Loading...
1// SPDX-License-Identifier: GPL-2.0-or-later
2/*
3 * INET An implementation of the TCP/IP protocol suite for the LINUX
4 * operating system. INET is implemented using the BSD Socket
5 * interface as the means of communication with the user level.
6 *
7 * Generic socket support routines. Memory allocators, socket lock/release
8 * handler for protocols to use and generic option handler.
9 *
10 * Authors: Ross Biro
11 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
12 * Florian La Roche, <flla@stud.uni-sb.de>
13 * Alan Cox, <A.Cox@swansea.ac.uk>
14 *
15 * Fixes:
16 * Alan Cox : Numerous verify_area() problems
17 * Alan Cox : Connecting on a connecting socket
18 * now returns an error for tcp.
19 * Alan Cox : sock->protocol is set correctly.
20 * and is not sometimes left as 0.
21 * Alan Cox : connect handles icmp errors on a
22 * connect properly. Unfortunately there
23 * is a restart syscall nasty there. I
24 * can't match BSD without hacking the C
25 * library. Ideas urgently sought!
26 * Alan Cox : Disallow bind() to addresses that are
27 * not ours - especially broadcast ones!!
28 * Alan Cox : Socket 1024 _IS_ ok for users. (fencepost)
29 * Alan Cox : sock_wfree/sock_rfree don't destroy sockets,
30 * instead they leave that for the DESTROY timer.
31 * Alan Cox : Clean up error flag in accept
32 * Alan Cox : TCP ack handling is buggy, the DESTROY timer
33 * was buggy. Put a remove_sock() in the handler
34 * for memory when we hit 0. Also altered the timer
35 * code. The ACK stuff can wait and needs major
36 * TCP layer surgery.
37 * Alan Cox : Fixed TCP ack bug, removed remove sock
38 * and fixed timer/inet_bh race.
39 * Alan Cox : Added zapped flag for TCP
40 * Alan Cox : Move kfree_skb into skbuff.c and tidied up surplus code
41 * Alan Cox : for new sk_buff allocations wmalloc/rmalloc now call alloc_skb
42 * Alan Cox : kfree_s calls now are kfree_skbmem so we can track skb resources
43 * Alan Cox : Supports socket option broadcast now as does udp. Packet and raw need fixing.
44 * Alan Cox : Added RCVBUF,SNDBUF size setting. It suddenly occurred to me how easy it was so...
45 * Rick Sladkey : Relaxed UDP rules for matching packets.
46 * C.E.Hawkins : IFF_PROMISC/SIOCGHWADDR support
47 * Pauline Middelink : identd support
48 * Alan Cox : Fixed connect() taking signals I think.
49 * Alan Cox : SO_LINGER supported
50 * Alan Cox : Error reporting fixes
51 * Anonymous : inet_create tidied up (sk->reuse setting)
52 * Alan Cox : inet sockets don't set sk->type!
53 * Alan Cox : Split socket option code
54 * Alan Cox : Callbacks
55 * Alan Cox : Nagle flag for Charles & Johannes stuff
56 * Alex : Removed restriction on inet fioctl
57 * Alan Cox : Splitting INET from NET core
58 * Alan Cox : Fixed bogus SO_TYPE handling in getsockopt()
59 * Adam Caldwell : Missing return in SO_DONTROUTE/SO_DEBUG code
60 * Alan Cox : Split IP from generic code
61 * Alan Cox : New kfree_skbmem()
62 * Alan Cox : Make SO_DEBUG superuser only.
63 * Alan Cox : Allow anyone to clear SO_DEBUG
64 * (compatibility fix)
65 * Alan Cox : Added optimistic memory grabbing for AF_UNIX throughput.
66 * Alan Cox : Allocator for a socket is settable.
67 * Alan Cox : SO_ERROR includes soft errors.
68 * Alan Cox : Allow NULL arguments on some SO_ opts
69 * Alan Cox : Generic socket allocation to make hooks
70 * easier (suggested by Craig Metz).
71 * Michael Pall : SO_ERROR returns positive errno again
72 * Steve Whitehouse: Added default destructor to free
73 * protocol private data.
74 * Steve Whitehouse: Added various other default routines
75 * common to several socket families.
76 * Chris Evans : Call suser() check last on F_SETOWN
77 * Jay Schulist : Added SO_ATTACH_FILTER and SO_DETACH_FILTER.
78 * Andi Kleen : Add sock_kmalloc()/sock_kfree_s()
79 * Andi Kleen : Fix write_space callback
80 * Chris Evans : Security fixes - signedness again
81 * Arnaldo C. Melo : cleanups, use skb_queue_purge
82 *
83 * To Fix:
84 */
85
86#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
87
88#include <asm/unaligned.h>
89#include <linux/capability.h>
90#include <linux/errno.h>
91#include <linux/errqueue.h>
92#include <linux/types.h>
93#include <linux/socket.h>
94#include <linux/in.h>
95#include <linux/kernel.h>
96#include <linux/module.h>
97#include <linux/proc_fs.h>
98#include <linux/seq_file.h>
99#include <linux/sched.h>
100#include <linux/sched/mm.h>
101#include <linux/timer.h>
102#include <linux/string.h>
103#include <linux/sockios.h>
104#include <linux/net.h>
105#include <linux/mm.h>
106#include <linux/slab.h>
107#include <linux/interrupt.h>
108#include <linux/poll.h>
109#include <linux/tcp.h>
110#include <linux/udp.h>
111#include <linux/init.h>
112#include <linux/highmem.h>
113#include <linux/user_namespace.h>
114#include <linux/static_key.h>
115#include <linux/memcontrol.h>
116#include <linux/prefetch.h>
117#include <linux/compat.h>
118#include <linux/mroute.h>
119#include <linux/mroute6.h>
120#include <linux/icmpv6.h>
121
122#include <linux/uaccess.h>
123
124#include <linux/netdevice.h>
125#include <net/protocol.h>
126#include <linux/skbuff.h>
127#include <net/net_namespace.h>
128#include <net/request_sock.h>
129#include <net/sock.h>
130#include <linux/net_tstamp.h>
131#include <net/xfrm.h>
132#include <linux/ipsec.h>
133#include <net/cls_cgroup.h>
134#include <net/netprio_cgroup.h>
135#include <linux/sock_diag.h>
136
137#include <linux/filter.h>
138#include <net/sock_reuseport.h>
139#include <net/bpf_sk_storage.h>
140
141#include <trace/events/sock.h>
142
143#include <net/tcp.h>
144#include <net/busy_poll.h>
145#include <net/phonet/phonet.h>
146
147#include <linux/ethtool.h>
148
149#include "dev.h"
150
151static DEFINE_MUTEX(proto_list_mutex);
152static LIST_HEAD(proto_list);
153
154static void sock_def_write_space_wfree(struct sock *sk);
155static void sock_def_write_space(struct sock *sk);
156
157/**
158 * sk_ns_capable - General socket capability test
159 * @sk: Socket to use a capability on or through
160 * @user_ns: The user namespace of the capability to use
161 * @cap: The capability to use
162 *
163 * Test to see if the opener of the socket had when the socket was
164 * created and the current process has the capability @cap in the user
165 * namespace @user_ns.
166 */
167bool sk_ns_capable(const struct sock *sk,
168 struct user_namespace *user_ns, int cap)
169{
170 return file_ns_capable(sk->sk_socket->file, user_ns, cap) &&
171 ns_capable(user_ns, cap);
172}
173EXPORT_SYMBOL(sk_ns_capable);
174
175/**
176 * sk_capable - Socket global capability test
177 * @sk: Socket to use a capability on or through
178 * @cap: The global capability to use
179 *
180 * Test to see if the opener of the socket had when the socket was
181 * created and the current process has the capability @cap in all user
182 * namespaces.
183 */
184bool sk_capable(const struct sock *sk, int cap)
185{
186 return sk_ns_capable(sk, &init_user_ns, cap);
187}
188EXPORT_SYMBOL(sk_capable);
189
190/**
191 * sk_net_capable - Network namespace socket capability test
192 * @sk: Socket to use a capability on or through
193 * @cap: The capability to use
194 *
195 * Test to see if the opener of the socket had when the socket was created
196 * and the current process has the capability @cap over the network namespace
197 * the socket is a member of.
198 */
199bool sk_net_capable(const struct sock *sk, int cap)
200{
201 return sk_ns_capable(sk, sock_net(sk)->user_ns, cap);
202}
203EXPORT_SYMBOL(sk_net_capable);
204
205/*
206 * Each address family might have different locking rules, so we have
207 * one slock key per address family and separate keys for internal and
208 * userspace sockets.
209 */
210static struct lock_class_key af_family_keys[AF_MAX];
211static struct lock_class_key af_family_kern_keys[AF_MAX];
212static struct lock_class_key af_family_slock_keys[AF_MAX];
213static struct lock_class_key af_family_kern_slock_keys[AF_MAX];
214
215/*
216 * Make lock validator output more readable. (we pre-construct these
217 * strings build-time, so that runtime initialization of socket
218 * locks is fast):
219 */
220
221#define _sock_locks(x) \
222 x "AF_UNSPEC", x "AF_UNIX" , x "AF_INET" , \
223 x "AF_AX25" , x "AF_IPX" , x "AF_APPLETALK", \
224 x "AF_NETROM", x "AF_BRIDGE" , x "AF_ATMPVC" , \
225 x "AF_X25" , x "AF_INET6" , x "AF_ROSE" , \
226 x "AF_DECnet", x "AF_NETBEUI" , x "AF_SECURITY" , \
227 x "AF_KEY" , x "AF_NETLINK" , x "AF_PACKET" , \
228 x "AF_ASH" , x "AF_ECONET" , x "AF_ATMSVC" , \
229 x "AF_RDS" , x "AF_SNA" , x "AF_IRDA" , \
230 x "AF_PPPOX" , x "AF_WANPIPE" , x "AF_LLC" , \
231 x "27" , x "28" , x "AF_CAN" , \
232 x "AF_TIPC" , x "AF_BLUETOOTH", x "IUCV" , \
233 x "AF_RXRPC" , x "AF_ISDN" , x "AF_PHONET" , \
234 x "AF_IEEE802154", x "AF_CAIF" , x "AF_ALG" , \
235 x "AF_NFC" , x "AF_VSOCK" , x "AF_KCM" , \
236 x "AF_QIPCRTR", x "AF_SMC" , x "AF_XDP" , \
237 x "AF_MCTP" , \
238 x "AF_MAX"
239
240static const char *const af_family_key_strings[AF_MAX+1] = {
241 _sock_locks("sk_lock-")
242};
243static const char *const af_family_slock_key_strings[AF_MAX+1] = {
244 _sock_locks("slock-")
245};
246static const char *const af_family_clock_key_strings[AF_MAX+1] = {
247 _sock_locks("clock-")
248};
249
250static const char *const af_family_kern_key_strings[AF_MAX+1] = {
251 _sock_locks("k-sk_lock-")
252};
253static const char *const af_family_kern_slock_key_strings[AF_MAX+1] = {
254 _sock_locks("k-slock-")
255};
256static const char *const af_family_kern_clock_key_strings[AF_MAX+1] = {
257 _sock_locks("k-clock-")
258};
259static const char *const af_family_rlock_key_strings[AF_MAX+1] = {
260 _sock_locks("rlock-")
261};
262static const char *const af_family_wlock_key_strings[AF_MAX+1] = {
263 _sock_locks("wlock-")
264};
265static const char *const af_family_elock_key_strings[AF_MAX+1] = {
266 _sock_locks("elock-")
267};
268
269/*
270 * sk_callback_lock and sk queues locking rules are per-address-family,
271 * so split the lock classes by using a per-AF key:
272 */
273static struct lock_class_key af_callback_keys[AF_MAX];
274static struct lock_class_key af_rlock_keys[AF_MAX];
275static struct lock_class_key af_wlock_keys[AF_MAX];
276static struct lock_class_key af_elock_keys[AF_MAX];
277static struct lock_class_key af_kern_callback_keys[AF_MAX];
278
279/* Run time adjustable parameters. */
280__u32 sysctl_wmem_max __read_mostly = SK_WMEM_MAX;
281EXPORT_SYMBOL(sysctl_wmem_max);
282__u32 sysctl_rmem_max __read_mostly = SK_RMEM_MAX;
283EXPORT_SYMBOL(sysctl_rmem_max);
284__u32 sysctl_wmem_default __read_mostly = SK_WMEM_MAX;
285__u32 sysctl_rmem_default __read_mostly = SK_RMEM_MAX;
286int sysctl_mem_pcpu_rsv __read_mostly = SK_MEMORY_PCPU_RESERVE;
287
288int sysctl_tstamp_allow_data __read_mostly = 1;
289
290DEFINE_STATIC_KEY_FALSE(memalloc_socks_key);
291EXPORT_SYMBOL_GPL(memalloc_socks_key);
292
293/**
294 * sk_set_memalloc - sets %SOCK_MEMALLOC
295 * @sk: socket to set it on
296 *
297 * Set %SOCK_MEMALLOC on a socket for access to emergency reserves.
298 * It's the responsibility of the admin to adjust min_free_kbytes
299 * to meet the requirements
300 */
301void sk_set_memalloc(struct sock *sk)
302{
303 sock_set_flag(sk, SOCK_MEMALLOC);
304 sk->sk_allocation |= __GFP_MEMALLOC;
305 static_branch_inc(&memalloc_socks_key);
306}
307EXPORT_SYMBOL_GPL(sk_set_memalloc);
308
309void sk_clear_memalloc(struct sock *sk)
310{
311 sock_reset_flag(sk, SOCK_MEMALLOC);
312 sk->sk_allocation &= ~__GFP_MEMALLOC;
313 static_branch_dec(&memalloc_socks_key);
314
315 /*
316 * SOCK_MEMALLOC is allowed to ignore rmem limits to ensure forward
317 * progress of swapping. SOCK_MEMALLOC may be cleared while
318 * it has rmem allocations due to the last swapfile being deactivated
319 * but there is a risk that the socket is unusable due to exceeding
320 * the rmem limits. Reclaim the reserves and obey rmem limits again.
321 */
322 sk_mem_reclaim(sk);
323}
324EXPORT_SYMBOL_GPL(sk_clear_memalloc);
325
326int __sk_backlog_rcv(struct sock *sk, struct sk_buff *skb)
327{
328 int ret;
329 unsigned int noreclaim_flag;
330
331 /* these should have been dropped before queueing */
332 BUG_ON(!sock_flag(sk, SOCK_MEMALLOC));
333
334 noreclaim_flag = memalloc_noreclaim_save();
335 ret = INDIRECT_CALL_INET(sk->sk_backlog_rcv,
336 tcp_v6_do_rcv,
337 tcp_v4_do_rcv,
338 sk, skb);
339 memalloc_noreclaim_restore(noreclaim_flag);
340
341 return ret;
342}
343EXPORT_SYMBOL(__sk_backlog_rcv);
344
345void sk_error_report(struct sock *sk)
346{
347 sk->sk_error_report(sk);
348
349 switch (sk->sk_family) {
350 case AF_INET:
351 fallthrough;
352 case AF_INET6:
353 trace_inet_sk_error_report(sk);
354 break;
355 default:
356 break;
357 }
358}
359EXPORT_SYMBOL(sk_error_report);
360
361int sock_get_timeout(long timeo, void *optval, bool old_timeval)
362{
363 struct __kernel_sock_timeval tv;
364
365 if (timeo == MAX_SCHEDULE_TIMEOUT) {
366 tv.tv_sec = 0;
367 tv.tv_usec = 0;
368 } else {
369 tv.tv_sec = timeo / HZ;
370 tv.tv_usec = ((timeo % HZ) * USEC_PER_SEC) / HZ;
371 }
372
373 if (old_timeval && in_compat_syscall() && !COMPAT_USE_64BIT_TIME) {
374 struct old_timeval32 tv32 = { tv.tv_sec, tv.tv_usec };
375 *(struct old_timeval32 *)optval = tv32;
376 return sizeof(tv32);
377 }
378
379 if (old_timeval) {
380 struct __kernel_old_timeval old_tv;
381 old_tv.tv_sec = tv.tv_sec;
382 old_tv.tv_usec = tv.tv_usec;
383 *(struct __kernel_old_timeval *)optval = old_tv;
384 return sizeof(old_tv);
385 }
386
387 *(struct __kernel_sock_timeval *)optval = tv;
388 return sizeof(tv);
389}
390EXPORT_SYMBOL(sock_get_timeout);
391
392int sock_copy_user_timeval(struct __kernel_sock_timeval *tv,
393 sockptr_t optval, int optlen, bool old_timeval)
394{
395 if (old_timeval && in_compat_syscall() && !COMPAT_USE_64BIT_TIME) {
396 struct old_timeval32 tv32;
397
398 if (optlen < sizeof(tv32))
399 return -EINVAL;
400
401 if (copy_from_sockptr(&tv32, optval, sizeof(tv32)))
402 return -EFAULT;
403 tv->tv_sec = tv32.tv_sec;
404 tv->tv_usec = tv32.tv_usec;
405 } else if (old_timeval) {
406 struct __kernel_old_timeval old_tv;
407
408 if (optlen < sizeof(old_tv))
409 return -EINVAL;
410 if (copy_from_sockptr(&old_tv, optval, sizeof(old_tv)))
411 return -EFAULT;
412 tv->tv_sec = old_tv.tv_sec;
413 tv->tv_usec = old_tv.tv_usec;
414 } else {
415 if (optlen < sizeof(*tv))
416 return -EINVAL;
417 if (copy_from_sockptr(tv, optval, sizeof(*tv)))
418 return -EFAULT;
419 }
420
421 return 0;
422}
423EXPORT_SYMBOL(sock_copy_user_timeval);
424
425static int sock_set_timeout(long *timeo_p, sockptr_t optval, int optlen,
426 bool old_timeval)
427{
428 struct __kernel_sock_timeval tv;
429 int err = sock_copy_user_timeval(&tv, optval, optlen, old_timeval);
430 long val;
431
432 if (err)
433 return err;
434
435 if (tv.tv_usec < 0 || tv.tv_usec >= USEC_PER_SEC)
436 return -EDOM;
437
438 if (tv.tv_sec < 0) {
439 static int warned __read_mostly;
440
441 WRITE_ONCE(*timeo_p, 0);
442 if (warned < 10 && net_ratelimit()) {
443 warned++;
444 pr_info("%s: `%s' (pid %d) tries to set negative timeout\n",
445 __func__, current->comm, task_pid_nr(current));
446 }
447 return 0;
448 }
449 val = MAX_SCHEDULE_TIMEOUT;
450 if ((tv.tv_sec || tv.tv_usec) &&
451 (tv.tv_sec < (MAX_SCHEDULE_TIMEOUT / HZ - 1)))
452 val = tv.tv_sec * HZ + DIV_ROUND_UP((unsigned long)tv.tv_usec,
453 USEC_PER_SEC / HZ);
454 WRITE_ONCE(*timeo_p, val);
455 return 0;
456}
457
458static bool sock_needs_netstamp(const struct sock *sk)
459{
460 switch (sk->sk_family) {
461 case AF_UNSPEC:
462 case AF_UNIX:
463 return false;
464 default:
465 return true;
466 }
467}
468
469static void sock_disable_timestamp(struct sock *sk, unsigned long flags)
470{
471 if (sk->sk_flags & flags) {
472 sk->sk_flags &= ~flags;
473 if (sock_needs_netstamp(sk) &&
474 !(sk->sk_flags & SK_FLAGS_TIMESTAMP))
475 net_disable_timestamp();
476 }
477}
478
479
480int __sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
481{
482 unsigned long flags;
483 struct sk_buff_head *list = &sk->sk_receive_queue;
484
485 if (atomic_read(&sk->sk_rmem_alloc) >= READ_ONCE(sk->sk_rcvbuf)) {
486 atomic_inc(&sk->sk_drops);
487 trace_sock_rcvqueue_full(sk, skb);
488 return -ENOMEM;
489 }
490
491 if (!sk_rmem_schedule(sk, skb, skb->truesize)) {
492 atomic_inc(&sk->sk_drops);
493 return -ENOBUFS;
494 }
495
496 skb->dev = NULL;
497 skb_set_owner_r(skb, sk);
498
499 /* we escape from rcu protected region, make sure we dont leak
500 * a norefcounted dst
501 */
502 skb_dst_force(skb);
503
504 spin_lock_irqsave(&list->lock, flags);
505 sock_skb_set_dropcount(sk, skb);
506 __skb_queue_tail(list, skb);
507 spin_unlock_irqrestore(&list->lock, flags);
508
509 if (!sock_flag(sk, SOCK_DEAD))
510 sk->sk_data_ready(sk);
511 return 0;
512}
513EXPORT_SYMBOL(__sock_queue_rcv_skb);
514
515int sock_queue_rcv_skb_reason(struct sock *sk, struct sk_buff *skb,
516 enum skb_drop_reason *reason)
517{
518 enum skb_drop_reason drop_reason;
519 int err;
520
521 err = sk_filter(sk, skb);
522 if (err) {
523 drop_reason = SKB_DROP_REASON_SOCKET_FILTER;
524 goto out;
525 }
526 err = __sock_queue_rcv_skb(sk, skb);
527 switch (err) {
528 case -ENOMEM:
529 drop_reason = SKB_DROP_REASON_SOCKET_RCVBUFF;
530 break;
531 case -ENOBUFS:
532 drop_reason = SKB_DROP_REASON_PROTO_MEM;
533 break;
534 default:
535 drop_reason = SKB_NOT_DROPPED_YET;
536 break;
537 }
538out:
539 if (reason)
540 *reason = drop_reason;
541 return err;
542}
543EXPORT_SYMBOL(sock_queue_rcv_skb_reason);
544
545int __sk_receive_skb(struct sock *sk, struct sk_buff *skb,
546 const int nested, unsigned int trim_cap, bool refcounted)
547{
548 int rc = NET_RX_SUCCESS;
549
550 if (sk_filter_trim_cap(sk, skb, trim_cap))
551 goto discard_and_relse;
552
553 skb->dev = NULL;
554
555 if (sk_rcvqueues_full(sk, READ_ONCE(sk->sk_rcvbuf))) {
556 atomic_inc(&sk->sk_drops);
557 goto discard_and_relse;
558 }
559 if (nested)
560 bh_lock_sock_nested(sk);
561 else
562 bh_lock_sock(sk);
563 if (!sock_owned_by_user(sk)) {
564 /*
565 * trylock + unlock semantics:
566 */
567 mutex_acquire(&sk->sk_lock.dep_map, 0, 1, _RET_IP_);
568
569 rc = sk_backlog_rcv(sk, skb);
570
571 mutex_release(&sk->sk_lock.dep_map, _RET_IP_);
572 } else if (sk_add_backlog(sk, skb, READ_ONCE(sk->sk_rcvbuf))) {
573 bh_unlock_sock(sk);
574 atomic_inc(&sk->sk_drops);
575 goto discard_and_relse;
576 }
577
578 bh_unlock_sock(sk);
579out:
580 if (refcounted)
581 sock_put(sk);
582 return rc;
583discard_and_relse:
584 kfree_skb(skb);
585 goto out;
586}
587EXPORT_SYMBOL(__sk_receive_skb);
588
589INDIRECT_CALLABLE_DECLARE(struct dst_entry *ip6_dst_check(struct dst_entry *,
590 u32));
591INDIRECT_CALLABLE_DECLARE(struct dst_entry *ipv4_dst_check(struct dst_entry *,
592 u32));
593struct dst_entry *__sk_dst_check(struct sock *sk, u32 cookie)
594{
595 struct dst_entry *dst = __sk_dst_get(sk);
596
597 if (dst && dst->obsolete &&
598 INDIRECT_CALL_INET(dst->ops->check, ip6_dst_check, ipv4_dst_check,
599 dst, cookie) == NULL) {
600 sk_tx_queue_clear(sk);
601 WRITE_ONCE(sk->sk_dst_pending_confirm, 0);
602 RCU_INIT_POINTER(sk->sk_dst_cache, NULL);
603 dst_release(dst);
604 return NULL;
605 }
606
607 return dst;
608}
609EXPORT_SYMBOL(__sk_dst_check);
610
611struct dst_entry *sk_dst_check(struct sock *sk, u32 cookie)
612{
613 struct dst_entry *dst = sk_dst_get(sk);
614
615 if (dst && dst->obsolete &&
616 INDIRECT_CALL_INET(dst->ops->check, ip6_dst_check, ipv4_dst_check,
617 dst, cookie) == NULL) {
618 sk_dst_reset(sk);
619 dst_release(dst);
620 return NULL;
621 }
622
623 return dst;
624}
625EXPORT_SYMBOL(sk_dst_check);
626
627static int sock_bindtoindex_locked(struct sock *sk, int ifindex)
628{
629 int ret = -ENOPROTOOPT;
630#ifdef CONFIG_NETDEVICES
631 struct net *net = sock_net(sk);
632
633 /* Sorry... */
634 ret = -EPERM;
635 if (sk->sk_bound_dev_if && !ns_capable(net->user_ns, CAP_NET_RAW))
636 goto out;
637
638 ret = -EINVAL;
639 if (ifindex < 0)
640 goto out;
641
642 /* Paired with all READ_ONCE() done locklessly. */
643 WRITE_ONCE(sk->sk_bound_dev_if, ifindex);
644
645 if (sk->sk_prot->rehash)
646 sk->sk_prot->rehash(sk);
647 sk_dst_reset(sk);
648
649 ret = 0;
650
651out:
652#endif
653
654 return ret;
655}
656
657int sock_bindtoindex(struct sock *sk, int ifindex, bool lock_sk)
658{
659 int ret;
660
661 if (lock_sk)
662 lock_sock(sk);
663 ret = sock_bindtoindex_locked(sk, ifindex);
664 if (lock_sk)
665 release_sock(sk);
666
667 return ret;
668}
669EXPORT_SYMBOL(sock_bindtoindex);
670
671static int sock_setbindtodevice(struct sock *sk, sockptr_t optval, int optlen)
672{
673 int ret = -ENOPROTOOPT;
674#ifdef CONFIG_NETDEVICES
675 struct net *net = sock_net(sk);
676 char devname[IFNAMSIZ];
677 int index;
678
679 ret = -EINVAL;
680 if (optlen < 0)
681 goto out;
682
683 /* Bind this socket to a particular device like "eth0",
684 * as specified in the passed interface name. If the
685 * name is "" or the option length is zero the socket
686 * is not bound.
687 */
688 if (optlen > IFNAMSIZ - 1)
689 optlen = IFNAMSIZ - 1;
690 memset(devname, 0, sizeof(devname));
691
692 ret = -EFAULT;
693 if (copy_from_sockptr(devname, optval, optlen))
694 goto out;
695
696 index = 0;
697 if (devname[0] != '\0') {
698 struct net_device *dev;
699
700 rcu_read_lock();
701 dev = dev_get_by_name_rcu(net, devname);
702 if (dev)
703 index = dev->ifindex;
704 rcu_read_unlock();
705 ret = -ENODEV;
706 if (!dev)
707 goto out;
708 }
709
710 sockopt_lock_sock(sk);
711 ret = sock_bindtoindex_locked(sk, index);
712 sockopt_release_sock(sk);
713out:
714#endif
715
716 return ret;
717}
718
719static int sock_getbindtodevice(struct sock *sk, sockptr_t optval,
720 sockptr_t optlen, int len)
721{
722 int ret = -ENOPROTOOPT;
723#ifdef CONFIG_NETDEVICES
724 int bound_dev_if = READ_ONCE(sk->sk_bound_dev_if);
725 struct net *net = sock_net(sk);
726 char devname[IFNAMSIZ];
727
728 if (bound_dev_if == 0) {
729 len = 0;
730 goto zero;
731 }
732
733 ret = -EINVAL;
734 if (len < IFNAMSIZ)
735 goto out;
736
737 ret = netdev_get_name(net, devname, bound_dev_if);
738 if (ret)
739 goto out;
740
741 len = strlen(devname) + 1;
742
743 ret = -EFAULT;
744 if (copy_to_sockptr(optval, devname, len))
745 goto out;
746
747zero:
748 ret = -EFAULT;
749 if (copy_to_sockptr(optlen, &len, sizeof(int)))
750 goto out;
751
752 ret = 0;
753
754out:
755#endif
756
757 return ret;
758}
759
760bool sk_mc_loop(const struct sock *sk)
761{
762 if (dev_recursion_level())
763 return false;
764 if (!sk)
765 return true;
766 /* IPV6_ADDRFORM can change sk->sk_family under us. */
767 switch (READ_ONCE(sk->sk_family)) {
768 case AF_INET:
769 return inet_test_bit(MC_LOOP, sk);
770#if IS_ENABLED(CONFIG_IPV6)
771 case AF_INET6:
772 return inet6_test_bit(MC6_LOOP, sk);
773#endif
774 }
775 WARN_ON_ONCE(1);
776 return true;
777}
778EXPORT_SYMBOL(sk_mc_loop);
779
780void sock_set_reuseaddr(struct sock *sk)
781{
782 lock_sock(sk);
783 sk->sk_reuse = SK_CAN_REUSE;
784 release_sock(sk);
785}
786EXPORT_SYMBOL(sock_set_reuseaddr);
787
788void sock_set_reuseport(struct sock *sk)
789{
790 lock_sock(sk);
791 sk->sk_reuseport = true;
792 release_sock(sk);
793}
794EXPORT_SYMBOL(sock_set_reuseport);
795
796void sock_no_linger(struct sock *sk)
797{
798 lock_sock(sk);
799 WRITE_ONCE(sk->sk_lingertime, 0);
800 sock_set_flag(sk, SOCK_LINGER);
801 release_sock(sk);
802}
803EXPORT_SYMBOL(sock_no_linger);
804
805void sock_set_priority(struct sock *sk, u32 priority)
806{
807 WRITE_ONCE(sk->sk_priority, priority);
808}
809EXPORT_SYMBOL(sock_set_priority);
810
811void sock_set_sndtimeo(struct sock *sk, s64 secs)
812{
813 lock_sock(sk);
814 if (secs && secs < MAX_SCHEDULE_TIMEOUT / HZ - 1)
815 WRITE_ONCE(sk->sk_sndtimeo, secs * HZ);
816 else
817 WRITE_ONCE(sk->sk_sndtimeo, MAX_SCHEDULE_TIMEOUT);
818 release_sock(sk);
819}
820EXPORT_SYMBOL(sock_set_sndtimeo);
821
822static void __sock_set_timestamps(struct sock *sk, bool val, bool new, bool ns)
823{
824 if (val) {
825 sock_valbool_flag(sk, SOCK_TSTAMP_NEW, new);
826 sock_valbool_flag(sk, SOCK_RCVTSTAMPNS, ns);
827 sock_set_flag(sk, SOCK_RCVTSTAMP);
828 sock_enable_timestamp(sk, SOCK_TIMESTAMP);
829 } else {
830 sock_reset_flag(sk, SOCK_RCVTSTAMP);
831 sock_reset_flag(sk, SOCK_RCVTSTAMPNS);
832 }
833}
834
835void sock_enable_timestamps(struct sock *sk)
836{
837 lock_sock(sk);
838 __sock_set_timestamps(sk, true, false, true);
839 release_sock(sk);
840}
841EXPORT_SYMBOL(sock_enable_timestamps);
842
843void sock_set_timestamp(struct sock *sk, int optname, bool valbool)
844{
845 switch (optname) {
846 case SO_TIMESTAMP_OLD:
847 __sock_set_timestamps(sk, valbool, false, false);
848 break;
849 case SO_TIMESTAMP_NEW:
850 __sock_set_timestamps(sk, valbool, true, false);
851 break;
852 case SO_TIMESTAMPNS_OLD:
853 __sock_set_timestamps(sk, valbool, false, true);
854 break;
855 case SO_TIMESTAMPNS_NEW:
856 __sock_set_timestamps(sk, valbool, true, true);
857 break;
858 }
859}
860
861static int sock_timestamping_bind_phc(struct sock *sk, int phc_index)
862{
863 struct net *net = sock_net(sk);
864 struct net_device *dev = NULL;
865 bool match = false;
866 int *vclock_index;
867 int i, num;
868
869 if (sk->sk_bound_dev_if)
870 dev = dev_get_by_index(net, sk->sk_bound_dev_if);
871
872 if (!dev) {
873 pr_err("%s: sock not bind to device\n", __func__);
874 return -EOPNOTSUPP;
875 }
876
877 num = ethtool_get_phc_vclocks(dev, &vclock_index);
878 dev_put(dev);
879
880 for (i = 0; i < num; i++) {
881 if (*(vclock_index + i) == phc_index) {
882 match = true;
883 break;
884 }
885 }
886
887 if (num > 0)
888 kfree(vclock_index);
889
890 if (!match)
891 return -EINVAL;
892
893 WRITE_ONCE(sk->sk_bind_phc, phc_index);
894
895 return 0;
896}
897
898int sock_set_timestamping(struct sock *sk, int optname,
899 struct so_timestamping timestamping)
900{
901 int val = timestamping.flags;
902 int ret;
903
904 if (val & ~SOF_TIMESTAMPING_MASK)
905 return -EINVAL;
906
907 if (val & SOF_TIMESTAMPING_OPT_ID_TCP &&
908 !(val & SOF_TIMESTAMPING_OPT_ID))
909 return -EINVAL;
910
911 if (val & SOF_TIMESTAMPING_OPT_ID &&
912 !(sk->sk_tsflags & SOF_TIMESTAMPING_OPT_ID)) {
913 if (sk_is_tcp(sk)) {
914 if ((1 << sk->sk_state) &
915 (TCPF_CLOSE | TCPF_LISTEN))
916 return -EINVAL;
917 if (val & SOF_TIMESTAMPING_OPT_ID_TCP)
918 atomic_set(&sk->sk_tskey, tcp_sk(sk)->write_seq);
919 else
920 atomic_set(&sk->sk_tskey, tcp_sk(sk)->snd_una);
921 } else {
922 atomic_set(&sk->sk_tskey, 0);
923 }
924 }
925
926 if (val & SOF_TIMESTAMPING_OPT_STATS &&
927 !(val & SOF_TIMESTAMPING_OPT_TSONLY))
928 return -EINVAL;
929
930 if (val & SOF_TIMESTAMPING_BIND_PHC) {
931 ret = sock_timestamping_bind_phc(sk, timestamping.bind_phc);
932 if (ret)
933 return ret;
934 }
935
936 WRITE_ONCE(sk->sk_tsflags, val);
937 sock_valbool_flag(sk, SOCK_TSTAMP_NEW, optname == SO_TIMESTAMPING_NEW);
938
939 if (val & SOF_TIMESTAMPING_RX_SOFTWARE)
940 sock_enable_timestamp(sk,
941 SOCK_TIMESTAMPING_RX_SOFTWARE);
942 else
943 sock_disable_timestamp(sk,
944 (1UL << SOCK_TIMESTAMPING_RX_SOFTWARE));
945 return 0;
946}
947
948void sock_set_keepalive(struct sock *sk)
949{
950 lock_sock(sk);
951 if (sk->sk_prot->keepalive)
952 sk->sk_prot->keepalive(sk, true);
953 sock_valbool_flag(sk, SOCK_KEEPOPEN, true);
954 release_sock(sk);
955}
956EXPORT_SYMBOL(sock_set_keepalive);
957
958static void __sock_set_rcvbuf(struct sock *sk, int val)
959{
960 /* Ensure val * 2 fits into an int, to prevent max_t() from treating it
961 * as a negative value.
962 */
963 val = min_t(int, val, INT_MAX / 2);
964 sk->sk_userlocks |= SOCK_RCVBUF_LOCK;
965
966 /* We double it on the way in to account for "struct sk_buff" etc.
967 * overhead. Applications assume that the SO_RCVBUF setting they make
968 * will allow that much actual data to be received on that socket.
969 *
970 * Applications are unaware that "struct sk_buff" and other overheads
971 * allocate from the receive buffer during socket buffer allocation.
972 *
973 * And after considering the possible alternatives, returning the value
974 * we actually used in getsockopt is the most desirable behavior.
