xref: /openbmc/linux/net/ipv6/ipv6_sockglue.c (revision 15b209cd)
1 // SPDX-License-Identifier: GPL-2.0-or-later
2 /*
3  *	IPv6 BSD socket options interface
4  *	Linux INET6 implementation
5  *
6  *	Authors:
7  *	Pedro Roque		<roque@di.fc.ul.pt>
8  *
9  *	Based on linux/net/ipv4/ip_sockglue.c
10  *
11  *	FIXME: Make the setsockopt code POSIX compliant: That is
12  *
13  *	o	Truncate getsockopt returns
14  *	o	Return an optlen of the truncated length if need be
15  *
16  *	Changes:
17  *	David L Stevens <dlstevens@us.ibm.com>:
18  *		- added multicast source filtering API for MLDv2
19  */
20 
21 #include <linux/module.h>
22 #include <linux/capability.h>
23 #include <linux/errno.h>
24 #include <linux/types.h>
25 #include <linux/socket.h>
26 #include <linux/sockios.h>
27 #include <linux/net.h>
28 #include <linux/in6.h>
29 #include <linux/mroute6.h>
30 #include <linux/netdevice.h>
31 #include <linux/if_arp.h>
32 #include <linux/init.h>
33 #include <linux/sysctl.h>
34 #include <linux/netfilter.h>
35 #include <linux/slab.h>
36 
37 #include <net/sock.h>
38 #include <net/snmp.h>
39 #include <net/ipv6.h>
40 #include <net/ndisc.h>
41 #include <net/protocol.h>
42 #include <net/transp_v6.h>
43 #include <net/ip6_route.h>
44 #include <net/addrconf.h>
45 #include <net/inet_common.h>
46 #include <net/tcp.h>
47 #include <net/udp.h>
48 #include <net/udplite.h>
49 #include <net/xfrm.h>
50 #include <net/compat.h>
51 #include <net/seg6.h>
52 
53 #include <linux/uaccess.h>
54 
55 struct ip6_ra_chain *ip6_ra_chain;
56 DEFINE_RWLOCK(ip6_ra_lock);
57 
58 DEFINE_STATIC_KEY_FALSE(ip6_min_hopcount);
59 
60 int ip6_ra_control(struct sock *sk, int sel)
61 {
62 	struct ip6_ra_chain *ra, *new_ra, **rap;
63 
64 	/* RA packet may be delivered ONLY to IPPROTO_RAW socket */
65 	if (sk->sk_type != SOCK_RAW || inet_sk(sk)->inet_num != IPPROTO_RAW)
66 		return -ENOPROTOOPT;
67 
68 	new_ra = (sel >= 0) ? kmalloc(sizeof(*new_ra), GFP_KERNEL) : NULL;
69 	if (sel >= 0 && !new_ra)
70 		return -ENOMEM;
71 
72 	write_lock_bh(&ip6_ra_lock);
73 	for (rap = &ip6_ra_chain; (ra = *rap) != NULL; rap = &ra->next) {
74 		if (ra->sk == sk) {
75 			if (sel >= 0) {
76 				write_unlock_bh(&ip6_ra_lock);
77 				kfree(new_ra);
78 				return -EADDRINUSE;
79 			}
80 
81 			*rap = ra->next;
82 			write_unlock_bh(&ip6_ra_lock);
83 
84 			sock_put(sk);
85 			kfree(ra);
86 			return 0;
87 		}
88 	}
89 	if (!new_ra) {
90 		write_unlock_bh(&ip6_ra_lock);
91 		return -ENOBUFS;
92 	}
93 	new_ra->sk = sk;
94 	new_ra->sel = sel;
95 	new_ra->next = ra;
96 	*rap = new_ra;
97 	sock_hold(sk);
98 	write_unlock_bh(&ip6_ra_lock);
99 	return 0;
100 }
101 
102 struct ipv6_txoptions *ipv6_update_options(struct sock *sk,
103 					   struct ipv6_txoptions *opt)
104 {
105 	if (inet_sk(sk)->is_icsk) {
106 		if (opt &&
107 		    !((1 << sk->sk_state) & (TCPF_LISTEN | TCPF_CLOSE)) &&
108 		    inet_sk(sk)->inet_daddr != LOOPBACK4_IPV6) {
109 			struct inet_connection_sock *icsk = inet_csk(sk);
110 			icsk->icsk_ext_hdr_len = opt->opt_flen + opt->opt_nflen;
111 			icsk->icsk_sync_mss(sk, icsk->icsk_pmtu_cookie);
112 		}
113 	}
114 	opt = xchg((__force struct ipv6_txoptions **)&inet6_sk(sk)->opt,
115 		   opt);
116 	sk_dst_reset(sk);
117 
118 	return opt;
119 }
120 
121 static bool setsockopt_needs_rtnl(int optname)
122 {
123 	switch (optname) {
124 	case IPV6_ADDRFORM:
125 	case IPV6_ADD_MEMBERSHIP:
126 	case IPV6_DROP_MEMBERSHIP:
127 	case IPV6_JOIN_ANYCAST:
128 	case IPV6_LEAVE_ANYCAST:
129 	case MCAST_JOIN_GROUP:
130 	case MCAST_LEAVE_GROUP:
131 	case MCAST_JOIN_SOURCE_GROUP:
132 	case MCAST_LEAVE_SOURCE_GROUP:
133 	case MCAST_BLOCK_SOURCE:
134 	case MCAST_UNBLOCK_SOURCE:
135 	case MCAST_MSFILTER:
136 		return true;
137 	}
138 	return false;
139 }
140 
141 static int copy_group_source_from_sockptr(struct group_source_req *greqs,
142 		sockptr_t optval, int optlen)
143 {
144 	if (in_compat_syscall()) {
145 		struct compat_group_source_req gr32;
146 
147 		if (optlen < sizeof(gr32))
148 			return -EINVAL;
149 		if (copy_from_sockptr(&gr32, optval, sizeof(gr32)))
150 			return -EFAULT;
151 		greqs->gsr_interface = gr32.gsr_interface;
152 		greqs->gsr_group = gr32.gsr_group;
153 		greqs->gsr_source = gr32.gsr_source;
154 	} else {
155 		if (optlen < sizeof(*greqs))
156 			return -EINVAL;
157 		if (copy_from_sockptr(greqs, optval, sizeof(*greqs)))
158 			return -EFAULT;
159 	}
160 
161 	return 0;
162 }
163 
164 static int do_ipv6_mcast_group_source(struct sock *sk, int optname,
165 		sockptr_t optval, int optlen)
166 {
167 	struct group_source_req greqs;
168 	int omode, add;
169 	int ret;
170 
171 	ret = copy_group_source_from_sockptr(&greqs, optval, optlen);
172 	if (ret)
173 		return ret;
174 
175 	if (greqs.gsr_group.ss_family != AF_INET6 ||
