sk);
2036
2037 /* Over hard limit (we or our parents) */
2038 if ((parent_status == OVER_LIMIT) ||
2039 (allocated > sk_prot_mem_limits(sk, 2)))
2040 goto suppress_allocation;
2041
2042 /* guarantee minimum buffer size under pressure */
2043 if (kind == SK_MEM_RECV) {
2044 if (atomic_read(&sk->sk_rmem_alloc) < prot->sysctl_rmem[0])
2045 return 1;
2046
2047 } else { /* SK_MEM_SEND */
2048 if (sk->sk_type == SOCK_STREAM) {
2049 if (sk->sk_wmem_queued < prot->sysctl_wmem[0])
2050 return 1;
2051 } else if (atomic_read(&sk->sk_wmem_alloc) <
2052 prot->sysctl_wmem[0])
2053 return 1;
2054 }
2055
2056 if (sk_has_memory_pressure(sk)) {
2057 int alloc;
2058
2059 if (!sk_under_memory_pressure(sk))
2060 return 1;
2061 alloc = sk_sockets_allocated_read_positive(sk);
2062 if (sk_prot_mem_limits(sk, 2) > alloc *
2063 sk_mem_pages(sk->sk_wmem_queued +
2064 atomic_read(&sk->sk_rmem_alloc) +
2065 sk->sk_forward_alloc))
2066 return 1;
2067 }
2068
2069suppress_allocation:
2070
2071 if (kind == SK_MEM_SEND && sk->sk_type == SOCK_STREAM) {
2072 sk_stream_moderate_sndbuf(sk);
2073
2074 /* Fail only if socket is _under_ its sndbuf.
2075 * In this case we cannot block, so that we have to fail.
2076 */
2077 if (sk->sk_wmem_queued + size >= sk->sk_sndbuf)
2078 return 1;
2079 }
2080
2081 trace_sock_exceed_buf_limit(sk, prot, allocated);
2082
2083 /* Alas. Undo changes. */
2084 sk->sk_forward_alloc -= amt * SK_MEM_QUANTUM;
2085
2086 sk_memory_allocated_sub(sk, amt);
2087
2088 return 0;
2089}
2090EXPORT_SYMBOL(__sk_mem_schedule);
2091
2092/**
2093 * __sk_reclaim - reclaim memory_allocated
2094 * @sk: socket
2095 */
2096void __sk_mem_reclaim(struct sock *sk)
2097{
2098 sk_memory_allocated_sub(sk,
2099 sk->sk_forward_alloc >> SK_MEM_QUANTUM_SHIFT);
2100 sk->sk_forward_alloc &= SK_MEM_QUANTUM - 1;
2101
2102 if (sk_under_memory_pressure(sk) &&
2103 (sk_memory_allocated(sk) < sk_prot_mem_limits(sk, 0)))
2104 sk_leave_memory_pressure(sk);
2105}
2106EXPORT_SYMBOL(__sk_mem_reclaim);
2107
2108
2109/*
2110 * Set of default routines for initialising struct proto_ops when
2111 * the protocol does not support a particular function. In certain
2112 * cases where it makes no sense for a protocol to have a "do nothing"
2113 * function, some default processing is provided.
2114 */
2115
2116int sock_no_bind(struct socket *sock, struct sockaddr *saddr, int len)
2117{
2118 return -EOPNOTSUPP;
2119}
2120EXPORT_SYMBOL(sock_no_bind);
2121
2122int sock_no_connect(struct socket *sock, struct sockaddr *saddr,
2123 int len, int flags)
2124{
2125 return -EOPNOTSUPP;
2126}
2127EXPORT_SYMBOL(sock_no_connect);
2128
2129int sock_no_socketpair(struct socket *sock1, struct socket *sock2)
2130{
2131 return -EOPNOTSUPP;
2132}
2133EXPORT_SYMBOL(sock_no_socketpair);
2134
2135int sock_no_accept(struct socket *sock, struct socket *newsock, int flags)
2136{
2137 return -EOPNOTSUPP;
2138}
2139EXPORT_SYMBOL(sock_no_accept);
2140
2141int sock_no_getname(struct socket *sock, struct sockaddr *saddr,
2142 int *len, int peer)
2143{
2144 return -EOPNOTSUPP;
2145}
2146EXPORT_SYMBOL(sock_no_getname);
2147
2148unsigned int sock_no_poll(struct file *file, struct socket *sock, poll_table *pt)
2149{
2150 return 0;
2151}
2152EXPORT_SYMBOL(sock_no_poll);
2153
2154int sock_no_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
2155{
2156 return -EOPNOTSUPP;
2157}
2158EXPORT_SYMBOL(sock_no_ioctl);
2159
2160int sock_no_listen(struct socket *sock, int backlog)