975 */
976 WRITE_ONCE(sk->sk_rcvbuf, max_t(int, val * 2, SOCK_MIN_RCVBUF));
977}
978
979void sock_set_rcvbuf(struct sock *sk, int val)
980{
981 lock_sock(sk);
982 __sock_set_rcvbuf(sk, val);
983 release_sock(sk);
984}
985EXPORT_SYMBOL(sock_set_rcvbuf);
986
987static void __sock_set_mark(struct sock *sk, u32 val)
988{
989 if (val != sk->sk_mark) {
990 WRITE_ONCE(sk->sk_mark, val);
991 sk_dst_reset(sk);
992 }
993}
994
995void sock_set_mark(struct sock *sk, u32 val)
996{
997 lock_sock(sk);
998 __sock_set_mark(sk, val);
999 release_sock(sk);
1000}
1001EXPORT_SYMBOL(sock_set_mark);
1002
1003static void sock_release_reserved_memory(struct sock *sk, int bytes)
1004{
1005 /* Round down bytes to multiple of pages */
1006 bytes = round_down(bytes, PAGE_SIZE);
1007
1008 WARN_ON(bytes > sk->sk_reserved_mem);
1009 WRITE_ONCE(sk->sk_reserved_mem, sk->sk_reserved_mem - bytes);
1010 sk_mem_reclaim(sk);
1011}
1012
1013static int sock_reserve_memory(struct sock *sk, int bytes)
1014{
1015 long allocated;
1016 bool charged;
1017 int pages;
1018
1019 if (!mem_cgroup_sockets_enabled || !sk->sk_memcg || !sk_has_account(sk))
1020 return -EOPNOTSUPP;
1021
1022 if (!bytes)
1023 return 0;
1024
1025 pages = sk_mem_pages(bytes);
1026
1027 /* pre-charge to memcg */
1028 charged = mem_cgroup_charge_skmem(sk->sk_memcg, pages,
1029 GFP_KERNEL | __GFP_RETRY_MAYFAIL);
1030 if (!charged)
1031 return -ENOMEM;
1032
1033 /* pre-charge to forward_alloc */
1034 sk_memory_allocated_add(sk, pages);
1035 allocated = sk_memory_allocated(sk);
1036 /* If the system goes into memory pressure with this
1037 * precharge, give up and return error.
1038 */
1039 if (allocated > sk_prot_mem_limits(sk, 1)) {
1040 sk_memory_allocated_sub(sk, pages);
1041 mem_cgroup_uncharge_skmem(sk->sk_memcg, pages);
1042 return -ENOMEM;
1043 }
1044 sk_forward_alloc_add(sk, pages << PAGE_SHIFT);
1045
1046 WRITE_ONCE(sk->sk_reserved_mem,
1047 sk->sk_reserved_mem + (pages << PAGE_SHIFT));
1048
1049 return 0;
1050}
1051
1052void sockopt_lock_sock(struct sock *sk)
1053{
1054 /* When current->bpf_ctx is set, the setsockopt is called from
1055 * a bpf prog. bpf has ensured the sk lock has been
1056 * acquired before calling setsockopt().
1057 */
1058 if (has_current_bpf_ctx())
1059 return;
1060
1061 lock_sock(sk);
1062}
1063EXPORT_SYMBOL(sockopt_lock_sock);
1064
1065void sockopt_release_sock(struct sock *sk)
1066{
1067 if (has_current_bpf_ctx())
1068 return;
1069
1070 release_sock(sk);
1071}
1072EXPORT_SYMBOL(sockopt_release_sock);
1073
1074bool sockopt_ns_capable(struct user_namespace *ns, int cap)
1075{
1076 return has_current_bpf_ctx() || ns_capable(ns, cap);
1077}
1078EXPORT_SYMBOL(sockopt_ns_capable);
1079
1080bool sockopt_capable(int cap)
1081{
1082 return has_current_bpf_ctx() || capable(cap);
1083}
1084EXPORT_SYMBOL(sockopt_capable);
1085
1086/*
1087 * This is meant for all protocols to use and covers goings on
1088 * at the socket level. Everything here is generic.
1089 */
1090
1091int sk_setsockopt(struct sock *sk, int level, int optname,
1092 sockptr_t optval, unsigned int optlen)
1093{
1094 struct so_timestamping timestamping;
1095 struct socket *sock = sk->sk_socket;
1096 struct sock_txtime sk_txtime;
1097 int val;
1098 int valbool;
1099 struct linger ling;
1100 int ret = 0;
1101
1102 /*
1103 * Options without arguments
1104 */
1105
1106 if (optname == SO_BINDTODEVICE)
1107 return sock_setbindtodevice(sk, optval, optlen);
1108
1109 if (optlen < sizeof(int))
1110 return -EINVAL;
1111
1112 if (copy_from_sockptr(&val, optval, sizeof(val)))
1113 return -EFAULT;
1114
1115 valbool = val ? 1 : 0;
1116
1117 /* handle options which do not require locking the socket. */
1118 switch (optname) {
1119 case SO_PRIORITY:
1120 if ((val >= 0 && val <= 6) ||
1121 sockopt_ns_capable(sock_net(sk)->user_ns, CAP_NET_RAW) ||
1122 sockopt_ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) {
1123 sock_set_priority(sk, val);
1124 return 0;
1125 }
1126 return -EPERM;
1127 case SO_PASSSEC:
1128 assign_bit(SOCK_PASSSEC, &sock->flags, valbool);
1129 return 0;
1130 case SO_PASSCRED:
1131 assign_bit(SOCK_PASSCRED, &sock->flags, valbool);
1132 return 0;
1133 case SO_PASSPIDFD:
1134 assign_bit(SOCK_PASSPIDFD, &sock->flags, valbool);
1135 return 0;
1136 case SO_TYPE:
1137 case SO_PROTOCOL:
1138 case SO_DOMAIN:
1139 case SO_ERROR:
1140 return -ENOPROTOOPT;
1141#ifdef CONFIG_NET_RX_BUSY_POLL
1142 case SO_BUSY_POLL:
1143 if (val < 0)
1144 return -EINVAL;
1145 WRITE_ONCE(sk->sk_ll_usec, val);
1146 return 0;
1147 case SO_PREFER_BUSY_POLL:
1148 if (valbool && !sockopt_capable(CAP_NET_ADMIN))
1149 return -EPERM;
1150 WRITE_ONCE(sk->sk_prefer_busy_poll, valbool);
1151 return 0;
1152 case SO_BUSY_POLL_BUDGET:
1153 if (val > READ_ONCE(sk->sk_busy_poll_budget) &&
1154 !sockopt_capable(CAP_NET_ADMIN))
1155 return -EPERM;
1156 if (val < 0 || val > U16_MAX)
1157 return -EINVAL;
1158 WRITE_ONCE(sk->sk_busy_poll_budget, val);
1159 return 0;
1160#endif
1161 case SO_MAX_PACING_RATE:
1162 {
1163 unsigned long ulval = (val == ~0U) ? ~0UL : (unsigned int)val;
1164 unsigned long pacing_rate;
1165
1166 if (sizeof(ulval) != sizeof(val) &&
1167 optlen >= sizeof(ulval) &&
1168 copy_from_sockptr(&ulval, optval, sizeof(ulval))) {
1169 return -EFAULT;
1170 }
1171 if (ulval != ~0UL)
1172 cmpxchg(&sk->sk_pacing_status,
1173 SK_PACING_NONE,
1174 SK_PACING_NEEDED);
1175 /* Pairs with READ_ONCE() from sk_getsockopt() */
1176 WRITE_ONCE(sk->sk_max_pacing_rate, ulval);
1177 pacing_rate = READ_ONCE(sk->sk_pacing_rate);
1178 if (ulval < pacing_rate)
1179 WRITE_ONCE(sk->sk_pacing_rate, ulval);
1180 return 0;
1181 }
1182 case SO_TXREHASH:
1183 if (val < -1 || val > 1)
1184 return -EINVAL;
1185 if ((u8)val == SOCK_TXREHASH_DEFAULT)
1186 val = READ_ONCE(sock_net(sk)->core.sysctl_txrehash);
1187 /* Paired with READ_ONCE() in tcp_rtx_synack()
1188 * and sk_getsockopt().
1189 */
1190 WRITE_ONCE(sk->sk_txrehash, (u8)val);
1191 return 0;
1192 case SO_PEEK_OFF:
1193 {
1194 int (*set_peek_off)(struct sock *sk, int val);
1195
1196 set_peek_off = READ_ONCE(sock->ops)->set_peek_off;
1197 if (set_peek_off)
1198 ret = set_peek_off(sk, val);
1199 else
1200 ret = -EOPNOTSUPP;
1201 return ret;
1202 }
1203 }
1204
1205 sockopt_lock_sock(sk);
1206
1207 switch (optname) {
1208 case SO_DEBUG:
1209 if (val && !sockopt_capable(CAP_NET_ADMIN))
1210 ret = -EACCES;
1211 else
1212 sock_valbool_flag(sk, SOCK_DBG, valbool);
1213 break;
1214 case SO_REUSEADDR:
1215 sk->sk_reuse = (valbool ? SK_CAN_REUSE : SK_NO_REUSE);
1216 break;
1217 case SO_REUSEPORT:
1218 sk->sk_reuseport = valbool;
1219 break;
1220 case SO_DONTROUTE:
1221 sock_valbool_flag(sk, SOCK_LOCALROUTE, valbool);
1222 sk_dst_reset(sk);
1223 break;
1224 case SO_BROADCAST:
1225 sock_valbool_flag(sk, SOCK_BROADCAST, valbool);
1226 break;
1227 case SO_SNDBUF:
1228 /* Don't error on this BSD doesn't and if you think
1229 * about it this is right. Otherwise apps have to
1230 * play 'guess the biggest size' games. RCVBUF/SNDBUF
1231 * are treated in BSD as hints
1232 */
1233 val = min_t(u32, val, READ_ONCE(sysctl_wmem_max));
1234set_sndbuf:
1235 /* Ensure val * 2 fits into an int, to prevent max_t()
1236 * from treating it as a negative value.
1237 */
1238 val = min_t(int, val, INT_MAX / 2);
1239 sk->sk_userlocks |= SOCK_SNDBUF_LOCK;
1240 WRITE_ONCE(sk->sk_sndbuf,
1241 max_t(int, val * 2, SOCK_MIN_SNDBUF));
1242 /* Wake up sending tasks if we upped the value. */
1243 sk->sk_write_space(sk);
1244 break;
1245
1246 case SO_SNDBUFFORCE:
1247 if (!sockopt_capable(CAP_NET_ADMIN)) {
1248 ret = -EPERM;
1249 break;
1250 }
1251
1252 /* No negative values (to prevent underflow, as val will be
1253 * multiplied by 2).
1254 */
1255 if (val < 0)
1256 val = 0;
1257 goto set_sndbuf;
1258
1259 case SO_RCVBUF:
1260 /* Don't error on this BSD doesn't and if you think
1261 * about it this is right. Otherwise apps have to
1262 * play 'guess the biggest size' games. RCVBUF/SNDBUF
1263 * are treated in BSD as hints
1264 */
1265 __sock_set_rcvbuf(sk, min_t(u32, val, READ_ONCE(sysctl_rmem_max)));
1266 break;
1267
1268 case SO_RCVBUFFORCE:
1269 if (!sockopt_capable(CAP_NET_ADMIN)) {
1270 ret = -EPERM;
1271 break;
1272 }
1273
1274 /* No negative values (to prevent underflow, as val will be
1275 * multiplied by 2).
1276 */
1277 __sock_set_rcvbuf(sk, max(val, 0));
1278 break;
1279
1280 case SO_KEEPALIVE:
1281 if (sk->sk_prot->keepalive)
1282 sk->sk_prot->keepalive(sk, valbool);
1283 sock_valbool_flag(sk, SOCK_KEEPOPEN, valbool);
1284 break;
1285
1286 case SO_OOBINLINE:
1287 sock_valbool_flag(sk, SOCK_URGINLINE, valbool);
1288 break;
1289
1290 case SO_NO_CHECK:
1291 sk->sk_no_check_tx = valbool;
1292 break;
1293
1294 case SO_LINGER:
1295 if (optlen < sizeof(ling)) {
1296 ret = -EINVAL; /* 1003.1g */
1297 break;
1298 }
1299 if (copy_from_sockptr(&ling, optval, sizeof(ling))) {
1300 ret = -EFAULT;
1301 break;
1302 }
1303 if (!ling.l_onoff) {
1304 sock_reset_flag(sk, SOCK_LINGER);
1305 } else {
1306 unsigned long t_sec = ling.l_linger;
1307
1308 if (t_sec >= MAX_SCHEDULE_TIMEOUT / HZ)
1309 WRITE_ONCE(sk->sk_lingertime, MAX_SCHEDULE_TIMEOUT);
1310 else
1311 WRITE_ONCE(sk->sk_lingertime, t_sec * HZ);
1312 sock_set_flag(sk, SOCK_LINGER);
1313 }
1314 break;
1315
1316 case SO_BSDCOMPAT:
1317 break;
1318
1319 case SO_TIMESTAMP_OLD:
1320 case SO_TIMESTAMP_NEW:
1321 case SO_TIMESTAMPNS_OLD:
1322 case SO_TIMESTAMPNS_NEW:
1323 sock_set_timestamp(sk, optname, valbool);
1324 break;
1325
1326 case SO_TIMESTAMPING_NEW:
1327 case SO_TIMESTAMPING_OLD:
1328 if (optlen == sizeof(timestamping)) {
1329 if (copy_from_sockptr(×tamping, optval,
1330 sizeof(timestamping))) {
1331 ret = -EFAULT;
1332 break;
1333 }
1334 } else {
1335 memset(×tamping, 0, sizeof(timestamping));
1336 timestamping.flags = val;
1337 }
1338 ret = sock_set_timestamping(sk, optname, timestamping);
1339 break;
1340
1341 case SO_RCVLOWAT:
1342 {
1343 int (*set_rcvlowat)(struct sock *sk, int val) = NULL;
1344
1345 if (val < 0)
1346 val = INT_MAX;
1347 if (sock)
1348 set_rcvlowat = READ_ONCE(sock->ops)->set_rcvlowat;
1349 if (set_rcvlowat)
1350 ret = set_rcvlowat(sk, val);
1351 else
1352 WRITE_ONCE(sk->sk_rcvlowat, val ? : 1);
1353 break;
1354 }
1355 case SO_RCVTIMEO_OLD:
1356 case SO_RCVTIMEO_NEW:
1357 ret = sock_set_timeout(&sk->sk_rcvtimeo, optval,
1358 optlen, optname == SO_RCVTIMEO_OLD);
1359 break;
1360
1361 case SO_SNDTIMEO_OLD:
1362 case SO_SNDTIMEO_NEW:
1363 ret = sock_set_timeout(&sk->sk_sndtimeo, optval,
1364 optlen, optname == SO_SNDTIMEO_OLD);
1365 break;
1366
1367 case SO_ATTACH_FILTER: {
1368 struct sock_fprog fprog;
1369
1370 ret = copy_bpf_fprog_from_user(&fprog, optval, optlen);
1371 if (!ret)
1372 ret = sk_attach_filter(&fprog, sk);
1373 break;
1374 }
1375 case SO_ATTACH_BPF:
1376 ret = -EINVAL;
1377 if (optlen == sizeof(u32)) {
1378 u32 ufd;
1379
1380 ret = -EFAULT;
1381 if (copy_from_sockptr(&ufd, optval, sizeof(ufd)))
1382 break;
1383
1384 ret = sk_attach_bpf(ufd, sk);
1385 }
1386 break;
1387
1388 case SO_ATTACH_REUSEPORT_CBPF: {
1389 struct sock_fprog fprog;
1390
1391 ret = copy_bpf_fprog_from_user(&fprog, optval, optlen);
1392 if (!ret)
1393 ret = sk_reuseport_attach_filter(&fprog, sk);
1394 break;
1395 }
1396 case SO_ATTACH_REUSEPORT_EBPF:
1397 ret = -EINVAL;
1398 if (optlen == sizeof(u32)) {
1399 u32 ufd;
1400
1401 ret = -EFAULT;
1402 if (copy_from_sockptr(&ufd, optval, sizeof(ufd)))
1403 break;
1404
1405 ret = sk_reuseport_attach_bpf(ufd, sk);
1406 }
1407 break;
1408
1409 case SO_DETACH_REUSEPORT_BPF:
1410 ret = reuseport_detach_prog(sk);
1411 break;
1412
1413 case SO_DETACH_FILTER:
1414 ret = sk_detach_filter(sk);
1415 break;
1416
1417 case SO_LOCK_FILTER:
1418 if (sock_flag(sk, SOCK_FILTER_LOCKED) && !valbool)
1419 ret = -EPERM;
1420 else
1421 sock_valbool_flag(sk, SOCK_FILTER_LOCKED, valbool);
1422 break;
1423
1424 case SO_MARK:
1425 if (!sockopt_ns_capable(sock_net(sk)->user_ns, CAP_NET_RAW) &&
1426 !sockopt_ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) {
1427 ret = -EPERM;
1428 break;
1429 }
1430
1431 __sock_set_mark(sk, val);
1432 break;
1433 case SO_RCVMARK:
1434 sock_valbool_flag(sk, SOCK_RCVMARK, valbool);
1435 break;
1436
1437 case SO_RXQ_OVFL:
1438 sock_valbool_flag(sk, SOCK_RXQ_OVFL, valbool);
1439 break;
1440
1441 case SO_WIFI_STATUS:
1442 sock_valbool_flag(sk, SOCK_WIFI_STATUS, valbool);
1443 break;
1444
1445 case SO_NOFCS:
1446 sock_valbool_flag(sk, SOCK_NOFCS, valbool);
1447 break;
1448
1449 case SO_SELECT_ERR_QUEUE:
1450 sock_valbool_flag(sk, SOCK_SELECT_ERR_QUEUE, valbool);
1451 break;
1452
1453
1454 case SO_INCOMING_CPU:
1455 reuseport_update_incoming_cpu(sk, val);
1456 break;
1457
1458 case SO_CNX_ADVICE:
1459 if (val == 1)
1460 dst_negative_advice(sk);
1461 break;
1462
1463 case SO_ZEROCOPY:
1464 if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6) {
1465 if (!(sk_is_tcp(sk) ||
1466 (sk->sk_type == SOCK_DGRAM &&
1467 sk->sk_protocol == IPPROTO_UDP)))
1468 ret = -EOPNOTSUPP;
1469 } else if (sk->sk_family != PF_RDS) {
1470 ret = -EOPNOTSUPP;
1471 }
1472 if (!ret) {
1473 if (val < 0 || val > 1)
1474 ret = -EINVAL;
1475 else
1476 sock_valbool_flag(sk, SOCK_ZEROCOPY, valbool);
1477 }
1478 break;
1479
1480 case SO_TXTIME:
1481 if (optlen != sizeof(struct sock_txtime)) {
1482 ret = -EINVAL;
1483 break;
1484 } else if (copy_from_sockptr(&sk_txtime, optval,
1485 sizeof(struct sock_txtime))) {
1486 ret = -EFAULT;
1487 break;
1488 } else if (sk_txtime.flags & ~SOF_TXTIME_FLAGS_MASK) {
1489 ret = -EINVAL;
1490 break;
1491 }
1492 /* CLOCK_MONOTONIC is only used by sch_fq, and this packet
1493 * scheduler has enough safe guards.
1494 */
1495 if (sk_txtime.clockid != CLOCK_MONOTONIC &&
1496 !sockopt_ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) {
1497 ret = -EPERM;
1498 break;
1499 }
1500 sock_valbool_flag(sk, SOCK_TXTIME, true);
1501 sk->sk_clockid = sk_txtime.clockid;
1502 sk->sk_txtime_deadline_mode =
1503 !!(sk_txtime.flags & SOF_TXTIME_DEADLINE_MODE);
1504 sk->sk_txtime_report_errors =
1505 !!(sk_txtime.flags & SOF_TXTIME_REPORT_ERRORS);
1506 break;
1507
1508 case SO_BINDTOIFINDEX:
1509 ret = sock_bindtoindex_locked(sk, val);
1510 break;
1511
1512 case SO_BUF_LOCK:
1513 if (val & ~SOCK_BUF_LOCK_MASK) {
1514 ret = -EINVAL;
1515 break;
1516 }
1517 sk->sk_userlocks = val | (sk->sk_userlocks &
1518 ~SOCK_BUF_LOCK_MASK);
1519 break;
1520
1521 case SO_RESERVE_MEM:
1522 {
1523 int delta;
1524
1525 if (val < 0) {
1526 ret = -EINVAL;
1527 break;
1528 }
1529
1530 delta = val - sk->sk_reserved_mem;
1531 if (delta < 0)
1532 sock_release_reserved_memory(sk, -delta);
1533 else
1534 ret = sock_reserve_memory(sk, delta);
1535 break;
1536 }
1537
1538 default:
1539 ret = -ENOPROTOOPT;
1540 break;
1541 }
1542 sockopt_release_sock(sk);
1543 return ret;
1544}
1545
1546int sock_setsockopt(struct socket *sock, int level, int optname,
1547 sockptr_t optval, unsigned int optlen)
1548{
1549 return sk_setsockopt(sock->sk, level, optname,
1550 optval, optlen);
1551}
1552EXPORT_SYMBOL(sock_setsockopt);
1553
1554static const struct cred *sk_get_peer_cred(struct sock *sk)
1555{
1556 const struct cred *cred;
1557
1558 spin_lock(&sk->sk_peer_lock);
1559 cred = get_cred(sk->sk_peer_cred);
1560 spin_unlock(&sk->sk_peer_lock);
1561
1562 return cred;
1563}
1564
1565static void cred_to_ucred(struct pid *pid, const struct cred *cred,
1566 struct ucred *ucred)
1567{
1568 ucred->pid = pid_vnr(pid);
1569 ucred->uid = ucred->gid = -1;
1570 if (cred) {
1571 struct user_namespace *current_ns = current_user_ns();
1572
1573 ucred->uid = from_kuid_munged(current_ns, cred->euid);
1574 ucred->gid = from_kgid_munged(current_ns, cred->egid);
1575 }
1576}
1577
1578static int groups_to_user(sockptr_t dst, const struct group_info *src)
1579{
1580 struct user_namespace *user_ns = current_user_ns();
1581 int i;
1582
1583 for (i = 0; i < src->ngroups; i++) {
1584 gid_t gid = from_kgid_munged(user_ns, src->gid[i]);
1585
1586 if (copy_to_sockptr_offset(dst, i * sizeof(gid), &gid, sizeof(gid)))
1587 return -EFAULT;
1588 }
1589
1590 return 0;
1591}
1592
1593int sk_getsockopt(struct sock *sk, int level, int optname,
1594 sockptr_t optval, sockptr_t optlen)
1595{
1596 struct socket *sock = sk->sk_socket;
1597
1598 union {
1599 int val;
1600 u64 val64;
1601 unsigned long ulval;
1602 struct linger ling;
1603 struct old_timeval32 tm32;
1604 struct __kernel_old_timeval tm;
1605 struct __kernel_sock_timeval stm;
1606 struct sock_txtime txtime;
1607 struct so_timestamping timestamping;
1608 } v;
1609
1610 int lv = sizeof(int);
1611 int len;
1612
1613 if (copy_from_sockptr(&len, optlen, sizeof(int)))
1614 return -EFAULT;
1615 if (len < 0)
1616 return -EINVAL;
1617
1618 memset(&v, 0, sizeof(v));
1619
1620 switch (optname) {
1621 case SO_DEBUG:
1622 v.val = sock_flag(sk, SOCK_DBG);
1623 break;
1624
1625 case SO_DONTROUTE:
1626 v.val = sock_flag(sk, SOCK_LOCALROUTE);
1627 break;
1628
1629 case SO_BROADCAST:
1630 v.val = sock_flag(sk, SOCK_BROADCAST);
1631 break;
1632
1633 case SO_SNDBUF:
1634 v.val = READ_ONCE(sk->sk_sndbuf);
1635 break;
1636
1637 case SO_RCVBUF:
1638 v.val = READ_ONCE(sk->sk_rcvbuf);
1639 break;
1640
1641 case SO_REUSEADDR:
1642 v.val = sk->sk_reuse;
1643 break;
1644
1645 case SO_REUSEPORT:
1646 v.val = sk->sk_reuseport;
1647 break;
1648
1649 case SO_KEEPALIVE:
1650 v.val = sock_flag(sk, SOCK_KEEPOPEN);
1651 break;
1652
1653 case SO_TYPE:
1654 v.val = sk->sk_type;
1655 break;
1656
1657 case SO_PROTOCOL:
1658 v.val = sk->sk_protocol;
1659 break;
1660
1661 case SO_DOMAIN:
1662 v.val = sk->sk_family;
1663 break;
1664
1665 case SO_ERROR:
1666 v.val = -sock_error(sk);
1667 if (v.val == 0)
1668 v.val = xchg(&sk->sk_err_soft, 0);
1669 break;
1670
1671 case SO_OOBINLINE:
1672 v.val = sock_flag(sk, SOCK_URGINLINE);
1673 break;
1674
1675 case SO_NO_CHECK:
1676 v.val = sk->sk_no_check_tx;
1677 break;
1678
1679 case SO_PRIORITY:
1680 v.val = READ_ONCE(sk->sk_priority);
1681 break;
1682
1683 case SO_LINGER:
1684 lv = sizeof(v.ling);
1685 v.ling.l_onoff = sock_flag(sk, SOCK_LINGER);
1686 v.ling.l_linger = READ_ONCE(sk->sk_lingertime) / HZ;
1687 break;
1688
1689 case SO_BSDCOMPAT:
1690 break;
1691
1692 case SO_TIMESTAMP_OLD:
1693 v.val = sock_flag(sk, SOCK_RCVTSTAMP) &&
1694 !sock_flag(sk, SOCK_TSTAMP_NEW) &&
1695 !sock_flag(sk, SOCK_RCVTSTAMPNS);
1696 break;
1697
1698 case SO_TIMESTAMPNS_OLD:
1699 v.val = sock_flag(sk, SOCK_RCVTSTAMPNS) && !sock_flag(sk, SOCK_TSTAMP_NEW);
1700 break;
1701
1702 case SO_TIMESTAMP_NEW:
1703 v.val = sock_flag(sk, SOCK_RCVTSTAMP) && sock_flag(sk, SOCK_TSTAMP_NEW);
1704 break;
1705
1706 case SO_TIMESTAMPNS_NEW:
1707 v.val = sock_flag(sk, SOCK_RCVTSTAMPNS) && sock_flag(sk, SOCK_TSTAMP_NEW);
1708 break;
1709
1710 case SO_TIMESTAMPING_OLD:
1711 case SO_TIMESTAMPING_NEW:
1712 lv = sizeof(v.timestamping);
1713 /* For the later-added case SO_TIMESTAMPING_NEW: Be strict about only
1714 * returning the flags when they were set through the same option.
1715 * Don't change the beviour for the old case SO_TIMESTAMPING_OLD.
1716 */
1717 if (optname == SO_TIMESTAMPING_OLD || sock_flag(sk, SOCK_TSTAMP_NEW)) {
1718 v.timestamping.flags = READ_ONCE(sk->sk_tsflags);
1719 v.timestamping.bind_phc = READ_ONCE(sk->sk_bind_phc);
1720 }
1721 break;
1722
1723 case SO_RCVTIMEO_OLD:
1724 case SO_RCVTIMEO_NEW:
1725 lv = sock_get_timeout(READ_ONCE(sk->sk_rcvtimeo), &v,
1726 SO_RCVTIMEO_OLD == optname);
1727 break;
1728
1729 case SO_SNDTIMEO_OLD:
1730 case SO_SNDTIMEO_NEW:
1731 lv = sock_get_timeout(READ_ONCE(sk->sk_sndtimeo), &v,
1732 SO_SNDTIMEO_OLD == optname);
1733 break;
1734
1735 case SO_RCVLOWAT:
1736 v.val = READ_ONCE(sk->sk_rcvlowat);
1737 break;
1738
1739 case SO_SNDLOWAT:
1740 v.val = 1;
1741 break;
1742
1743 case SO_PASSCRED:
1744 v.val = !!test_bit(SOCK_PASSCRED, &sock->flags);
1745 break;
1746
1747 case SO_PASSPIDFD:
1748 v.val = !!test_bit(SOCK_PASSPIDFD, &sock->flags);
1749 break;
1750
1751 case SO_PEERCRED:
1752 {
1753 struct ucred peercred;
1754 if (len > sizeof(peercred))
1755 len = sizeof(peercred);
1756
1757 spin_lock(&sk->sk_peer_lock);
1758 cred_to_ucred(sk->sk_peer_pid, sk->sk_peer_cred, &peercred);
1759 spin_unlock(&sk->sk_peer_lock);
1760
1761 if (copy_to_sockptr(optval, &peercred, len))
1762 return -EFAULT;
1763 goto lenout;
1764 }
1765
1766 case SO_PEERPIDFD:
1767 {
1768 struct pid *peer_pid;
1769 struct file *pidfd_file = NULL;
1770 int pidfd;
1771
1772 if (len > sizeof(pidfd))
1773 len = sizeof(pidfd);
1774
1775 spin_lock(&sk->sk_peer_lock);
1776 peer_pid = get_pid(sk->sk_peer_pid);
1777 spin_unlock(&sk->sk_peer_lock);
1778
1779 if (!peer_pid)
1780 return -ENODATA;
1781
1782 pidfd = pidfd_prepare(peer_pid, 0, &pidfd_file);
1783 put_pid(peer_pid);
1784 if (pidfd < 0)
1785 return pidfd;
1786
1787 if (copy_to_sockptr(optval, &pidfd, len) ||
1788 copy_to_sockptr(optlen, &len, sizeof(int))) {
1789 put_unused_fd(pidfd);
1790 fput(pidfd_file);
1791
1792 return -EFAULT;
1793 }
1794
1795 fd_install(pidfd, pidfd_file);
1796 return 0;
1797 }
1798
1799 case SO_PEERGROUPS:
1800 {
1801 const struct cred *cred;
1802 int ret, n;
1803
1804 cred = sk_get_peer_cred(sk);
1805 if (!cred)
1806 return -ENODATA;
1807
1808 n = cred->group_info->ngroups;
1809 if (len < n * sizeof(gid_t)) {
1810 len = n * sizeof(gid_t);
1811 put_cred(cred);
1812 return copy_to_sockptr(optlen, &len, sizeof(int)) ? -EFAULT : -ERANGE;
1813 }
1814 len = n * sizeof(gid_t);
1815
1816 ret = groups_to_user(optval, cred->group_info);
1817 put_cred(cred);
1818 if (ret)
1819 return ret;
1820 goto lenout;
1821 }
1822
1823 case SO_PEERNAME:
1824 {
1825 struct sockaddr_storage address;
1826
1827 lv = READ_ONCE(sock->ops)->getname(sock, (struct sockaddr *)&address, 2);
1828 if (lv < 0)
1829 return -ENOTCONN;
1830 if (lv < len)
1831 return -EINVAL;
1832 if (copy_to_sockptr(optval, &address, len))
1833 return -EFAULT;
1834 goto lenout;
1835 }
1836
1837 /* Dubious BSD thing... Probably nobody even uses it, but
1838 * the UNIX standard wants it for whatever reason... -DaveM
1839 */
1840 case SO_ACCEPTCONN:
1841 v.val = sk->sk_state == TCP_LISTEN;
1842 break;
1843
1844 case SO_PASSSEC:
1845 v.val = !!test_bit(SOCK_PASSSEC, &sock->flags);
1846 break;
1847
1848 case SO_PEERSEC:
1849 return security_socket_getpeersec_stream(sock,
1850 optval, optlen, len);
1851
1852 case SO_MARK:
1853 v.val = READ_ONCE(sk->sk_mark);
1854 break;
1855
1856 case SO_RCVMARK:
1857 v.val = sock_flag(sk, SOCK_RCVMARK);
1858 break;
1859
1860 case SO_RXQ_OVFL:
1861 v.val = sock_flag(sk, SOCK_RXQ_OVFL);
1862 break;
1863
1864 case SO_WIFI_STATUS:
1865 v.val = sock_flag(sk, SOCK_WIFI_STATUS);
1866 break;
1867
1868 case SO_PEEK_OFF:
1869 if (!READ_ONCE(sock->ops)->set_peek_off)
1870 return -EOPNOTSUPP;
1871
1872 v.val = READ_ONCE(sk->sk_peek_off);
1873 break;
1874 case SO_NOFCS:
1875 v.val = sock_flag(sk, SOCK_NOFCS);
1876 break;
1877
1878 case SO_BINDTODEVICE:
1879 return sock_getbindtodevice(sk, optval, optlen, len);
1880
1881 case SO_GET_FILTER:
1882 len = sk_get_filter(sk, optval, len);
1883 if (len < 0)
1884 return len;
1885
1886 goto lenout;
1887
1888 case SO_LOCK_FILTER:
1889 v.val = sock_flag(sk, SOCK_FILTER_LOCKED);
1890 break;
1891
1892 case SO_BPF_EXTENSIONS:
1893 v.val = bpf_tell_extensions();
1894 break;
1895
1896 case SO_SELECT_ERR_QUEUE:
1897 v.val = sock_flag(sk, SOCK_SELECT_ERR_QUEUE);
1898 break;
1899
1900#ifdef CONFIG_NET_RX_BUSY_POLL
1901 case SO_BUSY_POLL:
1902 v.val = READ_ONCE(sk->sk_ll_usec);
1903 break;
1904 case SO_PREFER_BUSY_POLL:
1905 v.val = READ_ONCE(sk->sk_prefer_busy_poll);
1906 break;
1907#endif
1908
1909 case SO_MAX_PACING_RATE:
1910 /* The READ_ONCE() pair with the WRITE_ONCE() in sk_setsockopt() */
1911 if (sizeof(v.ulval) != sizeof(v.val) && len >= sizeof(v.ulval)) {
1912 lv = sizeof(v.ulval);
1913 v.ulval = READ_ONCE(sk->sk_max_pacing_rate);
1914 } else {
1915 /* 32bit version */
1916 v.val = min_t(unsigned long, ~0U,
1917 READ_ONCE(sk->sk_max_pacing_rate));
1918 }
1919 break;
1920
1921 case SO_INCOMING_CPU:
1922 v.val = READ_ONCE(sk->sk_incoming_cpu);
1923 break;
1924
1925 case SO_MEMINFO:
1926 {
1927 u32 meminfo[SK_MEMINFO_VARS];
1928
1929 sk_get_meminfo(sk, meminfo);
1930
1931 len = min_t(unsigned int, len, sizeof(meminfo));
1932 if (copy_to_sockptr(optval, &meminfo, len))
1933 return -EFAULT;
1934
1935 goto lenout;
1936 }
1937
1938#ifdef CONFIG_NET_RX_BUSY_POLL
1939 case SO_INCOMING_NAPI_ID:
1940 v.val = READ_ONCE(sk->sk_napi_id);
1941
1942 /* aggregate non-NAPI IDs down to 0 */
1943 if (v.val < MIN_NAPI_ID)
1944 v.val = 0;
1945
1946 break;
1947#endif
1948
1949 case SO_COOKIE:
1950 lv = sizeof(u64);
1951 if (len < lv)
1952 return -EINVAL;
1953 v.val64 = sock_gen_cookie(sk);
1954 break;
1955
1956 case SO_ZEROCOPY:
1957 v.val = sock_flag(sk, SOCK_ZEROCOPY);
1958 break;
1959
1960 case SO_TXTIME:
1961 lv = sizeof(v.txtime);
1962 v.txtime.clockid = sk->sk_clockid;
1963 v.txtime.flags |= sk->sk_txtime_deadline_mode ?
1964 SOF_TXTIME_DEADLINE_MODE : 0;
1965 v.txtime.flags |= sk->sk_txtime_report_errors ?
1966 SOF_TXTIME_REPORT_ERRORS : 0;
1967 break;
1968
1969 case SO_BINDTOIFINDEX:
1970 v.val = READ_ONCE(sk->sk_bound_dev_if);
1971 break;
1972
1973 case SO_NETNS_COOKIE:
1974 lv = sizeof(u64);
1975 if (len != lv)
1976 return -EINVAL;
1977 v.val64 = sock_net(sk)->net_cookie;
1978 break;
1979
1980 case SO_BUF_LOCK:
1981 v.val = sk->sk_userlocks & SOCK_BUF_LOCK_MASK;
1982 break;
1983
1984 case SO_RESERVE_MEM:
1985 v.val = READ_ONCE(sk->sk_reserved_mem);
1986 break;
1987
1988 case SO_TXREHASH:
1989 /* Paired with WRITE_ONCE() in sk_setsockopt() */
1990 v.val = READ_ONCE(sk->sk_txrehash);
1991 break;
1992
1993 default:
1994 /* We implement the SO_SNDLOWAT etc to not be settable
1995 * (1003.1g 7).