176 	    greqs.gsr_source.ss_family != AF_INET6)
177 		return -EADDRNOTAVAIL;
178 
179 	if (optname == MCAST_BLOCK_SOURCE) {
180 		omode = MCAST_EXCLUDE;
181 		add = 1;
182 	} else if (optname == MCAST_UNBLOCK_SOURCE) {
183 		omode = MCAST_EXCLUDE;
184 		add = 0;
185 	} else if (optname == MCAST_JOIN_SOURCE_GROUP) {
186 		struct sockaddr_in6 *psin6;
187 		int retv;
188 
189 		psin6 = (struct sockaddr_in6 *)&greqs.gsr_group;
190 		retv = ipv6_sock_mc_join_ssm(sk, greqs.gsr_interface,
191 					     &psin6->sin6_addr,
192 					     MCAST_INCLUDE);
193 		/* prior join w/ different source is ok */
194 		if (retv && retv != -EADDRINUSE)
195 			return retv;
196 		omode = MCAST_INCLUDE;
197 		add = 1;
198 	} else /* MCAST_LEAVE_SOURCE_GROUP */ {
199 		omode = MCAST_INCLUDE;
200 		add = 0;
201 	}
202 	return ip6_mc_source(add, omode, sk, &greqs);
203 }
204 
205 static int ipv6_set_mcast_msfilter(struct sock *sk, sockptr_t optval,
206 		int optlen)
207 {
208 	struct group_filter *gsf;
209 	int ret;
210 
211 	if (optlen < GROUP_FILTER_SIZE(0))
212 		return -EINVAL;
213 	if (optlen > READ_ONCE(sysctl_optmem_max))
214 		return -ENOBUFS;
215 
216 	gsf = memdup_sockptr(optval, optlen);
217 	if (IS_ERR(gsf))
218 		return PTR_ERR(gsf);
219 
220 	/* numsrc >= (4G-140)/128 overflow in 32 bits */
221 	ret = -ENOBUFS;
222 	if (gsf->gf_numsrc >= 0x1ffffffU ||
223 	    gsf->gf_numsrc > sysctl_mld_max_msf)
224 		goto out_free_gsf;
225 
226 	ret = -EINVAL;
227 	if (GROUP_FILTER_SIZE(gsf->gf_numsrc) > optlen)
228 		goto out_free_gsf;
229 
230 	ret = ip6_mc_msfilter(sk, gsf, gsf->gf_slist_flex);
231 out_free_gsf:
232 	kfree(gsf);
233 	return ret;
234 }
235 
236 static int compat_ipv6_set_mcast_msfilter(struct sock *sk, sockptr_t optval,
237 		int optlen)
238 {
239 	const int size0 = offsetof(struct compat_group_filter, gf_slist_flex);
240 	struct compat_group_filter *gf32;
241 	void *p;
242 	int ret;
243 	int n;
244 
245 	if (optlen < size0)
246 		return -EINVAL;
247 	if (optlen > READ_ONCE(sysctl_optmem_max) - 4)
248 		return -ENOBUFS;
249 
250 	p = kmalloc(optlen + 4, GFP_KERNEL);
251 	if (!p)
252 		return -ENOMEM;
253 
254 	gf32 = p + 4; /* we want ->gf_group and ->gf_slist_flex aligned */
255 	ret = -EFAULT;
256 	if (copy_from_sockptr(gf32, optval, optlen))
257 		goto out_free_p;
258 
259 	/* numsrc >= (4G-140)/128 overflow in 32 bits */
260 	ret = -ENOBUFS;
261 	n = gf32->gf_numsrc;
262 	if (n >= 0x1ffffffU || n > sysctl_mld_max_msf)
263 		goto out_free_p;
264 
265 	ret = -EINVAL;
266 	if (offsetof(struct compat_group_filter, gf_slist_flex[n]) > optlen)
267 		goto out_free_p;
268 
269 	ret = ip6_mc_msfilter(sk, &(struct group_filter){
270 			.gf_interface = gf32->gf_interface,
271 			.gf_group = gf32->gf_group,
272 			.gf_fmode = gf32->gf_fmode,
273 			.gf_numsrc = gf32->gf_numsrc}, gf32->gf_slist_flex);
274 
275 out_free_p:
276 	kfree(p);
277 	return ret;
278 }
279 
280 static int ipv6_mcast_join_leave(struct sock *sk, int optname,
281 		sockptr_t optval, int optlen)
282 {
283 	struct sockaddr_in6 *psin6;
284 	struct group_req greq;
285 
286 	if (optlen < sizeof(greq))
287 		return -EINVAL;
288 	if (copy_from_sockptr(&greq, optval, sizeof(greq)))
289 		return -EFAULT;
290 
291 	if (greq.gr_group.ss_family != AF_INET6)
292 		return -EADDRNOTAVAIL;
293 	psin6 = (struct sockaddr_in6 *)&greq.gr_group;
294 	if (optname == MCAST_JOIN_GROUP)
295 		return ipv6_sock_mc_join(sk, greq.gr_interface,
296 					 &psin6->sin6_addr);
297 	return ipv6_sock_mc_drop(sk, greq.gr_interface, &psin6->sin6_addr);
298 }
299 
300 static int compat_ipv6_mcast_join_leave(struct sock *sk, int optname,
301 		sockptr_t optval, int optlen)
302 {
303 	struct compat_group_req gr32;
304 	struct sockaddr_in6 *psin6;
305 
306 	if (optlen < sizeof(gr32))
307 		return -EINVAL;
308 	if (copy_from_sockptr(&gr32, optval, sizeof(gr32)))
309 		return -EFAULT;
310 
311 	if (gr32.gr_group.ss_family != AF_INET6)
312 		return -EADDRNOTAVAIL;
313 	psin6 = (struct sockaddr_in6 *)&gr32.gr_group;
314 	if (optname == MCAST_JOIN_GROUP)
315 		return ipv6_sock_mc_join(sk, gr32.gr_interface,
316 					&psin6->sin6_addr);
317 	return ipv6_sock_mc_drop(sk, gr32.gr_interface, &psin6->sin6_addr);
318 }
319 
320 static int ipv6_set_opt_hdr(struct sock *sk, int optname, sockptr_t optval,
321 		int optlen)
322 {
323 	struct ipv6_pinfo *np = inet6_sk(sk);
324 	struct ipv6_opt_hdr *new = NULL;
325 	struct net *net = sock_net(sk);
326 	struct ipv6_txoptions *opt;
327 	int err;
328 
329 	/* hop-by-hop / destination options are privileged option */
330 	if (optname != IPV6_RTHDR && !sockopt_ns_capable(net->user_ns, CAP_NET_RAW))
331 		return -EPERM;
332 
333 	/* remove any sticky options header with a zero option
334 	 * length, per RFC3542.