2161{
2162 return -EOPNOTSUPP;
2163}
2164EXPORT_SYMBOL(sock_no_listen);
2165
2166int sock_no_shutdown(struct socket *sock, int how)
2167{
2168 return -EOPNOTSUPP;
2169}
2170EXPORT_SYMBOL(sock_no_shutdown);
2171
2172int sock_no_setsockopt(struct socket *sock, int level, int optname,
2173 char __user *optval, unsigned int optlen)
2174{
2175 return -EOPNOTSUPP;
2176}
2177EXPORT_SYMBOL(sock_no_setsockopt);
2178
2179int sock_no_getsockopt(struct socket *sock, int level, int optname,
2180 char __user *optval, int __user *optlen)
2181{
2182 return -EOPNOTSUPP;
2183}
2184EXPORT_SYMBOL(sock_no_getsockopt);
2185
2186int sock_no_sendmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *m,
2187 size_t len)
2188{
2189 return -EOPNOTSUPP;
2190}
2191EXPORT_SYMBOL(sock_no_sendmsg);
2192
2193int sock_no_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *m,
2194 size_t len, int flags)
2195{
2196 return -EOPNOTSUPP;
2197}
2198EXPORT_SYMBOL(sock_no_recvmsg);
2199
2200int sock_no_mmap(struct file *file, struct socket *sock, struct vm_area_struct *vma)
2201{
2202 /* Mirror missing mmap method error code */
2203 return -ENODEV;
2204}
2205EXPORT_SYMBOL(sock_no_mmap);
2206
2207ssize_t sock_no_sendpage(struct socket *sock, struct page *page, int offset, size_t size, int flags)
2208{
2209 ssize_t res;
2210 struct msghdr msg = {.msg_flags = flags};
2211 struct kvec iov;
2212 char *kaddr = kmap(page);
2213 iov.iov_base = kaddr + offset;
2214 iov.iov_len = size;
2215 res = kernel_sendmsg(sock, &msg, &iov, 1, size);
2216 kunmap(page);
2217 return res;
2218}
2219EXPORT_SYMBOL(sock_no_sendpage);
2220
2221/*
2222 * Default Socket Callbacks
2223 */
2224
2225static void sock_def_wakeup(struct sock *sk)
2226{
2227 struct socket_wq *wq;
2228
2229 rcu_read_lock();
2230 wq = rcu_dereference(sk->sk_wq);
2231 if (wq_has_sleeper(wq))
2232 wake_up_interruptible_all(&wq->wait);
2233 rcu_read_unlock();
2234}
2235
2236static void sock_def_error_report(struct sock *sk)
2237{
2238 struct socket_wq *wq;
2239
2240 rcu_read_lock();
2241 wq = rcu_dereference(sk->sk_wq);
2242 if (wq_has_sleeper(wq))
2243 wake_up_interruptible_poll(&wq->wait, POLLERR);
2244 sk_wake_async(sk, SOCK_WAKE_IO, POLL_ERR);
2245 rcu_read_unlock();
2246}
2247
2248static void sock_def_readable(struct sock *sk)
2249{
2250 struct socket_wq *wq;
2251
2252 rcu_read_lock();
2253 wq = rcu_dereference(sk->sk_wq);
2254 if (wq_has_sleeper(wq))
2255 wake_up_interruptible_sync_poll(&wq->wait, POLLIN | POLLPRI |
2256 POLLRDNORM | POLLRDBAND);
2257 sk_wake_async(sk, SOCK_WAKE_WAITD, POLL_IN);
2258 rcu_read_unlock();
2259}
2260
2261static void sock_def_write_space(struct sock *sk)
2262{
2263 struct socket_wq *wq;
2264
2265 rcu_read_lock();
2266
2267 /* Do not wake up a writer until he can make "significant"
2268 * progress. --DaveM
2269 */
2270 if ((atomic_read(&sk->sk_wmem_alloc) << 1) <= sk->sk_sndbuf) {
2271 wq = rcu_dereference(sk->sk_wq);
2272 if (wq_has_sleeper(wq))
2273 wake_up_interruptible_sync_poll(&wq->wait, POLLOUT |
2274 POLLWRNORM | POLLWRBAND);
2275
2276 /* Should agree with poll, otherwise some programs break */
2277 if (sock_writeable(sk))
2278 sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);
2279 }
2280
2281 rcu_read_unlock();
2282}
2283
2284static void sock_def_destruct(struct sock *sk)
2285{
2286 kfree(sk->sk_protinfo);
2287}
2288
2289void sk_send_sigurg(struct sock *sk)
2290{