1996 */
1997 return -ENOPROTOOPT;
1998 }
1999
2000 if (len > lv)
2001 len = lv;
2002 if (copy_to_sockptr(optval, &v, len))
2003 return -EFAULT;
2004lenout:
2005 if (copy_to_sockptr(optlen, &len, sizeof(int)))
2006 return -EFAULT;
2007 return 0;
2008}
2009
2010/*
2011 * Initialize an sk_lock.
2012 *
2013 * (We also register the sk_lock with the lock validator.)
2014 */
2015static inline void sock_lock_init(struct sock *sk)
2016{
2017 if (sk->sk_kern_sock)
2018 sock_lock_init_class_and_name(
2019 sk,
2020 af_family_kern_slock_key_strings[sk->sk_family],
2021 af_family_kern_slock_keys + sk->sk_family,
2022 af_family_kern_key_strings[sk->sk_family],
2023 af_family_kern_keys + sk->sk_family);
2024 else
2025 sock_lock_init_class_and_name(
2026 sk,
2027 af_family_slock_key_strings[sk->sk_family],
2028 af_family_slock_keys + sk->sk_family,
2029 af_family_key_strings[sk->sk_family],
2030 af_family_keys + sk->sk_family);
2031}
2032
2033/*
2034 * Copy all fields from osk to nsk but nsk->sk_refcnt must not change yet,
2035 * even temporarly, because of RCU lookups. sk_node should also be left as is.
2036 * We must not copy fields between sk_dontcopy_begin and sk_dontcopy_end
2037 */
2038static void sock_copy(struct sock *nsk, const struct sock *osk)
2039{
2040 const struct proto *prot = READ_ONCE(osk->sk_prot);
2041#ifdef CONFIG_SECURITY_NETWORK
2042 void *sptr = nsk->sk_security;
2043#endif
2044
2045 /* If we move sk_tx_queue_mapping out of the private section,
2046 * we must check if sk_tx_queue_clear() is called after
2047 * sock_copy() in sk_clone_lock().
2048 */
2049 BUILD_BUG_ON(offsetof(struct sock, sk_tx_queue_mapping) <
2050 offsetof(struct sock, sk_dontcopy_begin) ||
2051 offsetof(struct sock, sk_tx_queue_mapping) >=
2052 offsetof(struct sock, sk_dontcopy_end));
2053
2054 memcpy(nsk, osk, offsetof(struct sock, sk_dontcopy_begin));
2055
2056 unsafe_memcpy(&nsk->sk_dontcopy_end, &osk->sk_dontcopy_end,
2057 prot->obj_size - offsetof(struct sock, sk_dontcopy_end),
2058 /* alloc is larger than struct, see sk_prot_alloc() */);
2059
2060#ifdef CONFIG_SECURITY_NETWORK
2061 nsk->sk_security = sptr;
2062 security_sk_clone(osk, nsk);
2063#endif
2064}
2065
2066static struct sock *sk_prot_alloc(struct proto *prot, gfp_t priority,
2067 int family)
2068{
2069 struct sock *sk;
2070 struct kmem_cache *slab;
2071
2072 slab = prot->slab;
2073 if (slab != NULL) {
2074 sk = kmem_cache_alloc(slab, priority & ~__GFP_ZERO);
2075 if (!sk)
2076 return sk;
2077 if (want_init_on_alloc(priority))
2078 sk_prot_clear_nulls(sk, prot->obj_size);
2079 } else
2080 sk = kmalloc(prot->obj_size, priority);
2081
2082 if (sk != NULL) {
2083 if (security_sk_alloc(sk, family, priority))
2084 goto out_free;
2085
2086 if (!try_module_get(prot->owner))
2087 goto out_free_sec;
2088 }
2089
2090 return sk;
2091
2092out_free_sec:
2093 security_sk_free(sk);
2094out_free:
2095 if (slab != NULL)
2096 kmem_cache_free(slab, sk);
2097 else
2098 kfree(sk);
2099 return NULL;
2100}
2101
2102static void sk_prot_free(struct proto *prot, struct sock *sk)
2103{
2104 struct kmem_cache *slab;
2105 struct module *owner;
2106
2107 owner = prot->owner;
2108 slab = prot->slab;
2109
2110 cgroup_sk_free(&sk->sk_cgrp_data);
2111 mem_cgroup_sk_free(sk);
2112 security_sk_free(sk);
2113 if (slab != NULL)
2114 kmem_cache_free(slab, sk);
2115 else
2116 kfree(sk);
2117 module_put(owner);
2118}
2119
2120/**
2121 * sk_alloc - All socket objects are allocated here
2122 * @net: the applicable net namespace
2123 * @family: protocol family
2124 * @priority: for allocation (%GFP_KERNEL, %GFP_ATOMIC, etc)
2125 * @prot: struct proto associated with this new sock instance
2126 * @kern: is this to be a kernel socket?
2127 */
2128struct sock *sk_alloc(struct net *net, int family, gfp_t priority,
2129 struct proto *prot, int kern)
2130{
2131 struct sock *sk;
2132
2133 sk = sk_prot_alloc(prot, priority | __GFP_ZERO, family);
2134 if (sk) {
2135 sk->sk_family = family;
2136 /*
2137 * See comment in struct sock definition to understand
2138 * why we need sk_prot_creator -acme
2139 */
2140 sk->sk_prot = sk->sk_prot_creator = prot;
2141 sk->sk_kern_sock = kern;
2142 sock_lock_init(sk);
2143 sk->sk_net_refcnt = kern ? 0 : 1;
2144 if (likely(sk->sk_net_refcnt)) {
2145 get_net_track(net, &sk->ns_tracker, priority);
2146 sock_inuse_add(net, 1);
2147 } else {
2148 __netns_tracker_alloc(net, &sk->ns_tracker,
2149 false, priority);
2150 }
2151
2152 sock_net_set(sk, net);
2153 refcount_set(&sk->sk_wmem_alloc, 1);
2154
2155 mem_cgroup_sk_alloc(sk);
2156 cgroup_sk_alloc(&sk->sk_cgrp_data);
2157 sock_update_classid(&sk->sk_cgrp_data);
2158 sock_update_netprioidx(&sk->sk_cgrp_data);
2159 sk_tx_queue_clear(sk);
2160 }
2161
2162 return sk;
2163}
2164EXPORT_SYMBOL(sk_alloc);
2165
2166/* Sockets having SOCK_RCU_FREE will call this function after one RCU
2167 * grace period. This is the case for UDP sockets and TCP listeners.
2168 */
2169static void __sk_destruct(struct rcu_head *head)
2170{
2171 struct sock *sk = container_of(head, struct sock, sk_rcu);
2172 struct sk_filter *filter;
2173
2174 if (sk->sk_destruct)
2175 sk->sk_destruct(sk);
2176
2177 filter = rcu_dereference_check(sk->sk_filter,
2178 refcount_read(&sk->sk_wmem_alloc) == 0);
2179 if (filter) {
2180 sk_filter_uncharge(sk, filter);
2181 RCU_INIT_POINTER(sk->sk_filter, NULL);
2182 }
2183
2184 sock_disable_timestamp(sk, SK_FLAGS_TIMESTAMP);
2185
2186#ifdef CONFIG_BPF_SYSCALL
2187 bpf_sk_storage_free(sk);
2188#endif
2189
2190 if (atomic_read(&sk->sk_omem_alloc))
2191 pr_debug("%s: optmem leakage (%d bytes) detected\n",
2192 __func__, atomic_read(&sk->sk_omem_alloc));
2193
2194 if (sk->sk_frag.page) {
2195 put_page(sk->sk_frag.page);
2196 sk->sk_frag.page = NULL;
2197 }
2198
2199 /* We do not need to acquire sk->sk_peer_lock, we are the last user. */
2200 put_cred(sk->sk_peer_cred);
2201 put_pid(sk->sk_peer_pid);
2202
2203 if (likely(sk->sk_net_refcnt))
2204 put_net_track(sock_net(sk), &sk->ns_tracker);
2205 else
2206 __netns_tracker_free(sock_net(sk), &sk->ns_tracker, false);
2207
2208 sk_prot_free(sk->sk_prot_creator, sk);
2209}
2210
2211void sk_destruct(struct sock *sk)
2212{
2213 bool use_call_rcu = sock_flag(sk, SOCK_RCU_FREE);
2214
2215 if (rcu_access_pointer(sk->sk_reuseport_cb)) {
2216 reuseport_detach_sock(sk);
2217 use_call_rcu = true;
2218 }
2219
2220 if (use_call_rcu)
2221 call_rcu(&sk->sk_rcu, __sk_destruct);
2222 else
2223 __sk_destruct(&sk->sk_rcu);
2224}
2225
2226static void __sk_free(struct sock *sk)
2227{
2228 if (likely(sk->sk_net_refcnt))
2229 sock_inuse_add(sock_net(sk), -1);
2230
2231 if (unlikely(sk->sk_net_refcnt && sock_diag_has_destroy_listeners(sk)))
2232 sock_diag_broadcast_destroy(sk);
2233 else
2234 sk_destruct(sk);
2235}
2236
2237void sk_free(struct sock *sk)
2238{
2239 /*
2240 * We subtract one from sk_wmem_alloc and can know if
2241 * some packets are still in some tx queue.
2242 * If not null, sock_wfree() will call __sk_free(sk) later
2243 */
2244 if (refcount_dec_and_test(&sk->sk_wmem_alloc))
2245 __sk_free(sk);
2246}
2247EXPORT_SYMBOL(sk_free);
2248
2249static void sk_init_common(struct sock *sk)
2250{
2251 skb_queue_head_init(&sk->sk_receive_queue);
2252 skb_queue_head_init(&sk->sk_write_queue);
2253 skb_queue_head_init(&sk->sk_error_queue);
2254
2255 rwlock_init(&sk->sk_callback_lock);
2256 lockdep_set_class_and_name(&sk->sk_receive_queue.lock,
2257 af_rlock_keys + sk->sk_family,
2258 af_family_rlock_key_strings[sk->sk_family]);
2259 lockdep_set_class_and_name(&sk->sk_write_queue.lock,
2260 af_wlock_keys + sk->sk_family,
2261 af_family_wlock_key_strings[sk->sk_family]);
2262 lockdep_set_class_and_name(&sk->sk_error_queue.lock,
2263 af_elock_keys + sk->sk_family,
2264 af_family_elock_key_strings[sk->sk_family]);
2265 lockdep_set_class_and_name(&sk->sk_callback_lock,
2266 af_callback_keys + sk->sk_family,
2267 af_family_clock_key_strings[sk->sk_family]);
2268}
2269
2270/**
2271 * sk_clone_lock - clone a socket, and lock its clone
2272 * @sk: the socket to clone
2273 * @priority: for allocation (%GFP_KERNEL, %GFP_ATOMIC, etc)
2274 *
2275 * Caller must unlock socket even in error path (bh_unlock_sock(newsk))
2276 */
2277struct sock *sk_clone_lock(const struct sock *sk, const gfp_t priority)
2278{
2279 struct proto *prot = READ_ONCE(sk->sk_prot);
2280 struct sk_filter *filter;
2281 bool is_charged = true;
2282 struct sock *newsk;
2283
2284 newsk = sk_prot_alloc(prot, priority, sk->sk_family);
2285 if (!newsk)
2286 goto out;
2287
2288 sock_copy(newsk, sk);
2289
2290 newsk->sk_prot_creator = prot;
2291
2292 /* SANITY */
2293 if (likely(newsk->sk_net_refcnt)) {
2294 get_net_track(sock_net(newsk), &newsk->ns_tracker, priority);
2295 sock_inuse_add(sock_net(newsk), 1);
2296 } else {
2297 /* Kernel sockets are not elevating the struct net refcount.
2298 * Instead, use a tracker to more easily detect if a layer
2299 * is not properly dismantling its kernel sockets at netns
2300 * destroy time.
2301 */
2302 __netns_tracker_alloc(sock_net(newsk), &newsk->ns_tracker,
2303 false, priority);
2304 }
2305 sk_node_init(&newsk->sk_node);
2306 sock_lock_init(newsk);
2307 bh_lock_sock(newsk);
2308 newsk->sk_backlog.head = newsk->sk_backlog.tail = NULL;
2309 newsk->sk_backlog.len = 0;
2310
2311 atomic_set(&newsk->sk_rmem_alloc, 0);
2312
2313 /* sk_wmem_alloc set to one (see sk_free() and sock_wfree()) */
2314 refcount_set(&newsk->sk_wmem_alloc, 1);
2315
2316 atomic_set(&newsk->sk_omem_alloc, 0);
2317 sk_init_common(newsk);
2318
2319 newsk->sk_dst_cache = NULL;
2320 newsk->sk_dst_pending_confirm = 0;
2321 newsk->sk_wmem_queued = 0;
2322 newsk->sk_forward_alloc = 0;
2323 newsk->sk_reserved_mem = 0;
2324 atomic_set(&newsk->sk_drops, 0);
2325 newsk->sk_send_head = NULL;
2326 newsk->sk_userlocks = sk->sk_userlocks & ~SOCK_BINDPORT_LOCK;
2327 atomic_set(&newsk->sk_zckey, 0);
2328
2329 sock_reset_flag(newsk, SOCK_DONE);
2330
2331 /* sk->sk_memcg will be populated at accept() time */
2332 newsk->sk_memcg = NULL;
2333
2334 cgroup_sk_clone(&newsk->sk_cgrp_data);
2335
2336 rcu_read_lock();
2337 filter = rcu_dereference(sk->sk_filter);
2338 if (filter != NULL)
2339 /* though it's an empty new sock, the charging may fail
2340 * if sysctl_optmem_max was changed between creation of
2341 * original socket and cloning
2342 */
2343 is_charged = sk_filter_charge(newsk, filter);
2344 RCU_INIT_POINTER(newsk->sk_filter, filter);
2345 rcu_read_unlock();
2346
2347 if (unlikely(!is_charged || xfrm_sk_clone_policy(newsk, sk))) {
2348 /* We need to make sure that we don't uncharge the new
2349 * socket if we couldn't charge it in the first place
2350 * as otherwise we uncharge the parent's filter.
2351 */
2352 if (!is_charged)
2353 RCU_INIT_POINTER(newsk->sk_filter, NULL);
2354 sk_free_unlock_clone(newsk);
2355 newsk = NULL;
2356 goto out;
2357 }
2358 RCU_INIT_POINTER(newsk->sk_reuseport_cb, NULL);
2359
2360 if (bpf_sk_storage_clone(sk, newsk)) {
2361 sk_free_unlock_clone(newsk);
2362 newsk = NULL;
2363 goto out;
2364 }
2365
2366 /* Clear sk_user_data if parent had the pointer tagged
2367 * as not suitable for copying when cloning.
2368 */
2369 if (sk_user_data_is_nocopy(newsk))
2370 newsk->sk_user_data = NULL;
2371
2372 newsk->sk_err = 0;
2373 newsk->sk_err_soft = 0;
2374 newsk->sk_priority = 0;
2375 newsk->sk_incoming_cpu = raw_smp_processor_id();
2376
2377 /* Before updating sk_refcnt, we must commit prior changes to memory
2378 * (Documentation/RCU/rculist_nulls.rst for details)
2379 */
2380 smp_wmb();
2381 refcount_set(&newsk->sk_refcnt, 2);
2382
2383 sk_set_socket(newsk, NULL);
2384 sk_tx_queue_clear(newsk);
2385 RCU_INIT_POINTER(newsk->sk_wq, NULL);
2386
2387 if (newsk->sk_prot->sockets_allocated)
2388 sk_sockets_allocated_inc(newsk);
2389
2390 if (sock_needs_netstamp(sk) && newsk->sk_flags & SK_FLAGS_TIMESTAMP)
2391 net_enable_timestamp();
2392out:
2393 return newsk;
2394}
2395EXPORT_SYMBOL_GPL(sk_clone_lock);
2396
2397void sk_free_unlock_clone(struct sock *sk)
2398{
2399 /* It is still raw copy of parent, so invalidate
2400 * destructor and make plain sk_free() */
2401 sk->sk_destruct = NULL;
2402 bh_unlock_sock(sk);
2403 sk_free(sk);
2404}
2405EXPORT_SYMBOL_GPL(sk_free_unlock_clone);
2406
2407static u32 sk_dst_gso_max_size(struct sock *sk, struct dst_entry *dst)
2408{
2409 bool is_ipv6 = false;
2410 u32 max_size;
2411
2412#if IS_ENABLED(CONFIG_IPV6)
2413 is_ipv6 = (sk->sk_family == AF_INET6 &&
2414 !ipv6_addr_v4mapped(&sk->sk_v6_rcv_saddr));
2415#endif
2416 /* pairs with the WRITE_ONCE() in netif_set_gso(_ipv4)_max_size() */
2417 max_size = is_ipv6 ? READ_ONCE(dst->dev->gso_max_size) :
2418 READ_ONCE(dst->dev->gso_ipv4_max_size);
2419 if (max_size > GSO_LEGACY_MAX_SIZE && !sk_is_tcp(sk))
2420 max_size = GSO_LEGACY_MAX_SIZE;
2421
2422 return max_size - (MAX_TCP_HEADER + 1);
2423}
2424
2425void sk_setup_caps(struct sock *sk, struct dst_entry *dst)
2426{
2427 u32 max_segs = 1;
2428
2429 sk->sk_route_caps = dst->dev->features;
2430 if (sk_is_tcp(sk))
2431 sk->sk_route_caps |= NETIF_F_GSO;
2432 if (sk->sk_route_caps & NETIF_F_GSO)
2433 sk->sk_route_caps |= NETIF_F_GSO_SOFTWARE;
2434 if (unlikely(sk->sk_gso_disabled))
2435 sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
2436 if (sk_can_gso(sk)) {
2437 if (dst->header_len && !xfrm_dst_offload_ok(dst)) {
2438 sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
2439 } else {
2440 sk->sk_route_caps |= NETIF_F_SG | NETIF_F_HW_CSUM;
2441 sk->sk_gso_max_size = sk_dst_gso_max_size(sk, dst);
2442 /* pairs with the WRITE_ONCE() in netif_set_gso_max_segs() */
2443 max_segs = max_t(u32, READ_ONCE(dst->dev->gso_max_segs), 1);
2444 }
2445 }
2446 sk->sk_gso_max_segs = max_segs;
2447 sk_dst_set(sk, dst);
2448}
2449EXPORT_SYMBOL_GPL(sk_setup_caps);
2450
2451/*
2452 * Simple resource managers for sockets.
2453 */
2454
2455
2456/*
2457 * Write buffer destructor automatically called from kfree_skb.
2458 */
2459void sock_wfree(struct sk_buff *skb)
2460{
2461 struct sock *sk = skb->sk;
2462 unsigned int len = skb->truesize;
2463 bool free;
2464
2465 if (!sock_flag(sk, SOCK_USE_WRITE_QUEUE)) {
2466 if (sock_flag(sk, SOCK_RCU_FREE) &&
2467 sk->sk_write_space == sock_def_write_space) {
2468 rcu_read_lock();
2469 free = refcount_sub_and_test(len, &sk->sk_wmem_alloc);
2470 sock_def_write_space_wfree(sk);
2471 rcu_read_unlock();
2472 if (unlikely(free))
2473 __sk_free(sk);
2474 return;
2475 }
2476
2477 /*
2478 * Keep a reference on sk_wmem_alloc, this will be released
2479 * after sk_write_space() call
2480 */
2481 WARN_ON(refcount_sub_and_test(len - 1, &sk->sk_wmem_alloc));
2482 sk->sk_write_space(sk);
2483 len = 1;
2484 }
2485 /*
2486 * if sk_wmem_alloc reaches 0, we must finish what sk_free()
2487 * could not do because of in-flight packets
2488 */
2489 if (refcount_sub_and_test(len, &sk->sk_wmem_alloc))
2490 __sk_free(sk);
2491}
2492EXPORT_SYMBOL(sock_wfree);
2493
2494/* This variant of sock_wfree() is used by TCP,
2495 * since it sets SOCK_USE_WRITE_QUEUE.
2496 */
2497void __sock_wfree(struct sk_buff *skb)
2498{
2499 struct sock *sk = skb->sk;
2500
2501 if (refcount_sub_and_test(skb->truesize, &sk->sk_wmem_alloc))
2502 __sk_free(sk);
2503}
2504
2505void skb_set_owner_w(struct sk_buff *skb, struct sock *sk)
2506{
2507 skb_orphan(skb);
2508 skb->sk = sk;
2509#ifdef CONFIG_INET
2510 if (unlikely(!sk_fullsock(sk))) {
2511 skb->destructor = sock_edemux;
2512 sock_hold(sk);
2513 return;
2514 }
2515#endif
2516 skb->destructor = sock_wfree;
2517 skb_set_hash_from_sk(skb, sk);
2518 /*
2519 * We used to take a refcount on sk, but following operation
2520 * is enough to guarantee sk_free() wont free this sock until
2521 * all in-flight packets are completed
2522 */
2523 refcount_add(skb->truesize, &sk->sk_wmem_alloc);
2524}
2525EXPORT_SYMBOL(skb_set_owner_w);
2526
2527static bool can_skb_orphan_partial(const struct sk_buff *skb)
2528{
2529#ifdef CONFIG_TLS_DEVICE
2530 /* Drivers depend on in-order delivery for crypto offload,
2531 * partial orphan breaks out-of-order-OK logic.
2532 */
2533 if (skb->decrypted)
2534 return false;
2535#endif
2536 return (skb->destructor == sock_wfree ||
2537 (IS_ENABLED(CONFIG_INET) && skb->destructor == tcp_wfree));
2538}
2539
2540/* This helper is used by netem, as it can hold packets in its
2541 * delay queue. We want to allow the owner socket to send more
2542 * packets, as if they were already TX completed by a typical driver.
2543 * But we also want to keep skb->sk set because some packet schedulers
2544 * rely on it (sch_fq for example).
2545 */
2546void skb_orphan_partial(struct sk_buff *skb)
2547{
2548 if (skb_is_tcp_pure_ack(skb))
2549 return;
2550
2551 if (can_skb_orphan_partial(skb) && skb_set_owner_sk_safe(skb, skb->sk))
2552 return;
2553
2554 skb_orphan(skb);
2555}
2556EXPORT_SYMBOL(skb_orphan_partial);
2557
2558/*
2559 * Read buffer destructor automatically called from kfree_skb.
2560 */
2561void sock_rfree(struct sk_buff *skb)
2562{
2563 struct sock *sk = skb->sk;
2564 unsigned int len = skb->truesize;
2565
2566 atomic_sub(len, &sk->sk_rmem_alloc);
2567 sk_mem_uncharge(sk, len);
2568}
2569EXPORT_SYMBOL(sock_rfree);
2570
2571/*
2572 * Buffer destructor for skbs that are not used directly in read or write
2573 * path, e.g. for error handler skbs. Automatically called from kfree_skb.
2574 */
2575void sock_efree(struct sk_buff *skb)
2576{
2577 sock_put(skb->sk);
2578}
2579EXPORT_SYMBOL(sock_efree);
2580
2581/* Buffer destructor for prefetch/receive path where reference count may
2582 * not be held, e.g. for listen sockets.
2583 */
2584#ifdef CONFIG_INET
2585void sock_pfree(struct sk_buff *skb)
2586{
2587 struct sock *sk = skb->sk;
2588
2589 if (!sk_is_refcounted(sk))
2590 return;
2591
2592 if (sk->sk_state == TCP_NEW_SYN_RECV && inet_reqsk(sk)->syncookie) {
2593 inet_reqsk(sk)->rsk_listener = NULL;
2594 reqsk_free(inet_reqsk(sk));
2595 return;
2596 }
2597
2598 sock_gen_put(sk);
2599}
2600EXPORT_SYMBOL(sock_pfree);
2601#endif /* CONFIG_INET */
2602
2603kuid_t sock_i_uid(struct sock *sk)
2604{
2605 kuid_t uid;
2606
2607 read_lock_bh(&sk->sk_callback_lock);
2608 uid = sk->sk_socket ? SOCK_INODE(sk->sk_socket)->i_uid : GLOBAL_ROOT_UID;
2609 read_unlock_bh(&sk->sk_callback_lock);
2610 return uid;
2611}
2612EXPORT_SYMBOL(sock_i_uid);
2613
2614unsigned long __sock_i_ino(struct sock *sk)
2615{
2616 unsigned long ino;
2617
2618 read_lock(&sk->sk_callback_lock);
2619 ino = sk->sk_socket ? SOCK_INODE(sk->sk_socket)->i_ino : 0;
2620 read_unlock(&sk->sk_callback_lock);
2621 return ino;
2622}
2623EXPORT_SYMBOL(__sock_i_ino);
2624
2625unsigned long sock_i_ino(struct sock *sk)
2626{
2627 unsigned long ino;
2628
2629 local_bh_disable();
2630 ino = __sock_i_ino(sk);
2631 local_bh_enable();
2632 return ino;
2633}
2634EXPORT_SYMBOL(sock_i_ino);
2635
2636/*
2637 * Allocate a skb from the socket's send buffer.
2638 */
2639struct sk_buff *sock_wmalloc(struct sock *sk, unsigned long size, int force,
2640 gfp_t priority)
2641{
2642 if (force ||
2643 refcount_read(&sk->sk_wmem_alloc) < READ_ONCE(sk->sk_sndbuf)) {
2644 struct sk_buff *skb = alloc_skb(size, priority);
2645
2646 if (skb) {
2647 skb_set_owner_w(skb, sk);
2648 return skb;
2649 }
2650 }
2651 return NULL;
2652}
2653EXPORT_SYMBOL(sock_wmalloc);
2654
2655static void sock_ofree(struct sk_buff *skb)
2656{
2657 struct sock *sk = skb->sk;
2658
2659 atomic_sub(skb->truesize, &sk->sk_omem_alloc);
2660}
2661
2662struct sk_buff *sock_omalloc(struct sock *sk, unsigned long size,
2663 gfp_t priority)
2664{
2665 struct sk_buff *skb;
2666
2667 /* small safe race: SKB_TRUESIZE may differ from final skb->truesize */
2668 if (atomic_read(&sk->sk_omem_alloc) + SKB_TRUESIZE(size) >
2669 READ_ONCE(sock_net(sk)->core.sysctl_optmem_max))
2670 return NULL;
2671
2672 skb = alloc_skb(size, priority);
2673 if (!skb)
2674 return NULL;
2675
2676 atomic_add(skb->truesize, &sk->sk_omem_alloc);
2677 skb->sk = sk;
2678 skb->destructor = sock_ofree;
2679 return skb;
2680}
2681
2682/*
2683 * Allocate a memory block from the socket's option memory buffer.
2684 */
2685void *sock_kmalloc(struct sock *sk, int size, gfp_t priority)
2686{
2687 int optmem_max = READ_ONCE(sock_net(sk)->core.sysctl_optmem_max);
2688
2689 if ((unsigned int)size <= optmem_max &&
2690 atomic_read(&sk->sk_omem_alloc) + size < optmem_max) {
2691 void *mem;
2692 /* First do the add, to avoid the race if kmalloc
2693 * might sleep.
2694 */
2695 atomic_add(size, &sk->sk_omem_alloc);
2696 mem = kmalloc(size, priority);
2697 if (mem)
2698 return mem;
2699 atomic_sub(size, &sk->sk_omem_alloc);
2700 }
2701 return NULL;
2702}
2703EXPORT_SYMBOL(sock_kmalloc);
2704
2705/* Free an option memory block. Note, we actually want the inline
2706 * here as this allows gcc to detect the nullify and fold away the
2707 * condition entirely.
2708 */
2709static inline void __sock_kfree_s(struct sock *sk, void *mem, int size,
2710 const bool nullify)
2711{
2712 if (WARN_ON_ONCE(!mem))
2713 return;
2714 if (nullify)
2715 kfree_sensitive(mem);
2716 else
2717 kfree(mem);
2718 atomic_sub(size, &sk->sk_omem_alloc);
2719}
2720
2721void sock_kfree_s(struct sock *sk, void *mem, int size)
2722{
2723 __sock_kfree_s(sk, mem, size, false);
2724}
2725EXPORT_SYMBOL(sock_kfree_s);
2726
2727void sock_kzfree_s(struct sock *sk, void *mem, int size)
2728{
2729 __sock_kfree_s(sk, mem, size, true);
2730}
2731EXPORT_SYMBOL(sock_kzfree_s);
2732
2733/* It is almost wait_for_tcp_memory minus release_sock/lock_sock.
2734 I think, these locks should be removed for datagram sockets.
2735 */
2736static long sock_wait_for_wmem(struct sock *sk, long timeo)
2737{
2738 DEFINE_WAIT(wait);
2739
2740 sk_clear_bit(SOCKWQ_ASYNC_NOSPACE, sk);
2741 for (;;) {
2742 if (!timeo)
2743 break;
2744 if (signal_pending(current))
2745 break;
2746 set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
2747 prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
2748 if (refcount_read(&sk->sk_wmem_alloc) < READ_ONCE(sk->sk_sndbuf))
2749 break;
2750 if (READ_ONCE(sk->sk_shutdown) & SEND_SHUTDOWN)
2751 break;
2752 if (READ_ONCE(sk->sk_err))
2753 break;
2754 timeo = schedule_timeout(timeo);
2755 }
2756 finish_wait(sk_sleep(sk), &wait);
2757 return timeo;
2758}
2759
2760
2761/*
2762 * Generic send/receive buffer handlers
2763 */
2764
2765struct sk_buff *sock_alloc_send_pskb(struct sock *sk, unsigned long header_len,
2766 unsigned long data_len, int noblock,
2767 int *errcode, int max_page_order)
2768{
2769 struct sk_buff *skb;
2770 long timeo;
2771 int err;
2772
2773 timeo = sock_sndtimeo(sk, noblock);
2774 for (;;) {
2775 err = sock_error(sk);
2776 if (err != 0)
2777 goto failure;
2778
2779 err = -EPIPE;
2780 if (READ_ONCE(sk->sk_shutdown) & SEND_SHUTDOWN)
2781 goto failure;
2782
2783 if (sk_wmem_alloc_get(sk) < READ_ONCE(sk->sk_sndbuf))
2784 break;
2785
2786 sk_set_bit(SOCKWQ_ASYNC_NOSPACE, sk);
2787 set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
2788 err = -EAGAIN;
2789 if (!timeo)
2790 goto failure;
2791 if (signal_pending(current))
2792 goto interrupted;
2793 timeo = sock_wait_for_wmem(sk, timeo);
2794 }
2795 skb = alloc_skb_with_frags(header_len, data_len, max_page_order,
2796 errcode, sk->sk_allocation);
2797 if (skb)
2798 skb_set_owner_w(skb, sk);
2799 return skb;
2800
2801interrupted:
2802 err = sock_intr_errno(timeo);
2803failure:
2804 *errcode = err;
2805 return NULL;
2806}
2807EXPORT_SYMBOL(sock_alloc_send_pskb);
2808
2809int __sock_cmsg_send(struct sock *sk, struct cmsghdr *cmsg,
2810 struct sockcm_cookie *sockc)
2811{
2812 u32 tsflags;
2813
2814 switch (cmsg->cmsg_type) {
2815 case SO_MARK:
2816 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_RAW) &&
2817 !ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN))
2818 return -EPERM;
2819 if (cmsg->cmsg_len != CMSG_LEN(sizeof(u32)))
2820 return -EINVAL;
2821 sockc->mark = *(u32 *)CMSG_DATA(cmsg);
2822 break;
2823 case SO_TIMESTAMPING_OLD:
2824 case SO_TIMESTAMPING_NEW:
2825 if (cmsg->cmsg_len != CMSG_LEN(sizeof(u32)))
2826 return -EINVAL;
2827
2828 tsflags = *(u32 *)CMSG_DATA(cmsg);
2829 if (tsflags & ~SOF_TIMESTAMPING_TX_RECORD_MASK)
2830 return -EINVAL;
2831
2832 sockc->tsflags &= ~SOF_TIMESTAMPING_TX_RECORD_MASK;
2833 sockc->tsflags |= tsflags;
2834 break;
2835 case SCM_TXTIME:
2836 if (!sock_flag(sk, SOCK_TXTIME))
2837 return -EINVAL;
2838 if (cmsg->cmsg_len != CMSG_LEN(sizeof(u64)))
2839 return -EINVAL;
2840 sockc->transmit_time = get_unaligned((u64 *)CMSG_DATA(cmsg));
2841 break;
2842 /* SCM_RIGHTS and SCM_CREDENTIALS are semantically in SOL_UNIX. */
2843 case SCM_RIGHTS:
2844 case SCM_CREDENTIALS:
2845 break;
2846 default:
2847 return -EINVAL;
2848 }
2849 return 0;
2850}
2851EXPORT_SYMBOL(__sock_cmsg_send);
2852
2853int sock_cmsg_send(struct sock *sk, struct msghdr *msg,
2854 struct sockcm_cookie *sockc)
2855{
2856 struct cmsghdr *cmsg;
2857 int ret;
2858
2859 for_each_cmsghdr(cmsg, msg) {
2860 if (!CMSG_OK(msg, cmsg))
2861 return -EINVAL;
2862 if (cmsg->cmsg_level != SOL_SOCKET)
2863 continue;
2864 ret = __sock_cmsg_send(sk, cmsg, sockc);
2865 if (ret)
2866 return ret;
2867 }
2868 return 0;
2869}
2870EXPORT_SYMBOL(sock_cmsg_send);
2871
2872static void sk_enter_memory_pressure(struct sock *sk)
2873{
2874 if (!sk->sk_prot->enter_memory_pressure)
2875 return;
2876
2877 sk->sk_prot->enter_memory_pressure(sk);
2878}
2879
2880static void sk_leave_memory_pressure(struct sock *sk)
2881{
2882 if (sk->sk_prot->leave_memory_pressure) {
2883 INDIRECT_CALL_INET_1(sk->sk_prot->leave_memory_pressure,
2884 tcp_leave_memory_pressure, sk);
2885 } else {
2886 unsigned long *memory_pressure = sk->sk_prot->memory_pressure;
2887
2888 if (memory_pressure && READ_ONCE(*memory_pressure))
2889 WRITE_ONCE(*memory_pressure, 0);
2890 }
2891}
2892
2893DEFINE_STATIC_KEY_FALSE(net_high_order_alloc_disable_key);
2894
2895/**
2896 * skb_page_frag_refill - check that a page_frag contains enough room
2897 * @sz: minimum size of the fragment we want to get
2898 * @pfrag: pointer to page_frag
2899 * @gfp: priority for memory allocation
2900 *
2901 * Note: While this allocator tries to use high order pages, there is
2902 * no guarantee that allocations succeed. Therefore, @sz MUST be
2903 * less or equal than PAGE_SIZE.