335 	 */
336 	if (optlen > 0) {
337 		if (sockptr_is_null(optval))
338 			return -EINVAL;
339 		if (optlen < sizeof(struct ipv6_opt_hdr) ||
340 		    optlen & 0x7 ||
341 		    optlen > 8 * 255)
342 			return -EINVAL;
343 
344 		new = memdup_sockptr(optval, optlen);
345 		if (IS_ERR(new))
346 			return PTR_ERR(new);
347 		if (unlikely(ipv6_optlen(new) > optlen)) {
348 			kfree(new);
349 			return -EINVAL;
350 		}
351 	}
352 
353 	opt = rcu_dereference_protected(np->opt, lockdep_sock_is_held(sk));
354 	opt = ipv6_renew_options(sk, opt, optname, new);
355 	kfree(new);
356 	if (IS_ERR(opt))
357 		return PTR_ERR(opt);
358 
359 	/* routing header option needs extra check */
360 	err = -EINVAL;
361 	if (optname == IPV6_RTHDR && opt && opt->srcrt) {
362 		struct ipv6_rt_hdr *rthdr = opt->srcrt;
363 		switch (rthdr->type) {
364 #if IS_ENABLED(CONFIG_IPV6_MIP6)
365 		case IPV6_SRCRT_TYPE_2:
366 			if (rthdr->hdrlen != 2 || rthdr->segments_left != 1)
367 				goto sticky_done;
368 			break;
369 #endif
370 		case IPV6_SRCRT_TYPE_4:
371 		{
372 			struct ipv6_sr_hdr *srh =
373 				(struct ipv6_sr_hdr *)opt->srcrt;
374 
375 			if (!seg6_validate_srh(srh, optlen, false))
376 				goto sticky_done;
377 			break;
378 		}
379 		default:
380 			goto sticky_done;
381 		}
382 	}
383 
384 	err = 0;
385 	opt = ipv6_update_options(sk, opt);
386 sticky_done:
387 	if (opt) {
388 		atomic_sub(opt->tot_len, &sk->sk_omem_alloc);
389 		txopt_put(opt);
390 	}
391 	return err;
392 }
393 
394 int do_ipv6_setsockopt(struct sock *sk, int level, int optname,
395 		       sockptr_t optval, unsigned int optlen)
396 {
397 	struct ipv6_pinfo *np = inet6_sk(sk);
398 	struct net *net = sock_net(sk);
399 	int val, valbool;
400 	int retv = -ENOPROTOOPT;
401 	bool needs_rtnl = setsockopt_needs_rtnl(optname);
402 
403 	if (sockptr_is_null(optval))
404 		val = 0;
405 	else {
406 		if (optlen >= sizeof(int)) {
407 			if (copy_from_sockptr(&val, optval, sizeof(val)))
408 				return -EFAULT;
409 		} else
410 			val = 0;
411 	}
412 
413 	valbool = (val != 0);
414 
415 	if (ip6_mroute_opt(optname))
416 		return ip6_mroute_setsockopt(sk, optname, optval, optlen);
417 
418 	if (needs_rtnl)
419 		rtnl_lock();
420 	sockopt_lock_sock(sk);
421 
422 	switch (optname) {
423 
424 	case IPV6_ADDRFORM:
425 		if (optlen < sizeof(int))
426 			goto e_inval;
427 		if (val == PF_INET) {
428 			struct ipv6_txoptions *opt;
429 			struct sk_buff *pktopt;
430 
431 			if (sk->sk_type == SOCK_RAW)
432 				break;
433 
434 			if (sk->sk_protocol == IPPROTO_UDP ||
435 			    sk->sk_protocol == IPPROTO_UDPLITE) {
436 				struct udp_sock *up = udp_sk(sk);
437 				if (up->pending == AF_INET6) {
438 					retv = -EBUSY;
439 					break;
440 				}
441 			} else if (sk->sk_protocol == IPPROTO_TCP) {
442 				if (sk->sk_prot != &tcpv6_prot) {
443 					retv = -EBUSY;
444 					break;
445 				}
446 			} else {
447 				break;
448 			}
449 
450 			if (sk->sk_state != TCP_ESTABLISHED) {
451 				retv = -ENOTCONN;
452 				break;
453 			}
454 
455 			if (ipv6_only_sock(sk) ||
456 			    !ipv6_addr_v4mapped(&sk->sk_v6_daddr)) {
457 				retv = -EADDRNOTAVAIL;
458 				break;
459 			}
460 
461 			fl6_free_socklist(sk);
462 			__ipv6_sock_mc_close(sk);
463 			__ipv6_sock_ac_close(sk);
464 
465 			/*
466 			 * Sock is moving from IPv6 to IPv4 (sk_prot), so
467 			 * remove it from the refcnt debug socks count in the
468 			 * original family...
469 			 */
470 			sk_refcnt_debug_dec(sk);
471 
472 			if (sk->sk_protocol == IPPROTO_TCP) {
473 				struct inet_connection_sock *icsk = inet_csk(sk);
474 
475 				sock_prot_inuse_add(net, sk->sk_prot, -1);
476 				sock_prot_inuse_add(net, &tcp_prot, 1);
477 
478 				/* Paired with READ_ONCE(sk->sk_prot) in net/ipv6/af_inet6.c */
479 				WRITE_ONCE(sk->sk_prot, &tcp_prot);
480 				icsk->icsk_af_ops = &ipv4_specific;
481 				sk->sk_socket->ops = &inet_stream_ops;
482 				sk->sk_family = PF_INET;
483 				tcp_sync_mss(sk, icsk->icsk_pmtu_cookie);
484 			} else {
485 				struct proto *prot = &udp_prot;
486 
487 				if (sk->sk_protocol == IPPROTO_UDPLITE)
488 					prot = &udplite_prot;
489 
490 				sock_prot_inuse_add(net, sk->sk_prot, -1);
491 				sock_prot_inuse_add(net, prot, 1);
492 
493 				/* Paired with READ_ONCE(sk->sk_prot) in net/ipv6/af_inet6.c */
494 				WRITE_ONCE(sk->sk_prot, prot);
495 				sk->sk_socket->ops = &inet_dgram_ops;
496 				sk->sk_family = PF_INET;
497 			}
498 			opt = xchg((__force struct ipv6_txoptions **)&np->opt,
499 				   NULL);
500 			if (opt) {
501 				atomic_sub(opt->tot_len, &sk->sk_omem_alloc);
502 				txopt_put(opt);
503 			}
504 			pktopt = xchg(&np->pktoptions, NULL);
505 			kfree_skb(pktopt);
506 
507 			/*
508 			 * ... and add it to the refcnt debug socks count
509 			 * in the new family. -acme