2291 if (sk->sk_socket && sk->sk_socket->file)
2292 if (send_sigurg(&sk->sk_socket->file->f_owner))
2293 sk_wake_async(sk, SOCK_WAKE_URG, POLL_PRI);
2294}
2295EXPORT_SYMBOL(sk_send_sigurg);
2296
2297void sk_reset_timer(struct sock *sk, struct timer_list* timer,
2298 unsigned long expires)
2299{
2300 if (!mod_timer(timer, expires))
2301 sock_hold(sk);
2302}
2303EXPORT_SYMBOL(sk_reset_timer);
2304
2305void sk_stop_timer(struct sock *sk, struct timer_list* timer)
2306{
2307 if (del_timer(timer))
2308 __sock_put(sk);
2309}
2310EXPORT_SYMBOL(sk_stop_timer);
2311
2312void sock_init_data(struct socket *sock, struct sock *sk)
2313{
2314 skb_queue_head_init(&sk->sk_receive_queue);
2315 skb_queue_head_init(&sk->sk_write_queue);
2316 skb_queue_head_init(&sk->sk_error_queue);
2317#ifdef CONFIG_NET_DMA
2318 skb_queue_head_init(&sk->sk_async_wait_queue);
2319#endif
2320
2321 sk->sk_send_head = NULL;
2322
2323 init_timer(&sk->sk_timer);
2324
2325 sk->sk_allocation = GFP_KERNEL;
2326 sk->sk_rcvbuf = sysctl_rmem_default;
2327 sk->sk_sndbuf = sysctl_wmem_default;
2328 sk->sk_state = TCP_CLOSE;
2329 sk_set_socket(sk, sock);
2330
2331 sock_set_flag(sk, SOCK_ZAPPED);
2332
2333 if (sock) {
2334 sk->sk_type = sock->type;
2335 sk->sk_wq = sock->wq;
2336 sock->sk = sk;
2337 } else
2338 sk->sk_wq = NULL;
2339
2340 spin_lock_init(&sk->sk_dst_lock);
2341 rwlock_init(&sk->sk_callback_lock);
2342 lockdep_set_class_and_name(&sk->sk_callback_lock,
2343 af_callback_keys + sk->sk_family,
2344 af_family_clock_key_strings[sk->sk_family]);
2345
2346 sk->sk_state_change = sock_def_wakeup;
2347 sk->sk_data_ready = sock_def_readable;
2348 sk->sk_write_space = sock_def_write_space;
2349 sk->sk_error_report = sock_def_error_report;
2350 sk->sk_destruct = sock_def_destruct;
2351
2352 sk->sk_frag.page = NULL;
2353 sk->sk_frag.offset = 0;
2354 sk->sk_peek_off = -1;
2355
2356 sk->sk_peer_pid = NULL;
2357 sk->sk_peer_cred = NULL;
2358 sk->sk_write_pending = 0;
2359 sk->sk_rcvlowat = 1;
2360 sk->sk_rcvtimeo = MAX_SCHEDULE_TIMEOUT;
2361 sk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
2362
2363 sk->sk_stamp = ktime_set(-1L, 0);
2364
2365#ifdef CONFIG_NET_RX_BUSY_POLL
2366 sk->sk_napi_id = 0;
2367 sk->sk_ll_usec = sysctl_net_busy_read;
2368#endif
2369
2370 sk->sk_max_pacing_rate = ~0U;
2371 sk->sk_pacing_rate = ~0U;
2372 /*
2373 * Before updating sk_refcnt, we must commit prior changes to memory
2374 * (Documentation/RCU/rculist_nulls.txt for details)
2375 */
2376 smp_wmb();
2377 atomic_set(&sk->sk_refcnt, 1);
2378 atomic_set(&sk->sk_drops, 0);
2379}
2380EXPORT_SYMBOL(sock_init_data);
2381
2382void lock_sock_nested(struct sock *sk, int subclass)
2383{
2384 might_sleep();
2385 spin_lock_bh(&sk->sk_lock.slock);
2386 if (sk->sk_lock.owned)
2387 __lock_sock(sk);
2388 sk->sk_lock.owned = 1;
2389 spin_unlock(&sk->sk_lock.slock);
2390 /*
2391 * The sk_lock has mutex_lock() semantics here:
2392 */
2393 mutex_acquire(&sk->sk_lock.dep_map, subclass, 0, _RET_IP_);
2394 local_bh_enable();
2395}
2396EXPORT_SYMBOL(lock_sock_nested);
2397
2398void release_sock(struct sock *sk)
2399{
2400 /*
2401 * The sk_lock has mutex_unlock() semantics:
2402 */
2403 mutex_release(&sk->sk_lock.dep_map, 1, _RET_IP_);
2404
2405 spin_lock_bh(&sk->sk_lock.slock);
2406 if (sk->sk_backlog.tail)
2407 __release_sock(sk);
2408
2409 /* Warning : release_cb() might need to release sk ownership,
2410 * ie call sock_release_ownership(sk) before us.