2904 */
2905bool skb_page_frag_refill(unsigned int sz, struct page_frag *pfrag, gfp_t gfp)
2906{
2907 if (pfrag->page) {
2908 if (page_ref_count(pfrag->page) == 1) {
2909 pfrag->offset = 0;
2910 return true;
2911 }
2912 if (pfrag->offset + sz <= pfrag->size)
2913 return true;
2914 put_page(pfrag->page);
2915 }
2916
2917 pfrag->offset = 0;
2918 if (SKB_FRAG_PAGE_ORDER &&
2919 !static_branch_unlikely(&net_high_order_alloc_disable_key)) {
2920 /* Avoid direct reclaim but allow kswapd to wake */
2921 pfrag->page = alloc_pages((gfp & ~__GFP_DIRECT_RECLAIM) |
2922 __GFP_COMP | __GFP_NOWARN |
2923 __GFP_NORETRY,
2924 SKB_FRAG_PAGE_ORDER);
2925 if (likely(pfrag->page)) {
2926 pfrag->size = PAGE_SIZE << SKB_FRAG_PAGE_ORDER;
2927 return true;
2928 }
2929 }
2930 pfrag->page = alloc_page(gfp);
2931 if (likely(pfrag->page)) {
2932 pfrag->size = PAGE_SIZE;
2933 return true;
2934 }
2935 return false;
2936}
2937EXPORT_SYMBOL(skb_page_frag_refill);
2938
2939bool sk_page_frag_refill(struct sock *sk, struct page_frag *pfrag)
2940{
2941 if (likely(skb_page_frag_refill(32U, pfrag, sk->sk_allocation)))
2942 return true;
2943
2944 sk_enter_memory_pressure(sk);
2945 sk_stream_moderate_sndbuf(sk);
2946 return false;
2947}
2948EXPORT_SYMBOL(sk_page_frag_refill);
2949
2950void __lock_sock(struct sock *sk)
2951 __releases(&sk->sk_lock.slock)
2952 __acquires(&sk->sk_lock.slock)
2953{
2954 DEFINE_WAIT(wait);
2955
2956 for (;;) {
2957 prepare_to_wait_exclusive(&sk->sk_lock.wq, &wait,
2958 TASK_UNINTERRUPTIBLE);
2959 spin_unlock_bh(&sk->sk_lock.slock);
2960 schedule();
2961 spin_lock_bh(&sk->sk_lock.slock);
2962 if (!sock_owned_by_user(sk))
2963 break;
2964 }
2965 finish_wait(&sk->sk_lock.wq, &wait);
2966}
2967
2968void __release_sock(struct sock *sk)
2969 __releases(&sk->sk_lock.slock)
2970 __acquires(&sk->sk_lock.slock)
2971{
2972 struct sk_buff *skb, *next;
2973
2974 while ((skb = sk->sk_backlog.head) != NULL) {
2975 sk->sk_backlog.head = sk->sk_backlog.tail = NULL;
2976
2977 spin_unlock_bh(&sk->sk_lock.slock);
2978
2979 do {
2980 next = skb->next;
2981 prefetch(next);
2982 DEBUG_NET_WARN_ON_ONCE(skb_dst_is_noref(skb));
2983 skb_mark_not_on_list(skb);
2984 sk_backlog_rcv(sk, skb);
2985
2986 cond_resched();
2987
2988 skb = next;
2989 } while (skb != NULL);
2990
2991 spin_lock_bh(&sk->sk_lock.slock);
2992 }
2993
2994 /*
2995 * Doing the zeroing here guarantee we can not loop forever
2996 * while a wild producer attempts to flood us.
2997 */
2998 sk->sk_backlog.len = 0;
2999}
3000
3001void __sk_flush_backlog(struct sock *sk)
3002{
3003 spin_lock_bh(&sk->sk_lock.slock);
3004 __release_sock(sk);
3005
3006 if (sk->sk_prot->release_cb)
3007 INDIRECT_CALL_INET_1(sk->sk_prot->release_cb,
3008 tcp_release_cb, sk);
3009
3010 spin_unlock_bh(&sk->sk_lock.slock);
3011}
3012EXPORT_SYMBOL_GPL(__sk_flush_backlog);
3013
3014/**
3015 * sk_wait_data - wait for data to arrive at sk_receive_queue
3016 * @sk: sock to wait on
3017 * @timeo: for how long
3018 * @skb: last skb seen on sk_receive_queue
3019 *
3020 * Now socket state including sk->sk_err is changed only under lock,
3021 * hence we may omit checks after joining wait queue.
3022 * We check receive queue before schedule() only as optimization;
3023 * it is very likely that release_sock() added new data.
3024 */
3025int sk_wait_data(struct sock *sk, long *timeo, const struct sk_buff *skb)
3026{
3027 DEFINE_WAIT_FUNC(wait, woken_wake_function);
3028 int rc;
3029
3030 add_wait_queue(sk_sleep(sk), &wait);
3031 sk_set_bit(SOCKWQ_ASYNC_WAITDATA, sk);
3032 rc = sk_wait_event(sk, timeo, skb_peek_tail(&sk->sk_receive_queue) != skb, &wait);
3033 sk_clear_bit(SOCKWQ_ASYNC_WAITDATA, sk);
3034 remove_wait_queue(sk_sleep(sk), &wait);
3035 return rc;
3036}
3037EXPORT_SYMBOL(sk_wait_data);
3038
3039/**
3040 * __sk_mem_raise_allocated - increase memory_allocated
3041 * @sk: socket
3042 * @size: memory size to allocate
3043 * @amt: pages to allocate
3044 * @kind: allocation type
3045 *
3046 * Similar to __sk_mem_schedule(), but does not update sk_forward_alloc.
3047 *
3048 * Unlike the globally shared limits among the sockets under same protocol,
3049 * consuming the budget of a memcg won't have direct effect on other ones.
3050 * So be optimistic about memcg's tolerance, and leave the callers to decide
3051 * whether or not to raise allocated through sk_under_memory_pressure() or
3052 * its variants.
3053 */
3054int __sk_mem_raise_allocated(struct sock *sk, int size, int amt, int kind)
3055{
3056 struct mem_cgroup *memcg = mem_cgroup_sockets_enabled ? sk->sk_memcg : NULL;
3057 struct proto *prot = sk->sk_prot;
3058 bool charged = false;
3059 long allocated;
3060
3061 sk_memory_allocated_add(sk, amt);
3062 allocated = sk_memory_allocated(sk);
3063
3064 if (memcg) {
3065 if (!mem_cgroup_charge_skmem(memcg, amt, gfp_memcg_charge()))
3066 goto suppress_allocation;
3067 charged = true;
3068 }
3069
3070 /* Under limit. */
3071 if (allocated <= sk_prot_mem_limits(sk, 0)) {
3072 sk_leave_memory_pressure(sk);
3073 return 1;
3074 }
3075
3076 /* Under pressure. */
3077 if (allocated > sk_prot_mem_limits(sk, 1))
3078 sk_enter_memory_pressure(sk);
3079
3080 /* Over hard limit. */
3081 if (allocated > sk_prot_mem_limits(sk, 2))
3082 goto suppress_allocation;
3083
3084 /* Guarantee minimum buffer size under pressure (either global
3085 * or memcg) to make sure features described in RFC 7323 (TCP
3086 * Extensions for High Performance) work properly.
3087 *
3088 * This rule does NOT stand when exceeds global or memcg's hard
3089 * limit, or else a DoS attack can be taken place by spawning
3090 * lots of sockets whose usage are under minimum buffer size.
3091 */
3092 if (kind == SK_MEM_RECV) {
3093 if (atomic_read(&sk->sk_rmem_alloc) < sk_get_rmem0(sk, prot))
3094 return 1;
3095
3096 } else { /* SK_MEM_SEND */
3097 int wmem0 = sk_get_wmem0(sk, prot);
3098
3099 if (sk->sk_type == SOCK_STREAM) {
3100 if (sk->sk_wmem_queued < wmem0)
3101 return 1;
3102 } else if (refcount_read(&sk->sk_wmem_alloc) < wmem0) {
3103 return 1;
3104 }
3105 }
3106
3107 if (sk_has_memory_pressure(sk)) {
3108 u64 alloc;
3109
3110 /* The following 'average' heuristic is within the
3111 * scope of global accounting, so it only makes
3112 * sense for global memory pressure.
3113 */
3114 if (!sk_under_global_memory_pressure(sk))
3115 return 1;
3116
3117 /* Try to be fair among all the sockets under global
3118 * pressure by allowing the ones that below average
3119 * usage to raise.
3120 */
3121 alloc = sk_sockets_allocated_read_positive(sk);
3122 if (sk_prot_mem_limits(sk, 2) > alloc *
3123 sk_mem_pages(sk->sk_wmem_queued +
3124 atomic_read(&sk->sk_rmem_alloc) +
3125 sk->sk_forward_alloc))
3126 return 1;
3127 }
3128
3129suppress_allocation:
3130
3131 if (kind == SK_MEM_SEND && sk->sk_type == SOCK_STREAM) {
3132 sk_stream_moderate_sndbuf(sk);
3133
3134 /* Fail only if socket is _under_ its sndbuf.
3135 * In this case we cannot block, so that we have to fail.
3136 */
3137 if (sk->sk_wmem_queued + size >= sk->sk_sndbuf) {
3138 /* Force charge with __GFP_NOFAIL */
3139 if (memcg && !charged) {
3140 mem_cgroup_charge_skmem(memcg, amt,
3141 gfp_memcg_charge() | __GFP_NOFAIL);
3142 }
3143 return 1;
3144 }
3145 }
3146
3147 if (kind == SK_MEM_SEND || (kind == SK_MEM_RECV && charged))
3148 trace_sock_exceed_buf_limit(sk, prot, allocated, kind);
3149
3150 sk_memory_allocated_sub(sk, amt);
3151
3152 if (charged)
3153 mem_cgroup_uncharge_skmem(memcg, amt);
3154
3155 return 0;
3156}
3157
3158/**
3159 * __sk_mem_schedule - increase sk_forward_alloc and memory_allocated
3160 * @sk: socket
3161 * @size: memory size to allocate
3162 * @kind: allocation type
3163 *
3164 * If kind is SK_MEM_SEND, it means wmem allocation. Otherwise it means
3165 * rmem allocation. This function assumes that protocols which have
3166 * memory_pressure use sk_wmem_queued as write buffer accounting.
3167 */
3168int __sk_mem_schedule(struct sock *sk, int size, int kind)
3169{
3170 int ret, amt = sk_mem_pages(size);
3171
3172 sk_forward_alloc_add(sk, amt << PAGE_SHIFT);
3173 ret = __sk_mem_raise_allocated(sk, size, amt, kind);
3174 if (!ret)
3175 sk_forward_alloc_add(sk, -(amt << PAGE_SHIFT));
3176 return ret;
3177}
3178EXPORT_SYMBOL(__sk_mem_schedule);
3179
3180/**
3181 * __sk_mem_reduce_allocated - reclaim memory_allocated
3182 * @sk: socket
3183 * @amount: number of quanta
3184 *
3185 * Similar to __sk_mem_reclaim(), but does not update sk_forward_alloc
3186 */
3187void __sk_mem_reduce_allocated(struct sock *sk, int amount)
3188{
3189 sk_memory_allocated_sub(sk, amount);
3190
3191 if (mem_cgroup_sockets_enabled && sk->sk_memcg)
3192 mem_cgroup_uncharge_skmem(sk->sk_memcg, amount);
3193
3194 if (sk_under_global_memory_pressure(sk) &&
3195 (sk_memory_allocated(sk) < sk_prot_mem_limits(sk, 0)))
3196 sk_leave_memory_pressure(sk);
3197}
3198
3199/**
3200 * __sk_mem_reclaim - reclaim sk_forward_alloc and memory_allocated
3201 * @sk: socket
3202 * @amount: number of bytes (rounded down to a PAGE_SIZE multiple)
3203 */
3204void __sk_mem_reclaim(struct sock *sk, int amount)
3205{
3206 amount >>= PAGE_SHIFT;
3207 sk_forward_alloc_add(sk, -(amount << PAGE_SHIFT));
3208 __sk_mem_reduce_allocated(sk, amount);
3209}
3210EXPORT_SYMBOL(__sk_mem_reclaim);
3211
3212int sk_set_peek_off(struct sock *sk, int val)
3213{
3214 WRITE_ONCE(sk->sk_peek_off, val);
3215 return 0;
3216}
3217EXPORT_SYMBOL_GPL(sk_set_peek_off);
3218
3219/*
3220 * Set of default routines for initialising struct proto_ops when
3221 * the protocol does not support a particular function. In certain
3222 * cases where it makes no sense for a protocol to have a "do nothing"
3223 * function, some default processing is provided.
3224 */
3225
3226int sock_no_bind(struct socket *sock, struct sockaddr *saddr, int len)
3227{
3228 return -EOPNOTSUPP;
3229}
3230EXPORT_SYMBOL(sock_no_bind);
3231
3232int sock_no_connect(struct socket *sock, struct sockaddr *saddr,
3233 int len, int flags)
3234{
3235 return -EOPNOTSUPP;
3236}
3237EXPORT_SYMBOL(sock_no_connect);
3238
3239int sock_no_socketpair(struct socket *sock1, struct socket *sock2)
3240{
3241 return -EOPNOTSUPP;
3242}
3243EXPORT_SYMBOL(sock_no_socketpair);
3244
3245int sock_no_accept(struct socket *sock, struct socket *newsock, int flags,
3246 bool kern)
3247{
3248 return -EOPNOTSUPP;
3249}
3250EXPORT_SYMBOL(sock_no_accept);
3251
3252int sock_no_getname(struct socket *sock, struct sockaddr *saddr,
3253 int peer)
3254{
3255 return -EOPNOTSUPP;
3256}
3257EXPORT_SYMBOL(sock_no_getname);
3258
3259int sock_no_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
3260{
3261 return -EOPNOTSUPP;
3262}
3263EXPORT_SYMBOL(sock_no_ioctl);
3264
3265int sock_no_listen(struct socket *sock, int backlog)
3266{
3267 return -EOPNOTSUPP;
3268}
3269EXPORT_SYMBOL(sock_no_listen);
3270
3271int sock_no_shutdown(struct socket *sock, int how)
3272{
3273 return -EOPNOTSUPP;
3274}
3275EXPORT_SYMBOL(sock_no_shutdown);
3276
3277int sock_no_sendmsg(struct socket *sock, struct msghdr *m, size_t len)
3278{
3279 return -EOPNOTSUPP;
3280}
3281EXPORT_SYMBOL(sock_no_sendmsg);
3282
3283int sock_no_sendmsg_locked(struct sock *sk, struct msghdr *m, size_t len)
3284{
3285 return -EOPNOTSUPP;
3286}
3287EXPORT_SYMBOL(sock_no_sendmsg_locked);
3288
3289int sock_no_recvmsg(struct socket *sock, struct msghdr *m, size_t len,
3290 int flags)
3291{
3292 return -EOPNOTSUPP;
3293}
3294EXPORT_SYMBOL(sock_no_recvmsg);
3295
3296int sock_no_mmap(struct file *file, struct socket *sock, struct vm_area_struct *vma)
3297{
3298 /* Mirror missing mmap method error code */
3299 return -ENODEV;
3300}
3301EXPORT_SYMBOL(sock_no_mmap);
3302
3303/*
3304 * When a file is received (via SCM_RIGHTS, etc), we must bump the
3305 * various sock-based usage counts.
3306 */
3307void __receive_sock(struct file *file)
3308{
3309 struct socket *sock;
3310
3311 sock = sock_from_file(file);
3312 if (sock) {
3313 sock_update_netprioidx(&sock->sk->sk_cgrp_data);
3314 sock_update_classid(&sock->sk->sk_cgrp_data);
3315 }
3316}
3317
3318/*
3319 * Default Socket Callbacks
3320 */
3321
3322static void sock_def_wakeup(struct sock *sk)
3323{
3324 struct socket_wq *wq;
3325
3326 rcu_read_lock();
3327 wq = rcu_dereference(sk->sk_wq);
3328 if (skwq_has_sleeper(wq))
3329 wake_up_interruptible_all(&wq->wait);
3330 rcu_read_unlock();
3331}
3332
3333static void sock_def_error_report(struct sock *sk)
3334{
3335 struct socket_wq *wq;
3336
3337 rcu_read_lock();
3338 wq = rcu_dereference(sk->sk_wq);
3339 if (skwq_has_sleeper(wq))
3340 wake_up_interruptible_poll(&wq->wait, EPOLLERR);
3341 sk_wake_async(sk, SOCK_WAKE_IO, POLL_ERR);
3342 rcu_read_unlock();
3343}
3344
3345void sock_def_readable(struct sock *sk)
3346{
3347 struct socket_wq *wq;
3348
3349 trace_sk_data_ready(sk);
3350
3351 rcu_read_lock();
3352 wq = rcu_dereference(sk->sk_wq);
3353 if (skwq_has_sleeper(wq))
3354 wake_up_interruptible_sync_poll(&wq->wait, EPOLLIN | EPOLLPRI |
3355 EPOLLRDNORM | EPOLLRDBAND);
3356 sk_wake_async(sk, SOCK_WAKE_WAITD, POLL_IN);
3357 rcu_read_unlock();
3358}
3359
3360static void sock_def_write_space(struct sock *sk)
3361{
3362 struct socket_wq *wq;
3363
3364 rcu_read_lock();
3365
3366 /* Do not wake up a writer until he can make "significant"
3367 * progress. --DaveM
3368 */
3369 if (sock_writeable(sk)) {
3370 wq = rcu_dereference(sk->sk_wq);
3371 if (skwq_has_sleeper(wq))
3372 wake_up_interruptible_sync_poll(&wq->wait, EPOLLOUT |
3373 EPOLLWRNORM | EPOLLWRBAND);
3374
3375 /* Should agree with poll, otherwise some programs break */
3376 sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);
3377 }
3378
3379 rcu_read_unlock();
3380}
3381
3382/* An optimised version of sock_def_write_space(), should only be called
3383 * for SOCK_RCU_FREE sockets under RCU read section and after putting
3384 * ->sk_wmem_alloc.
3385 */
3386static void sock_def_write_space_wfree(struct sock *sk)
3387{
3388 /* Do not wake up a writer until he can make "significant"
3389 * progress. --DaveM
3390 */
3391 if (sock_writeable(sk)) {
3392 struct socket_wq *wq = rcu_dereference(sk->sk_wq);
3393
3394 /* rely on refcount_sub from sock_wfree() */
3395 smp_mb__after_atomic();
3396 if (wq && waitqueue_active(&wq->wait))
3397 wake_up_interruptible_sync_poll(&wq->wait, EPOLLOUT |
3398 EPOLLWRNORM | EPOLLWRBAND);
3399
3400 /* Should agree with poll, otherwise some programs break */
3401 sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);
3402 }
3403}
3404
3405static void sock_def_destruct(struct sock *sk)
3406{
3407}
3408
3409void sk_send_sigurg(struct sock *sk)
3410{
3411 if (sk->sk_socket && sk->sk_socket->file)
3412 if (send_sigurg(&sk->sk_socket->file->f_owner))
3413 sk_wake_async(sk, SOCK_WAKE_URG, POLL_PRI);
3414}
3415EXPORT_SYMBOL(sk_send_sigurg);
3416
3417void sk_reset_timer(struct sock *sk, struct timer_list* timer,
3418 unsigned long expires)
3419{
3420 if (!mod_timer(timer, expires))
3421 sock_hold(sk);
3422}
3423EXPORT_SYMBOL(sk_reset_timer);
3424
3425void sk_stop_timer(struct sock *sk, struct timer_list* timer)
3426{
3427 if (del_timer(timer))
3428 __sock_put(sk);
3429}
3430EXPORT_SYMBOL(sk_stop_timer);
3431
3432void sk_stop_timer_sync(struct sock *sk, struct timer_list *timer)
3433{
3434 if (del_timer_sync(timer))
3435 __sock_put(sk);
3436}
3437EXPORT_SYMBOL(sk_stop_timer_sync);
3438
3439void sock_init_data_uid(struct socket *sock, struct sock *sk, kuid_t uid)
3440{
3441 sk_init_common(sk);
3442 sk->sk_send_head = NULL;
3443
3444 timer_setup(&sk->sk_timer, NULL, 0);
3445
3446 sk->sk_allocation = GFP_KERNEL;
3447 sk->sk_rcvbuf = READ_ONCE(sysctl_rmem_default);
3448 sk->sk_sndbuf = READ_ONCE(sysctl_wmem_default);
3449 sk->sk_state = TCP_CLOSE;
3450 sk->sk_use_task_frag = true;
3451 sk_set_socket(sk, sock);
3452
3453 sock_set_flag(sk, SOCK_ZAPPED);
3454
3455 if (sock) {
3456 sk->sk_type = sock->type;
3457 RCU_INIT_POINTER(sk->sk_wq, &sock->wq);
3458 sock->sk = sk;
3459 } else {
3460 RCU_INIT_POINTER(sk->sk_wq, NULL);
3461 }
3462 sk->sk_uid = uid;
3463
3464 rwlock_init(&sk->sk_callback_lock);
3465 if (sk->sk_kern_sock)
3466 lockdep_set_class_and_name(
3467 &sk->sk_callback_lock,
3468 af_kern_callback_keys + sk->sk_family,
3469 af_family_kern_clock_key_strings[sk->sk_family]);
3470 else
3471 lockdep_set_class_and_name(
3472 &sk->sk_callback_lock,
3473 af_callback_keys + sk->sk_family,
3474 af_family_clock_key_strings[sk->sk_family]);
3475
3476 sk->sk_state_change = sock_def_wakeup;
3477 sk->sk_data_ready = sock_def_readable;
3478 sk->sk_write_space = sock_def_write_space;
3479 sk->sk_error_report = sock_def_error_report;
3480 sk->sk_destruct = sock_def_destruct;
3481
3482 sk->sk_frag.page = NULL;
3483 sk->sk_frag.offset = 0;
3484 sk->sk_peek_off = -1;
3485
3486 sk->sk_peer_pid = NULL;
3487 sk->sk_peer_cred = NULL;
3488 spin_lock_init(&sk->sk_peer_lock);
3489
3490 sk->sk_write_pending = 0;
3491 sk->sk_rcvlowat = 1;
3492 sk->sk_rcvtimeo = MAX_SCHEDULE_TIMEOUT;
3493 sk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
3494
3495 sk->sk_stamp = SK_DEFAULT_STAMP;
3496#if BITS_PER_LONG==32
3497 seqlock_init(&sk->sk_stamp_seq);
3498#endif
3499 atomic_set(&sk->sk_zckey, 0);
3500
3501#ifdef CONFIG_NET_RX_BUSY_POLL
3502 sk->sk_napi_id = 0;
3503 sk->sk_ll_usec = READ_ONCE(sysctl_net_busy_read);
3504#endif
3505
3506 sk->sk_max_pacing_rate = ~0UL;
3507 sk->sk_pacing_rate = ~0UL;
3508 WRITE_ONCE(sk->sk_pacing_shift, 10);
3509 sk->sk_incoming_cpu = -1;
3510
3511 sk_rx_queue_clear(sk);
3512 /*
3513 * Before updating sk_refcnt, we must commit prior changes to memory
3514 * (Documentation/RCU/rculist_nulls.rst for details)
3515 */
3516 smp_wmb();
3517 refcount_set(&sk->sk_refcnt, 1);
3518 atomic_set(&sk->sk_drops, 0);
3519}
3520EXPORT_SYMBOL(sock_init_data_uid);
3521
3522void sock_init_data(struct socket *sock, struct sock *sk)
3523{
3524 kuid_t uid = sock ?
3525 SOCK_INODE(sock)->i_uid :
3526 make_kuid(sock_net(sk)->user_ns, 0);
3527
3528 sock_init_data_uid(sock, sk, uid);
3529}
3530EXPORT_SYMBOL(sock_init_data);
3531
3532void lock_sock_nested(struct sock *sk, int subclass)
3533{
3534 /* The sk_lock has mutex_lock() semantics here. */
3535 mutex_acquire(&sk->sk_lock.dep_map, subclass, 0, _RET_IP_);
3536
3537 might_sleep();
3538 spin_lock_bh(&sk->sk_lock.slock);
3539 if (sock_owned_by_user_nocheck(sk))
3540 __lock_sock(sk);
3541 sk->sk_lock.owned = 1;
3542 spin_unlock_bh(&sk->sk_lock.slock);
3543}
3544EXPORT_SYMBOL(lock_sock_nested);
3545
3546void release_sock(struct sock *sk)
3547{
3548 spin_lock_bh(&sk->sk_lock.slock);
3549 if (sk->sk_backlog.tail)
3550 __release_sock(sk);
3551
3552 if (sk->sk_prot->release_cb)
3553 INDIRECT_CALL_INET_1(sk->sk_prot->release_cb,
3554 tcp_release_cb, sk);
3555
3556 sock_release_ownership(sk);
3557 if (waitqueue_active(&sk->sk_lock.wq))
3558 wake_up(&sk->sk_lock.wq);
3559 spin_unlock_bh(&sk->sk_lock.slock);
3560}
3561EXPORT_SYMBOL(release_sock);
3562
3563bool __lock_sock_fast(struct sock *sk) __acquires(&sk->sk_lock.slock)
3564{
3565 might_sleep();
3566 spin_lock_bh(&sk->sk_lock.slock);
3567
3568 if (!sock_owned_by_user_nocheck(sk)) {
3569 /*
3570 * Fast path return with bottom halves disabled and
3571 * sock::sk_lock.slock held.
3572 *
3573 * The 'mutex' is not contended and holding
3574 * sock::sk_lock.slock prevents all other lockers to
3575 * proceed so the corresponding unlock_sock_fast() can
3576 * avoid the slow path of release_sock() completely and
3577 * just release slock.
3578 *
3579 * From a semantical POV this is equivalent to 'acquiring'
3580 * the 'mutex', hence the corresponding lockdep
3581 * mutex_release() has to happen in the fast path of
3582 * unlock_sock_fast().
3583 */
3584 return false;
3585 }
3586
3587 __lock_sock(sk);
3588 sk->sk_lock.owned = 1;
3589 __acquire(&sk->sk_lock.slock);
3590 spin_unlock_bh(&sk->sk_lock.slock);
3591 return true;
3592}
3593EXPORT_SYMBOL(__lock_sock_fast);
3594
3595int sock_gettstamp(struct socket *sock, void __user *userstamp,
3596 bool timeval, bool time32)
3597{
3598 struct sock *sk = sock->sk;
3599 struct timespec64 ts;
3600
3601 sock_enable_timestamp(sk, SOCK_TIMESTAMP);
3602 ts = ktime_to_timespec64(sock_read_timestamp(sk));
3603 if (ts.tv_sec == -1)
3604 return -ENOENT;
3605 if (ts.tv_sec == 0) {
3606 ktime_t kt = ktime_get_real();
3607 sock_write_timestamp(sk, kt);
3608 ts = ktime_to_timespec64(kt);
3609 }
3610
3611 if (timeval)
3612 ts.tv_nsec /= 1000;
3613
3614#ifdef CONFIG_COMPAT_32BIT_TIME
3615 if (time32)
3616 return put_old_timespec32(&ts, userstamp);
3617#endif
3618#ifdef CONFIG_SPARC64
3619 /* beware of padding in sparc64 timeval */
3620 if (timeval && !in_compat_syscall()) {
3621 struct __kernel_old_timeval __user tv = {
3622 .tv_sec = ts.tv_sec,
3623 .tv_usec = ts.tv_nsec,
3624 };
3625 if (copy_to_user(userstamp, &tv, sizeof(tv)))
3626 return -EFAULT;
3627 return 0;
3628 }
3629#endif
3630 return put_timespec64(&ts, userstamp);
3631}
3632EXPORT_SYMBOL(sock_gettstamp);
3633
3634void sock_enable_timestamp(struct sock *sk, enum sock_flags flag)
3635{
3636 if (!sock_flag(sk, flag)) {
3637 unsigned long previous_flags = sk->sk_flags;
3638
3639 sock_set_flag(sk, flag);
3640 /*
3641 * we just set one of the two flags which require net
3642 * time stamping, but time stamping might have been on
3643 * already because of the other one
3644 */
3645 if (sock_needs_netstamp(sk) &&
3646 !(previous_flags & SK_FLAGS_TIMESTAMP))
3647 net_enable_timestamp();
3648 }
3649}
3650
3651int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len,
3652 int level, int type)
3653{
3654 struct sock_exterr_skb *serr;
3655 struct sk_buff *skb;
3656 int copied, err;
3657
3658 err = -EAGAIN;
3659 skb = sock_dequeue_err_skb(sk);
3660 if (skb == NULL)
3661 goto out;
3662
3663 copied = skb->len;
3664 if (copied > len) {
3665 msg->msg_flags |= MSG_TRUNC;
3666 copied = len;
3667 }
3668 err = skb_copy_datagram_msg(skb, 0, msg, copied);
3669 if (err)
3670 goto out_free_skb;
3671
3672 sock_recv_timestamp(msg, sk, skb);
3673
3674 serr = SKB_EXT_ERR(skb);
3675 put_cmsg(msg, level, type, sizeof(serr->ee), &serr->ee);
3676
3677 msg->msg_flags |= MSG_ERRQUEUE;
3678 err = copied;
3679
3680out_free_skb:
3681 kfree_skb(skb);
3682out:
3683 return err;
3684}
3685EXPORT_SYMBOL(sock_recv_errqueue);
3686
3687/*
3688 * Get a socket option on an socket.
3689 *
3690 * FIX: POSIX 1003.1g is very ambiguous here. It states that
3691 * asynchronous errors should be reported by getsockopt. We assume
3692 * this means if you specify SO_ERROR (otherwise whats the point of it).
3693 */
3694int sock_common_getsockopt(struct socket *sock, int level, int optname,
3695 char __user *optval, int __user *optlen)
3696{
3697 struct sock *sk = sock->sk;
3698
3699 /* IPV6_ADDRFORM can change sk->sk_prot under us. */
3700 return READ_ONCE(sk->sk_prot)->getsockopt(sk, level, optname, optval, optlen);
3701}
3702EXPORT_SYMBOL(sock_common_getsockopt);
3703
3704int sock_common_recvmsg(struct socket *sock, struct msghdr *msg, size_t size,
3705 int flags)
3706{
3707 struct sock *sk = sock->sk;
3708 int addr_len = 0;
3709 int err;
3710
3711 err = sk->sk_prot->recvmsg(sk, msg, size, flags, &addr_len);
3712 if (err >= 0)
3713 msg->msg_namelen = addr_len;
3714 return err;
3715}
3716EXPORT_SYMBOL(sock_common_recvmsg);
3717
3718/*
3719 * Set socket options on an inet socket.
3720 */
3721int sock_common_setsockopt(struct socket *sock, int level, int optname,
3722 sockptr_t optval, unsigned int optlen)
3723{
3724 struct sock *sk = sock->sk;
3725
3726 /* IPV6_ADDRFORM can change sk->sk_prot under us. */
3727 return READ_ONCE(sk->sk_prot)->setsockopt(sk, level, optname, optval, optlen);
3728}
3729EXPORT_SYMBOL(sock_common_setsockopt);
3730
3731void sk_common_release(struct sock *sk)
3732{
3733 if (sk->sk_prot->destroy)
3734 sk->sk_prot->destroy(sk);
3735
3736 /*
3737 * Observation: when sk_common_release is called, processes have
3738 * no access to socket. But net still has.
3739 * Step one, detach it from networking:
3740 *
3741 * A. Remove from hash tables.
3742 */
3743
3744 sk->sk_prot->unhash(sk);
3745
3746 /*
3747 * In this point socket cannot receive new packets, but it is possible
3748 * that some packets are in flight because some CPU runs receiver and
3749 * did hash table lookup before we unhashed socket. They will achieve
3750 * receive queue and will be purged by socket destructor.
3751 *
3752 * Also we still have packets pending on receive queue and probably,
3753 * our own packets waiting in device queues. sock_destroy will drain
3754 * receive queue, but transmitted packets will delay socket destruction
3755 * until the last reference will be released.