510 			 */
511 			sk_refcnt_debug_inc(sk);
512 			module_put(THIS_MODULE);
513 			retv = 0;
514 			break;
515 		}
516 		goto e_inval;
517 
518 	case IPV6_V6ONLY:
519 		if (optlen < sizeof(int) ||
520 		    inet_sk(sk)->inet_num)
521 			goto e_inval;
522 		sk->sk_ipv6only = valbool;
523 		retv = 0;
524 		break;
525 
526 	case IPV6_RECVPKTINFO:
527 		if (optlen < sizeof(int))
528 			goto e_inval;
529 		np->rxopt.bits.rxinfo = valbool;
530 		retv = 0;
531 		break;
532 
533 	case IPV6_2292PKTINFO:
534 		if (optlen < sizeof(int))
535 			goto e_inval;
536 		np->rxopt.bits.rxoinfo = valbool;
537 		retv = 0;
538 		break;
539 
540 	case IPV6_RECVHOPLIMIT:
541 		if (optlen < sizeof(int))
542 			goto e_inval;
543 		np->rxopt.bits.rxhlim = valbool;
544 		retv = 0;
545 		break;
546 
547 	case IPV6_2292HOPLIMIT:
548 		if (optlen < sizeof(int))
549 			goto e_inval;
550 		np->rxopt.bits.rxohlim = valbool;
551 		retv = 0;
552 		break;
553 
554 	case IPV6_RECVRTHDR:
555 		if (optlen < sizeof(int))
556 			goto e_inval;
557 		np->rxopt.bits.srcrt = valbool;
558 		retv = 0;
559 		break;
560 
561 	case IPV6_2292RTHDR:
562 		if (optlen < sizeof(int))
563 			goto e_inval;
564 		np->rxopt.bits.osrcrt = valbool;
565 		retv = 0;
566 		break;
567 
568 	case IPV6_RECVHOPOPTS:
569 		if (optlen < sizeof(int))
570 			goto e_inval;
571 		np->rxopt.bits.hopopts = valbool;
572 		retv = 0;
573 		break;
574 
575 	case IPV6_2292HOPOPTS:
576 		if (optlen < sizeof(int))
577 			goto e_inval;
578 		np->rxopt.bits.ohopopts = valbool;
579 		retv = 0;
580 		break;
581 
582 	case IPV6_RECVDSTOPTS:
583 		if (optlen < sizeof(int))
584 			goto e_inval;
585 		np->rxopt.bits.dstopts = valbool;
586 		retv = 0;
587 		break;
588 
589 	case IPV6_2292DSTOPTS:
590 		if (optlen < sizeof(int))
591 			goto e_inval;
592 		np->rxopt.bits.odstopts = valbool;
593 		retv = 0;
594 		break;
595 
596 	case IPV6_TCLASS:
597 		if (optlen < sizeof(int))
598 			goto e_inval;
599 		if (val < -1 || val > 0xff)
600 			goto e_inval;
601 		/* RFC 3542, 6.5: default traffic class of 0x0 */
602 		if (val == -1)
603 			val = 0;
604 		if (sk->sk_type == SOCK_STREAM) {
605 			val &= ~INET_ECN_MASK;
606 			val |= np->tclass & INET_ECN_MASK;
607 		}
608 		if (np->tclass != val) {
609 			np->tclass = val;
610 			sk_dst_reset(sk);
611 		}
612 		retv = 0;
613 		break;
614 
615 	case IPV6_RECVTCLASS:
616 		if (optlen < sizeof(int))
617 			goto e_inval;
618 		np->rxopt.bits.rxtclass = valbool;
619 		retv = 0;
620 		break;
621 
622 	case IPV6_FLOWINFO:
623 		if (optlen < sizeof(int))
624 			goto e_inval;
625 		np->rxopt.bits.rxflow = valbool;
626 		retv = 0;
627 		break;
628 
629 	case IPV6_RECVPATHMTU:
630 		if (optlen < sizeof(int))
631 			goto e_inval;
632 		np->rxopt.bits.rxpmtu = valbool;
633 		retv = 0;
634 		break;
635 
636 	case IPV6_TRANSPARENT:
637 		if (valbool && !sockopt_ns_capable(net->user_ns, CAP_NET_RAW) &&
638 		    !sockopt_ns_capable(net->user_ns, CAP_NET_ADMIN)) {
639 			retv = -EPERM;
640 			break;
641 		}
642 		if (optlen < sizeof(int))
643 			goto e_inval;
644 		/* we don't have a separate transparent bit for IPV6 we use the one in the IPv4 socket */
645 		inet_sk(sk)->transparent = valbool;
646 		retv = 0;
647 		break;
648 
649 	case IPV6_FREEBIND:
650 		if (optlen < sizeof(int))
651 			goto e_inval;
652 		/* we also don't have a separate freebind bit for IPV6 */
653 		inet_sk(sk)->freebind = valbool;
654 		retv = 0;
655 		break;
656 
657 	case IPV6_RECVORIGDSTADDR:
658 		if (optlen < sizeof(int))
659 			goto e_inval;
660 		np->rxopt.bits.rxorigdstaddr = valbool;
661 		retv = 0;
662 		break;
663 
664 	case IPV6_HOPOPTS:
665 	case IPV6_RTHDRDSTOPTS:
666 	case IPV6_RTHDR:
667 	case IPV6_DSTOPTS:
668 		retv = ipv6_set_opt_hdr(sk, optname, optval, optlen);
669 		break;
670 
671 	case IPV6_PKTINFO:
672 	{
673 		struct in6_pktinfo pkt;
674 
675 		if (optlen == 0)
676 			goto e_inval;
677 		else if (optlen < sizeof(struct in6_pktinfo) ||
678 			 sockptr_is_null(optval))
679 			goto e_inval;
680 
681 		if (copy_from_sockptr(&pkt, optval, sizeof(pkt))) {
682 			retv = -EFAULT;
683 			break;
684 		}
685 		if (!sk_dev_equal_l3scope(sk, pkt.ipi6_ifindex))
686 			goto e_inval;
687 
688 		np->sticky_pktinfo.ipi6_ifindex = pkt.ipi6_ifindex;
689 		np->sticky_pktinfo.ipi6_addr = pkt.ipi6_addr;
690 		retv = 0;
691 		break;
692 	}
693 
694 	case IPV6_2292PKTOPTIONS:
695 	{
696 		struct ipv6_txoptions *opt = NULL;
697 		struct msghdr msg;
698 		struct flowi6 fl6;
699 		struct ipcm6_cookie ipc6;
700 
701 		memset(&fl6, 0, sizeof(fl6));
702 		fl6.flowi6_oif = sk->sk_bound_dev_if;
703 		fl6.flowi6_mark = sk->sk_mark;
704 
705 		if (optlen == 0)
706 			goto update;
707 
708 		/* 1K is probably excessive
709 		 * 1K is surely not enough, 2K per standard header is 16K.