2411 */
2412 if (sk->sk_prot->release_cb)
2413 sk->sk_prot->release_cb(sk);
2414
2415 sock_release_ownership(sk);
2416 if (waitqueue_active(&sk->sk_lock.wq))
2417 wake_up(&sk->sk_lock.wq);
2418 spin_unlock_bh(&sk->sk_lock.slock);
2419}
2420EXPORT_SYMBOL(release_sock);
2421
2422/**
2423 * lock_sock_fast - fast version of lock_sock
2424 * @sk: socket
2425 *
2426 * This version should be used for very small section, where process wont block
2427 * return false if fast path is taken
2428 * sk_lock.slock locked, owned = 0, BH disabled
2429 * return true if slow path is taken
2430 * sk_lock.slock unlocked, owned = 1, BH enabled
2431 */
2432bool lock_sock_fast(struct sock *sk)
2433{
2434 might_sleep();
2435 spin_lock_bh(&sk->sk_lock.slock);
2436
2437 if (!sk->sk_lock.owned)
2438 /*
2439 * Note : We must disable BH
2440 */
2441 return false;
2442
2443 __lock_sock(sk);
2444 sk->sk_lock.owned = 1;
2445 spin_unlock(&sk->sk_lock.slock);
2446 /*
2447 * The sk_lock has mutex_lock() semantics here:
2448 */
2449 mutex_acquire(&sk->sk_lock.dep_map, 0, 0, _RET_IP_);
2450 local_bh_enable();
2451 return true;
2452}
2453EXPORT_SYMBOL(lock_sock_fast);
2454
2455int sock_get_timestamp(struct sock *sk, struct timeval __user *userstamp)
2456{
2457 struct timeval tv;
2458 if (!sock_flag(sk, SOCK_TIMESTAMP))
2459 sock_enable_timestamp(sk, SOCK_TIMESTAMP);
2460 tv = ktime_to_timeval(sk->sk_stamp);
2461 if (tv.tv_sec == -1)
2462 return -ENOENT;
2463 if (tv.tv_sec == 0) {
2464 sk->sk_stamp = ktime_get_real();
2465 tv = ktime_to_timeval(sk->sk_stamp);
2466 }
2467 return copy_to_user(userstamp, &tv, sizeof(tv)) ? -EFAULT : 0;
2468}
2469EXPORT_SYMBOL(sock_get_timestamp);
2470
2471int sock_get_timestampns(struct sock *sk, struct timespec __user *userstamp)
2472{
2473 struct timespec ts;
2474 if (!sock_flag(sk, SOCK_TIMESTAMP))
2475 sock_enable_timestamp(sk, SOCK_TIMESTAMP);
2476 ts = ktime_to_timespec(sk->sk_stamp);
2477 if (ts.tv_sec == -1)
2478 return -ENOENT;
2479 if (ts.tv_sec == 0) {
2480 sk->sk_stamp = ktime_get_real();
2481 ts = ktime_to_timespec(sk->sk_stamp);
2482 }
2483 return copy_to_user(userstamp, &ts, sizeof(ts)) ? -EFAULT : 0;
2484}
2485EXPORT_SYMBOL(sock_get_timestampns);
2486
2487void sock_enable_timestamp(struct sock *sk, int flag)
2488{
2489 if (!sock_flag(sk, flag)) {
2490 unsigned long previous_flags = sk->sk_flags;
2491
2492 sock_set_flag(sk, flag);
2493 /*
2494 * we just set one of the two flags which require net
2495 * time stamping, but time stamping might have been on
2496 * already because of the other one
2497 */
2498 if (!(previous_flags & SK_FLAGS_TIMESTAMP))
2499 net_enable_timestamp();
2500 }
2501}
2502
2503int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len,
2504 int level, int type)
2505{
2506 struct sock_exterr_skb *serr;
2507 struct sk_buff *skb, *skb2;
2508 int copied, err;
2509
2510 err = -EAGAIN;
2511 skb = skb_dequeue(&sk->sk_error_queue);
2512 if (skb == NULL)
2513 goto out;
2514
2515 copied = skb->len;
2516 if (copied > len) {
2517 msg->msg_flags |= MSG_TRUNC;
2518 copied = len;
2519 }
2520 err = skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
2521 if (err)
2522 goto out_free_skb;
2523
2524 sock_recv_timestamp(msg, sk, skb);