3756 */
3757
3758 sock_orphan(sk);
3759
3760 xfrm_sk_free_policy(sk);
3761
3762 sock_put(sk);
3763}
3764EXPORT_SYMBOL(sk_common_release);
3765
3766void sk_get_meminfo(const struct sock *sk, u32 *mem)
3767{
3768 memset(mem, 0, sizeof(*mem) * SK_MEMINFO_VARS);
3769
3770 mem[SK_MEMINFO_RMEM_ALLOC] = sk_rmem_alloc_get(sk);
3771 mem[SK_MEMINFO_RCVBUF] = READ_ONCE(sk->sk_rcvbuf);
3772 mem[SK_MEMINFO_WMEM_ALLOC] = sk_wmem_alloc_get(sk);
3773 mem[SK_MEMINFO_SNDBUF] = READ_ONCE(sk->sk_sndbuf);
3774 mem[SK_MEMINFO_FWD_ALLOC] = sk_forward_alloc_get(sk);
3775 mem[SK_MEMINFO_WMEM_QUEUED] = READ_ONCE(sk->sk_wmem_queued);
3776 mem[SK_MEMINFO_OPTMEM] = atomic_read(&sk->sk_omem_alloc);
3777 mem[SK_MEMINFO_BACKLOG] = READ_ONCE(sk->sk_backlog.len);
3778 mem[SK_MEMINFO_DROPS] = atomic_read(&sk->sk_drops);
3779}
3780
3781#ifdef CONFIG_PROC_FS
3782static DECLARE_BITMAP(proto_inuse_idx, PROTO_INUSE_NR);
3783
3784int sock_prot_inuse_get(struct net *net, struct proto *prot)
3785{
3786 int cpu, idx = prot->inuse_idx;
3787 int res = 0;
3788
3789 for_each_possible_cpu(cpu)
3790 res += per_cpu_ptr(net->core.prot_inuse, cpu)->val[idx];
3791
3792 return res >= 0 ? res : 0;
3793}
3794EXPORT_SYMBOL_GPL(sock_prot_inuse_get);
3795
3796int sock_inuse_get(struct net *net)
3797{
3798 int cpu, res = 0;
3799
3800 for_each_possible_cpu(cpu)
3801 res += per_cpu_ptr(net->core.prot_inuse, cpu)->all;
3802
3803 return res;
3804}
3805
3806EXPORT_SYMBOL_GPL(sock_inuse_get);
3807
3808static int __net_init sock_inuse_init_net(struct net *net)
3809{
3810 net->core.prot_inuse = alloc_percpu(struct prot_inuse);
3811 if (net->core.prot_inuse == NULL)
3812 return -ENOMEM;
3813 return 0;
3814}
3815
3816static void __net_exit sock_inuse_exit_net(struct net *net)
3817{
3818 free_percpu(net->core.prot_inuse);
3819}
3820
3821static struct pernet_operations net_inuse_ops = {
3822 .init = sock_inuse_init_net,
3823 .exit = sock_inuse_exit_net,
3824};
3825
3826static __init int net_inuse_init(void)
3827{
3828 if (register_pernet_subsys(&net_inuse_ops))
3829 panic("Cannot initialize net inuse counters");
3830
3831 return 0;
3832}
3833
3834core_initcall(net_inuse_init);
3835
3836static int assign_proto_idx(struct proto *prot)
3837{
3838 prot->inuse_idx = find_first_zero_bit(proto_inuse_idx, PROTO_INUSE_NR);
3839
3840 if (unlikely(prot->inuse_idx == PROTO_INUSE_NR - 1)) {
3841 pr_err("PROTO_INUSE_NR exhausted\n");
3842 return -ENOSPC;
3843 }
3844
3845 set_bit(prot->inuse_idx, proto_inuse_idx);
3846 return 0;
3847}
3848
3849static void release_proto_idx(struct proto *prot)
3850{
3851 if (prot->inuse_idx != PROTO_INUSE_NR - 1)
3852 clear_bit(prot->inuse_idx, proto_inuse_idx);
3853}
3854#else
3855static inline int assign_proto_idx(struct proto *prot)
3856{
3857 return 0;
3858}
3859
3860static inline void release_proto_idx(struct proto *prot)
3861{
3862}
3863
3864#endif
3865
3866static void tw_prot_cleanup(struct timewait_sock_ops *twsk_prot)
3867{
3868 if (!twsk_prot)
3869 return;
3870 kfree(twsk_prot->twsk_slab_name);
3871 twsk_prot->twsk_slab_name = NULL;
3872 kmem_cache_destroy(twsk_prot->twsk_slab);
3873 twsk_prot->twsk_slab = NULL;
3874}
3875
3876static int tw_prot_init(const struct proto *prot)
3877{
3878 struct timewait_sock_ops *twsk_prot = prot->twsk_prot;
3879
3880 if (!twsk_prot)
3881 return 0;
3882
3883 twsk_prot->twsk_slab_name = kasprintf(GFP_KERNEL, "tw_sock_%s",
3884 prot->name);
3885 if (!twsk_prot->twsk_slab_name)
3886 return -ENOMEM;
3887
3888 twsk_prot->twsk_slab =
3889 kmem_cache_create(twsk_prot->twsk_slab_name,
3890 twsk_prot->twsk_obj_size, 0,
3891 SLAB_ACCOUNT | prot->slab_flags,
3892 NULL);
3893 if (!twsk_prot->twsk_slab) {
3894 pr_crit("%s: Can't create timewait sock SLAB cache!\n",
3895 prot->name);
3896 return -ENOMEM;
3897 }
3898
3899 return 0;
3900}
3901
3902static void req_prot_cleanup(struct request_sock_ops *rsk_prot)
3903{
3904 if (!rsk_prot)
3905 return;
3906 kfree(rsk_prot->slab_name);
3907 rsk_prot->slab_name = NULL;
3908 kmem_cache_destroy(rsk_prot->slab);
3909 rsk_prot->slab = NULL;
3910}
3911
3912static int req_prot_init(const struct proto *prot)
3913{
3914 struct request_sock_ops *rsk_prot = prot->rsk_prot;
3915
3916 if (!rsk_prot)
3917 return 0;
3918
3919 rsk_prot->slab_name = kasprintf(GFP_KERNEL, "request_sock_%s",
3920 prot->name);
3921 if (!rsk_prot->slab_name)
3922 return -ENOMEM;
3923
3924 rsk_prot->slab = kmem_cache_create(rsk_prot->slab_name,
3925 rsk_prot->obj_size, 0,
3926 SLAB_ACCOUNT | prot->slab_flags,
3927 NULL);
3928
3929 if (!rsk_prot->slab) {
3930 pr_crit("%s: Can't create request sock SLAB cache!\n",
3931 prot->name);
3932 return -ENOMEM;
3933 }
3934 return 0;
3935}
3936
3937int proto_register(struct proto *prot, int alloc_slab)
3938{
3939 int ret = -ENOBUFS;
3940
3941 if (prot->memory_allocated && !prot->sysctl_mem) {
3942 pr_err("%s: missing sysctl_mem\n", prot->name);
3943 return -EINVAL;
3944 }
3945 if (prot->memory_allocated && !prot->per_cpu_fw_alloc) {
3946 pr_err("%s: missing per_cpu_fw_alloc\n", prot->name);
3947 return -EINVAL;
3948 }
3949 if (alloc_slab) {
3950 prot->slab = kmem_cache_create_usercopy(prot->name,
3951 prot->obj_size, 0,
3952 SLAB_HWCACHE_ALIGN | SLAB_ACCOUNT |
3953 prot->slab_flags,
3954 prot->useroffset, prot->usersize,
3955 NULL);
3956
3957 if (prot->slab == NULL) {
3958 pr_crit("%s: Can't create sock SLAB cache!\n",
3959 prot->name);
3960 goto out;
3961 }
3962
3963 if (req_prot_init(prot))
3964 goto out_free_request_sock_slab;
3965
3966 if (tw_prot_init(prot))
3967 goto out_free_timewait_sock_slab;
3968 }
3969
3970 mutex_lock(&proto_list_mutex);
3971 ret = assign_proto_idx(prot);
3972 if (ret) {
3973 mutex_unlock(&proto_list_mutex);
3974 goto out_free_timewait_sock_slab;
3975 }
3976 list_add(&prot->node, &proto_list);
3977 mutex_unlock(&proto_list_mutex);
3978 return ret;
3979
3980out_free_timewait_sock_slab:
3981 if (alloc_slab)
3982 tw_prot_cleanup(prot->twsk_prot);
3983out_free_request_sock_slab:
3984 if (alloc_slab) {
3985 req_prot_cleanup(prot->rsk_prot);
3986
3987 kmem_cache_destroy(prot->slab);
3988 prot->slab = NULL;
3989 }
3990out:
3991 return ret;
3992}
3993EXPORT_SYMBOL(proto_register);
3994
3995void proto_unregister(struct proto *prot)
3996{
3997 mutex_lock(&proto_list_mutex);
3998 release_proto_idx(prot);
3999 list_del(&prot->node);
4000 mutex_unlock(&proto_list_mutex);
4001
4002 kmem_cache_destroy(prot->slab);
4003 prot->slab = NULL;
4004
4005 req_prot_cleanup(prot->rsk_prot);
4006 tw_prot_cleanup(prot->twsk_prot);
4007}
4008EXPORT_SYMBOL(proto_unregister);
4009
4010int sock_load_diag_module(int family, int protocol)
4011{
4012 if (!protocol) {
4013 if (!sock_is_registered(family))
4014 return -ENOENT;
4015
4016 return request_module("net-pf-%d-proto-%d-type-%d", PF_NETLINK,
4017 NETLINK_SOCK_DIAG, family);
4018 }
4019
4020#ifdef CONFIG_INET
4021 if (family == AF_INET &&
4022 protocol != IPPROTO_RAW &&
4023 protocol < MAX_INET_PROTOS &&
4024 !rcu_access_pointer(inet_protos[protocol]))
4025 return -ENOENT;
4026#endif
4027
4028 return request_module("net-pf-%d-proto-%d-type-%d-%d", PF_NETLINK,
4029 NETLINK_SOCK_DIAG, family, protocol);
4030}
4031EXPORT_SYMBOL(sock_load_diag_module);
4032
4033#ifdef CONFIG_PROC_FS
4034static void *proto_seq_start(struct seq_file *seq, loff_t *pos)
4035 __acquires(proto_list_mutex)
4036{
4037 mutex_lock(&proto_list_mutex);
4038 return seq_list_start_head(&proto_list, *pos);
4039}
4040
4041static void *proto_seq_next(struct seq_file *seq, void *v, loff_t *pos)
4042{
4043 return seq_list_next(v, &proto_list, pos);
4044}
4045
4046static void proto_seq_stop(struct seq_file *seq, void *v)
4047 __releases(proto_list_mutex)
4048{
4049 mutex_unlock(&proto_list_mutex);
4050}
4051
4052static char proto_method_implemented(const void *method)
4053{
4054 return method == NULL ? 'n' : 'y';
4055}
4056static long sock_prot_memory_allocated(struct proto *proto)
4057{
4058 return proto->memory_allocated != NULL ? proto_memory_allocated(proto) : -1L;
4059}
4060
4061static const char *sock_prot_memory_pressure(struct proto *proto)
4062{
4063 return proto->memory_pressure != NULL ?
4064 proto_memory_pressure(proto) ? "yes" : "no" : "NI";
4065}
4066
4067static void proto_seq_printf(struct seq_file *seq, struct proto *proto)
4068{
4069
4070 seq_printf(seq, "%-9s %4u %6d %6ld %-3s %6u %-3s %-10s "
4071 "%2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c\n",
4072 proto->name,
4073 proto->obj_size,
4074 sock_prot_inuse_get(seq_file_net(seq), proto),
4075 sock_prot_memory_allocated(proto),
4076 sock_prot_memory_pressure(proto),
4077 proto->max_header,
4078 proto->slab == NULL ? "no" : "yes",
4079 module_name(proto->owner),
4080 proto_method_implemented(proto->close),
4081 proto_method_implemented(proto->connect),
4082 proto_method_implemented(proto->disconnect),
4083 proto_method_implemented(proto->accept),
4084 proto_method_implemented(proto->ioctl),
4085 proto_method_implemented(proto->init),
4086 proto_method_implemented(proto->destroy),
4087 proto_method_implemented(proto->shutdown),
4088 proto_method_implemented(proto->setsockopt),
4089 proto_method_implemented(proto->getsockopt),
4090 proto_method_implemented(proto->sendmsg),
4091 proto_method_implemented(proto->recvmsg),
4092 proto_method_implemented(proto->bind),
4093 proto_method_implemented(proto->backlog_rcv),
4094 proto_method_implemented(proto->hash),
4095 proto_method_implemented(proto->unhash),
4096 proto_method_implemented(proto->get_port),
4097 proto_method_implemented(proto->enter_memory_pressure));
4098}
4099
4100static int proto_seq_show(struct seq_file *seq, void *v)
4101{
4102 if (v == &proto_list)
4103 seq_printf(seq, "%-9s %-4s %-8s %-6s %-5s %-7s %-4s %-10s %s",
4104 "protocol",
4105 "size",
4106 "sockets",
4107 "memory",
4108 "press",
4109 "maxhdr",
4110 "slab",
4111 "module",
4112 "cl co di ac io in de sh ss gs se re bi br ha uh gp em\n");
4113 else
4114 proto_seq_printf(seq, list_entry(v, struct proto, node));
4115 return 0;
4116}
4117
4118static const struct seq_operations proto_seq_ops = {
4119 .start = proto_seq_start,
4120 .next = proto_seq_next,
4121 .stop = proto_seq_stop,
4122 .show = proto_seq_show,
4123};
4124
4125static __net_init int proto_init_net(struct net *net)
4126{
4127 if (!proc_create_net("protocols", 0444, net->proc_net, &proto_seq_ops,
4128 sizeof(struct seq_net_private)))
4129 return -ENOMEM;
4130
4131 return 0;
4132}
4133
4134static __net_exit void proto_exit_net(struct net *net)
4135{
4136 remove_proc_entry("protocols", net->proc_net);
4137}
4138
4139
4140static __net_initdata struct pernet_operations proto_net_ops = {
4141 .init = proto_init_net,
4142 .exit = proto_exit_net,
4143};
4144
4145static int __init proto_init(void)
4146{
4147 return register_pernet_subsys(&proto_net_ops);
4148}
4149
4150subsys_initcall(proto_init);
4151
4152#endif /* PROC_FS */
4153
4154#ifdef CONFIG_NET_RX_BUSY_POLL
4155bool sk_busy_loop_end(void *p, unsigned long start_time)
4156{
4157 struct sock *sk = p;
4158
4159 if (!skb_queue_empty_lockless(&sk->sk_receive_queue))
4160 return true;
4161
4162 if (sk_is_udp(sk) &&
4163 !skb_queue_empty_lockless(&udp_sk(sk)->reader_queue))
4164 return true;
4165
4166 return sk_busy_loop_timeout(sk, start_time);
4167}
4168EXPORT_SYMBOL(sk_busy_loop_end);
4169#endif /* CONFIG_NET_RX_BUSY_POLL */
4170
4171int sock_bind_add(struct sock *sk, struct sockaddr *addr, int addr_len)
4172{
4173 if (!sk->sk_prot->bind_add)
4174 return -EOPNOTSUPP;
4175 return sk->sk_prot->bind_add(sk, addr, addr_len);
4176}
4177EXPORT_SYMBOL(sock_bind_add);
4178
4179/* Copy 'size' bytes from userspace and return `size` back to userspace */
4180int sock_ioctl_inout(struct sock *sk, unsigned int cmd,
4181 void __user *arg, void *karg, size_t size)
4182{
4183 int ret;
4184
4185 if (copy_from_user(karg, arg, size))
4186 return -EFAULT;
4187
4188 ret = READ_ONCE(sk->sk_prot)->ioctl(sk, cmd, karg);
4189 if (ret)
4190 return ret;
4191
4192 if (copy_to_user(arg, karg, size))
4193 return -EFAULT;
4194
4195 return 0;
4196}
4197EXPORT_SYMBOL(sock_ioctl_inout);
4198
4199/* This is the most common ioctl prep function, where the result (4 bytes) is
4200 * copied back to userspace if the ioctl() returns successfully. No input is
4201 * copied from userspace as input argument.
4202 */
4203static int sock_ioctl_out(struct sock *sk, unsigned int cmd, void __user *arg)
4204{
4205 int ret, karg = 0;
4206
4207 ret = READ_ONCE(sk->sk_prot)->ioctl(sk, cmd, &karg);
4208 if (ret)
4209 return ret;
4210
4211 return put_user(karg, (int __user *)arg);
4212}
4213
4214/* A wrapper around sock ioctls, which copies the data from userspace
4215 * (depending on the protocol/ioctl), and copies back the result to userspace.
4216 * The main motivation for this function is to pass kernel memory to the
4217 * protocol ioctl callbacks, instead of userspace memory.
4218 */
4219int sk_ioctl(struct sock *sk, unsigned int cmd, void __user *arg)
4220{
4221 int rc = 1;
4222
4223 if (sk->sk_type == SOCK_RAW && sk->sk_family == AF_INET)
4224 rc = ipmr_sk_ioctl(sk, cmd, arg);
4225 else if (sk->sk_type == SOCK_RAW && sk->sk_family == AF_INET6)
4226 rc = ip6mr_sk_ioctl(sk, cmd, arg);
4227 else if (sk_is_phonet(sk))
4228 rc = phonet_sk_ioctl(sk, cmd, arg);
4229
4230 /* If ioctl was processed, returns its value */
4231 if (rc <= 0)
4232 return rc;
4233
4234 /* Otherwise call the default handler */
4235 return sock_ioctl_out(sk, cmd, arg);
4236}
4237EXPORT_SYMBOL(sk_ioctl);
4238
4239static int __init sock_struct_check(void)
4240{
4241 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_rx, sk_drops);
4242 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_rx, sk_peek_off);
4243 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_rx, sk_error_queue);
4244 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_rx, sk_receive_queue);
4245 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_rx, sk_backlog);
4246
4247 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_rx, sk_rx_dst);
4248 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_rx, sk_rx_dst_ifindex);
4249 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_rx, sk_rx_dst_cookie);
4250 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_rx, sk_rcvbuf);
4251 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_rx, sk_filter);
4252 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_rx, sk_wq);
4253 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_rx, sk_data_ready);
4254 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_rx, sk_rcvtimeo);
4255 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_rx, sk_rcvlowat);
4256
4257 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_rxtx, sk_err);
4258 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_rxtx, sk_socket);
4259 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_rxtx, sk_memcg);
4260
4261 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_rxtx, sk_lock);
4262 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_rxtx, sk_reserved_mem);
4263 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_rxtx, sk_forward_alloc);
4264 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_rxtx, sk_tsflags);
4265
4266 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_tx, sk_omem_alloc);
4267 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_tx, sk_omem_alloc);
4268 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_tx, sk_sndbuf);
4269 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_tx, sk_wmem_queued);
4270 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_tx, sk_wmem_alloc);
4271 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_tx, sk_tsq_flags);
4272 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_tx, sk_send_head);
4273 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_tx, sk_write_queue);
4274 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_tx, sk_write_pending);
4275 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_tx, sk_dst_pending_confirm);
4276 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_tx, sk_pacing_status);
4277 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_tx, sk_frag);
4278 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_tx, sk_timer);
4279 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_tx, sk_pacing_rate);
4280 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_tx, sk_zckey);
4281 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_write_tx, sk_tskey);
4282
4283 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_tx, sk_max_pacing_rate);
4284 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_tx, sk_sndtimeo);
4285 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_tx, sk_priority);
4286 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_tx, sk_mark);
4287 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_tx, sk_dst_cache);
4288 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_tx, sk_route_caps);
4289 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_tx, sk_gso_type);
4290 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_tx, sk_gso_max_size);
4291 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_tx, sk_allocation);
4292 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_tx, sk_txhash);
4293 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_tx, sk_gso_max_segs);
4294 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_tx, sk_pacing_shift);
4295 CACHELINE_ASSERT_GROUP_MEMBER(struct sock, sock_read_tx, sk_use_task_frag);
4296 return 0;
4297}
4298
4299core_initcall(sock_struct_check);
1/*
2 * INET An implementation of the TCP/IP protocol suite for the LINUX
3 * operating system. INET is implemented using the BSD Socket
4 * interface as the means of communication with the user level.
5 *
6 * Generic socket support routines. Memory allocators, socket lock/release
7 * handler for protocols to use and generic option handler.
8 *
9 *
10 * Authors: Ross Biro
11 * Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
12 * Florian La Roche, <flla@stud.uni-sb.de>
13 * Alan Cox, <A.Cox@swansea.ac.uk>
14 *
15 * Fixes:
16 * Alan Cox : Numerous verify_area() problems
17 * Alan Cox : Connecting on a connecting socket
18 * now returns an error for tcp.
19 * Alan Cox : sock->protocol is set correctly.
20 * and is not sometimes left as 0.
21 * Alan Cox : connect handles icmp errors on a
22 * connect properly. Unfortunately there
23 * is a restart syscall nasty there. I
24 * can't match BSD without hacking the C
25 * library. Ideas urgently sought!
26 * Alan Cox : Disallow bind() to addresses that are
27 * not ours - especially broadcast ones!!
28 * Alan Cox : Socket 1024 _IS_ ok for users. (fencepost)
29 * Alan Cox : sock_wfree/sock_rfree don't destroy sockets,
30 * instead they leave that for the DESTROY timer.
31 * Alan Cox : Clean up error flag in accept
32 * Alan Cox : TCP ack handling is buggy, the DESTROY timer
33 * was buggy. Put a remove_sock() in the handler
34 * for memory when we hit 0. Also altered the timer
35 * code. The ACK stuff can wait and needs major
36 * TCP layer surgery.
37 * Alan Cox : Fixed TCP ack bug, removed remove sock
38 * and fixed timer/inet_bh race.
39 * Alan Cox : Added zapped flag for TCP
40 * Alan Cox : Move kfree_skb into skbuff.c and tidied up surplus code
41 * Alan Cox : for new sk_buff allocations wmalloc/rmalloc now call alloc_skb
42 * Alan Cox : kfree_s calls now are kfree_skbmem so we can track skb resources
43 * Alan Cox : Supports socket option broadcast now as does udp. Packet and raw need fixing.
44 * Alan Cox : Added RCVBUF,SNDBUF size setting. It suddenly occurred to me how easy it was so...
45 * Rick Sladkey : Relaxed UDP rules for matching packets.
46 * C.E.Hawkins : IFF_PROMISC/SIOCGHWADDR support
47 * Pauline Middelink : identd support
48 * Alan Cox : Fixed connect() taking signals I think.
49 * Alan Cox : SO_LINGER supported
50 * Alan Cox : Error reporting fixes
51 * Anonymous : inet_create tidied up (sk->reuse setting)
52 * Alan Cox : inet sockets don't set sk->type!
53 * Alan Cox : Split socket option code
54 * Alan Cox : Callbacks
55 * Alan Cox : Nagle flag for Charles & Johannes stuff
56 * Alex : Removed restriction on inet fioctl
57 * Alan Cox : Splitting INET from NET core
58 * Alan Cox : Fixed bogus SO_TYPE handling in getsockopt()
59 * Adam Caldwell : Missing return in SO_DONTROUTE/SO_DEBUG code
60 * Alan Cox : Split IP from generic code
61 * Alan Cox : New kfree_skbmem()
62 * Alan Cox : Make SO_DEBUG superuser only.
63 * Alan Cox : Allow anyone to clear SO_DEBUG
64 * (compatibility fix)
65 * Alan Cox : Added optimistic memory grabbing for AF_UNIX throughput.
66 * Alan Cox : Allocator for a socket is settable.
67 * Alan Cox : SO_ERROR includes soft errors.
68 * Alan Cox : Allow NULL arguments on some SO_ opts
69 * Alan Cox : Generic socket allocation to make hooks
70 * easier (suggested by Craig Metz).
71 * Michael Pall : SO_ERROR returns positive errno again
72 * Steve Whitehouse: Added default destructor to free
73 * protocol private data.
74 * Steve Whitehouse: Added various other default routines
75 * common to several socket families.
76 * Chris Evans : Call suser() check last on F_SETOWN
77 * Jay Schulist : Added SO_ATTACH_FILTER and SO_DETACH_FILTER.
78 * Andi Kleen : Add sock_kmalloc()/sock_kfree_s()
79 * Andi Kleen : Fix write_space callback
80 * Chris Evans : Security fixes - signedness again
81 * Arnaldo C. Melo : cleanups, use skb_queue_purge
82 *
83 * To Fix:
84 *
85 *
86 * This program is free software; you can redistribute it and/or
87 * modify it under the terms of the GNU General Public License
88 * as published by the Free Software Foundation; either version
89 * 2 of the License, or (at your option) any later version.
90 */
91
92#define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
93
94#include <linux/capability.h>
95#include <linux/errno.h>
96#include <linux/errqueue.h>
97#include <linux/types.h>
98#include <linux/socket.h>
99#include <linux/in.h>
100#include <linux/kernel.h>
101#include <linux/module.h>
102#include <linux/proc_fs.h>
103#include <linux/seq_file.h>
104#include <linux/sched.h>
105#include <linux/sched/mm.h>
106#include <linux/timer.h>
107#include <linux/string.h>
108#include <linux/sockios.h>
109#include <linux/net.h>
110#include <linux/mm.h>
111#include <linux/slab.h>
112#include <linux/interrupt.h>
113#include <linux/poll.h>
114#include <linux/tcp.h>
115#include <linux/init.h>
116#include <linux/highmem.h>
117#include <linux/user_namespace.h>
118#include <linux/static_key.h>
119#include <linux/memcontrol.h>
120#include <linux/prefetch.h>
121
122#include <linux/uaccess.h>
123
124#include <linux/netdevice.h>
125#include <net/protocol.h>
126#include <linux/skbuff.h>
127#include <net/net_namespace.h>
128#include <net/request_sock.h>
129#include <net/sock.h>
130#include <linux/net_tstamp.h>
131#include <net/xfrm.h>
132#include <linux/ipsec.h>
133#include <net/cls_cgroup.h>
134#include <net/netprio_cgroup.h>
135#include <linux/sock_diag.h>
136
137#include <linux/filter.h>
138#include <net/sock_reuseport.h>
139
140#include <trace/events/sock.h>
141
142#include <net/tcp.h>
143#include <net/busy_poll.h>
144
145static DEFINE_MUTEX(proto_list_mutex);
146static LIST_HEAD(proto_list);
147
148static void sock_inuse_add(struct net *net, int val);
149
150/**
151 * sk_ns_capable - General socket capability test
152 * @sk: Socket to use a capability on or through
153 * @user_ns: The user namespace of the capability to use
154 * @cap: The capability to use
155 *
156 * Test to see if the opener of the socket had when the socket was
157 * created and the current process has the capability @cap in the user
158 * namespace @user_ns.
159 */
160bool sk_ns_capable(const struct sock *sk,
161 struct user_namespace *user_ns, int cap)
162{
163 return file_ns_capable(sk->sk_socket->file, user_ns, cap) &&
164 ns_capable(user_ns, cap);
165}
166EXPORT_SYMBOL(sk_ns_capable);
167
168/**
169 * sk_capable - Socket global capability test
170 * @sk: Socket to use a capability on or through
171 * @cap: The global capability to use
172 *
173 * Test to see if the opener of the socket had when the socket was
174 * created and the current process has the capability @cap in all user
175 * namespaces.
176 */
177bool sk_capable(const struct sock *sk, int cap)
178{
179 return sk_ns_capable(sk, &init_user_ns, cap);
180}
181EXPORT_SYMBOL(sk_capable);
182
183/**
184 * sk_net_capable - Network namespace socket capability test
185 * @sk: Socket to use a capability on or through
186 * @cap: The capability to use
187 *
188 * Test to see if the opener of the socket had when the socket was created
189 * and the current process has the capability @cap over the network namespace
190 * the socket is a member of.
191 */
192bool sk_net_capable(const struct sock *sk, int cap)
193{
194 return sk_ns_capable(sk, sock_net(sk)->user_ns, cap);
195}
196EXPORT_SYMBOL(sk_net_capable);
197
198/*
199 * Each address family might have different locking rules, so we have
200 * one slock key per address family and separate keys for internal and
201 * userspace sockets.
202 */
203static struct lock_class_key af_family_keys[AF_MAX];
204static struct lock_class_key af_family_kern_keys[AF_MAX];
205static struct lock_class_key af_family_slock_keys[AF_MAX];
206static struct lock_class_key af_family_kern_slock_keys[AF_MAX];
207
208/*
209 * Make lock validator output more readable. (we pre-construct these
210 * strings build-time, so that runtime initialization of socket
211 * locks is fast):
212 */
213
214#define _sock_locks(x) \
215 x "AF_UNSPEC", x "AF_UNIX" , x "AF_INET" , \
216 x "AF_AX25" , x "AF_IPX" , x "AF_APPLETALK", \
217 x "AF_NETROM", x "AF_BRIDGE" , x "AF_ATMPVC" , \
218 x "AF_X25" , x "AF_INET6" , x "AF_ROSE" , \
219 x "AF_DECnet", x "AF_NETBEUI" , x "AF_SECURITY" , \
220 x "AF_KEY" , x "AF_NETLINK" , x "AF_PACKET" , \
221 x "AF_ASH" , x "AF_ECONET" , x "AF_ATMSVC" , \
222 x "AF_RDS" , x "AF_SNA" , x "AF_IRDA" , \
223 x "AF_PPPOX" , x "AF_WANPIPE" , x "AF_LLC" , \
224 x "27" , x "28" , x "AF_CAN" , \
225 x "AF_TIPC" , x "AF_BLUETOOTH", x "IUCV" , \
226 x "AF_RXRPC" , x "AF_ISDN" , x "AF_PHONET" , \
227 x "AF_IEEE802154", x "AF_CAIF" , x "AF_ALG" , \
228 x "AF_NFC" , x "AF_VSOCK" , x "AF_KCM" , \
229 x "AF_QIPCRTR", x "AF_SMC" , x "AF_MAX"
230
231static const char *const af_family_key_strings[AF_MAX+1] = {
232 _sock_locks("sk_lock-")
233};
234static const char *const af_family_slock_key_strings[AF_MAX+1] = {
235 _sock_locks("slock-")
236};
237static const char *const af_family_clock_key_strings[AF_MAX+1] = {
238 _sock_locks("clock-")
239};
240
241static const char *const af_family_kern_key_strings[AF_MAX+1] = {
242 _sock_locks("k-sk_lock-")
243};
244static const char *const af_family_kern_slock_key_strings[AF_MAX+1] = {
245 _sock_locks("k-slock-")
246};
247static const char *const af_family_kern_clock_key_strings[AF_MAX+1] = {
248 _sock_locks("k-clock-")
249};
250static const char *const af_family_rlock_key_strings[AF_MAX+1] = {
251 "rlock-AF_UNSPEC", "rlock-AF_UNIX" , "rlock-AF_INET" ,
252 "rlock-AF_AX25" , "rlock-AF_IPX" , "rlock-AF_APPLETALK",
253 "rlock-AF_NETROM", "rlock-AF_BRIDGE" , "rlock-AF_ATMPVC" ,
254 "rlock-AF_X25" , "rlock-AF_INET6" , "rlock-AF_ROSE" ,
255 "rlock-AF_DECnet", "rlock-AF_NETBEUI" , "rlock-AF_SECURITY" ,
256 "rlock-AF_KEY" , "rlock-AF_NETLINK" , "rlock-AF_PACKET" ,
257 "rlock-AF_ASH" , "rlock-AF_ECONET" , "rlock-AF_ATMSVC" ,
258 "rlock-AF_RDS" , "rlock-AF_SNA" , "rlock-AF_IRDA" ,
259 "rlock-AF_PPPOX" , "rlock-AF_WANPIPE" , "rlock-AF_LLC" ,
260 "rlock-27" , "rlock-28" , "rlock-AF_CAN" ,
261 "rlock-AF_TIPC" , "rlock-AF_BLUETOOTH", "rlock-AF_IUCV" ,
262 "rlock-AF_RXRPC" , "rlock-AF_ISDN" , "rlock-AF_PHONET" ,
263 "rlock-AF_IEEE802154", "rlock-AF_CAIF" , "rlock-AF_ALG" ,
264 "rlock-AF_NFC" , "rlock-AF_VSOCK" , "rlock-AF_KCM" ,
265 "rlock-AF_QIPCRTR", "rlock-AF_SMC" , "rlock-AF_MAX"
266};
267static const char *const af_family_wlock_key_strings[AF_MAX+1] = {
268 "wlock-AF_UNSPEC", "wlock-AF_UNIX" , "wlock-AF_INET" ,
269 "wlock-AF_AX25" , "wlock-AF_IPX" , "wlock-AF_APPLETALK",
270 "wlock-AF_NETROM", "wlock-AF_BRIDGE" , "wlock-AF_ATMPVC" ,
271 "wlock-AF_X25" , "wlock-AF_INET6" , "wlock-AF_ROSE" ,
272 "wlock-AF_DECnet", "wlock-AF_NETBEUI" , "wlock-AF_SECURITY" ,
273 "wlock-AF_KEY" , "wlock-AF_NETLINK" , "wlock-AF_PACKET" ,
274 "wlock-AF_ASH" , "wlock-AF_ECONET" , "wlock-AF_ATMSVC" ,
275 "wlock-AF_RDS" , "wlock-AF_SNA" , "wlock-AF_IRDA" ,
276 "wlock-AF_PPPOX" , "wlock-AF_WANPIPE" , "wlock-AF_LLC" ,
277 "wlock-27" , "wlock-28" , "wlock-AF_CAN" ,
278 "wlock-AF_TIPC" , "wlock-AF_BLUETOOTH", "wlock-AF_IUCV" ,
279 "wlock-AF_RXRPC" , "wlock-AF_ISDN" , "wlock-AF_PHONET" ,
280 "wlock-AF_IEEE802154", "wlock-AF_CAIF" , "wlock-AF_ALG" ,
281 "wlock-AF_NFC" , "wlock-AF_VSOCK" , "wlock-AF_KCM" ,
282 "wlock-AF_QIPCRTR", "wlock-AF_SMC" , "wlock-AF_MAX"
283};
284static const char *const af_family_elock_key_strings[AF_MAX+1] = {
285 "elock-AF_UNSPEC", "elock-AF_UNIX" , "elock-AF_INET" ,
286 "elock-AF_AX25" , "elock-AF_IPX" , "elock-AF_APPLETALK",
287 "elock-AF_NETROM", "elock-AF_BRIDGE" , "elock-AF_ATMPVC" ,
288 "elock-AF_X25" , "elock-AF_INET6" , "elock-AF_ROSE" ,
289 "elock-AF_DECnet", "elock-AF_NETBEUI" , "elock-AF_SECURITY" ,
290 "elock-AF_KEY" , "elock-AF_NETLINK" , "elock-AF_PACKET" ,
291 "elock-AF_ASH" , "elock-AF_ECONET" , "elock-AF_ATMSVC" ,
292 "elock-AF_RDS" , "elock-AF_SNA" , "elock-AF_IRDA" ,
293 "elock-AF_PPPOX" , "elock-AF_WANPIPE" , "elock-AF_LLC" ,
294 "elock-27" , "elock-28" , "elock-AF_CAN" ,
295 "elock-AF_TIPC" , "elock-AF_BLUETOOTH", "elock-AF_IUCV" ,
296 "elock-AF_RXRPC" , "elock-AF_ISDN" , "elock-AF_PHONET" ,
297 "elock-AF_IEEE802154", "elock-AF_CAIF" , "elock-AF_ALG" ,
298 "elock-AF_NFC" , "elock-AF_VSOCK" , "elock-AF_KCM" ,
299 "elock-AF_QIPCRTR", "elock-AF_SMC" , "elock-AF_MAX"
300};
301
302/*
303 * sk_callback_lock and sk queues locking rules are per-address-family,
304 * so split the lock classes by using a per-AF key:
305 */
306static struct lock_class_key af_callback_keys[AF_MAX];
307static struct lock_class_key af_rlock_keys[AF_MAX];
308static struct lock_class_key af_wlock_keys[AF_MAX];
309static struct lock_class_key af_elock_keys[AF_MAX];
310static struct lock_class_key af_kern_callback_keys[AF_MAX];
311
312/* Run time adjustable parameters. */
313__u32 sysctl_wmem_max __read_mostly = SK_WMEM_MAX;
314EXPORT_SYMBOL(sysctl_wmem_max);
315__u32 sysctl_rmem_max __read_mostly = SK_RMEM_MAX;
316EXPORT_SYMBOL(sysctl_rmem_max);
317__u32 sysctl_wmem_default __read_mostly = SK_WMEM_MAX;
318__u32 sysctl_rmem_default __read_mostly = SK_RMEM_MAX;
319
320/* Maximal space eaten by iovec or ancillary data plus some space */
321int sysctl_optmem_max __read_mostly = sizeof(unsigned long)*(2*UIO_MAXIOV+512);
322EXPORT_SYMBOL(sysctl_optmem_max);
323
324int sysctl_tstamp_allow_data __read_mostly = 1;
325
326struct static_key memalloc_socks = STATIC_KEY_INIT_FALSE;
327EXPORT_SYMBOL_GPL(memalloc_socks);
328
329/**
330 * sk_set_memalloc - sets %SOCK_MEMALLOC
331 * @sk: socket to set it on
332 *
333 * Set %SOCK_MEMALLOC on a socket for access to emergency reserves.
334 * It's the responsibility of the admin to adjust min_free_kbytes
335 * to meet the requirements
336 */
337void sk_set_memalloc(struct sock *sk)
338{
339 sock_set_flag(sk, SOCK_MEMALLOC);
340 sk->sk_allocation |= __GFP_MEMALLOC;
341 static_key_slow_inc(&memalloc_socks);
342}
343EXPORT_SYMBOL_GPL(sk_set_memalloc);
344
345void sk_clear_memalloc(struct sock *sk)
346{
347 sock_reset_flag(sk, SOCK_MEMALLOC);
348 sk->sk_allocation &= ~__GFP_MEMALLOC;
349 static_key_slow_dec(&memalloc_socks);
350
351 /*
352 * SOCK_MEMALLOC is allowed to ignore rmem limits to ensure forward
353 * progress of swapping. SOCK_MEMALLOC may be cleared while
354 * it has rmem allocations due to the last swapfile being deactivated
355 * but there is a risk that the socket is unusable due to exceeding
356 * the rmem limits. Reclaim the reserves and obey rmem limits again.