710 		 */
711 		retv = -EINVAL;
712 		if (optlen > 64*1024)
713 			break;
714 
715 		opt = sock_kmalloc(sk, sizeof(*opt) + optlen, GFP_KERNEL);
716 		retv = -ENOBUFS;
717 		if (!opt)
718 			break;
719 
720 		memset(opt, 0, sizeof(*opt));
721 		refcount_set(&opt->refcnt, 1);
722 		opt->tot_len = sizeof(*opt) + optlen;
723 		retv = -EFAULT;
724 		if (copy_from_sockptr(opt + 1, optval, optlen))
725 			goto done;
726 
727 		msg.msg_controllen = optlen;
728 		msg.msg_control = (void *)(opt+1);
729 		ipc6.opt = opt;
730 
731 		retv = ip6_datagram_send_ctl(net, sk, &msg, &fl6, &ipc6);
732 		if (retv)
733 			goto done;
734 update:
735 		retv = 0;
736 		opt = ipv6_update_options(sk, opt);
737 done:
738 		if (opt) {
739 			atomic_sub(opt->tot_len, &sk->sk_omem_alloc);
740 			txopt_put(opt);
741 		}
742 		break;
743 	}
744 	case IPV6_UNICAST_HOPS:
745 		if (optlen < sizeof(int))
746 			goto e_inval;
747 		if (val > 255 || val < -1)
748 			goto e_inval;
749 		np->hop_limit = val;
750 		retv = 0;
751 		break;
752 
753 	case IPV6_MULTICAST_HOPS:
754 		if (sk->sk_type == SOCK_STREAM)
755 			break;
756 		if (optlen < sizeof(int))
757 			goto e_inval;
758 		if (val > 255 || val < -1)
759 			goto e_inval;
760 		np->mcast_hops = (val == -1 ? IPV6_DEFAULT_MCASTHOPS : val);
761 		retv = 0;
762 		break;
763 
764 	case IPV6_MULTICAST_LOOP:
765 		if (optlen < sizeof(int))
766 			goto e_inval;
767 		if (val != valbool)
768 			goto e_inval;
769 		np->mc_loop = valbool;
770 		retv = 0;
771 		break;
772 
773 	case IPV6_UNICAST_IF:
774 	{
775 		struct net_device *dev = NULL;
776 		int ifindex;
777 
778 		if (optlen != sizeof(int))
779 			goto e_inval;
780 
781 		ifindex = (__force int)ntohl((__force __be32)val);
782 		if (ifindex == 0) {
783 			np->ucast_oif = 0;
784 			retv = 0;
785 			break;
786 		}
787 
788 		dev = dev_get_by_index(net, ifindex);
789 		retv = -EADDRNOTAVAIL;
790 		if (!dev)
791 			break;
792 		dev_put(dev);
793 
794 		retv = -EINVAL;
795 		if (sk->sk_bound_dev_if)
796 			break;
797 
798 		np->ucast_oif = ifindex;
799 		retv = 0;
800 		break;
801 	}
802 
803 	case IPV6_MULTICAST_IF:
804 		if (sk->sk_type == SOCK_STREAM)
805 			break;
806 		if (optlen < sizeof(int))
807 			goto e_inval;
808 
809 		if (val) {
810 			struct net_device *dev;
811 			int midx;
812 
813 			rcu_read_lock();
814 
815 			dev = dev_get_by_index_rcu(net, val);
816 			if (!dev) {
817 				rcu_read_unlock();
818 				retv = -ENODEV;
819 				break;
820 			}
821 			midx = l3mdev_master_ifindex_rcu(dev);
822 
823 			rcu_read_unlock();
824 
825 			if (sk->sk_bound_dev_if &&
826 			    sk->sk_bound_dev_if != val &&
827 			    (!midx || midx != sk->sk_bound_dev_if))
828 				goto e_inval;
829 		}
830 		np->mcast_oif = val;
831 		retv = 0;
832 		break;
833 	case IPV6_ADD_MEMBERSHIP:
834 	case IPV6_DROP_MEMBERSHIP:
835 	{
836 		struct ipv6_mreq mreq;
837 
838 		if (optlen < sizeof(struct ipv6_mreq))
839 			goto e_inval;
840 
841 		retv = -EPROTO;
842 		if (inet_sk(sk)->is_icsk)
843 			break;
844 
845 		retv = -EFAULT;
846 		if (copy_from_sockptr(&mreq, optval, sizeof(struct ipv6_mreq)))
847 			break;
848 
849 		if (optname == IPV6_ADD_MEMBERSHIP)
850 			retv = ipv6_sock_mc_join(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_multiaddr);
851 		else
852 			retv = ipv6_sock_mc_drop(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_multiaddr);
853 		break;
854 	}
855 	case IPV6_JOIN_ANYCAST:
856 	case IPV6_LEAVE_ANYCAST:
857 	{
858 		struct ipv6_mreq mreq;
859 
860 		if (optlen < sizeof(struct ipv6_mreq))
861 			goto e_inval;
862 
863 		retv = -EFAULT;
864 		if (copy_from_sockptr(&mreq, optval, sizeof(struct ipv6_mreq)))
865 			break;
866 
867 		if (optname == IPV6_JOIN_ANYCAST)
868 			retv = ipv6_sock_ac_join(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_acaddr);
869 		else
870 			retv = ipv6_sock_ac_drop(sk, mreq.ipv6mr_ifindex, &mreq.ipv6mr_acaddr);
871 		break;
872 	}
873 	case IPV6_MULTICAST_ALL:
874 		if (optlen < sizeof(int))
875 			goto e_inval;
876 		np->mc_all = valbool;
877 		retv = 0;
878 		break;
879 
880 	case MCAST_JOIN_GROUP:
881 	case MCAST_LEAVE_GROUP:
882 		if (in_compat_syscall())
883 			retv = compat_ipv6_mcast_join_leave(sk, optname, optval,
884 							    optlen);
885 		else
886 			retv = ipv6_mcast_join_leave(sk, optname, optval,
887 						     optlen);
888 		break;
889 	case MCAST_JOIN_SOURCE_GROUP:
890 	case MCAST_LEAVE_SOURCE_GROUP:
891 	case MCAST_BLOCK_SOURCE:
892 	case MCAST_UNBLOCK_SOURCE:
893 		retv = do_ipv6_mcast_group_source(sk, optname, optval, optlen);
894 		break;
895 	case MCAST_MSFILTER:
896 		if (in_compat_syscall())
897 			retv = compat_ipv6_set_mcast_msfilter(sk, optval,
898 							      optlen);
899 		else
900 			retv = ipv6_set_mcast_msfilter(sk, optval, optlen);
901 		break;
902 	case IPV6_ROUTER_ALERT:
903 		if (optlen < sizeof(int))
904 			goto e_inval;
905 		retv = ip6_ra_control(sk, val);
906 		break;
907 	case IPV6_ROUTER_ALERT_ISOLATE:
908 		if (optlen < sizeof(int))
909 			goto e_inval;
910 		np->rtalert_isolate = valbool;
911 		retv = 0;
912 		break;
913 	case IPV6_MTU_DISCOVER:
914 		if (optlen < sizeof(int))
915 			goto e_inval;
916 		if (val < IPV6_PMTUDISC_DONT || val > IPV6_PMTUDISC_OMIT)
917 			goto e_inval;
918 		np->pmtudisc = val;
919 		retv = 0;
920 		break;
921 	case IPV6_MTU:
922 		if (optlen < sizeof(int))
923 			goto e_inval;
924 		if (val && val < IPV6_MIN_MTU)
925 			goto e_inval;
926 		np->frag_size = val;
927 		retv = 0;
928 		break;
929 	case IPV6_RECVERR:
930 		if (optlen < sizeof(int))
931 			goto e_inval;
932 		np->recverr = valbool;
933 		if (!val)
934 			skb_queue_purge(&sk->sk_error_queue);
935 		retv = 0;
936 		break;
937 	case IPV6_FLOWINFO_SEND:
938 		if (optlen < sizeof(int))
939 			goto e_inval;
940 		np->sndflow = valbool;
941 		retv = 0;
942 		break;
943 	case IPV6_FLOWLABEL_MGR:
944 		retv = ipv6_flowlabel_opt(sk, optval, optlen);
945 		break;
946 	case IPV6_IPSEC_POLICY:
947 	case IPV6_XFRM_POLICY:
948 		retv = -EPERM;
949 		if (!sockopt_ns_capable(net->user_ns, CAP_NET_ADMIN))
950 			break;
951 		retv = xfrm_user_policy(sk, optname, optval, optlen);
952 		break;
953 
954 	case IPV6_ADDR_PREFERENCES:
955 		if (optlen < sizeof(int))
956 			goto e_inval;
957 		retv = __ip6_sock_set_addr_preferences(sk, val);
958 		break;
959 	case IPV6_MINHOPCOUNT:
960 		if (optlen < sizeof(int))
961 			goto e_inval;
962 		if (val < 0 || val > 255)
963 			goto e_inval;
964 
965 		if (val)
966 			static_branch_enable(&ip6_min_hopcount);
967 
968 		/* tcp_v6_err() and tcp_v6_rcv() might read min_hopcount
969 		 * while we are changing it.