2525
2526 serr = SKB_EXT_ERR(skb);
2527 put_cmsg(msg, level, type, sizeof(serr->ee), &serr->ee);
2528
2529 msg->msg_flags |= MSG_ERRQUEUE;
2530 err = copied;
2531
2532 /* Reset and regenerate socket error */
2533 spin_lock_bh(&sk->sk_error_queue.lock);
2534 sk->sk_err = 0;
2535 if ((skb2 = skb_peek(&sk->sk_error_queue)) != NULL) {
2536 sk->sk_err = SKB_EXT_ERR(skb2)->ee.ee_errno;
2537 spin_unlock_bh(&sk->sk_error_queue.lock);
2538 sk->sk_error_report(sk);
2539 } else
2540 spin_unlock_bh(&sk->sk_error_queue.lock);
2541
2542out_free_skb:
2543 kfree_skb(skb);
2544out:
2545 return err;
2546}
2547EXPORT_SYMBOL(sock_recv_errqueue);
2548
2549/*
2550 * Get a socket option on an socket.
2551 *
2552 * FIX: POSIX 1003.1g is very ambiguous here. It states that
2553 * asynchronous errors should be reported by getsockopt. We assume
2554 * this means if you specify SO_ERROR (otherwise whats the point of it).
2555 */
2556int sock_common_getsockopt(struct socket *sock, int level, int optname,
2557 char __user *optval, int __user *optlen)
2558{
2559 struct sock *sk = sock->sk;
2560
2561 return sk->sk_prot->getsockopt(sk, level, optname, optval, optlen);
2562}
2563EXPORT_SYMBOL(sock_common_getsockopt);
2564
2565#ifdef CONFIG_COMPAT
2566int compat_sock_common_getsockopt(struct socket *sock, int level, int optname,
2567 char __user *optval, int __user *optlen)
2568{
2569 struct sock *sk = sock->sk;
2570
2571 if (sk->sk_prot->compat_getsockopt != NULL)
2572 return sk->sk_prot->compat_getsockopt(sk, level, optname,
2573 optval, optlen);
2574 return sk->sk_prot->getsockopt(sk, level, optname, optval, optlen);
2575}
2576EXPORT_SYMBOL(compat_sock_common_getsockopt);
2577#endif
2578
2579int sock_common_recvmsg(struct kiocb *iocb, struct socket *sock,
2580 struct msghdr *msg, size_t size, int flags)
2581{
2582 struct sock *sk = sock->sk;
2583 int addr_len = 0;
2584 int err;
2585
2586 err = sk->sk_prot->recvmsg(iocb, sk, msg, size, flags & MSG_DONTWAIT,
2587 flags & ~MSG_DONTWAIT, &addr_len);
2588 if (err >= 0)
2589 msg->msg_namelen = addr_len;
2590 return err;
2591}
2592EXPORT_SYMBOL(sock_common_recvmsg);
2593
2594/*
2595 * Set socket options on an inet socket.
2596 */
2597int sock_common_setsockopt(struct socket *sock, int level, int optname,
2598 char __user *optval, unsigned int optlen)
2599{
2600 struct sock *sk = sock->sk;
2601
2602 return sk->sk_prot->setsockopt(sk, level, optname, optval, optlen);
2603}
2604EXPORT_SYMBOL(sock_common_setsockopt);
2605
2606#ifdef CONFIG_COMPAT
2607int compat_sock_common_setsockopt(struct socket *sock, int level, int optname,
2608 char __user *optval, unsigned int optlen)
2609{
2610 struct sock *sk = sock->sk;
2611
2612 if (sk->sk_prot->compat_setsockopt != NULL)
2613 return sk->sk_prot->compat_setsockopt(sk, level, optname,
2614 optval, optlen);
2615 return sk->sk_prot->setsockopt(sk, level, optname, optval, optlen);
2616}
2617EXPORT_SYMBOL(compat_sock_common_setsockopt);
2618#endif
2619
2620void sk_common_release(struct sock *sk)
2621{
2622 if (sk->sk_prot->destroy)
2623 sk->sk_prot->destroy(sk);
2624
2625 /*
2626 * Observation: when sock_common_release is called, processes have
2627 * no access to socket. But net still has.