357 */
358 sk_mem_reclaim(sk);
359}
360EXPORT_SYMBOL_GPL(sk_clear_memalloc);
361
362int __sk_backlog_rcv(struct sock *sk, struct sk_buff *skb)
363{
364 int ret;
365 unsigned int noreclaim_flag;
366
367 /* these should have been dropped before queueing */
368 BUG_ON(!sock_flag(sk, SOCK_MEMALLOC));
369
370 noreclaim_flag = memalloc_noreclaim_save();
371 ret = sk->sk_backlog_rcv(sk, skb);
372 memalloc_noreclaim_restore(noreclaim_flag);
373
374 return ret;
375}
376EXPORT_SYMBOL(__sk_backlog_rcv);
377
378static int sock_set_timeout(long *timeo_p, char __user *optval, int optlen)
379{
380 struct timeval tv;
381
382 if (optlen < sizeof(tv))
383 return -EINVAL;
384 if (copy_from_user(&tv, optval, sizeof(tv)))
385 return -EFAULT;
386 if (tv.tv_usec < 0 || tv.tv_usec >= USEC_PER_SEC)
387 return -EDOM;
388
389 if (tv.tv_sec < 0) {
390 static int warned __read_mostly;
391
392 *timeo_p = 0;
393 if (warned < 10 && net_ratelimit()) {
394 warned++;
395 pr_info("%s: `%s' (pid %d) tries to set negative timeout\n",
396 __func__, current->comm, task_pid_nr(current));
397 }
398 return 0;
399 }
400 *timeo_p = MAX_SCHEDULE_TIMEOUT;
401 if (tv.tv_sec == 0 && tv.tv_usec == 0)
402 return 0;
403 if (tv.tv_sec < (MAX_SCHEDULE_TIMEOUT/HZ - 1))
404 *timeo_p = tv.tv_sec * HZ + DIV_ROUND_UP(tv.tv_usec, USEC_PER_SEC / HZ);
405 return 0;
406}
407
408static void sock_warn_obsolete_bsdism(const char *name)
409{
410 static int warned;
411 static char warncomm[TASK_COMM_LEN];
412 if (strcmp(warncomm, current->comm) && warned < 5) {
413 strcpy(warncomm, current->comm);
414 pr_warn("process `%s' is using obsolete %s SO_BSDCOMPAT\n",
415 warncomm, name);
416 warned++;
417 }
418}
419
420static bool sock_needs_netstamp(const struct sock *sk)
421{
422 switch (sk->sk_family) {
423 case AF_UNSPEC:
424 case AF_UNIX:
425 return false;
426 default:
427 return true;
428 }
429}
430
431static void sock_disable_timestamp(struct sock *sk, unsigned long flags)
432{
433 if (sk->sk_flags & flags) {
434 sk->sk_flags &= ~flags;
435 if (sock_needs_netstamp(sk) &&
436 !(sk->sk_flags & SK_FLAGS_TIMESTAMP))
437 net_disable_timestamp();
438 }
439}
440
441
442int __sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
443{
444 unsigned long flags;
445 struct sk_buff_head *list = &sk->sk_receive_queue;
446
447 if (atomic_read(&sk->sk_rmem_alloc) >= sk->sk_rcvbuf) {
448 atomic_inc(&sk->sk_drops);
449 trace_sock_rcvqueue_full(sk, skb);
450 return -ENOMEM;
451 }
452
453 if (!sk_rmem_schedule(sk, skb, skb->truesize)) {
454 atomic_inc(&sk->sk_drops);
455 return -ENOBUFS;
456 }
457
458 skb->dev = NULL;
459 skb_set_owner_r(skb, sk);
460
461 /* we escape from rcu protected region, make sure we dont leak
462 * a norefcounted dst
463 */
464 skb_dst_force(skb);
465
466 spin_lock_irqsave(&list->lock, flags);
467 sock_skb_set_dropcount(sk, skb);
468 __skb_queue_tail(list, skb);
469 spin_unlock_irqrestore(&list->lock, flags);
470
471 if (!sock_flag(sk, SOCK_DEAD))
472 sk->sk_data_ready(sk);
473 return 0;
474}
475EXPORT_SYMBOL(__sock_queue_rcv_skb);
476
477int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
478{
479 int err;
480
481 err = sk_filter(sk, skb);
482 if (err)
483 return err;
484
485 return __sock_queue_rcv_skb(sk, skb);
486}
487EXPORT_SYMBOL(sock_queue_rcv_skb);
488
489int __sk_receive_skb(struct sock *sk, struct sk_buff *skb,
490 const int nested, unsigned int trim_cap, bool refcounted)
491{
492 int rc = NET_RX_SUCCESS;
493
494 if (sk_filter_trim_cap(sk, skb, trim_cap))
495 goto discard_and_relse;
496
497 skb->dev = NULL;
498
499 if (sk_rcvqueues_full(sk, sk->sk_rcvbuf)) {
500 atomic_inc(&sk->sk_drops);
501 goto discard_and_relse;
502 }
503 if (nested)
504 bh_lock_sock_nested(sk);
505 else
506 bh_lock_sock(sk);
507 if (!sock_owned_by_user(sk)) {
508 /*
509 * trylock + unlock semantics:
510 */
511 mutex_acquire(&sk->sk_lock.dep_map, 0, 1, _RET_IP_);
512
513 rc = sk_backlog_rcv(sk, skb);
514
515 mutex_release(&sk->sk_lock.dep_map, 1, _RET_IP_);
516 } else if (sk_add_backlog(sk, skb, sk->sk_rcvbuf)) {
517 bh_unlock_sock(sk);
518 atomic_inc(&sk->sk_drops);
519 goto discard_and_relse;
520 }
521
522 bh_unlock_sock(sk);
523out:
524 if (refcounted)
525 sock_put(sk);
526 return rc;
527discard_and_relse:
528 kfree_skb(skb);
529 goto out;
530}
531EXPORT_SYMBOL(__sk_receive_skb);
532
533struct dst_entry *__sk_dst_check(struct sock *sk, u32 cookie)
534{
535 struct dst_entry *dst = __sk_dst_get(sk);
536
537 if (dst && dst->obsolete && dst->ops->check(dst, cookie) == NULL) {
538 sk_tx_queue_clear(sk);
539 sk->sk_dst_pending_confirm = 0;
540 RCU_INIT_POINTER(sk->sk_dst_cache, NULL);
541 dst_release(dst);
542 return NULL;
543 }
544
545 return dst;
546}
547EXPORT_SYMBOL(__sk_dst_check);
548
549struct dst_entry *sk_dst_check(struct sock *sk, u32 cookie)
550{
551 struct dst_entry *dst = sk_dst_get(sk);
552
553 if (dst && dst->obsolete && dst->ops->check(dst, cookie) == NULL) {
554 sk_dst_reset(sk);
555 dst_release(dst);
556 return NULL;
557 }
558
559 return dst;
560}
561EXPORT_SYMBOL(sk_dst_check);
562
563static int sock_setbindtodevice(struct sock *sk, char __user *optval,
564 int optlen)
565{
566 int ret = -ENOPROTOOPT;
567#ifdef CONFIG_NETDEVICES
568 struct net *net = sock_net(sk);
569 char devname[IFNAMSIZ];
570 int index;
571
572 /* Sorry... */
573 ret = -EPERM;
574 if (!ns_capable(net->user_ns, CAP_NET_RAW))
575 goto out;
576
577 ret = -EINVAL;
578 if (optlen < 0)
579 goto out;
580
581 /* Bind this socket to a particular device like "eth0",
582 * as specified in the passed interface name. If the
583 * name is "" or the option length is zero the socket
584 * is not bound.
585 */
586 if (optlen > IFNAMSIZ - 1)
587 optlen = IFNAMSIZ - 1;
588 memset(devname, 0, sizeof(devname));
589
590 ret = -EFAULT;
591 if (copy_from_user(devname, optval, optlen))
592 goto out;
593
594 index = 0;
595 if (devname[0] != '\0') {
596 struct net_device *dev;
597
598 rcu_read_lock();
599 dev = dev_get_by_name_rcu(net, devname);
600 if (dev)
601 index = dev->ifindex;
602 rcu_read_unlock();
603 ret = -ENODEV;
604 if (!dev)
605 goto out;
606 }
607
608 lock_sock(sk);
609 sk->sk_bound_dev_if = index;
610 sk_dst_reset(sk);
611 release_sock(sk);
612
613 ret = 0;
614
615out:
616#endif
617
618 return ret;
619}
620
621static int sock_getbindtodevice(struct sock *sk, char __user *optval,
622 int __user *optlen, int len)
623{
624 int ret = -ENOPROTOOPT;
625#ifdef CONFIG_NETDEVICES
626 struct net *net = sock_net(sk);
627 char devname[IFNAMSIZ];
628
629 if (sk->sk_bound_dev_if == 0) {
630 len = 0;
631 goto zero;
632 }
633
634 ret = -EINVAL;
635 if (len < IFNAMSIZ)
636 goto out;
637
638 ret = netdev_get_name(net, devname, sk->sk_bound_dev_if);
639 if (ret)
640 goto out;
641
642 len = strlen(devname) + 1;
643
644 ret = -EFAULT;
645 if (copy_to_user(optval, devname, len))
646 goto out;
647
648zero:
649 ret = -EFAULT;
650 if (put_user(len, optlen))
651 goto out;
652
653 ret = 0;
654
655out:
656#endif
657
658 return ret;
659}
660
661static inline void sock_valbool_flag(struct sock *sk, int bit, int valbool)
662{
663 if (valbool)
664 sock_set_flag(sk, bit);
665 else
666 sock_reset_flag(sk, bit);
667}
668
669bool sk_mc_loop(struct sock *sk)
670{
671 if (dev_recursion_level())
672 return false;
673 if (!sk)
674 return true;
675 switch (sk->sk_family) {
676 case AF_INET:
677 return inet_sk(sk)->mc_loop;
678#if IS_ENABLED(CONFIG_IPV6)
679 case AF_INET6:
680 return inet6_sk(sk)->mc_loop;
681#endif
682 }
683 WARN_ON(1);
684 return true;
685}
686EXPORT_SYMBOL(sk_mc_loop);
687
688/*
689 * This is meant for all protocols to use and covers goings on
690 * at the socket level. Everything here is generic.
691 */
692
693int sock_setsockopt(struct socket *sock, int level, int optname,
694 char __user *optval, unsigned int optlen)
695{
696 struct sock *sk = sock->sk;
697 int val;
698 int valbool;
699 struct linger ling;
700 int ret = 0;
701
702 /*
703 * Options without arguments
704 */
705
706 if (optname == SO_BINDTODEVICE)
707 return sock_setbindtodevice(sk, optval, optlen);
708
709 if (optlen < sizeof(int))
710 return -EINVAL;
711
712 if (get_user(val, (int __user *)optval))
713 return -EFAULT;
714
715 valbool = val ? 1 : 0;
716
717 lock_sock(sk);
718
719 switch (optname) {
720 case SO_DEBUG:
721 if (val && !capable(CAP_NET_ADMIN))
722 ret = -EACCES;
723 else
724 sock_valbool_flag(sk, SOCK_DBG, valbool);
725 break;
726 case SO_REUSEADDR:
727 sk->sk_reuse = (valbool ? SK_CAN_REUSE : SK_NO_REUSE);
728 break;
729 case SO_REUSEPORT:
730 sk->sk_reuseport = valbool;
731 break;
732 case SO_TYPE:
733 case SO_PROTOCOL:
734 case SO_DOMAIN:
735 case SO_ERROR:
736 ret = -ENOPROTOOPT;
737 break;
738 case SO_DONTROUTE:
739 sock_valbool_flag(sk, SOCK_LOCALROUTE, valbool);
740 break;
741 case SO_BROADCAST:
742 sock_valbool_flag(sk, SOCK_BROADCAST, valbool);
743 break;
744 case SO_SNDBUF:
745 /* Don't error on this BSD doesn't and if you think
746 * about it this is right. Otherwise apps have to
747 * play 'guess the biggest size' games. RCVBUF/SNDBUF
748 * are treated in BSD as hints
749 */
750 val = min_t(u32, val, sysctl_wmem_max);
751set_sndbuf:
752 sk->sk_userlocks |= SOCK_SNDBUF_LOCK;
753 sk->sk_sndbuf = max_t(int, val * 2, SOCK_MIN_SNDBUF);
754 /* Wake up sending tasks if we upped the value. */
755 sk->sk_write_space(sk);
756 break;
757
758 case SO_SNDBUFFORCE:
759 if (!capable(CAP_NET_ADMIN)) {
760 ret = -EPERM;
761 break;
762 }
763 goto set_sndbuf;
764
765 case SO_RCVBUF:
766 /* Don't error on this BSD doesn't and if you think
767 * about it this is right. Otherwise apps have to
768 * play 'guess the biggest size' games. RCVBUF/SNDBUF
769 * are treated in BSD as hints
770 */
771 val = min_t(u32, val, sysctl_rmem_max);
772set_rcvbuf:
773 sk->sk_userlocks |= SOCK_RCVBUF_LOCK;
774 /*
775 * We double it on the way in to account for
776 * "struct sk_buff" etc. overhead. Applications
777 * assume that the SO_RCVBUF setting they make will
778 * allow that much actual data to be received on that
779 * socket.
780 *
781 * Applications are unaware that "struct sk_buff" and
782 * other overheads allocate from the receive buffer
783 * during socket buffer allocation.
784 *
785 * And after considering the possible alternatives,
786 * returning the value we actually used in getsockopt
787 * is the most desirable behavior.
788 */
789 sk->sk_rcvbuf = max_t(int, val * 2, SOCK_MIN_RCVBUF);
790 break;
791
792 case SO_RCVBUFFORCE:
793 if (!capable(CAP_NET_ADMIN)) {
794 ret = -EPERM;
795 break;
796 }
797 goto set_rcvbuf;
798
799 case SO_KEEPALIVE:
800 if (sk->sk_prot->keepalive)
801 sk->sk_prot->keepalive(sk, valbool);
802 sock_valbool_flag(sk, SOCK_KEEPOPEN, valbool);
803 break;
804
805 case SO_OOBINLINE:
806 sock_valbool_flag(sk, SOCK_URGINLINE, valbool);
807 break;
808
809 case SO_NO_CHECK:
810 sk->sk_no_check_tx = valbool;
811 break;
812
813 case SO_PRIORITY:
814 if ((val >= 0 && val <= 6) ||
815 ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN))
816 sk->sk_priority = val;
817 else
818 ret = -EPERM;
819 break;
820
821 case SO_LINGER:
822 if (optlen < sizeof(ling)) {
823 ret = -EINVAL; /* 1003.1g */
824 break;
825 }
826 if (copy_from_user(&ling, optval, sizeof(ling))) {
827 ret = -EFAULT;
828 break;
829 }
830 if (!ling.l_onoff)
831 sock_reset_flag(sk, SOCK_LINGER);
832 else {
833#if (BITS_PER_LONG == 32)
834 if ((unsigned int)ling.l_linger >= MAX_SCHEDULE_TIMEOUT/HZ)
835 sk->sk_lingertime = MAX_SCHEDULE_TIMEOUT;
836 else
837#endif
838 sk->sk_lingertime = (unsigned int)ling.l_linger * HZ;
839 sock_set_flag(sk, SOCK_LINGER);
840 }
841 break;
842
843 case SO_BSDCOMPAT:
844 sock_warn_obsolete_bsdism("setsockopt");
845 break;
846
847 case SO_PASSCRED:
848 if (valbool)
849 set_bit(SOCK_PASSCRED, &sock->flags);
850 else
851 clear_bit(SOCK_PASSCRED, &sock->flags);
852 break;
853
854 case SO_TIMESTAMP:
855 case SO_TIMESTAMPNS:
856 if (valbool) {
857 if (optname == SO_TIMESTAMP)
858 sock_reset_flag(sk, SOCK_RCVTSTAMPNS);
859 else
860 sock_set_flag(sk, SOCK_RCVTSTAMPNS);
861 sock_set_flag(sk, SOCK_RCVTSTAMP);
862 sock_enable_timestamp(sk, SOCK_TIMESTAMP);
863 } else {
864 sock_reset_flag(sk, SOCK_RCVTSTAMP);
865 sock_reset_flag(sk, SOCK_RCVTSTAMPNS);
866 }
867 break;
868
869 case SO_TIMESTAMPING:
870 if (val & ~SOF_TIMESTAMPING_MASK) {
871 ret = -EINVAL;
872 break;
873 }
874
875 if (val & SOF_TIMESTAMPING_OPT_ID &&
876 !(sk->sk_tsflags & SOF_TIMESTAMPING_OPT_ID)) {
877 if (sk->sk_protocol == IPPROTO_TCP &&
878 sk->sk_type == SOCK_STREAM) {
879 if ((1 << sk->sk_state) &
880 (TCPF_CLOSE | TCPF_LISTEN)) {
881 ret = -EINVAL;
882 break;
883 }
884 sk->sk_tskey = tcp_sk(sk)->snd_una;
885 } else {
886 sk->sk_tskey = 0;
887 }
888 }
889
890 if (val & SOF_TIMESTAMPING_OPT_STATS &&
891 !(val & SOF_TIMESTAMPING_OPT_TSONLY)) {
892 ret = -EINVAL;
893 break;
894 }
895
896 sk->sk_tsflags = val;
897 if (val & SOF_TIMESTAMPING_RX_SOFTWARE)
898 sock_enable_timestamp(sk,
899 SOCK_TIMESTAMPING_RX_SOFTWARE);
900 else
901 sock_disable_timestamp(sk,
902 (1UL << SOCK_TIMESTAMPING_RX_SOFTWARE));
903 break;
904
905 case SO_RCVLOWAT:
906 if (val < 0)
907 val = INT_MAX;
908 sk->sk_rcvlowat = val ? : 1;
909 break;
910
911 case SO_RCVTIMEO:
912 ret = sock_set_timeout(&sk->sk_rcvtimeo, optval, optlen);
913 break;
914
915 case SO_SNDTIMEO:
916 ret = sock_set_timeout(&sk->sk_sndtimeo, optval, optlen);
917 break;
918
919 case SO_ATTACH_FILTER:
920 ret = -EINVAL;
921 if (optlen == sizeof(struct sock_fprog)) {
922 struct sock_fprog fprog;
923
924 ret = -EFAULT;
925 if (copy_from_user(&fprog, optval, sizeof(fprog)))
926 break;
927
928 ret = sk_attach_filter(&fprog, sk);
929 }
930 break;
931
932 case SO_ATTACH_BPF:
933 ret = -EINVAL;
934 if (optlen == sizeof(u32)) {
935 u32 ufd;
936
937 ret = -EFAULT;
938 if (copy_from_user(&ufd, optval, sizeof(ufd)))
939 break;
940
941 ret = sk_attach_bpf(ufd, sk);
942 }
943 break;
944
945 case SO_ATTACH_REUSEPORT_CBPF:
946 ret = -EINVAL;
947 if (optlen == sizeof(struct sock_fprog)) {
948 struct sock_fprog fprog;
949
950 ret = -EFAULT;
951 if (copy_from_user(&fprog, optval, sizeof(fprog)))
952 break;
953
954 ret = sk_reuseport_attach_filter(&fprog, sk);
955 }
956 break;
957
958 case SO_ATTACH_REUSEPORT_EBPF:
959 ret = -EINVAL;
960 if (optlen == sizeof(u32)) {
961 u32 ufd;
962
963 ret = -EFAULT;
964 if (copy_from_user(&ufd, optval, sizeof(ufd)))
965 break;
966
967 ret = sk_reuseport_attach_bpf(ufd, sk);
968 }
969 break;
970
971 case SO_DETACH_FILTER:
972 ret = sk_detach_filter(sk);
973 break;
974
975 case SO_LOCK_FILTER:
976 if (sock_flag(sk, SOCK_FILTER_LOCKED) && !valbool)
977 ret = -EPERM;
978 else
979 sock_valbool_flag(sk, SOCK_FILTER_LOCKED, valbool);
980 break;
981
982 case SO_PASSSEC:
983 if (valbool)
984 set_bit(SOCK_PASSSEC, &sock->flags);
985 else
986 clear_bit(SOCK_PASSSEC, &sock->flags);
987 break;
988 case SO_MARK:
989 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN))
990 ret = -EPERM;
991 else
992 sk->sk_mark = val;
993 break;
994
995 case SO_RXQ_OVFL:
996 sock_valbool_flag(sk, SOCK_RXQ_OVFL, valbool);
997 break;
998
999 case SO_WIFI_STATUS:
1000 sock_valbool_flag(sk, SOCK_WIFI_STATUS, valbool);
1001 break;
1002
1003 case SO_PEEK_OFF:
1004 if (sock->ops->set_peek_off)
1005 ret = sock->ops->set_peek_off(sk, val);
1006 else
1007 ret = -EOPNOTSUPP;
1008 break;
1009
1010 case SO_NOFCS:
1011 sock_valbool_flag(sk, SOCK_NOFCS, valbool);
1012 break;
1013
1014 case SO_SELECT_ERR_QUEUE:
1015 sock_valbool_flag(sk, SOCK_SELECT_ERR_QUEUE, valbool);
1016 break;
1017
1018#ifdef CONFIG_NET_RX_BUSY_POLL
1019 case SO_BUSY_POLL:
1020 /* allow unprivileged users to decrease the value */
1021 if ((val > sk->sk_ll_usec) && !capable(CAP_NET_ADMIN))
1022 ret = -EPERM;
1023 else {
1024 if (val < 0)
1025 ret = -EINVAL;
1026 else
1027 sk->sk_ll_usec = val;
1028 }
1029 break;
1030#endif
1031
1032 case SO_MAX_PACING_RATE:
1033 if (val != ~0U)
1034 cmpxchg(&sk->sk_pacing_status,
1035 SK_PACING_NONE,
1036 SK_PACING_NEEDED);
1037 sk->sk_max_pacing_rate = val;
1038 sk->sk_pacing_rate = min(sk->sk_pacing_rate,
1039 sk->sk_max_pacing_rate);
1040 break;
1041
1042 case SO_INCOMING_CPU:
1043 sk->sk_incoming_cpu = val;
1044 break;
1045
1046 case SO_CNX_ADVICE:
1047 if (val == 1)
1048 dst_negative_advice(sk);
1049 break;
1050
1051 case SO_ZEROCOPY:
1052 if (sk->sk_family == PF_INET || sk->sk_family == PF_INET6) {
1053 if (sk->sk_protocol != IPPROTO_TCP)
1054 ret = -ENOTSUPP;
1055 } else if (sk->sk_family != PF_RDS) {
1056 ret = -ENOTSUPP;
1057 }
1058 if (!ret) {
1059 if (val < 0 || val > 1)
1060 ret = -EINVAL;
1061 else
1062 sock_valbool_flag(sk, SOCK_ZEROCOPY, valbool);
1063 }
1064 break;
1065
1066 default:
1067 ret = -ENOPROTOOPT;
1068 break;
1069 }
1070 release_sock(sk);
1071 return ret;
1072}
1073EXPORT_SYMBOL(sock_setsockopt);
1074
1075
1076static void cred_to_ucred(struct pid *pid, const struct cred *cred,
1077 struct ucred *ucred)
1078{
1079 ucred->pid = pid_vnr(pid);
1080 ucred->uid = ucred->gid = -1;
1081 if (cred) {
1082 struct user_namespace *current_ns = current_user_ns();
1083
1084 ucred->uid = from_kuid_munged(current_ns, cred->euid);
1085 ucred->gid = from_kgid_munged(current_ns, cred->egid);
1086 }
1087}
1088
1089static int groups_to_user(gid_t __user *dst, const struct group_info *src)
1090{
1091 struct user_namespace *user_ns = current_user_ns();
1092 int i;
1093
1094 for (i = 0; i < src->ngroups; i++)
1095 if (put_user(from_kgid_munged(user_ns, src->gid[i]), dst + i))
1096 return -EFAULT;
1097
1098 return 0;
1099}
1100
1101int sock_getsockopt(struct socket *sock, int level, int optname,
1102 char __user *optval, int __user *optlen)
1103{
1104 struct sock *sk = sock->sk;
1105
1106 union {
1107 int val;
1108 u64 val64;
1109 struct linger ling;
1110 struct timeval tm;
1111 } v;
1112
1113 int lv = sizeof(int);
1114 int len;
1115
1116 if (get_user(len, optlen))
1117 return -EFAULT;
1118 if (len < 0)
1119 return -EINVAL;
1120
1121 memset(&v, 0, sizeof(v));
1122
1123 switch (optname) {
1124 case SO_DEBUG:
1125 v.val = sock_flag(sk, SOCK_DBG);
1126 break;
1127
1128 case SO_DONTROUTE:
1129 v.val = sock_flag(sk, SOCK_LOCALROUTE);
1130 break;
1131
1132 case SO_BROADCAST:
1133 v.val = sock_flag(sk, SOCK_BROADCAST);
1134 break;
1135
1136 case SO_SNDBUF:
1137 v.val = sk->sk_sndbuf;
1138 break;
1139
1140 case SO_RCVBUF:
1141 v.val = sk->sk_rcvbuf;
1142 break;
1143
1144 case SO_REUSEADDR:
1145 v.val = sk->sk_reuse;
1146 break;
1147
1148 case SO_REUSEPORT:
1149 v.val = sk->sk_reuseport;
1150 break;
1151
1152 case SO_KEEPALIVE:
1153 v.val = sock_flag(sk, SOCK_KEEPOPEN);
1154 break;
1155
1156 case SO_TYPE:
1157 v.val = sk->sk_type;
1158 break;
1159
1160 case SO_PROTOCOL:
1161 v.val = sk->sk_protocol;
1162 break;
1163
1164 case SO_DOMAIN:
1165 v.val = sk->sk_family;
1166 break;
1167
1168 case SO_ERROR:
1169 v.val = -sock_error(sk);
1170 if (v.val == 0)
1171 v.val = xchg(&sk->sk_err_soft, 0);
1172 break;
1173
1174 case SO_OOBINLINE:
1175 v.val = sock_flag(sk, SOCK_URGINLINE);
1176 break;
1177
1178 case SO_NO_CHECK:
1179 v.val = sk->sk_no_check_tx;
1180 break;
1181
1182 case SO_PRIORITY:
1183 v.val = sk->sk_priority;
1184 break;
1185
1186 case SO_LINGER:
1187 lv = sizeof(v.ling);
1188 v.ling.l_onoff = sock_flag(sk, SOCK_LINGER);
1189 v.ling.l_linger = sk->sk_lingertime / HZ;
1190 break;
1191
1192 case SO_BSDCOMPAT:
1193 sock_warn_obsolete_bsdism("getsockopt");
1194 break;
1195
1196 case SO_TIMESTAMP:
1197 v.val = sock_flag(sk, SOCK_RCVTSTAMP) &&
1198 !sock_flag(sk, SOCK_RCVTSTAMPNS);
1199 break;
1200
1201 case SO_TIMESTAMPNS:
1202 v.val = sock_flag(sk, SOCK_RCVTSTAMPNS);
1203 break;
1204
1205 case SO_TIMESTAMPING:
1206 v.val = sk->sk_tsflags;
1207 break;
1208
1209 case SO_RCVTIMEO:
1210 lv = sizeof(struct timeval);
1211 if (sk->sk_rcvtimeo == MAX_SCHEDULE_TIMEOUT) {
1212 v.tm.tv_sec = 0;
1213 v.tm.tv_usec = 0;
1214 } else {
1215 v.tm.tv_sec = sk->sk_rcvtimeo / HZ;
1216 v.tm.tv_usec = ((sk->sk_rcvtimeo % HZ) * USEC_PER_SEC) / HZ;
1217 }
1218 break;
1219
1220 case SO_SNDTIMEO:
1221 lv = sizeof(struct timeval);
1222 if (sk->sk_sndtimeo == MAX_SCHEDULE_TIMEOUT) {
1223 v.tm.tv_sec = 0;
1224 v.tm.tv_usec = 0;
1225 } else {
1226 v.tm.tv_sec = sk->sk_sndtimeo / HZ;
1227 v.tm.tv_usec = ((sk->sk_sndtimeo % HZ) * USEC_PER_SEC) / HZ;
1228 }
1229 break;
1230
1231 case SO_RCVLOWAT:
1232 v.val = sk->sk_rcvlowat;
1233 break;
1234
1235 case SO_SNDLOWAT:
1236 v.val = 1;
1237 break;
1238
1239 case SO_PASSCRED:
1240 v.val = !!test_bit(SOCK_PASSCRED, &sock->flags);
1241 break;
1242
1243 case SO_PEERCRED:
1244 {
1245 struct ucred peercred;
1246 if (len > sizeof(peercred))
1247 len = sizeof(peercred);
1248 cred_to_ucred(sk->sk_peer_pid, sk->sk_peer_cred, &peercred);
1249 if (copy_to_user(optval, &peercred, len))
1250 return -EFAULT;
1251 goto lenout;
1252 }
1253
1254 case SO_PEERGROUPS:
1255 {
1256 int ret, n;
1257
1258 if (!sk->sk_peer_cred)
1259 return -ENODATA;
1260
1261 n = sk->sk_peer_cred->group_info->ngroups;
1262 if (len < n * sizeof(gid_t)) {
1263 len = n * sizeof(gid_t);
1264 return put_user(len, optlen) ? -EFAULT : -ERANGE;
1265 }
1266 len = n * sizeof(gid_t);
1267
1268 ret = groups_to_user((gid_t __user *)optval,
1269 sk->sk_peer_cred->group_info);
1270 if (ret)
1271 return ret;
1272 goto lenout;
1273 }
1274
1275 case SO_PEERNAME:
1276 {
1277 char address[128];
1278
1279 lv = sock->ops->getname(sock, (struct sockaddr *)address, 2);
1280 if (lv < 0)
1281 return -ENOTCONN;
1282 if (lv < len)
1283 return -EINVAL;
1284 if (copy_to_user(optval, address, len))
1285 return -EFAULT;
1286 goto lenout;
1287 }
1288
1289 /* Dubious BSD thing... Probably nobody even uses it, but
1290 * the UNIX standard wants it for whatever reason... -DaveM
1291 */
1292 case SO_ACCEPTCONN:
1293 v.val = sk->sk_state == TCP_LISTEN;
1294 break;
1295
1296 case SO_PASSSEC:
1297 v.val = !!test_bit(SOCK_PASSSEC, &sock->flags);
1298 break;
1299
1300 case SO_PEERSEC:
1301 return security_socket_getpeersec_stream(sock, optval, optlen, len);
1302
1303 case SO_MARK:
1304 v.val = sk->sk_mark;
1305 break;
1306
1307 case SO_RXQ_OVFL:
1308 v.val = sock_flag(sk, SOCK_RXQ_OVFL);
1309 break;
1310
1311 case SO_WIFI_STATUS:
1312 v.val = sock_flag(sk, SOCK_WIFI_STATUS);
1313 break;
1314
1315 case SO_PEEK_OFF:
1316 if (!sock->ops->set_peek_off)
1317 return -EOPNOTSUPP;
1318
1319 v.val = sk->sk_peek_off;
1320 break;
1321 case SO_NOFCS:
1322 v.val = sock_flag(sk, SOCK_NOFCS);
1323 break;
1324
1325 case SO_BINDTODEVICE:
1326 return sock_getbindtodevice(sk, optval, optlen, len);
1327
1328 case SO_GET_FILTER:
1329 len = sk_get_filter(sk, (struct sock_filter __user *)optval, len);
1330 if (len < 0)
1331 return len;
1332
1333 goto lenout;
1334
1335 case SO_LOCK_FILTER:
1336 v.val = sock_flag(sk, SOCK_FILTER_LOCKED);
1337 break;
1338
1339 case SO_BPF_EXTENSIONS:
1340 v.val = bpf_tell_extensions();
1341 break;
1342
1343 case SO_SELECT_ERR_QUEUE:
1344 v.val = sock_flag(sk, SOCK_SELECT_ERR_QUEUE);
1345 break;
1346
1347#ifdef CONFIG_NET_RX_BUSY_POLL
1348 case SO_BUSY_POLL:
1349 v.val = sk->sk_ll_usec;
1350 break;
1351#endif
1352
1353 case SO_MAX_PACING_RATE:
1354 v.val = sk->sk_max_pacing_rate;
1355 break;
1356
1357 case SO_INCOMING_CPU:
1358 v.val = sk->sk_incoming_cpu;
1359 break;
1360
1361 case SO_MEMINFO:
1362 {
1363 u32 meminfo[SK_MEMINFO_VARS];
1364
1365 if (get_user(len, optlen))
1366 return -EFAULT;
1367
1368 sk_get_meminfo(sk, meminfo);
1369
1370 len = min_t(unsigned int, len, sizeof(meminfo));
1371 if (copy_to_user(optval, &meminfo, len))
1372 return -EFAULT;
1373
1374 goto lenout;
1375 }
1376
1377#ifdef CONFIG_NET_RX_BUSY_POLL
1378 case SO_INCOMING_NAPI_ID:
1379 v.val = READ_ONCE(sk->sk_napi_id);
1380
1381 /* aggregate non-NAPI IDs down to 0 */
1382 if (v.val < MIN_NAPI_ID)
1383 v.val = 0;
1384
1385 break;
1386#endif
1387
1388 case SO_COOKIE:
1389 lv = sizeof(u64);
1390 if (len < lv)
1391 return -EINVAL;
1392 v.val64 = sock_gen_cookie(sk);
1393 break;
1394
1395 case SO_ZEROCOPY:
1396 v.val = sock_flag(sk, SOCK_ZEROCOPY);
1397 break;
1398
1399 default:
1400 /* We implement the SO_SNDLOWAT etc to not be settable
1401 * (1003.1g 7).
1402 */
1403 return -ENOPROTOOPT;
1404 }
1405
1406 if (len > lv)
1407 len = lv;
1408 if (copy_to_user(optval, &v, len))
1409 return -EFAULT;
1410lenout:
1411 if (put_user(len, optlen))
1412 return -EFAULT;
1413 return 0;
1414}
1415
1416/*
1417 * Initialize an sk_lock.
1418 *
1419 * (We also register the sk_lock with the lock validator.)
1420 */
1421static inline void sock_lock_init(struct sock *sk)
1422{
1423 if (sk->sk_kern_sock)
1424 sock_lock_init_class_and_name(
1425 sk,
1426 af_family_kern_slock_key_strings[sk->sk_family],
1427 af_family_kern_slock_keys + sk->sk_family,
1428 af_family_kern_key_strings[sk->sk_family],
1429 af_family_kern_keys + sk->sk_family);
1430 else
1431 sock_lock_init_class_and_name(
1432 sk,
1433 af_family_slock_key_strings[sk->sk_family],
1434 af_family_slock_keys + sk->sk_family,
1435 af_family_key_strings[sk->sk_family],
1436 af_family_keys + sk->sk_family);
1437}
1438
1439/*
1440 * Copy all fields from osk to nsk but nsk->sk_refcnt must not change yet,
1441 * even temporarly, because of RCU lookups. sk_node should also be left as is.
1442 * We must not copy fields between sk_dontcopy_begin and sk_dontcopy_end
1443 */
1444static void sock_copy(struct sock *nsk, const struct sock *osk)
1445{
1446#ifdef CONFIG_SECURITY_NETWORK
1447 void *sptr = nsk->sk_security;
1448#endif
1449 memcpy(nsk, osk, offsetof(struct sock, sk_dontcopy_begin));
1450
1451 memcpy(&nsk->sk_dontcopy_end, &osk->sk_dontcopy_end,
1452 osk->sk_prot->obj_size - offsetof(struct sock, sk_dontcopy_end));
1453
1454#ifdef CONFIG_SECURITY_NETWORK
1455 nsk->sk_security = sptr;
1456 security_sk_clone(osk, nsk);
1457#endif
1458}
1459
1460static struct sock *sk_prot_alloc(struct proto *prot, gfp_t priority,
1461 int family)
1462{
1463 struct sock *sk;
1464 struct kmem_cache *slab;
1465
1466 slab = prot->slab;
1467 if (slab != NULL) {
1468 sk = kmem_cache_alloc(slab, priority & ~__GFP_ZERO);
1469 if (!sk)
1470 return sk;
1471 if (priority & __GFP_ZERO)
1472 sk_prot_clear_nulls(sk, prot->obj_size);
1473 } else
1474 sk = kmalloc(prot->obj_size, priority);
1475
1476 if (sk != NULL) {
1477 if (security_sk_alloc(sk, family, priority))
1478 goto out_free;
1479
1480 if (!try_module_get(prot->owner))
1481 goto out_free_sec;
1482 sk_tx_queue_clear(sk);
1483 }
1484
1485 return sk;
1486
1487out_free_sec:
1488 security_sk_free(sk);
1489out_free:
1490 if (slab != NULL)
1491 kmem_cache_free(slab, sk);
1492 else
1493 kfree(sk);
1494 return NULL;
1495}
1496
1497static void sk_prot_free(struct proto *prot, struct sock *sk)
1498{
1499 struct kmem_cache *slab;
1500 struct module *owner;
1501
1502 owner = prot->owner;
1503 slab = prot->slab;
1504
1505 cgroup_sk_free(&sk->sk_cgrp_data);
1506 mem_cgroup_sk_free(sk);
1507 security_sk_free(sk);
1508 if (slab != NULL)
1509 kmem_cache_free(slab, sk);
1510 else
1511 kfree(sk);
1512 module_put(owner);
1513}
1514
1515/**
1516 * sk_alloc - All socket objects are allocated here
1517 * @net: the applicable net namespace
1518 * @family: protocol family
1519 * @priority: for allocation (%GFP_KERNEL, %GFP_ATOMIC, etc)
1520 * @prot: struct proto associated with this new sock instance
1521 * @kern: is this to be a kernel socket?
1522 */
1523struct sock *sk_alloc(struct net *net, int family, gfp_t priority,
1524 struct proto *prot, int kern)
1525{
1526 struct sock *sk;
1527
1528 sk = sk_prot_alloc(prot, priority | __GFP_ZERO, family);
1529 if (sk) {
1530 sk->sk_family = family;
1531 /*
1532 * See comment in struct sock definition to understand
1533 * why we need sk_prot_creator -acme
1534 */
1535 sk->sk_prot = sk->sk_prot_creator = prot;
1536 sk->sk_kern_sock = kern;
1537 sock_lock_init(sk);
1538 sk->sk_net_refcnt = kern ? 0 : 1;
1539 if (likely(sk->sk_net_refcnt)) {
1540 get_net(net);
1541 sock_inuse_add(net, 1);
1542 }
1543
1544 sock_net_set(sk, net);
1545 refcount_set(&sk->sk_wmem_alloc, 1);
1546
1547 mem_cgroup_sk_alloc(sk);
1548 cgroup_sk_alloc(&sk->sk_cgrp_data);
1549 sock_update_classid(&sk->sk_cgrp_data);
1550 sock_update_netprioidx(&sk->sk_cgrp_data);
1551 }
1552
1553 return sk;
1554}
1555EXPORT_SYMBOL(sk_alloc);
1556
1557/* Sockets having SOCK_RCU_FREE will call this function after one RCU
1558 * grace period. This is the case for UDP sockets and TCP listeners.