970 		 */
971 		WRITE_ONCE(np->min_hopcount, val);
972 		retv = 0;
973 		break;
974 	case IPV6_DONTFRAG:
975 		np->dontfrag = valbool;
976 		retv = 0;
977 		break;
978 	case IPV6_AUTOFLOWLABEL:
979 		np->autoflowlabel = valbool;
980 		np->autoflowlabel_set = 1;
981 		retv = 0;
982 		break;
983 	case IPV6_RECVFRAGSIZE:
984 		np->rxopt.bits.recvfragsize = valbool;
985 		retv = 0;
986 		break;
987 	case IPV6_RECVERR_RFC4884:
988 		if (optlen < sizeof(int))
989 			goto e_inval;
990 		if (val < 0 || val > 1)
991 			goto e_inval;
992 		np->recverr_rfc4884 = valbool;
993 		retv = 0;
994 		break;
995 	}
996 
997 	sockopt_release_sock(sk);
998 	if (needs_rtnl)
999 		rtnl_unlock();
1000 
1001 	return retv;
1002 
1003 e_inval:
1004 	sockopt_release_sock(sk);
1005 	if (needs_rtnl)
1006 		rtnl_unlock();
1007 	return -EINVAL;
1008 }
1009 
1010 int ipv6_setsockopt(struct sock *sk, int level, int optname, sockptr_t optval,
1011 		    unsigned int optlen)
1012 {
1013 	int err;
1014 
1015 	if (level == SOL_IP && sk->sk_type != SOCK_RAW)
1016 		return udp_prot.setsockopt(sk, level, optname, optval, optlen);
1017 
1018 	if (level != SOL_IPV6)
1019 		return -ENOPROTOOPT;
1020 
1021 	err = do_ipv6_setsockopt(sk, level, optname, optval, optlen);
1022 #ifdef CONFIG_NETFILTER
1023 	/* we need to exclude all possible ENOPROTOOPTs except default case */
1024 	if (err == -ENOPROTOOPT && optname != IPV6_IPSEC_POLICY &&
1025 			optname != IPV6_XFRM_POLICY)
1026 		err = nf_setsockopt(sk, PF_INET6, optname, optval, optlen);
1027 #endif
1028 	return err;
1029 }
1030 EXPORT_SYMBOL(ipv6_setsockopt);
1031 
1032 static int ipv6_getsockopt_sticky(struct sock *sk, struct ipv6_txoptions *opt,
1033 				  int optname, sockptr_t optval, int len)
1034 {
1035 	struct ipv6_opt_hdr *hdr;
1036 
1037 	if (!opt)
1038 		return 0;
1039 
1040 	switch (optname) {
1041 	case IPV6_HOPOPTS:
1042 		hdr = opt->hopopt;
1043 		break;
1044 	case IPV6_RTHDRDSTOPTS:
1045 		hdr = opt->dst0opt;
1046 		break;
1047 	case IPV6_RTHDR:
1048 		hdr = (struct ipv6_opt_hdr *)opt->srcrt;
1049 		break;
1050 	case IPV6_DSTOPTS:
1051 		hdr = opt->dst1opt;
1052 		break;
1053 	default:
1054 		return -EINVAL;	/* should not happen */
1055 	}
1056 
1057 	if (!hdr)
1058 		return 0;
1059 
1060 	len = min_t(unsigned int, len, ipv6_optlen(hdr));
1061 	if (copy_to_sockptr(optval, hdr, len))
1062 		return -EFAULT;
1063 	return len;
1064 }
1065 
1066 static int ipv6_get_msfilter(struct sock *sk, sockptr_t optval,
1067 			     sockptr_t optlen, int len)
1068 {
1069 	const int size0 = offsetof(struct group_filter, gf_slist_flex);
1070 	struct group_filter gsf;
1071 	int num;
1072 	int err;
1073 
1074 	if (len < size0)
1075 		return -EINVAL;
1076 	if (copy_from_sockptr(&gsf, optval, size0))
1077 		return -EFAULT;
1078 	if (gsf.gf_group.ss_family != AF_INET6)
1079 		return -EADDRNOTAVAIL;
1080 	num = gsf.gf_numsrc;
1081 	sockopt_lock_sock(sk);
1082 	err = ip6_mc_msfget(sk, &gsf, optval, size0);
1083 	if (!err) {
1084 		if (num > gsf.gf_numsrc)
1085 			num = gsf.gf_numsrc;
1086 		len = GROUP_FILTER_SIZE(num);
1087 		if (copy_to_sockptr(optlen, &len, sizeof(int)) ||
1088 		    copy_to_sockptr(optval, &gsf, size0))
1089 			err = -EFAULT;
1090 	}
1091 	sockopt_release_sock(sk);
1092 	return err;
1093 }
1094 
1095 static int compat_ipv6_get_msfilter(struct sock *sk, sockptr_t optval,
1096 				    sockptr_t optlen, int len)
1097 {
1098 	const int size0 = offsetof(struct compat_group_filter, gf_slist_flex);
1099 	struct compat_group_filter gf32;
1100 	struct group_filter gf;
1101 	int err;
1102 	int num;
1103 
1104 	if (len < size0)
1105 		return -EINVAL;
1106 
1107 	if (copy_from_sockptr(&gf32, optval, size0))
1108 		return -EFAULT;
1109 	gf.gf_interface = gf32.gf_interface;
1110 	gf.gf_fmode = gf32.gf_fmode;
1111 	num = gf.gf_numsrc = gf32.gf_numsrc;
1112 	gf.gf_group = gf32.gf_group;
1113 
1114 	if (gf.gf_group.ss_family != AF_INET6)
1115 		return -EADDRNOTAVAIL;
1116 
1117 	sockopt_lock_sock(sk);
1118 	err = ip6_mc_msfget(sk, &gf, optval, size0);
1119 	sockopt_release_sock(sk);
1120 	if (err)
1121 		return err;
1122 	if (num > gf.gf_numsrc)
1123 		num = gf.gf_numsrc;
1124 	len = GROUP_FILTER_SIZE(num) - (sizeof(gf)-sizeof(gf32));
1125 	if (copy_to_sockptr(optlen, &len, sizeof(int)) ||
1126 	    copy_to_sockptr_offset(optval, offsetof(struct compat_group_filter, gf_fmode),
1127 				   &gf.gf_fmode, sizeof(gf32.gf_fmode)) ||
1128 	    copy_to_sockptr_offset(optval, offsetof(struct compat_group_filter, gf_numsrc),
1129 				   &gf.gf_numsrc, sizeof(gf32.gf_numsrc)))
1130 		return -EFAULT;
1131 	return 0;
1132 }
1133 
1134 int do_ipv6_getsockopt(struct sock *sk, int level, int optname,
1135 		       sockptr_t optval, sockptr_t optlen)
1136 {
1137 	struct ipv6_pinfo *np = inet6_sk(sk);
1138 	int len;
1139 	int val;
1140 
1141 	if (ip6_mroute_opt(optname))
1142 		return ip6_mroute_getsockopt(sk, optname, optval, optlen);