2628 * Step one, detach it from networking:
2629 *
2630 * A. Remove from hash tables.
2631 */
2632
2633 sk->sk_prot->unhash(sk);
2634
2635 /*
2636 * In this point socket cannot receive new packets, but it is possible
2637 * that some packets are in flight because some CPU runs receiver and
2638 * did hash table lookup before we unhashed socket. They will achieve
2639 * receive queue and will be purged by socket destructor.
2640 *
2641 * Also we still have packets pending on receive queue and probably,
2642 * our own packets waiting in device queues. sock_destroy will drain
2643 * receive queue, but transmitted packets will delay socket destruction
2644 * until the last reference will be released.
2645 */
2646
2647 sock_orphan(sk);
2648
2649 xfrm_sk_free_policy(sk);
2650
2651 sk_refcnt_debug_release(sk);
2652
2653 if (sk->sk_frag.page) {
2654 put_page(sk->sk_frag.page);
2655 sk->sk_frag.page = NULL;
2656 }
2657
2658 sock_put(sk);
2659}
2660EXPORT_SYMBOL(sk_common_release);
2661
2662#ifdef CONFIG_PROC_FS
2663#define PROTO_INUSE_NR 64 /* should be enough for the first time */
2664struct prot_inuse {
2665 int val[PROTO_INUSE_NR];
2666};
2667
2668static DECLARE_BITMAP(proto_inuse_idx, PROTO_INUSE_NR);
2669
2670#ifdef CONFIG_NET_NS
2671void sock_prot_inuse_add(struct net *net, struct proto *prot, int val)
2672{
2673 __this_cpu_add(net->core.inuse->val[prot->inuse_idx], val);
2674}
2675EXPORT_SYMBOL_GPL(sock_prot_inuse_add);
2676
2677int sock_prot_inuse_get(struct net *net, struct proto *prot)
2678{
2679 int cpu, idx = prot->inuse_idx;
2680 int res = 0;
2681
2682 for_each_possible_cpu(cpu)
2683 res += per_cpu_ptr(net->core.inuse, cpu)->val[idx];
2684
2685 return res >= 0 ? res : 0;
2686}
2687EXPORT_SYMBOL_GPL(sock_prot_inuse_get);
2688
2689static int __net_init sock_inuse_init_net(struct net *net)
2690{
2691 net->core.inuse = alloc_percpu(struct prot_inuse);
2692 return net->core.inuse ? 0 : -ENOMEM;
2693}
2694
2695static void __net_exit sock_inuse_exit_net(struct net *net)
2696{
2697 free_percpu(net->core.inuse);
2698}
2699
2700static struct pernet_operations net_inuse_ops = {
2701 .init = sock_inuse_init_net,
2702 .exit = sock_inuse_exit_net,
2703};
2704
2705static __init int net_inuse_init(void)
2706{
2707 if (register_pernet_subsys(&net_inuse_ops))
2708 panic("Cannot initialize net inuse counters");
2709
2710 return 0;
2711}
2712
2713core_initcall(net_inuse_init);
2714#else
2715static DEFINE_PER_CPU(struct prot_inuse, prot_inuse);
2716
2717void sock_prot_inuse_add(struct net *net, struct proto *prot, int val)
2718{
2719 __this_cpu_add(prot_inuse.val[prot->inuse_idx], val);
2720}
2721EXPORT_SYMBOL_GPL(sock_prot_inuse_add);
2722
2723int sock_prot_inuse_get(struct net *net, struct proto *prot)
2724{
2725 int cpu, idx = prot->inuse_idx;
2726 int res = 0;
2727
2728 for_each_possible_cpu(cpu)
2729 res += per_cpu(prot_inuse, cpu).val[idx];
2730
2731 return res >= 0 ? res : 0;
2732}
2733EXPORT_SYMBOL_GPL(sock_prot_inuse_get);
2734#endif
2735
2736static void assign_proto_idx(struct proto *prot)
2737{
2738 prot->inuse_idx = find_first_zero_bit(proto_inuse_idx, PROTO_INUSE_NR);
2739
2740 if (unlikely(prot->inuse_idx == PROTO_INUSE_NR - 1)) {
2741 pr_err("PROTO_INUSE_NR exhausted\n");
2742 return;
2743 }
2744
2745 set_bit(prot->inuse_idx, proto_inuse_idx);
2746}
2747
2748static void release_proto_idx(struct proto *prot)
2749{
2750 if (prot->inuse_idx != PROTO_INUSE_NR - 1)
2751 clear_bit(prot->inuse_idx, proto_inuse_idx);
2752}
2753#else
2754static inline void assign_proto_idx(struct proto *prot)
2755{
2756}
2757
2758static inline void release_proto_idx(struct proto *prot)
2759{
2760}
2761#endif
2762
2763int proto_register(struct proto *prot, int alloc_slab)