1559 */
1560static void __sk_destruct(struct rcu_head *head)
1561{
1562 struct sock *sk = container_of(head, struct sock, sk_rcu);
1563 struct sk_filter *filter;
1564
1565 if (sk->sk_destruct)
1566 sk->sk_destruct(sk);
1567
1568 filter = rcu_dereference_check(sk->sk_filter,
1569 refcount_read(&sk->sk_wmem_alloc) == 0);
1570 if (filter) {
1571 sk_filter_uncharge(sk, filter);
1572 RCU_INIT_POINTER(sk->sk_filter, NULL);
1573 }
1574 if (rcu_access_pointer(sk->sk_reuseport_cb))
1575 reuseport_detach_sock(sk);
1576
1577 sock_disable_timestamp(sk, SK_FLAGS_TIMESTAMP);
1578
1579 if (atomic_read(&sk->sk_omem_alloc))
1580 pr_debug("%s: optmem leakage (%d bytes) detected\n",
1581 __func__, atomic_read(&sk->sk_omem_alloc));
1582
1583 if (sk->sk_frag.page) {
1584 put_page(sk->sk_frag.page);
1585 sk->sk_frag.page = NULL;
1586 }
1587
1588 if (sk->sk_peer_cred)
1589 put_cred(sk->sk_peer_cred);
1590 put_pid(sk->sk_peer_pid);
1591 if (likely(sk->sk_net_refcnt))
1592 put_net(sock_net(sk));
1593 sk_prot_free(sk->sk_prot_creator, sk);
1594}
1595
1596void sk_destruct(struct sock *sk)
1597{
1598 if (sock_flag(sk, SOCK_RCU_FREE))
1599 call_rcu(&sk->sk_rcu, __sk_destruct);
1600 else
1601 __sk_destruct(&sk->sk_rcu);
1602}
1603
1604static void __sk_free(struct sock *sk)
1605{
1606 if (likely(sk->sk_net_refcnt))
1607 sock_inuse_add(sock_net(sk), -1);
1608
1609 if (unlikely(sk->sk_net_refcnt && sock_diag_has_destroy_listeners(sk)))
1610 sock_diag_broadcast_destroy(sk);
1611 else
1612 sk_destruct(sk);
1613}
1614
1615void sk_free(struct sock *sk)
1616{
1617 /*
1618 * We subtract one from sk_wmem_alloc and can know if
1619 * some packets are still in some tx queue.
1620 * If not null, sock_wfree() will call __sk_free(sk) later
1621 */
1622 if (refcount_dec_and_test(&sk->sk_wmem_alloc))
1623 __sk_free(sk);
1624}
1625EXPORT_SYMBOL(sk_free);
1626
1627static void sk_init_common(struct sock *sk)
1628{
1629 skb_queue_head_init(&sk->sk_receive_queue);
1630 skb_queue_head_init(&sk->sk_write_queue);
1631 skb_queue_head_init(&sk->sk_error_queue);
1632
1633 rwlock_init(&sk->sk_callback_lock);
1634 lockdep_set_class_and_name(&sk->sk_receive_queue.lock,
1635 af_rlock_keys + sk->sk_family,
1636 af_family_rlock_key_strings[sk->sk_family]);
1637 lockdep_set_class_and_name(&sk->sk_write_queue.lock,
1638 af_wlock_keys + sk->sk_family,
1639 af_family_wlock_key_strings[sk->sk_family]);
1640 lockdep_set_class_and_name(&sk->sk_error_queue.lock,
1641 af_elock_keys + sk->sk_family,
1642 af_family_elock_key_strings[sk->sk_family]);
1643 lockdep_set_class_and_name(&sk->sk_callback_lock,
1644 af_callback_keys + sk->sk_family,
1645 af_family_clock_key_strings[sk->sk_family]);
1646}
1647
1648/**
1649 * sk_clone_lock - clone a socket, and lock its clone
1650 * @sk: the socket to clone
1651 * @priority: for allocation (%GFP_KERNEL, %GFP_ATOMIC, etc)
1652 *
1653 * Caller must unlock socket even in error path (bh_unlock_sock(newsk))
1654 */
1655struct sock *sk_clone_lock(const struct sock *sk, const gfp_t priority)
1656{
1657 struct sock *newsk;
1658 bool is_charged = true;
1659
1660 newsk = sk_prot_alloc(sk->sk_prot, priority, sk->sk_family);
1661 if (newsk != NULL) {
1662 struct sk_filter *filter;
1663
1664 sock_copy(newsk, sk);
1665
1666 newsk->sk_prot_creator = sk->sk_prot;
1667
1668 /* SANITY */
1669 if (likely(newsk->sk_net_refcnt))
1670 get_net(sock_net(newsk));
1671 sk_node_init(&newsk->sk_node);
1672 sock_lock_init(newsk);
1673 bh_lock_sock(newsk);
1674 newsk->sk_backlog.head = newsk->sk_backlog.tail = NULL;
1675 newsk->sk_backlog.len = 0;
1676
1677 atomic_set(&newsk->sk_rmem_alloc, 0);
1678 /*
1679 * sk_wmem_alloc set to one (see sk_free() and sock_wfree())
1680 */
1681 refcount_set(&newsk->sk_wmem_alloc, 1);
1682 atomic_set(&newsk->sk_omem_alloc, 0);
1683 sk_init_common(newsk);
1684
1685 newsk->sk_dst_cache = NULL;
1686 newsk->sk_dst_pending_confirm = 0;
1687 newsk->sk_wmem_queued = 0;
1688 newsk->sk_forward_alloc = 0;
1689 atomic_set(&newsk->sk_drops, 0);
1690 newsk->sk_send_head = NULL;
1691 newsk->sk_userlocks = sk->sk_userlocks & ~SOCK_BINDPORT_LOCK;
1692 atomic_set(&newsk->sk_zckey, 0);
1693
1694 sock_reset_flag(newsk, SOCK_DONE);
1695 mem_cgroup_sk_alloc(newsk);
1696 cgroup_sk_alloc(&newsk->sk_cgrp_data);
1697
1698 rcu_read_lock();
1699 filter = rcu_dereference(sk->sk_filter);
1700 if (filter != NULL)
1701 /* though it's an empty new sock, the charging may fail
1702 * if sysctl_optmem_max was changed between creation of
1703 * original socket and cloning
1704 */
1705 is_charged = sk_filter_charge(newsk, filter);
1706 RCU_INIT_POINTER(newsk->sk_filter, filter);
1707 rcu_read_unlock();
1708
1709 if (unlikely(!is_charged || xfrm_sk_clone_policy(newsk, sk))) {
1710 /* We need to make sure that we don't uncharge the new
1711 * socket if we couldn't charge it in the first place
1712 * as otherwise we uncharge the parent's filter.
1713 */
1714 if (!is_charged)
1715 RCU_INIT_POINTER(newsk->sk_filter, NULL);
1716 sk_free_unlock_clone(newsk);
1717 newsk = NULL;
1718 goto out;
1719 }
1720 RCU_INIT_POINTER(newsk->sk_reuseport_cb, NULL);
1721
1722 newsk->sk_err = 0;
1723 newsk->sk_err_soft = 0;
1724 newsk->sk_priority = 0;
1725 newsk->sk_incoming_cpu = raw_smp_processor_id();
1726 atomic64_set(&newsk->sk_cookie, 0);
1727 if (likely(newsk->sk_net_refcnt))
1728 sock_inuse_add(sock_net(newsk), 1);
1729
1730 /*
1731 * Before updating sk_refcnt, we must commit prior changes to memory
1732 * (Documentation/RCU/rculist_nulls.txt for details)
1733 */
1734 smp_wmb();
1735 refcount_set(&newsk->sk_refcnt, 2);
1736
1737 /*
1738 * Increment the counter in the same struct proto as the master
1739 * sock (sk_refcnt_debug_inc uses newsk->sk_prot->socks, that
1740 * is the same as sk->sk_prot->socks, as this field was copied
1741 * with memcpy).
1742 *
1743 * This _changes_ the previous behaviour, where
1744 * tcp_create_openreq_child always was incrementing the
1745 * equivalent to tcp_prot->socks (inet_sock_nr), so this have
1746 * to be taken into account in all callers. -acme
1747 */
1748 sk_refcnt_debug_inc(newsk);
1749 sk_set_socket(newsk, NULL);
1750 newsk->sk_wq = NULL;
1751
1752 if (newsk->sk_prot->sockets_allocated)
1753 sk_sockets_allocated_inc(newsk);
1754
1755 if (sock_needs_netstamp(sk) &&
1756 newsk->sk_flags & SK_FLAGS_TIMESTAMP)
1757 net_enable_timestamp();
1758 }
1759out:
1760 return newsk;
1761}
1762EXPORT_SYMBOL_GPL(sk_clone_lock);
1763
1764void sk_free_unlock_clone(struct sock *sk)
1765{
1766 /* It is still raw copy of parent, so invalidate
1767 * destructor and make plain sk_free() */
1768 sk->sk_destruct = NULL;
1769 bh_unlock_sock(sk);
1770 sk_free(sk);
1771}
1772EXPORT_SYMBOL_GPL(sk_free_unlock_clone);
1773
1774void sk_setup_caps(struct sock *sk, struct dst_entry *dst)
1775{
1776 u32 max_segs = 1;
1777
1778 sk_dst_set(sk, dst);
1779 sk->sk_route_caps = dst->dev->features | sk->sk_route_forced_caps;
1780 if (sk->sk_route_caps & NETIF_F_GSO)
1781 sk->sk_route_caps |= NETIF_F_GSO_SOFTWARE;
1782 sk->sk_route_caps &= ~sk->sk_route_nocaps;
1783 if (sk_can_gso(sk)) {
1784 if (dst->header_len && !xfrm_dst_offload_ok(dst)) {
1785 sk->sk_route_caps &= ~NETIF_F_GSO_MASK;
1786 } else {
1787 sk->sk_route_caps |= NETIF_F_SG | NETIF_F_HW_CSUM;
1788 sk->sk_gso_max_size = dst->dev->gso_max_size;
1789 max_segs = max_t(u32, dst->dev->gso_max_segs, 1);
1790 }
1791 }
1792 sk->sk_gso_max_segs = max_segs;
1793}
1794EXPORT_SYMBOL_GPL(sk_setup_caps);
1795
1796/*
1797 * Simple resource managers for sockets.
1798 */
1799
1800
1801/*
1802 * Write buffer destructor automatically called from kfree_skb.
1803 */
1804void sock_wfree(struct sk_buff *skb)
1805{
1806 struct sock *sk = skb->sk;
1807 unsigned int len = skb->truesize;
1808
1809 if (!sock_flag(sk, SOCK_USE_WRITE_QUEUE)) {
1810 /*
1811 * Keep a reference on sk_wmem_alloc, this will be released
1812 * after sk_write_space() call
1813 */
1814 WARN_ON(refcount_sub_and_test(len - 1, &sk->sk_wmem_alloc));
1815 sk->sk_write_space(sk);
1816 len = 1;
1817 }
1818 /*
1819 * if sk_wmem_alloc reaches 0, we must finish what sk_free()
1820 * could not do because of in-flight packets
1821 */
1822 if (refcount_sub_and_test(len, &sk->sk_wmem_alloc))
1823 __sk_free(sk);
1824}
1825EXPORT_SYMBOL(sock_wfree);
1826
1827/* This variant of sock_wfree() is used by TCP,
1828 * since it sets SOCK_USE_WRITE_QUEUE.
1829 */
1830void __sock_wfree(struct sk_buff *skb)
1831{
1832 struct sock *sk = skb->sk;
1833
1834 if (refcount_sub_and_test(skb->truesize, &sk->sk_wmem_alloc))
1835 __sk_free(sk);
1836}
1837
1838void skb_set_owner_w(struct sk_buff *skb, struct sock *sk)
1839{
1840 skb_orphan(skb);
1841 skb->sk = sk;
1842#ifdef CONFIG_INET
1843 if (unlikely(!sk_fullsock(sk))) {
1844 skb->destructor = sock_edemux;
1845 sock_hold(sk);
1846 return;
1847 }
1848#endif
1849 skb->destructor = sock_wfree;
1850 skb_set_hash_from_sk(skb, sk);
1851 /*
1852 * We used to take a refcount on sk, but following operation
1853 * is enough to guarantee sk_free() wont free this sock until
1854 * all in-flight packets are completed
1855 */
1856 refcount_add(skb->truesize, &sk->sk_wmem_alloc);
1857}
1858EXPORT_SYMBOL(skb_set_owner_w);
1859
1860/* This helper is used by netem, as it can hold packets in its
1861 * delay queue. We want to allow the owner socket to send more
1862 * packets, as if they were already TX completed by a typical driver.
1863 * But we also want to keep skb->sk set because some packet schedulers
1864 * rely on it (sch_fq for example).
1865 */
1866void skb_orphan_partial(struct sk_buff *skb)
1867{
1868 if (skb_is_tcp_pure_ack(skb))
1869 return;
1870
1871 if (skb->destructor == sock_wfree
1872#ifdef CONFIG_INET
1873 || skb->destructor == tcp_wfree
1874#endif
1875 ) {
1876 struct sock *sk = skb->sk;
1877
1878 if (refcount_inc_not_zero(&sk->sk_refcnt)) {
1879 WARN_ON(refcount_sub_and_test(skb->truesize, &sk->sk_wmem_alloc));
1880 skb->destructor = sock_efree;
1881 }
1882 } else {
1883 skb_orphan(skb);
1884 }
1885}
1886EXPORT_SYMBOL(skb_orphan_partial);
1887
1888/*
1889 * Read buffer destructor automatically called from kfree_skb.
1890 */
1891void sock_rfree(struct sk_buff *skb)
1892{
1893 struct sock *sk = skb->sk;
1894 unsigned int len = skb->truesize;
1895
1896 atomic_sub(len, &sk->sk_rmem_alloc);
1897 sk_mem_uncharge(sk, len);
1898}
1899EXPORT_SYMBOL(sock_rfree);
1900
1901/*
1902 * Buffer destructor for skbs that are not used directly in read or write
1903 * path, e.g. for error handler skbs. Automatically called from kfree_skb.
1904 */
1905void sock_efree(struct sk_buff *skb)
1906{
1907 sock_put(skb->sk);
1908}
1909EXPORT_SYMBOL(sock_efree);
1910
1911kuid_t sock_i_uid(struct sock *sk)
1912{
1913 kuid_t uid;
1914
1915 read_lock_bh(&sk->sk_callback_lock);
1916 uid = sk->sk_socket ? SOCK_INODE(sk->sk_socket)->i_uid : GLOBAL_ROOT_UID;
1917 read_unlock_bh(&sk->sk_callback_lock);
1918 return uid;
1919}
1920EXPORT_SYMBOL(sock_i_uid);
1921
1922unsigned long sock_i_ino(struct sock *sk)
1923{
1924 unsigned long ino;
1925
1926 read_lock_bh(&sk->sk_callback_lock);
1927 ino = sk->sk_socket ? SOCK_INODE(sk->sk_socket)->i_ino : 0;
1928 read_unlock_bh(&sk->sk_callback_lock);
1929 return ino;
1930}
1931EXPORT_SYMBOL(sock_i_ino);
1932
1933/*
1934 * Allocate a skb from the socket's send buffer.
1935 */
1936struct sk_buff *sock_wmalloc(struct sock *sk, unsigned long size, int force,
1937 gfp_t priority)
1938{
1939 if (force || refcount_read(&sk->sk_wmem_alloc) < sk->sk_sndbuf) {
1940 struct sk_buff *skb = alloc_skb(size, priority);
1941 if (skb) {
1942 skb_set_owner_w(skb, sk);
1943 return skb;
1944 }
1945 }
1946 return NULL;
1947}
1948EXPORT_SYMBOL(sock_wmalloc);
1949
1950static void sock_ofree(struct sk_buff *skb)
1951{
1952 struct sock *sk = skb->sk;
1953
1954 atomic_sub(skb->truesize, &sk->sk_omem_alloc);
1955}
1956
1957struct sk_buff *sock_omalloc(struct sock *sk, unsigned long size,
1958 gfp_t priority)
1959{
1960 struct sk_buff *skb;
1961
1962 /* small safe race: SKB_TRUESIZE may differ from final skb->truesize */
1963 if (atomic_read(&sk->sk_omem_alloc) + SKB_TRUESIZE(size) >
1964 sysctl_optmem_max)
1965 return NULL;
1966
1967 skb = alloc_skb(size, priority);
1968 if (!skb)
1969 return NULL;
1970
1971 atomic_add(skb->truesize, &sk->sk_omem_alloc);
1972 skb->sk = sk;
1973 skb->destructor = sock_ofree;
1974 return skb;
1975}
1976
1977/*
1978 * Allocate a memory block from the socket's option memory buffer.
1979 */
1980void *sock_kmalloc(struct sock *sk, int size, gfp_t priority)
1981{
1982 if ((unsigned int)size <= sysctl_optmem_max &&
1983 atomic_read(&sk->sk_omem_alloc) + size < sysctl_optmem_max) {
1984 void *mem;
1985 /* First do the add, to avoid the race if kmalloc
1986 * might sleep.
1987 */
1988 atomic_add(size, &sk->sk_omem_alloc);
1989 mem = kmalloc(size, priority);
1990 if (mem)
1991 return mem;
1992 atomic_sub(size, &sk->sk_omem_alloc);
1993 }
1994 return NULL;
1995}
1996EXPORT_SYMBOL(sock_kmalloc);
1997
1998/* Free an option memory block. Note, we actually want the inline
1999 * here as this allows gcc to detect the nullify and fold away the
2000 * condition entirely.
2001 */
2002static inline void __sock_kfree_s(struct sock *sk, void *mem, int size,
2003 const bool nullify)
2004{
2005 if (WARN_ON_ONCE(!mem))
2006 return;
2007 if (nullify)
2008 kzfree(mem);
2009 else
2010 kfree(mem);
2011 atomic_sub(size, &sk->sk_omem_alloc);
2012}
2013
2014void sock_kfree_s(struct sock *sk, void *mem, int size)
2015{
2016 __sock_kfree_s(sk, mem, size, false);
2017}
2018EXPORT_SYMBOL(sock_kfree_s);
2019
2020void sock_kzfree_s(struct sock *sk, void *mem, int size)
2021{
2022 __sock_kfree_s(sk, mem, size, true);
2023}
2024EXPORT_SYMBOL(sock_kzfree_s);
2025
2026/* It is almost wait_for_tcp_memory minus release_sock/lock_sock.
2027 I think, these locks should be removed for datagram sockets.
2028 */
2029static long sock_wait_for_wmem(struct sock *sk, long timeo)
2030{
2031 DEFINE_WAIT(wait);
2032
2033 sk_clear_bit(SOCKWQ_ASYNC_NOSPACE, sk);
2034 for (;;) {
2035 if (!timeo)
2036 break;
2037 if (signal_pending(current))
2038 break;
2039 set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
2040 prepare_to_wait(sk_sleep(sk), &wait, TASK_INTERRUPTIBLE);
2041 if (refcount_read(&sk->sk_wmem_alloc) < sk->sk_sndbuf)
2042 break;
2043 if (sk->sk_shutdown & SEND_SHUTDOWN)
2044 break;
2045 if (sk->sk_err)
2046 break;
2047 timeo = schedule_timeout(timeo);
2048 }
2049 finish_wait(sk_sleep(sk), &wait);
2050 return timeo;
2051}
2052
2053
2054/*
2055 * Generic send/receive buffer handlers
2056 */
2057
2058struct sk_buff *sock_alloc_send_pskb(struct sock *sk, unsigned long header_len,
2059 unsigned long data_len, int noblock,
2060 int *errcode, int max_page_order)
2061{
2062 struct sk_buff *skb;
2063 long timeo;
2064 int err;
2065
2066 timeo = sock_sndtimeo(sk, noblock);
2067 for (;;) {
2068 err = sock_error(sk);
2069 if (err != 0)
2070 goto failure;
2071
2072 err = -EPIPE;
2073 if (sk->sk_shutdown & SEND_SHUTDOWN)
2074 goto failure;
2075
2076 if (sk_wmem_alloc_get(sk) < sk->sk_sndbuf)
2077 break;
2078
2079 sk_set_bit(SOCKWQ_ASYNC_NOSPACE, sk);
2080 set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
2081 err = -EAGAIN;
2082 if (!timeo)
2083 goto failure;
2084 if (signal_pending(current))
2085 goto interrupted;
2086 timeo = sock_wait_for_wmem(sk, timeo);
2087 }
2088 skb = alloc_skb_with_frags(header_len, data_len, max_page_order,
2089 errcode, sk->sk_allocation);
2090 if (skb)
2091 skb_set_owner_w(skb, sk);
2092 return skb;
2093
2094interrupted:
2095 err = sock_intr_errno(timeo);
2096failure:
2097 *errcode = err;
2098 return NULL;
2099}
2100EXPORT_SYMBOL(sock_alloc_send_pskb);
2101
2102struct sk_buff *sock_alloc_send_skb(struct sock *sk, unsigned long size,
2103 int noblock, int *errcode)
2104{
2105 return sock_alloc_send_pskb(sk, size, 0, noblock, errcode, 0);
2106}
2107EXPORT_SYMBOL(sock_alloc_send_skb);
2108
2109int __sock_cmsg_send(struct sock *sk, struct msghdr *msg, struct cmsghdr *cmsg,
2110 struct sockcm_cookie *sockc)
2111{
2112 u32 tsflags;
2113
2114 switch (cmsg->cmsg_type) {
2115 case SO_MARK:
2116 if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN))
2117 return -EPERM;
2118 if (cmsg->cmsg_len != CMSG_LEN(sizeof(u32)))
2119 return -EINVAL;
2120 sockc->mark = *(u32 *)CMSG_DATA(cmsg);
2121 break;
2122 case SO_TIMESTAMPING:
2123 if (cmsg->cmsg_len != CMSG_LEN(sizeof(u32)))
2124 return -EINVAL;
2125
2126 tsflags = *(u32 *)CMSG_DATA(cmsg);
2127 if (tsflags & ~SOF_TIMESTAMPING_TX_RECORD_MASK)
2128 return -EINVAL;
2129
2130 sockc->tsflags &= ~SOF_TIMESTAMPING_TX_RECORD_MASK;
2131 sockc->tsflags |= tsflags;
2132 break;
2133 /* SCM_RIGHTS and SCM_CREDENTIALS are semantically in SOL_UNIX. */
2134 case SCM_RIGHTS:
2135 case SCM_CREDENTIALS:
2136 break;
2137 default:
2138 return -EINVAL;
2139 }
2140 return 0;
2141}
2142EXPORT_SYMBOL(__sock_cmsg_send);
2143
2144int sock_cmsg_send(struct sock *sk, struct msghdr *msg,
2145 struct sockcm_cookie *sockc)
2146{
2147 struct cmsghdr *cmsg;
2148 int ret;
2149
2150 for_each_cmsghdr(cmsg, msg) {
2151 if (!CMSG_OK(msg, cmsg))
2152 return -EINVAL;
2153 if (cmsg->cmsg_level != SOL_SOCKET)
2154 continue;
2155 ret = __sock_cmsg_send(sk, msg, cmsg, sockc);
2156 if (ret)
2157 return ret;
2158 }
2159 return 0;
2160}
2161EXPORT_SYMBOL(sock_cmsg_send);
2162
2163static void sk_enter_memory_pressure(struct sock *sk)
2164{
2165 if (!sk->sk_prot->enter_memory_pressure)
2166 return;
2167
2168 sk->sk_prot->enter_memory_pressure(sk);
2169}
2170
2171static void sk_leave_memory_pressure(struct sock *sk)
2172{
2173 if (sk->sk_prot->leave_memory_pressure) {
2174 sk->sk_prot->leave_memory_pressure(sk);
2175 } else {
2176 unsigned long *memory_pressure = sk->sk_prot->memory_pressure;
2177
2178 if (memory_pressure && *memory_pressure)
2179 *memory_pressure = 0;
2180 }
2181}
2182
2183/* On 32bit arches, an skb frag is limited to 2^15 */
2184#define SKB_FRAG_PAGE_ORDER get_order(32768)
2185
2186/**
2187 * skb_page_frag_refill - check that a page_frag contains enough room
2188 * @sz: minimum size of the fragment we want to get
2189 * @pfrag: pointer to page_frag
2190 * @gfp: priority for memory allocation
2191 *
2192 * Note: While this allocator tries to use high order pages, there is
2193 * no guarantee that allocations succeed. Therefore, @sz MUST be
2194 * less or equal than PAGE_SIZE.
2195 */
2196bool skb_page_frag_refill(unsigned int sz, struct page_frag *pfrag, gfp_t gfp)
2197{
2198 if (pfrag->page) {
2199 if (page_ref_count(pfrag->page) == 1) {
2200 pfrag->offset = 0;
2201 return true;
2202 }
2203 if (pfrag->offset + sz <= pfrag->size)
2204 return true;
2205 put_page(pfrag->page);
2206 }
2207
2208 pfrag->offset = 0;
2209 if (SKB_FRAG_PAGE_ORDER) {
2210 /* Avoid direct reclaim but allow kswapd to wake */
2211 pfrag->page = alloc_pages((gfp & ~__GFP_DIRECT_RECLAIM) |
2212 __GFP_COMP | __GFP_NOWARN |
2213 __GFP_NORETRY,
2214 SKB_FRAG_PAGE_ORDER);
2215 if (likely(pfrag->page)) {
2216 pfrag->size = PAGE_SIZE << SKB_FRAG_PAGE_ORDER;
2217 return true;
2218 }
2219 }
2220 pfrag->page = alloc_page(gfp);
2221 if (likely(pfrag->page)) {
2222 pfrag->size = PAGE_SIZE;
2223 return true;
2224 }
2225 return false;
2226}
2227EXPORT_SYMBOL(skb_page_frag_refill);
2228
2229bool sk_page_frag_refill(struct sock *sk, struct page_frag *pfrag)
2230{
2231 if (likely(skb_page_frag_refill(32U, pfrag, sk->sk_allocation)))
2232 return true;
2233
2234 sk_enter_memory_pressure(sk);
2235 sk_stream_moderate_sndbuf(sk);
2236 return false;
2237}
2238EXPORT_SYMBOL(sk_page_frag_refill);
2239
2240int sk_alloc_sg(struct sock *sk, int len, struct scatterlist *sg,
2241 int sg_start, int *sg_curr_index, unsigned int *sg_curr_size,
2242 int first_coalesce)
2243{
2244 int sg_curr = *sg_curr_index, use = 0, rc = 0;
2245 unsigned int size = *sg_curr_size;
2246 struct page_frag *pfrag;
2247 struct scatterlist *sge;
2248
2249 len -= size;
2250 pfrag = sk_page_frag(sk);
2251
2252 while (len > 0) {
2253 unsigned int orig_offset;
2254
2255 if (!sk_page_frag_refill(sk, pfrag)) {
2256 rc = -ENOMEM;
2257 goto out;
2258 }
2259
2260 use = min_t(int, len, pfrag->size - pfrag->offset);
2261
2262 if (!sk_wmem_schedule(sk, use)) {
2263 rc = -ENOMEM;
2264 goto out;
2265 }
2266
2267 sk_mem_charge(sk, use);
2268 size += use;
2269 orig_offset = pfrag->offset;
2270 pfrag->offset += use;
2271
2272 sge = sg + sg_curr - 1;
2273 if (sg_curr > first_coalesce && sg_page(sg) == pfrag->page &&
2274 sg->offset + sg->length == orig_offset) {
2275 sg->length += use;
2276 } else {
2277 sge = sg + sg_curr;
2278 sg_unmark_end(sge);
2279 sg_set_page(sge, pfrag->page, use, orig_offset);
2280 get_page(pfrag->page);
2281 sg_curr++;
2282
2283 if (sg_curr == MAX_SKB_FRAGS)
2284 sg_curr = 0;
2285
2286 if (sg_curr == sg_start) {
2287 rc = -ENOSPC;
2288 break;
2289 }
2290 }
2291
2292 len -= use;
2293 }
2294out:
2295 *sg_curr_size = size;
2296 *sg_curr_index = sg_curr;
2297 return rc;
2298}
2299EXPORT_SYMBOL(sk_alloc_sg);
2300
2301static void __lock_sock(struct sock *sk)
2302 __releases(&sk->sk_lock.slock)
2303 __acquires(&sk->sk_lock.slock)
2304{
2305 DEFINE_WAIT(wait);
2306
2307 for (;;) {
2308 prepare_to_wait_exclusive(&sk->sk_lock.wq, &wait,
2309 TASK_UNINTERRUPTIBLE);
2310 spin_unlock_bh(&sk->sk_lock.slock);
2311 schedule();
2312 spin_lock_bh(&sk->sk_lock.slock);
2313 if (!sock_owned_by_user(sk))
2314 break;
2315 }
2316 finish_wait(&sk->sk_lock.wq, &wait);
2317}
2318
2319static void __release_sock(struct sock *sk)
2320 __releases(&sk->sk_lock.slock)
2321 __acquires(&sk->sk_lock.slock)
2322{
2323 struct sk_buff *skb, *next;
2324
2325 while ((skb = sk->sk_backlog.head) != NULL) {
2326 sk->sk_backlog.head = sk->sk_backlog.tail = NULL;
2327
2328 spin_unlock_bh(&sk->sk_lock.slock);
2329
2330 do {
2331 next = skb->next;
2332 prefetch(next);
2333 WARN_ON_ONCE(skb_dst_is_noref(skb));
2334 skb->next = NULL;
2335 sk_backlog_rcv(sk, skb);
2336
2337 cond_resched();
2338
2339 skb = next;
2340 } while (skb != NULL);
2341
2342 spin_lock_bh(&sk->sk_lock.slock);
2343 }
2344
2345 /*
2346 * Doing the zeroing here guarantee we can not loop forever
2347 * while a wild producer attempts to flood us.
2348 */
2349 sk->sk_backlog.len = 0;
2350}
2351
2352void __sk_flush_backlog(struct sock *sk)
2353{
2354 spin_lock_bh(&sk->sk_lock.slock);
2355 __release_sock(sk);
2356 spin_unlock_bh(&sk->sk_lock.slock);
2357}
2358
2359/**
2360 * sk_wait_data - wait for data to arrive at sk_receive_queue
2361 * @sk: sock to wait on
2362 * @timeo: for how long
2363 * @skb: last skb seen on sk_receive_queue
2364 *
2365 * Now socket state including sk->sk_err is changed only under lock,
2366 * hence we may omit checks after joining wait queue.
2367 * We check receive queue before schedule() only as optimization;
2368 * it is very likely that release_sock() added new data.
2369 */
2370int sk_wait_data(struct sock *sk, long *timeo, const struct sk_buff *skb)
2371{
2372 DEFINE_WAIT_FUNC(wait, woken_wake_function);
2373 int rc;
2374
2375 add_wait_queue(sk_sleep(sk), &wait);
2376 sk_set_bit(SOCKWQ_ASYNC_WAITDATA, sk);
2377 rc = sk_wait_event(sk, timeo, skb_peek_tail(&sk->sk_receive_queue) != skb, &wait);
2378 sk_clear_bit(SOCKWQ_ASYNC_WAITDATA, sk);
2379 remove_wait_queue(sk_sleep(sk), &wait);
2380 return rc;
2381}
2382EXPORT_SYMBOL(sk_wait_data);
2383
2384/**
2385 * __sk_mem_raise_allocated - increase memory_allocated
2386 * @sk: socket
2387 * @size: memory size to allocate
2388 * @amt: pages to allocate
2389 * @kind: allocation type
2390 *
2391 * Similar to __sk_mem_schedule(), but does not update sk_forward_alloc
2392 */
2393int __sk_mem_raise_allocated(struct sock *sk, int size, int amt, int kind)
2394{
2395 struct proto *prot = sk->sk_prot;
2396 long allocated = sk_memory_allocated_add(sk, amt);
2397
2398 if (mem_cgroup_sockets_enabled && sk->sk_memcg &&
2399 !mem_cgroup_charge_skmem(sk->sk_memcg, amt))
2400 goto suppress_allocation;
2401
2402 /* Under limit. */
2403 if (allocated <= sk_prot_mem_limits(sk, 0)) {
2404 sk_leave_memory_pressure(sk);
2405 return 1;
2406 }
2407
2408 /* Under pressure. */
2409 if (allocated > sk_prot_mem_limits(sk, 1))
2410 sk_enter_memory_pressure(sk);
2411
2412 /* Over hard limit. */
2413 if (allocated > sk_prot_mem_limits(sk, 2))
2414 goto suppress_allocation;
2415
2416 /* guarantee minimum buffer size under pressure */
2417 if (kind == SK_MEM_RECV) {
2418 if (atomic_read(&sk->sk_rmem_alloc) < sk_get_rmem0(sk, prot))
2419 return 1;
2420
2421 } else { /* SK_MEM_SEND */
2422 int wmem0 = sk_get_wmem0(sk, prot);
2423
2424 if (sk->sk_type == SOCK_STREAM) {
2425 if (sk->sk_wmem_queued < wmem0)
2426 return 1;
2427 } else if (refcount_read(&sk->sk_wmem_alloc) < wmem0) {
2428 return 1;
2429 }
2430 }
2431
2432 if (sk_has_memory_pressure(sk)) {
2433 int alloc;
2434
2435 if (!sk_under_memory_pressure(sk))
2436 return 1;
2437 alloc = sk_sockets_allocated_read_positive(sk);
2438 if (sk_prot_mem_limits(sk, 2) > alloc *
2439 sk_mem_pages(sk->sk_wmem_queued +
2440 atomic_read(&sk->sk_rmem_alloc) +
2441 sk->sk_forward_alloc))
2442 return 1;
2443 }
2444
2445suppress_allocation:
2446
2447 if (kind == SK_MEM_SEND && sk->sk_type == SOCK_STREAM) {
2448 sk_stream_moderate_sndbuf(sk);
2449
2450 /* Fail only if socket is _under_ its sndbuf.
2451 * In this case we cannot block, so that we have to fail.
2452 */
2453 if (sk->sk_wmem_queued + size >= sk->sk_sndbuf)
2454 return 1;
2455 }
2456
2457 trace_sock_exceed_buf_limit(sk, prot, allocated);
2458
2459 sk_memory_allocated_sub(sk, amt);
2460
2461 if (mem_cgroup_sockets_enabled && sk->sk_memcg)
2462 mem_cgroup_uncharge_skmem(sk->sk_memcg, amt);
2463
2464 return 0;
2465}
2466EXPORT_SYMBOL(__sk_mem_raise_allocated);
2467
2468/**
2469 * __sk_mem_schedule - increase sk_forward_alloc and memory_allocated
2470 * @sk: socket
2471 * @size: memory size to allocate
2472 * @kind: allocation type
2473 *
2474 * If kind is SK_MEM_SEND, it means wmem allocation. Otherwise it means
2475 * rmem allocation. This function assumes that protocols which have
2476 * memory_pressure use sk_wmem_queued as write buffer accounting.
2477 */
2478int __sk_mem_schedule(struct sock *sk, int size, int kind)
2479{
2480 int ret, amt = sk_mem_pages(size);
2481
2482 sk->sk_forward_alloc += amt << SK_MEM_QUANTUM_SHIFT;
2483 ret = __sk_mem_raise_allocated(sk, size, amt, kind);
2484 if (!ret)
2485 sk->sk_forward_alloc -= amt << SK_MEM_QUANTUM_SHIFT;
2486 return ret;
2487}
2488EXPORT_SYMBOL(__sk_mem_schedule);
2489
2490/**
2491 * __sk_mem_reduce_allocated - reclaim memory_allocated
2492 * @sk: socket
2493 * @amount: number of quanta
2494 *
2495 * Similar to __sk_mem_reclaim(), but does not update sk_forward_alloc
2496 */
2497void __sk_mem_reduce_allocated(struct sock *sk, int amount)
2498{
2499 sk_memory_allocated_sub(sk, amount);
2500
2501 if (mem_cgroup_sockets_enabled && sk->sk_memcg)
2502 mem_cgroup_uncharge_skmem(sk->sk_memcg, amount);
2503
2504 if (sk_under_memory_pressure(sk) &&
2505 (sk_memory_allocated(sk) < sk_prot_mem_limits(sk, 0)))
2506 sk_leave_memory_pressure(sk);
2507}
2508EXPORT_SYMBOL(__sk_mem_reduce_allocated);
2509
2510/**
2511 * __sk_mem_reclaim - reclaim sk_forward_alloc and memory_allocated
2512 * @sk: socket
2513 * @amount: number of bytes (rounded down to a SK_MEM_QUANTUM multiple)
2514 */
2515void __sk_mem_reclaim(struct sock *sk, int amount)
2516{
2517 amount >>= SK_MEM_QUANTUM_SHIFT;
2518 sk->sk_forward_alloc -= amount << SK_MEM_QUANTUM_SHIFT;
2519 __sk_mem_reduce_allocated(sk, amount);
2520}
2521EXPORT_SYMBOL(__sk_mem_reclaim);
2522
2523int sk_set_peek_off(struct sock *sk, int val)
2524{
2525 sk->sk_peek_off = val;
2526 return 0;
2527}
2528EXPORT_SYMBOL_GPL(sk_set_peek_off);
2529
2530/*
2531 * Set of default routines for initialising struct proto_ops when
2532 * the protocol does not support a particular function. In certain
2533 * cases where it makes no sense for a protocol to have a "do nothing"
2534 * function, some default processing is provided.