1143 
1144 	if (copy_from_sockptr(&len, optlen, sizeof(int)))
1145 		return -EFAULT;
1146 	switch (optname) {
1147 	case IPV6_ADDRFORM:
1148 		if (sk->sk_protocol != IPPROTO_UDP &&
1149 		    sk->sk_protocol != IPPROTO_UDPLITE &&
1150 		    sk->sk_protocol != IPPROTO_TCP)
1151 			return -ENOPROTOOPT;
1152 		if (sk->sk_state != TCP_ESTABLISHED)
1153 			return -ENOTCONN;
1154 		val = sk->sk_family;
1155 		break;
1156 	case MCAST_MSFILTER:
1157 		if (in_compat_syscall())
1158 			return compat_ipv6_get_msfilter(sk, optval, optlen, len);
1159 		return ipv6_get_msfilter(sk, optval, optlen, len);
1160 	case IPV6_2292PKTOPTIONS:
1161 	{
1162 		struct msghdr msg;
1163 		struct sk_buff *skb;
1164 
1165 		if (sk->sk_type != SOCK_STREAM)
1166 			return -ENOPROTOOPT;
1167 
1168 		if (optval.is_kernel) {
1169 			msg.msg_control_is_user = false;
1170 			msg.msg_control = optval.kernel;
1171 		} else {
1172 			msg.msg_control_is_user = true;
1173 			msg.msg_control_user = optval.user;
1174 		}
1175 		msg.msg_controllen = len;
1176 		msg.msg_flags = 0;
1177 
1178 		sockopt_lock_sock(sk);
1179 		skb = np->pktoptions;
1180 		if (skb)
1181 			ip6_datagram_recv_ctl(sk, &msg, skb);
1182 		sockopt_release_sock(sk);
1183 		if (!skb) {
1184 			if (np->rxopt.bits.rxinfo) {
1185 				struct in6_pktinfo src_info;
1186 				src_info.ipi6_ifindex = np->mcast_oif ? np->mcast_oif :
1187 					np->sticky_pktinfo.ipi6_ifindex;
1188 				src_info.ipi6_addr = np->mcast_oif ? sk->sk_v6_daddr : np->sticky_pktinfo.ipi6_addr;
1189 				put_cmsg(&msg, SOL_IPV6, IPV6_PKTINFO, sizeof(src_info), &src_info);
1190 			}
1191 			if (np->rxopt.bits.rxhlim) {
1192 				int hlim = np->mcast_hops;
1193 				put_cmsg(&msg, SOL_IPV6, IPV6_HOPLIMIT, sizeof(hlim), &hlim);
1194 			}
1195 			if (np->rxopt.bits.rxtclass) {
1196 				int tclass = (int)ip6_tclass(np->rcv_flowinfo);
1197 
1198 				put_cmsg(&msg, SOL_IPV6, IPV6_TCLASS, sizeof(tclass), &tclass);
1199 			}
1200 			if (np->rxopt.bits.rxoinfo) {
1201 				struct in6_pktinfo src_info;
1202 				src_info.ipi6_ifindex = np->mcast_oif ? np->mcast_oif :
1203 					np->sticky_pktinfo.ipi6_ifindex;
1204 				src_info.ipi6_addr = np->mcast_oif ? sk->sk_v6_daddr :
1205 								     np->sticky_pktinfo.ipi6_addr;
1206 				put_cmsg(&msg, SOL_IPV6, IPV6_2292PKTINFO, sizeof(src_info), &src_info);
1207 			}
1208 			if (np->rxopt.bits.rxohlim) {
1209 				int hlim = np->mcast_hops;
1210 				put_cmsg(&msg, SOL_IPV6, IPV6_2292HOPLIMIT, sizeof(hlim), &hlim);
1211 			}
1212 			if (np->rxopt.bits.rxflow) {
1213 				__be32 flowinfo = np->rcv_flowinfo;
1214 
1215 				put_cmsg(&msg, SOL_IPV6, IPV6_FLOWINFO, sizeof(flowinfo), &flowinfo);
1216 			}
1217 		}
1218 		len -= msg.msg_controllen;
1219 		return copy_to_sockptr(optlen, &len, sizeof(int));
1220 	}
1221 	case IPV6_MTU:
1222 	{
1223 		struct dst_entry *dst;
1224 
1225 		val = 0;
1226 		rcu_read_lock();
1227 		dst = __sk_dst_get(sk);
1228 		if (dst)
1229 			val = dst_mtu(dst);
1230 		rcu_read_unlock();
1231 		if (!val)
1232 			return -ENOTCONN;
1233 		break;
1234 	}
1235 
1236 	case IPV6_V6ONLY:
1237 		val = sk->sk_ipv6only;
1238 		break;
1239 
1240 	case IPV6_RECVPKTINFO:
1241 		val = np->rxopt.bits.rxinfo;
1242 		break;
1243 
1244 	case IPV6_2292PKTINFO:
1245 		val = np->rxopt.bits.rxoinfo;
1246 		break;
1247 
1248 	case IPV6_RECVHOPLIMIT:
1249 		val = np->rxopt.bits.rxhlim;
1250 		break;
1251 
1252 	case IPV6_2292HOPLIMIT:
1253 		val = np->rxopt.bits.rxohlim;
1254 		break;
1255 
1256 	case IPV6_RECVRTHDR:
1257 		val = np->rxopt.bits.srcrt;
1258 		break;
1259 
1260 	case IPV6_2292RTHDR:
1261 		val = np->rxopt.bits.osrcrt;
1262 		break;
1263 
1264 	case IPV6_HOPOPTS:
1265 	case IPV6_RTHDRDSTOPTS:
1266 	case IPV6_RTHDR:
1267 	case IPV6_DSTOPTS:
1268 	{
1269 		struct ipv6_txoptions *opt;
1270 
1271 		sockopt_lock_sock(sk);
1272 		opt = rcu_dereference_protected(np->opt,
1273 						lockdep_sock_is_held(sk));
1274 		len = ipv6_getsockopt_sticky(sk, opt, optname, optval, len);
1275 		sockopt_release_sock(sk);
1276 		/* check if ipv6_getsockopt_sticky() returns err code */
1277 		if (len < 0)
1278 			return len;
1279 		return copy_to_sockptr(optlen, &len, sizeof(int));
1280 	}
1281 
1282 	case IPV6_RECVHOPOPTS:
1283 		val = np->rxopt.bits.hopopts;
1284 		break;
1285 
1286 	case IPV6_2292HOPOPTS:
1287 		val = np->rxopt.bits.ohopopts;
1288 		break;
1289 
1290 	case IPV6_RECVDSTOPTS:
1291 		val = np->rxopt.bits.dstopts;
1292 		break;
1293 
1294 	case IPV6_2292DSTOPTS:
1295 		val = np->rxopt.bits.odstopts;
1296 		break;
1297 
1298 	case IPV6_TCLASS:
1299 		val = np->tclass;
1300 		break;
1301 
1302 	case IPV6_RECVTCLASS:
1303 		val = np->rxopt.bits.rxtclass;
1304 		break;
1305 
1306 	case IPV6_FLOWINFO:
1307 		val = np->rxopt.bits.rxflow;
1308 		break;
1309 
1310 	case IPV6_RECVPATHMTU:
1311 		val = np->rxopt.bits.rxpmtu;
1312 		break;
1313 
1314 	case IPV6_PATHMTU:
1315 	{