2764{
2765 if (alloc_slab) {
2766 prot->slab = kmem_cache_create(prot->name, prot->obj_size, 0,
2767 SLAB_HWCACHE_ALIGN | prot->slab_flags,
2768 NULL);
2769
2770 if (prot->slab == NULL) {
2771 pr_crit("%s: Can't create sock SLAB cache!\n",
2772 prot->name);
2773 goto out;
2774 }
2775
2776 if (prot->rsk_prot != NULL) {
2777 prot->rsk_prot->slab_name = kasprintf(GFP_KERNEL, "request_sock_%s", prot->name);
2778 if (prot->rsk_prot->slab_name == NULL)
2779 goto out_free_sock_slab;
2780
2781 prot->rsk_prot->slab = kmem_cache_create(prot->rsk_prot->slab_name,
2782 prot->rsk_prot->obj_size, 0,
2783 SLAB_HWCACHE_ALIGN, NULL);
2784
2785 if (prot->rsk_prot->slab == NULL) {
2786 pr_crit("%s: Can't create request sock SLAB cache!\n",
2787 prot->name);
2788 goto out_free_request_sock_slab_name;
2789 }
2790 }
2791
2792 if (prot->twsk_prot != NULL) {
2793 prot->twsk_prot->twsk_slab_name = kasprintf(GFP_KERNEL, "tw_sock_%s", prot->name);
2794
2795 if (prot->twsk_prot->twsk_slab_name == NULL)
2796 goto out_free_request_sock_slab;
2797
2798 prot->twsk_prot->twsk_slab =
2799 kmem_cache_create(prot->twsk_prot->twsk_slab_name,
2800 prot->twsk_prot->twsk_obj_size,
2801 0,
2802 SLAB_HWCACHE_ALIGN |
2803 prot->slab_flags,
2804 NULL);
2805 if (prot->twsk_prot->twsk_slab == NULL)
2806 goto out_free_timewait_sock_slab_name;
2807 }
2808 }
2809
2810 mutex_lock(&proto_list_mutex);
2811 list_add(&prot->node, &proto_list);
2812 assign_proto_idx(prot);
2813 mutex_unlock(&proto_list_mutex);
2814 return 0;
2815
2816out_free_timewait_sock_slab_name:
2817 kfree(prot->twsk_prot->twsk_slab_name);
2818out_free_request_sock_slab:
2819 if (prot->rsk_prot && prot->rsk_prot->slab) {
2820 kmem_cache_destroy(prot->rsk_prot->slab);
2821 prot->rsk_prot->slab = NULL;
2822 }
2823out_free_request_sock_slab_name:
2824 if (prot->rsk_prot)
2825 kfree(prot->rsk_prot->slab_name);
2826out_free_sock_slab:
2827 kmem_cache_destroy(prot->slab);
2828 prot->slab = NULL;
2829out:
2830 return -ENOBUFS;
2831}
2832EXPORT_SYMBOL(proto_register);
2833
2834void proto_unregister(struct proto *prot)
2835{
2836 mutex_lock(&proto_list_mutex);
2837 release_proto_idx(prot);
2838 list_del(&prot->node);
2839 mutex_unlock(&proto_list_mutex);
2840
2841 if (prot->slab != NULL) {
2842 kmem_cache_destroy(prot->slab);
2843 prot->slab = NULL;
2844 }
2845
2846 if (prot->rsk_prot != NULL && prot->rsk_prot->slab != NULL) {
2847 kmem_cache_destroy(prot->rsk_prot->slab);
2848 kfree(prot->rsk_prot->slab_name);
2849 prot->rsk_prot->slab = NULL;
2850 }
2851
2852 if (prot->twsk_prot != NULL && prot->twsk_prot->twsk_slab != NULL) {
2853 kmem_cache_destroy(prot->twsk_prot->twsk_slab);
2854 kfree(prot->twsk_prot->twsk_slab_name);
2855 prot->twsk_prot->twsk_slab = NULL;
2856 }
2857}
2858EXPORT_SYMBOL(proto_unregister);
2859
2860#ifdef CONFIG_PROC_FS
2861static void *proto_seq_start(struct seq_file *seq, loff_t *pos)
2862 __acquires(proto_list_mutex)
2863{
2864 mutex_lock(&proto_list_mutex);
2865 return seq_list_start_head(&proto_list, *pos);
2866}
2867
2868static void *proto_seq_next(struct seq_file *seq, void *v, loff_t *pos)
2869{
2870 return seq_list_next(v, &proto_list, pos);
2871}
2872
2873static void proto_seq_stop(struct seq_file *seq, void *v)
2874 __releases(proto_list_mutex)
2875{
2876 mutex_unlock(&proto_list_mutex);
2877}
2878
2879static char proto_method_implemented(const void *method)
2880{
2881 return method == NULL ? 'n' : 'y';
2882}
2883static long sock_prot_memory_allocated(struct proto *proto)
2884{
2885 return proto->memory_allocated != NULL ? proto_memory_allocated(proto) : -1L;
2886}
2887
2888static char *sock_prot_memory_pressure(struct proto *proto)
2889{
2890 return proto->memory_pressure != NULL ?