2535 */
2536
2537int sock_no_bind(struct socket *sock, struct sockaddr *saddr, int len)
2538{
2539 return -EOPNOTSUPP;
2540}
2541EXPORT_SYMBOL(sock_no_bind);
2542
2543int sock_no_connect(struct socket *sock, struct sockaddr *saddr,
2544 int len, int flags)
2545{
2546 return -EOPNOTSUPP;
2547}
2548EXPORT_SYMBOL(sock_no_connect);
2549
2550int sock_no_socketpair(struct socket *sock1, struct socket *sock2)
2551{
2552 return -EOPNOTSUPP;
2553}
2554EXPORT_SYMBOL(sock_no_socketpair);
2555
2556int sock_no_accept(struct socket *sock, struct socket *newsock, int flags,
2557 bool kern)
2558{
2559 return -EOPNOTSUPP;
2560}
2561EXPORT_SYMBOL(sock_no_accept);
2562
2563int sock_no_getname(struct socket *sock, struct sockaddr *saddr,
2564 int peer)
2565{
2566 return -EOPNOTSUPP;
2567}
2568EXPORT_SYMBOL(sock_no_getname);
2569
2570__poll_t sock_no_poll(struct file *file, struct socket *sock, poll_table *pt)
2571{
2572 return 0;
2573}
2574EXPORT_SYMBOL(sock_no_poll);
2575
2576int sock_no_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
2577{
2578 return -EOPNOTSUPP;
2579}
2580EXPORT_SYMBOL(sock_no_ioctl);
2581
2582int sock_no_listen(struct socket *sock, int backlog)
2583{
2584 return -EOPNOTSUPP;
2585}
2586EXPORT_SYMBOL(sock_no_listen);
2587
2588int sock_no_shutdown(struct socket *sock, int how)
2589{
2590 return -EOPNOTSUPP;
2591}
2592EXPORT_SYMBOL(sock_no_shutdown);
2593
2594int sock_no_setsockopt(struct socket *sock, int level, int optname,
2595 char __user *optval, unsigned int optlen)
2596{
2597 return -EOPNOTSUPP;
2598}
2599EXPORT_SYMBOL(sock_no_setsockopt);
2600
2601int sock_no_getsockopt(struct socket *sock, int level, int optname,
2602 char __user *optval, int __user *optlen)
2603{
2604 return -EOPNOTSUPP;
2605}
2606EXPORT_SYMBOL(sock_no_getsockopt);
2607
2608int sock_no_sendmsg(struct socket *sock, struct msghdr *m, size_t len)
2609{
2610 return -EOPNOTSUPP;
2611}
2612EXPORT_SYMBOL(sock_no_sendmsg);
2613
2614int sock_no_sendmsg_locked(struct sock *sk, struct msghdr *m, size_t len)
2615{
2616 return -EOPNOTSUPP;
2617}
2618EXPORT_SYMBOL(sock_no_sendmsg_locked);
2619
2620int sock_no_recvmsg(struct socket *sock, struct msghdr *m, size_t len,
2621 int flags)
2622{
2623 return -EOPNOTSUPP;
2624}
2625EXPORT_SYMBOL(sock_no_recvmsg);
2626
2627int sock_no_mmap(struct file *file, struct socket *sock, struct vm_area_struct *vma)
2628{
2629 /* Mirror missing mmap method error code */
2630 return -ENODEV;
2631}
2632EXPORT_SYMBOL(sock_no_mmap);
2633
2634ssize_t sock_no_sendpage(struct socket *sock, struct page *page, int offset, size_t size, int flags)
2635{
2636 ssize_t res;
2637 struct msghdr msg = {.msg_flags = flags};
2638 struct kvec iov;
2639 char *kaddr = kmap(page);
2640 iov.iov_base = kaddr + offset;
2641 iov.iov_len = size;
2642 res = kernel_sendmsg(sock, &msg, &iov, 1, size);
2643 kunmap(page);
2644 return res;
2645}
2646EXPORT_SYMBOL(sock_no_sendpage);
2647
2648ssize_t sock_no_sendpage_locked(struct sock *sk, struct page *page,
2649 int offset, size_t size, int flags)
2650{
2651 ssize_t res;
2652 struct msghdr msg = {.msg_flags = flags};
2653 struct kvec iov;
2654 char *kaddr = kmap(page);
2655
2656 iov.iov_base = kaddr + offset;
2657 iov.iov_len = size;
2658 res = kernel_sendmsg_locked(sk, &msg, &iov, 1, size);
2659 kunmap(page);
2660 return res;
2661}
2662EXPORT_SYMBOL(sock_no_sendpage_locked);
2663
2664/*
2665 * Default Socket Callbacks
2666 */
2667
2668static void sock_def_wakeup(struct sock *sk)
2669{
2670 struct socket_wq *wq;
2671
2672 rcu_read_lock();
2673 wq = rcu_dereference(sk->sk_wq);
2674 if (skwq_has_sleeper(wq))
2675 wake_up_interruptible_all(&wq->wait);
2676 rcu_read_unlock();
2677}
2678
2679static void sock_def_error_report(struct sock *sk)
2680{
2681 struct socket_wq *wq;
2682
2683 rcu_read_lock();
2684 wq = rcu_dereference(sk->sk_wq);
2685 if (skwq_has_sleeper(wq))
2686 wake_up_interruptible_poll(&wq->wait, EPOLLERR);
2687 sk_wake_async(sk, SOCK_WAKE_IO, POLL_ERR);
2688 rcu_read_unlock();
2689}
2690
2691static void sock_def_readable(struct sock *sk)
2692{
2693 struct socket_wq *wq;
2694
2695 rcu_read_lock();
2696 wq = rcu_dereference(sk->sk_wq);
2697 if (skwq_has_sleeper(wq))
2698 wake_up_interruptible_sync_poll(&wq->wait, EPOLLIN | EPOLLPRI |
2699 EPOLLRDNORM | EPOLLRDBAND);
2700 sk_wake_async(sk, SOCK_WAKE_WAITD, POLL_IN);
2701 rcu_read_unlock();
2702}
2703
2704static void sock_def_write_space(struct sock *sk)
2705{
2706 struct socket_wq *wq;
2707
2708 rcu_read_lock();
2709
2710 /* Do not wake up a writer until he can make "significant"
2711 * progress. --DaveM
2712 */
2713 if ((refcount_read(&sk->sk_wmem_alloc) << 1) <= sk->sk_sndbuf) {
2714 wq = rcu_dereference(sk->sk_wq);
2715 if (skwq_has_sleeper(wq))
2716 wake_up_interruptible_sync_poll(&wq->wait, EPOLLOUT |
2717 EPOLLWRNORM | EPOLLWRBAND);
2718
2719 /* Should agree with poll, otherwise some programs break */
2720 if (sock_writeable(sk))
2721 sk_wake_async(sk, SOCK_WAKE_SPACE, POLL_OUT);
2722 }
2723
2724 rcu_read_unlock();
2725}
2726
2727static void sock_def_destruct(struct sock *sk)
2728{
2729}
2730
2731void sk_send_sigurg(struct sock *sk)
2732{
2733 if (sk->sk_socket && sk->sk_socket->file)
2734 if (send_sigurg(&sk->sk_socket->file->f_owner))
2735 sk_wake_async(sk, SOCK_WAKE_URG, POLL_PRI);
2736}
2737EXPORT_SYMBOL(sk_send_sigurg);
2738
2739void sk_reset_timer(struct sock *sk, struct timer_list* timer,
2740 unsigned long expires)
2741{
2742 if (!mod_timer(timer, expires))
2743 sock_hold(sk);
2744}
2745EXPORT_SYMBOL(sk_reset_timer);
2746
2747void sk_stop_timer(struct sock *sk, struct timer_list* timer)
2748{
2749 if (del_timer(timer))
2750 __sock_put(sk);
2751}
2752EXPORT_SYMBOL(sk_stop_timer);
2753
2754void sock_init_data(struct socket *sock, struct sock *sk)
2755{
2756 sk_init_common(sk);
2757 sk->sk_send_head = NULL;
2758
2759 timer_setup(&sk->sk_timer, NULL, 0);
2760
2761 sk->sk_allocation = GFP_KERNEL;
2762 sk->sk_rcvbuf = sysctl_rmem_default;
2763 sk->sk_sndbuf = sysctl_wmem_default;
2764 sk->sk_state = TCP_CLOSE;
2765 sk_set_socket(sk, sock);
2766
2767 sock_set_flag(sk, SOCK_ZAPPED);
2768
2769 if (sock) {
2770 sk->sk_type = sock->type;
2771 sk->sk_wq = sock->wq;
2772 sock->sk = sk;
2773 sk->sk_uid = SOCK_INODE(sock)->i_uid;
2774 } else {
2775 sk->sk_wq = NULL;
2776 sk->sk_uid = make_kuid(sock_net(sk)->user_ns, 0);
2777 }
2778
2779 rwlock_init(&sk->sk_callback_lock);
2780 if (sk->sk_kern_sock)
2781 lockdep_set_class_and_name(
2782 &sk->sk_callback_lock,
2783 af_kern_callback_keys + sk->sk_family,
2784 af_family_kern_clock_key_strings[sk->sk_family]);
2785 else
2786 lockdep_set_class_and_name(
2787 &sk->sk_callback_lock,
2788 af_callback_keys + sk->sk_family,
2789 af_family_clock_key_strings[sk->sk_family]);
2790
2791 sk->sk_state_change = sock_def_wakeup;
2792 sk->sk_data_ready = sock_def_readable;
2793 sk->sk_write_space = sock_def_write_space;
2794 sk->sk_error_report = sock_def_error_report;
2795 sk->sk_destruct = sock_def_destruct;
2796
2797 sk->sk_frag.page = NULL;
2798 sk->sk_frag.offset = 0;
2799 sk->sk_peek_off = -1;
2800
2801 sk->sk_peer_pid = NULL;
2802 sk->sk_peer_cred = NULL;
2803 sk->sk_write_pending = 0;
2804 sk->sk_rcvlowat = 1;
2805 sk->sk_rcvtimeo = MAX_SCHEDULE_TIMEOUT;
2806 sk->sk_sndtimeo = MAX_SCHEDULE_TIMEOUT;
2807
2808 sk->sk_stamp = SK_DEFAULT_STAMP;
2809 atomic_set(&sk->sk_zckey, 0);
2810
2811#ifdef CONFIG_NET_RX_BUSY_POLL
2812 sk->sk_napi_id = 0;
2813 sk->sk_ll_usec = sysctl_net_busy_read;
2814#endif
2815
2816 sk->sk_max_pacing_rate = ~0U;
2817 sk->sk_pacing_rate = ~0U;
2818 sk->sk_pacing_shift = 10;
2819 sk->sk_incoming_cpu = -1;
2820 /*
2821 * Before updating sk_refcnt, we must commit prior changes to memory
2822 * (Documentation/RCU/rculist_nulls.txt for details)
2823 */
2824 smp_wmb();
2825 refcount_set(&sk->sk_refcnt, 1);
2826 atomic_set(&sk->sk_drops, 0);
2827}
2828EXPORT_SYMBOL(sock_init_data);
2829
2830void lock_sock_nested(struct sock *sk, int subclass)
2831{
2832 might_sleep();
2833 spin_lock_bh(&sk->sk_lock.slock);
2834 if (sk->sk_lock.owned)
2835 __lock_sock(sk);
2836 sk->sk_lock.owned = 1;
2837 spin_unlock(&sk->sk_lock.slock);
2838 /*
2839 * The sk_lock has mutex_lock() semantics here:
2840 */
2841 mutex_acquire(&sk->sk_lock.dep_map, subclass, 0, _RET_IP_);
2842 local_bh_enable();
2843}
2844EXPORT_SYMBOL(lock_sock_nested);
2845
2846void release_sock(struct sock *sk)
2847{
2848 spin_lock_bh(&sk->sk_lock.slock);
2849 if (sk->sk_backlog.tail)
2850 __release_sock(sk);
2851
2852 /* Warning : release_cb() might need to release sk ownership,
2853 * ie call sock_release_ownership(sk) before us.
2854 */
2855 if (sk->sk_prot->release_cb)
2856 sk->sk_prot->release_cb(sk);
2857
2858 sock_release_ownership(sk);
2859 if (waitqueue_active(&sk->sk_lock.wq))
2860 wake_up(&sk->sk_lock.wq);
2861 spin_unlock_bh(&sk->sk_lock.slock);
2862}
2863EXPORT_SYMBOL(release_sock);
2864
2865/**
2866 * lock_sock_fast - fast version of lock_sock
2867 * @sk: socket
2868 *
2869 * This version should be used for very small section, where process wont block
2870 * return false if fast path is taken:
2871 *
2872 * sk_lock.slock locked, owned = 0, BH disabled
2873 *
2874 * return true if slow path is taken:
2875 *
2876 * sk_lock.slock unlocked, owned = 1, BH enabled
2877 */
2878bool lock_sock_fast(struct sock *sk)
2879{
2880 might_sleep();
2881 spin_lock_bh(&sk->sk_lock.slock);
2882
2883 if (!sk->sk_lock.owned)
2884 /*
2885 * Note : We must disable BH
2886 */
2887 return false;
2888
2889 __lock_sock(sk);
2890 sk->sk_lock.owned = 1;
2891 spin_unlock(&sk->sk_lock.slock);
2892 /*
2893 * The sk_lock has mutex_lock() semantics here:
2894 */
2895 mutex_acquire(&sk->sk_lock.dep_map, 0, 0, _RET_IP_);
2896 local_bh_enable();
2897 return true;
2898}
2899EXPORT_SYMBOL(lock_sock_fast);
2900
2901int sock_get_timestamp(struct sock *sk, struct timeval __user *userstamp)
2902{
2903 struct timeval tv;
2904 if (!sock_flag(sk, SOCK_TIMESTAMP))
2905 sock_enable_timestamp(sk, SOCK_TIMESTAMP);
2906 tv = ktime_to_timeval(sk->sk_stamp);
2907 if (tv.tv_sec == -1)
2908 return -ENOENT;
2909 if (tv.tv_sec == 0) {
2910 sk->sk_stamp = ktime_get_real();
2911 tv = ktime_to_timeval(sk->sk_stamp);
2912 }
2913 return copy_to_user(userstamp, &tv, sizeof(tv)) ? -EFAULT : 0;
2914}
2915EXPORT_SYMBOL(sock_get_timestamp);
2916
2917int sock_get_timestampns(struct sock *sk, struct timespec __user *userstamp)
2918{
2919 struct timespec ts;
2920 if (!sock_flag(sk, SOCK_TIMESTAMP))
2921 sock_enable_timestamp(sk, SOCK_TIMESTAMP);
2922 ts = ktime_to_timespec(sk->sk_stamp);
2923 if (ts.tv_sec == -1)
2924 return -ENOENT;
2925 if (ts.tv_sec == 0) {
2926 sk->sk_stamp = ktime_get_real();
2927 ts = ktime_to_timespec(sk->sk_stamp);
2928 }
2929 return copy_to_user(userstamp, &ts, sizeof(ts)) ? -EFAULT : 0;
2930}
2931EXPORT_SYMBOL(sock_get_timestampns);
2932
2933void sock_enable_timestamp(struct sock *sk, int flag)
2934{
2935 if (!sock_flag(sk, flag)) {
2936 unsigned long previous_flags = sk->sk_flags;
2937
2938 sock_set_flag(sk, flag);
2939 /*
2940 * we just set one of the two flags which require net
2941 * time stamping, but time stamping might have been on
2942 * already because of the other one
2943 */
2944 if (sock_needs_netstamp(sk) &&
2945 !(previous_flags & SK_FLAGS_TIMESTAMP))
2946 net_enable_timestamp();
2947 }
2948}
2949
2950int sock_recv_errqueue(struct sock *sk, struct msghdr *msg, int len,
2951 int level, int type)
2952{
2953 struct sock_exterr_skb *serr;
2954 struct sk_buff *skb;
2955 int copied, err;
2956
2957 err = -EAGAIN;
2958 skb = sock_dequeue_err_skb(sk);
2959 if (skb == NULL)
2960 goto out;
2961
2962 copied = skb->len;
2963 if (copied > len) {
2964 msg->msg_flags |= MSG_TRUNC;
2965 copied = len;
2966 }
2967 err = skb_copy_datagram_msg(skb, 0, msg, copied);
2968 if (err)
2969 goto out_free_skb;
2970
2971 sock_recv_timestamp(msg, sk, skb);
2972
2973 serr = SKB_EXT_ERR(skb);
2974 put_cmsg(msg, level, type, sizeof(serr->ee), &serr->ee);
2975
2976 msg->msg_flags |= MSG_ERRQUEUE;
2977 err = copied;
2978
2979out_free_skb:
2980 kfree_skb(skb);
2981out:
2982 return err;
2983}
2984EXPORT_SYMBOL(sock_recv_errqueue);
2985
2986/*
2987 * Get a socket option on an socket.
2988 *
2989 * FIX: POSIX 1003.1g is very ambiguous here. It states that
2990 * asynchronous errors should be reported by getsockopt. We assume
2991 * this means if you specify SO_ERROR (otherwise whats the point of it).
2992 */
2993int sock_common_getsockopt(struct socket *sock, int level, int optname,
2994 char __user *optval, int __user *optlen)
2995{
2996 struct sock *sk = sock->sk;
2997
2998 return sk->sk_prot->getsockopt(sk, level, optname, optval, optlen);
2999}
3000EXPORT_SYMBOL(sock_common_getsockopt);
3001
3002#ifdef CONFIG_COMPAT
3003int compat_sock_common_getsockopt(struct socket *sock, int level, int optname,
3004 char __user *optval, int __user *optlen)
3005{
3006 struct sock *sk = sock->sk;
3007
3008 if (sk->sk_prot->compat_getsockopt != NULL)
3009 return sk->sk_prot->compat_getsockopt(sk, level, optname,
3010 optval, optlen);
3011 return sk->sk_prot->getsockopt(sk, level, optname, optval, optlen);
3012}
3013EXPORT_SYMBOL(compat_sock_common_getsockopt);
3014#endif
3015
3016int sock_common_recvmsg(struct socket *sock, struct msghdr *msg, size_t size,
3017 int flags)
3018{
3019 struct sock *sk = sock->sk;
3020 int addr_len = 0;
3021 int err;
3022
3023 err = sk->sk_prot->recvmsg(sk, msg, size, flags & MSG_DONTWAIT,
3024 flags & ~MSG_DONTWAIT, &addr_len);
3025 if (err >= 0)
3026 msg->msg_namelen = addr_len;
3027 return err;
3028}
3029EXPORT_SYMBOL(sock_common_recvmsg);
3030
3031/*
3032 * Set socket options on an inet socket.
3033 */
3034int sock_common_setsockopt(struct socket *sock, int level, int optname,
3035 char __user *optval, unsigned int optlen)
3036{
3037 struct sock *sk = sock->sk;
3038
3039 return sk->sk_prot->setsockopt(sk, level, optname, optval, optlen);
3040}
3041EXPORT_SYMBOL(sock_common_setsockopt);
3042
3043#ifdef CONFIG_COMPAT
3044int compat_sock_common_setsockopt(struct socket *sock, int level, int optname,
3045 char __user *optval, unsigned int optlen)
3046{
3047 struct sock *sk = sock->sk;
3048
3049 if (sk->sk_prot->compat_setsockopt != NULL)
3050 return sk->sk_prot->compat_setsockopt(sk, level, optname,
3051 optval, optlen);
3052 return sk->sk_prot->setsockopt(sk, level, optname, optval, optlen);
3053}
3054EXPORT_SYMBOL(compat_sock_common_setsockopt);
3055#endif
3056
3057void sk_common_release(struct sock *sk)
3058{
3059 if (sk->sk_prot->destroy)
3060 sk->sk_prot->destroy(sk);
3061
3062 /*
3063 * Observation: when sock_common_release is called, processes have
3064 * no access to socket. But net still has.
3065 * Step one, detach it from networking:
3066 *
3067 * A. Remove from hash tables.
3068 */
3069
3070 sk->sk_prot->unhash(sk);
3071
3072 /*
3073 * In this point socket cannot receive new packets, but it is possible
3074 * that some packets are in flight because some CPU runs receiver and
3075 * did hash table lookup before we unhashed socket. They will achieve
3076 * receive queue and will be purged by socket destructor.
3077 *
3078 * Also we still have packets pending on receive queue and probably,
3079 * our own packets waiting in device queues. sock_destroy will drain
3080 * receive queue, but transmitted packets will delay socket destruction
3081 * until the last reference will be released.
3082 */
3083
3084 sock_orphan(sk);
3085
3086 xfrm_sk_free_policy(sk);
3087
3088 sk_refcnt_debug_release(sk);
3089
3090 sock_put(sk);
3091}
3092EXPORT_SYMBOL(sk_common_release);
3093
3094void sk_get_meminfo(const struct sock *sk, u32 *mem)
3095{
3096 memset(mem, 0, sizeof(*mem) * SK_MEMINFO_VARS);
3097
3098 mem[SK_MEMINFO_RMEM_ALLOC] = sk_rmem_alloc_get(sk);
3099 mem[SK_MEMINFO_RCVBUF] = sk->sk_rcvbuf;
3100 mem[SK_MEMINFO_WMEM_ALLOC] = sk_wmem_alloc_get(sk);
3101 mem[SK_MEMINFO_SNDBUF] = sk->sk_sndbuf;
3102 mem[SK_MEMINFO_FWD_ALLOC] = sk->sk_forward_alloc;
3103 mem[SK_MEMINFO_WMEM_QUEUED] = sk->sk_wmem_queued;
3104 mem[SK_MEMINFO_OPTMEM] = atomic_read(&sk->sk_omem_alloc);
3105 mem[SK_MEMINFO_BACKLOG] = sk->sk_backlog.len;
3106 mem[SK_MEMINFO_DROPS] = atomic_read(&sk->sk_drops);
3107}
3108
3109#ifdef CONFIG_PROC_FS
3110#define PROTO_INUSE_NR 64 /* should be enough for the first time */
3111struct prot_inuse {
3112 int val[PROTO_INUSE_NR];
3113};
3114
3115static DECLARE_BITMAP(proto_inuse_idx, PROTO_INUSE_NR);
3116
3117void sock_prot_inuse_add(struct net *net, struct proto *prot, int val)
3118{
3119 __this_cpu_add(net->core.prot_inuse->val[prot->inuse_idx], val);
3120}
3121EXPORT_SYMBOL_GPL(sock_prot_inuse_add);
3122
3123int sock_prot_inuse_get(struct net *net, struct proto *prot)
3124{
3125 int cpu, idx = prot->inuse_idx;
3126 int res = 0;
3127
3128 for_each_possible_cpu(cpu)
3129 res += per_cpu_ptr(net->core.prot_inuse, cpu)->val[idx];
3130
3131 return res >= 0 ? res : 0;
3132}
3133EXPORT_SYMBOL_GPL(sock_prot_inuse_get);
3134
3135static void sock_inuse_add(struct net *net, int val)
3136{
3137 this_cpu_add(*net->core.sock_inuse, val);
3138}
3139
3140int sock_inuse_get(struct net *net)
3141{
3142 int cpu, res = 0;
3143
3144 for_each_possible_cpu(cpu)
3145 res += *per_cpu_ptr(net->core.sock_inuse, cpu);
3146
3147 return res;
3148}
3149
3150EXPORT_SYMBOL_GPL(sock_inuse_get);
3151
3152static int __net_init sock_inuse_init_net(struct net *net)
3153{
3154 net->core.prot_inuse = alloc_percpu(struct prot_inuse);
3155 if (net->core.prot_inuse == NULL)
3156 return -ENOMEM;
3157
3158 net->core.sock_inuse = alloc_percpu(int);
3159 if (net->core.sock_inuse == NULL)
3160 goto out;
3161
3162 return 0;
3163
3164out:
3165 free_percpu(net->core.prot_inuse);
3166 return -ENOMEM;
3167}
3168
3169static void __net_exit sock_inuse_exit_net(struct net *net)
3170{
3171 free_percpu(net->core.prot_inuse);
3172 free_percpu(net->core.sock_inuse);
3173}
3174
3175static struct pernet_operations net_inuse_ops = {
3176 .init = sock_inuse_init_net,
3177 .exit = sock_inuse_exit_net,
3178};
3179
3180static __init int net_inuse_init(void)
3181{
3182 if (register_pernet_subsys(&net_inuse_ops))
3183 panic("Cannot initialize net inuse counters");
3184
3185 return 0;
3186}
3187
3188core_initcall(net_inuse_init);
3189
3190static void assign_proto_idx(struct proto *prot)
3191{
3192 prot->inuse_idx = find_first_zero_bit(proto_inuse_idx, PROTO_INUSE_NR);
3193
3194 if (unlikely(prot->inuse_idx == PROTO_INUSE_NR - 1)) {
3195 pr_err("PROTO_INUSE_NR exhausted\n");
3196 return;
3197 }
3198
3199 set_bit(prot->inuse_idx, proto_inuse_idx);
3200}
3201
3202static void release_proto_idx(struct proto *prot)
3203{
3204 if (prot->inuse_idx != PROTO_INUSE_NR - 1)
3205 clear_bit(prot->inuse_idx, proto_inuse_idx);
3206}
3207#else
3208static inline void assign_proto_idx(struct proto *prot)
3209{
3210}
3211
3212static inline void release_proto_idx(struct proto *prot)
3213{
3214}
3215
3216static void sock_inuse_add(struct net *net, int val)
3217{
3218}
3219#endif
3220
3221static void req_prot_cleanup(struct request_sock_ops *rsk_prot)
3222{
3223 if (!rsk_prot)
3224 return;
3225 kfree(rsk_prot->slab_name);
3226 rsk_prot->slab_name = NULL;
3227 kmem_cache_destroy(rsk_prot->slab);
3228 rsk_prot->slab = NULL;
3229}
3230
3231static int req_prot_init(const struct proto *prot)
3232{
3233 struct request_sock_ops *rsk_prot = prot->rsk_prot;
3234
3235 if (!rsk_prot)
3236 return 0;
3237
3238 rsk_prot->slab_name = kasprintf(GFP_KERNEL, "request_sock_%s",
3239 prot->name);
3240 if (!rsk_prot->slab_name)
3241 return -ENOMEM;
3242
3243 rsk_prot->slab = kmem_cache_create(rsk_prot->slab_name,
3244 rsk_prot->obj_size, 0,
3245 prot->slab_flags, NULL);
3246
3247 if (!rsk_prot->slab) {
3248 pr_crit("%s: Can't create request sock SLAB cache!\n",
3249 prot->name);
3250 return -ENOMEM;
3251 }
3252 return 0;
3253}
3254
3255int proto_register(struct proto *prot, int alloc_slab)
3256{
3257 if (alloc_slab) {
3258 prot->slab = kmem_cache_create_usercopy(prot->name,
3259 prot->obj_size, 0,
3260 SLAB_HWCACHE_ALIGN | prot->slab_flags,
3261 prot->useroffset, prot->usersize,
3262 NULL);
3263
3264 if (prot->slab == NULL) {
3265 pr_crit("%s: Can't create sock SLAB cache!\n",
3266 prot->name);
3267 goto out;
3268 }
3269
3270 if (req_prot_init(prot))
3271 goto out_free_request_sock_slab;
3272
3273 if (prot->twsk_prot != NULL) {
3274 prot->twsk_prot->twsk_slab_name = kasprintf(GFP_KERNEL, "tw_sock_%s", prot->name);
3275
3276 if (prot->twsk_prot->twsk_slab_name == NULL)
3277 goto out_free_request_sock_slab;
3278
3279 prot->twsk_prot->twsk_slab =
3280 kmem_cache_create(prot->twsk_prot->twsk_slab_name,
3281 prot->twsk_prot->twsk_obj_size,
3282 0,
3283 prot->slab_flags,
3284 NULL);
3285 if (prot->twsk_prot->twsk_slab == NULL)
3286 goto out_free_timewait_sock_slab_name;
3287 }
3288 }
3289
3290 mutex_lock(&proto_list_mutex);
3291 list_add(&prot->node, &proto_list);
3292 assign_proto_idx(prot);
3293 mutex_unlock(&proto_list_mutex);
3294 return 0;
3295
3296out_free_timewait_sock_slab_name:
3297 kfree(prot->twsk_prot->twsk_slab_name);
3298out_free_request_sock_slab:
3299 req_prot_cleanup(prot->rsk_prot);
3300
3301 kmem_cache_destroy(prot->slab);
3302 prot->slab = NULL;
3303out:
3304 return -ENOBUFS;
3305}
3306EXPORT_SYMBOL(proto_register);
3307
3308void proto_unregister(struct proto *prot)
3309{
3310 mutex_lock(&proto_list_mutex);
3311 release_proto_idx(prot);
3312 list_del(&prot->node);
3313 mutex_unlock(&proto_list_mutex);
3314
3315 kmem_cache_destroy(prot->slab);
3316 prot->slab = NULL;
3317
3318 req_prot_cleanup(prot->rsk_prot);
3319
3320 if (prot->twsk_prot != NULL && prot->twsk_prot->twsk_slab != NULL) {
3321 kmem_cache_destroy(prot->twsk_prot->twsk_slab);
3322 kfree(prot->twsk_prot->twsk_slab_name);
3323 prot->twsk_prot->twsk_slab = NULL;
3324 }
3325}
3326EXPORT_SYMBOL(proto_unregister);
3327
3328int sock_load_diag_module(int family, int protocol)
3329{
3330 if (!protocol) {
3331 if (!sock_is_registered(family))
3332 return -ENOENT;
3333
3334 return request_module("net-pf-%d-proto-%d-type-%d", PF_NETLINK,
3335 NETLINK_SOCK_DIAG, family);
3336 }
3337
3338#ifdef CONFIG_INET
3339 if (family == AF_INET &&
3340 !rcu_access_pointer(inet_protos[protocol]))
3341 return -ENOENT;
3342#endif
3343
3344 return request_module("net-pf-%d-proto-%d-type-%d-%d", PF_NETLINK,
3345 NETLINK_SOCK_DIAG, family, protocol);
3346}
3347EXPORT_SYMBOL(sock_load_diag_module);
3348
3349#ifdef CONFIG_PROC_FS
3350static void *proto_seq_start(struct seq_file *seq, loff_t *pos)
3351 __acquires(proto_list_mutex)
3352{
3353 mutex_lock(&proto_list_mutex);
3354 return seq_list_start_head(&proto_list, *pos);
3355}
3356
3357static void *proto_seq_next(struct seq_file *seq, void *v, loff_t *pos)
3358{
3359 return seq_list_next(v, &proto_list, pos);
3360}
3361
3362static void proto_seq_stop(struct seq_file *seq, void *v)
3363 __releases(proto_list_mutex)
3364{
3365 mutex_unlock(&proto_list_mutex);
3366}
3367
3368static char proto_method_implemented(const void *method)
3369{
3370 return method == NULL ? 'n' : 'y';
3371}
3372static long sock_prot_memory_allocated(struct proto *proto)
3373{
3374 return proto->memory_allocated != NULL ? proto_memory_allocated(proto) : -1L;
3375}
3376
3377static char *sock_prot_memory_pressure(struct proto *proto)
3378{
3379 return proto->memory_pressure != NULL ?
3380 proto_memory_pressure(proto) ? "yes" : "no" : "NI";
3381}
3382
3383static void proto_seq_printf(struct seq_file *seq, struct proto *proto)
3384{
3385
3386 seq_printf(seq, "%-9s %4u %6d %6ld %-3s %6u %-3s %-10s "
3387 "%2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c %2c\n",
3388 proto->name,
3389 proto->obj_size,
3390 sock_prot_inuse_get(seq_file_net(seq), proto),
3391 sock_prot_memory_allocated(proto),
3392 sock_prot_memory_pressure(proto),
3393 proto->max_header,
3394 proto->slab == NULL ? "no" : "yes",
3395 module_name(proto->owner),
3396 proto_method_implemented(proto->close),
3397 proto_method_implemented(proto->connect),
3398 proto_method_implemented(proto->disconnect),
3399 proto_method_implemented(proto->accept),
3400 proto_method_implemented(proto->ioctl),
3401 proto_method_implemented(proto->init),
3402 proto_method_implemented(proto->destroy),
3403 proto_method_implemented(proto->shutdown),
3404 proto_method_implemented(proto->setsockopt),
3405 proto_method_implemented(proto->getsockopt),
3406 proto_method_implemented(proto->sendmsg),
3407 proto_method_implemented(proto->recvmsg),
3408 proto_method_implemented(proto->sendpage),
3409 proto_method_implemented(proto->bind),
3410 proto_method_implemented(proto->backlog_rcv),
3411 proto_method_implemented(proto->hash),
3412 proto_method_implemented(proto->unhash),
3413 proto_method_implemented(proto->get_port),
3414 proto_method_implemented(proto->enter_memory_pressure));
3415}
3416
3417static int proto_seq_show(struct seq_file *seq, void *v)
3418{
3419 if (v == &proto_list)
3420 seq_printf(seq, "%-9s %-4s %-8s %-6s %-5s %-7s %-4s %-10s %s",
3421 "protocol",
3422 "size",
3423 "sockets",
3424 "memory",
3425 "press",
3426 "maxhdr",
3427 "slab",
3428 "module",
3429 "cl co di ac io in de sh ss gs se re sp bi br ha uh gp em\n");
3430 else
3431 proto_seq_printf(seq, list_entry(v, struct proto, node));
3432 return 0;
3433}
3434
3435static const struct seq_operations proto_seq_ops = {
3436 .start = proto_seq_start,
3437 .next = proto_seq_next,
3438 .stop = proto_seq_stop,
3439 .show = proto_seq_show,
3440};
3441
3442static int proto_seq_open(struct inode *inode, struct file *file)
3443{
3444 return seq_open_net(inode, file, &proto_seq_ops,
3445 sizeof(struct seq_net_private));
3446}
3447
3448static const struct file_operations proto_seq_fops = {
3449 .open = proto_seq_open,
3450 .read = seq_read,
3451 .llseek = seq_lseek,
3452 .release = seq_release_net,
3453};
3454
3455static __net_init int proto_init_net(struct net *net)
3456{
3457 if (!proc_create("protocols", 0444, net->proc_net, &proto_seq_fops))
3458 return -ENOMEM;
3459
3460 return 0;
3461}
3462
3463static __net_exit void proto_exit_net(struct net *net)
3464{
3465 remove_proc_entry("protocols", net->proc_net);
3466}
3467
3468
3469static __net_initdata struct pernet_operations proto_net_ops = {
3470 .init = proto_init_net,
3471 .exit = proto_exit_net,
3472};
3473
3474static int __init proto_init(void)
3475{
3476 return register_pernet_subsys(&proto_net_ops);
3477}
3478
3479subsys_initcall(proto_init);
3480
3481#endif /* PROC_FS */
3482
3483#ifdef CONFIG_NET_RX_BUSY_POLL
3484bool sk_busy_loop_end(void *p, unsigned long start_time)
3485{
3486 struct sock *sk = p;
3487
3488 return !skb_queue_empty(&sk->sk_receive_queue) ||
3489 sk_busy_loop_timeout(sk, start_time);
3490}
3491EXPORT_SYMBOL(sk_busy_loop_end);
3492#endif /* CONFIG_NET_RX_BUSY_POLL */