1316 		struct dst_entry *dst;
1317 		struct ip6_mtuinfo mtuinfo;
1318 
1319 		if (len < sizeof(mtuinfo))
1320 			return -EINVAL;
1321 
1322 		len = sizeof(mtuinfo);
1323 		memset(&mtuinfo, 0, sizeof(mtuinfo));
1324 
1325 		rcu_read_lock();
1326 		dst = __sk_dst_get(sk);
1327 		if (dst)
1328 			mtuinfo.ip6m_mtu = dst_mtu(dst);
1329 		rcu_read_unlock();
1330 		if (!mtuinfo.ip6m_mtu)
1331 			return -ENOTCONN;
1332 
1333 		if (copy_to_sockptr(optlen, &len, sizeof(int)))
1334 			return -EFAULT;
1335 		if (copy_to_sockptr(optval, &mtuinfo, len))
1336 			return -EFAULT;
1337 
1338 		return 0;
1339 	}
1340 
1341 	case IPV6_TRANSPARENT:
1342 		val = inet_sk(sk)->transparent;
1343 		break;
1344 
1345 	case IPV6_FREEBIND:
1346 		val = inet_sk(sk)->freebind;
1347 		break;
1348 
1349 	case IPV6_RECVORIGDSTADDR:
1350 		val = np->rxopt.bits.rxorigdstaddr;
1351 		break;
1352 
1353 	case IPV6_UNICAST_HOPS:
1354 	case IPV6_MULTICAST_HOPS:
1355 	{
1356 		struct dst_entry *dst;
1357 
1358 		if (optname == IPV6_UNICAST_HOPS)
1359 			val = np->hop_limit;
1360 		else
1361 			val = np->mcast_hops;
1362 
1363 		if (val < 0) {
1364 			rcu_read_lock();
1365 			dst = __sk_dst_get(sk);
1366 			if (dst)
1367 				val = ip6_dst_hoplimit(dst);
1368 			rcu_read_unlock();
1369 		}
1370 
1371 		if (val < 0)
1372 			val = sock_net(sk)->ipv6.devconf_all->hop_limit;
1373 		break;
1374 	}
1375 
1376 	case IPV6_MULTICAST_LOOP:
1377 		val = np->mc_loop;
1378 		break;
1379 
1380 	case IPV6_MULTICAST_IF:
1381 		val = np->mcast_oif;
1382 		break;
1383 
1384 	case IPV6_MULTICAST_ALL:
1385 		val = np->mc_all;
1386 		break;
1387 
1388 	case IPV6_UNICAST_IF:
1389 		val = (__force int)htonl((__u32) np->ucast_oif);
1390 		break;
1391 
1392 	case IPV6_MTU_DISCOVER:
1393 		val = np->pmtudisc;
1394 		break;
1395 
1396 	case IPV6_RECVERR:
1397 		val = np->recverr;
1398 		break;
1399 
1400 	case IPV6_FLOWINFO_SEND:
1401 		val = np->sndflow;
1402 		break;
1403 
1404 	case IPV6_FLOWLABEL_MGR:
1405 	{
1406 		struct in6_flowlabel_req freq;
1407 		int flags;
1408 
1409 		if (len < sizeof(freq))
1410 			return -EINVAL;
1411 
1412 		if (copy_from_sockptr(&freq, optval, sizeof(freq)))
1413 			return -EFAULT;
1414 
1415 		if (freq.flr_action != IPV6_FL_A_GET)
1416 			return -EINVAL;
1417 
1418 		len = sizeof(freq);
1419 		flags = freq.flr_flags;
1420 
1421 		memset(&freq, 0, sizeof(freq));
1422 
1423 		val = ipv6_flowlabel_opt_get(sk, &freq, flags);
1424 		if (val < 0)
1425 			return val;
1426 
1427 		if (copy_to_sockptr(optlen, &len, sizeof(int)))
1428 			return -EFAULT;
1429 		if (copy_to_sockptr(optval, &freq, len))
1430 			return -EFAULT;
1431 
1432 		return 0;
1433 	}
1434 
1435 	case IPV6_ADDR_PREFERENCES:
1436 		val = 0;
1437 
1438 		if (np->srcprefs & IPV6_PREFER_SRC_TMP)
1439 			val |= IPV6_PREFER_SRC_TMP;
1440 		else if (np->srcprefs & IPV6_PREFER_SRC_PUBLIC)
1441 			val |= IPV6_PREFER_SRC_PUBLIC;
1442 		else {
1443 			/* XXX: should we return system default? */
1444 			val |= IPV6_PREFER_SRC_PUBTMP_DEFAULT;
1445 		}
1446 
1447 		if (np->srcprefs & IPV6_PREFER_SRC_COA)
1448 			val |= IPV6_PREFER_SRC_COA;
1449 		else
1450 			val |= IPV6_PREFER_SRC_HOME;
1451 		break;
1452 
1453 	case IPV6_MINHOPCOUNT:
1454 		val = np->min_hopcount;
1455 		break;
1456 
1457 	case IPV6_DONTFRAG:
1458 		val = np->dontfrag;
1459 		break;
1460 
1461 	case IPV6_AUTOFLOWLABEL:
1462 		val = ip6_autoflowlabel(sock_net(sk), np);
1463 		break;
1464 
1465 	case IPV6_RECVFRAGSIZE:
1466 		val = np->rxopt.bits.recvfragsize;
1467 		break;
1468 
1469 	case IPV6_ROUTER_ALERT_ISOLATE:
1470 		val = np->rtalert_isolate;
1471 		break;
1472 
1473 	case IPV6_RECVERR_RFC4884:
1474 		val = np->recverr_rfc4884;
1475 		break;
1476 
1477 	default:
1478 		return -ENOPROTOOPT;
1479 	}
1480 	len = min_t(unsigned int, sizeof(int), len);
1481 	if (copy_to_sockptr(optlen, &len, sizeof(int)))
1482 		return -EFAULT;
1483 	if (copy_to_sockptr(optval, &val, len))
1484 		return -EFAULT;
1485 	return 0;
1486 }
1487 
1488 int ipv6_getsockopt(struct sock *sk, int level, int optname,
1489 		    char __user *optval, int __user *optlen)
1490 {
1491 	int err;
1492 
1493 	if (level == SOL_IP && sk->sk_type != SOCK_RAW)
1494 		return udp_prot.getsockopt(sk, level, optname, optval, optlen);
1495 
1496 	if (level != SOL_IPV6)
1497 		return -ENOPROTOOPT;
1498 
1499 	err = do_ipv6_getsockopt(sk, level, optname,
1500 				 USER_SOCKPTR(optval), USER_SOCKPTR(optlen));
1501 #ifdef CONFIG_NETFILTER
1502 	/* we need to exclude all possible ENOPROTOOPTs except default case */
1503 	if (err == -ENOPROTOOPT && optname != IPV6_2292PKTOPTIONS) {
1504 		int len;
1505 
1506 		if (get_user(len, optlen))
1507 			return -EFAULT;
1508 
1509 		err = nf_getsockopt(sk, PF_INET6, optname, optval, &len);
1510 		if (err >= 0)
1511 			err = put_user(len, optlen);
1512 	}
1513 #endif
1514 	return err;
1515 }
1516 EXPORT_SYMBOL(ipv6_getsockopt);
1517