2891 proto_memory_pressure(proto) ? "yes" : "no" : "NI";
2892}
2893
2894static void proto_seq_printf(struct seq_file *seq, struct proto *proto)
2895{
2896
2897 seq_printf(seq, "%-9s %4u %6d %6ld %-3s %6u %-3s %-10s "
2898 "%2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c\n",
2899 proto->name,
2900 proto->obj_size,
2901 sock_prot_inuse_get(seq_file_net(seq), proto),
2902 sock_prot_memory_allocated(proto),
2903 sock_prot_memory_pressure(proto),
2904 proto->max_header,
2905 proto->slab == NULL ? "no" : "yes",
2906 module_name(proto->owner),
2907 proto_method_implemented(proto->close),
2908 proto_method_implemented(proto->connect),
2909 proto_method_implemented(proto->disconnect),
2910 proto_method_implemented(proto->accept),
2911 proto_method_implemented(proto->ioctl),
2912 proto_method_implemented(proto->init),
2913 proto_method_implemented(proto->destroy),
2914 proto_method_implemented(proto->shutdown),
2915 proto_method_implemented(proto->setsockopt),
2916 proto_method_implemented(proto->getsockopt),
2917 proto_method_implemented(proto->sendmsg),
2918 proto_method_implemented(proto->recvmsg),
2919 proto_method_implemented(proto->sendpage),
2920 proto_method_implemented(proto->bind),
2921 proto_method_implemented(proto->backlog_rcv),
2922 proto_method_implemented(proto->hash),
2923 proto_method_implemented(proto->unhash),
2924 proto_method_implemented(proto->get_port),
2925 proto_method_implemented(proto->enter_memory_pressure));
2926}
2927
2928static int proto_seq_show(struct seq_file *seq, void *v)
2929{
2930 if (v == &proto_list)
2931 seq_printf(seq, "%-9s %-4s %-8s %-6s %-5s %-7s %-4s %-10s %s",
2932 "protocol",
2933 "size",
2934 "sockets",
2935 "memory",
2936 "press",
2937 "maxhdr",
2938 "slab",
2939 "module",
2940 "cl co di ac io in de sh ss gs se re sp bi br ha uh gp em\n");
2941 else
2942 proto_seq_printf(seq, list_entry(v, struct proto, node));
2943 return 0;
2944}
2945
2946static const struct seq_operations proto_seq_ops = {
2947 .start = proto_seq_start,
2948 .next = proto_seq_next,
2949 .stop = proto_seq_stop,
2950 .show = proto_seq_show,
2951};
2952
2953static int proto_seq_open(struct inode *inode, struct file *file)
2954{
2955 return seq_open_net(inode, file, &proto_seq_ops,
2956 sizeof(struct seq_net_private));
2957}
2958
2959static const struct file_operations proto_seq_fops = {
2960 .owner = THIS_MODULE,
2961 .open = proto_seq_open,
2962 .read = seq_read,
2963 .llseek = seq_lseek,
2964 .release = seq_release_net,
2965};
2966
2967static __net_init int proto_init_net(struct net *net)
2968{
2969 if (!proc_create("protocols", S_IRUGO, net->proc_net, &proto_seq_fops))
2970 return -ENOMEM;
2971
2972 return 0;
2973}
2974
2975static __net_exit void proto_exit_net(struct net *net)
2976{
2977 remove_proc_entry("protocols", net->proc_net);
2978}
2979
2980
2981static __net_initdata struct pernet_operations proto_net_ops = {
2982 .init = proto_init_net,
2983 .exit = proto_exit_net,
2984};
2985
2986static int __init proto_init(void)
2987{
2988 return register_pernet_subsys(&proto_net_ops);
2989}
2990
2991subsys_initcall(proto_init);
2992
2993#endif /* PROC_FS */