linux/net/socket.c

1da177e4SLinus Torvalds/*
1da177e4SLinus Torvalds * NET		An implementation of the SOCKET network access protocol.
1da177e4SLinus Torvalds *
1da177e4SLinus Torvalds * Version:	@(#)socket.c	1.1.93	18/02/95
1da177e4SLinus Torvalds *
1da177e4SLinus Torvalds * Authors:	Orest Zborowski, <obz@Kodak.COM>
02c30a84SJesper Juhl *		Ross Biro
1da177e4SLinus Torvalds *		Fred N. van Kempen, <waltje@uWalt.NL.Mugnet.ORG>
1da177e4SLinus Torvalds *
1da177e4SLinus Torvalds * Fixes:
1da177e4SLinus Torvalds *		Anonymous	:	NOTSOCK/BADF cleanup. Error fix in
1da177e4SLinus Torvalds *					shutdown()
1da177e4SLinus Torvalds *		Alan Cox	:	verify_area() fixes
1da177e4SLinus Torvalds *		Alan Cox	:	Removed DDI
1da177e4SLinus Torvalds *		Jonathan Kamens	:	SOCK_DGRAM reconnect bug
1da177e4SLinus Torvalds *		Alan Cox	:	Moved a load of checks to the very
1da177e4SLinus Torvalds *					top level.
1da177e4SLinus Torvalds *		Alan Cox	:	Move address structures to/from user
1da177e4SLinus Torvalds *					mode above the protocol layers.
1da177e4SLinus Torvalds *		Rob Janssen	:	Allow 0 length sends.
1da177e4SLinus Torvalds *		Alan Cox	:	Asynchronous I/O support (cribbed from the
1da177e4SLinus Torvalds *					tty drivers).
1da177e4SLinus Torvalds *		Niibe Yutaka	:	Asynchronous I/O for writes (4.4BSD style)
1da177e4SLinus Torvalds *		Jeff Uphoff	:	Made max number of sockets command-line
1da177e4SLinus Torvalds *					configurable.
1da177e4SLinus Torvalds *		Matti Aarnio	:	Made the number of sockets dynamic,
1da177e4SLinus Torvalds *					to be allocated when needed, and mr.
1da177e4SLinus Torvalds *					Uphoff's max is used as max to be
1da177e4SLinus Torvalds *					allowed to allocate.
1da177e4SLinus Torvalds *		Linus		:	Argh. removed all the socket allocation
1da177e4SLinus Torvalds *					altogether: it's in the inode now.
1da177e4SLinus Torvalds *		Alan Cox	:	Made sock_alloc()/sock_release() public
1da177e4SLinus Torvalds *					for NetROM and future kernel nfsd type
1da177e4SLinus Torvalds *					stuff.
1da177e4SLinus Torvalds *		Alan Cox	:	sendmsg/recvmsg basics.
1da177e4SLinus Torvalds *		Tom Dyas	:	Export net symbols.
1da177e4SLinus Torvalds *		Marcin Dalecki	:	Fixed problems with CONFIG_NET="n".
1da177e4SLinus Torvalds *		Alan Cox	:	Added thread locking to sys_* calls
1da177e4SLinus Torvalds *					for sockets. May have errors at the
1da177e4SLinus Torvalds *					moment.
1da177e4SLinus Torvalds *		Kevin Buhr	:	Fixed the dumb errors in the above.
1da177e4SLinus Torvalds *		Andi Kleen	:	Some small cleanups, optimizations,
1da177e4SLinus Torvalds *					and fixed a copy_from_user() bug.
1da177e4SLinus Torvalds *		Tigran Aivazian	:	sys_send(args) calls sys_sendto(args, NULL, 0)
1da177e4SLinus Torvalds *		Tigran Aivazian	:	Made listen(2) backlog sanity checks
1da177e4SLinus Torvalds *					protocol-independent
1da177e4SLinus Torvalds *
1da177e4SLinus Torvalds *
1da177e4SLinus Torvalds *		This program is free software; you can redistribute it and/or
1da177e4SLinus Torvalds *		modify it under the terms of the GNU General Public License
1da177e4SLinus Torvalds *		as published by the Free Software Foundation; either version
1da177e4SLinus Torvalds *		2 of the License, or (at your option) any later version.
1da177e4SLinus Torvalds *
1da177e4SLinus Torvalds *
1da177e4SLinus Torvalds *	This module is effectively the top level interface to the BSD socket
1da177e4SLinus Torvalds *	paradigm.
1da177e4SLinus Torvalds *
1da177e4SLinus Torvalds *	Based upon Swansea University Computer Society NET3.039
1da177e4SLinus Torvalds */
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds#include <linux/config.h>
1da177e4SLinus Torvalds#include <linux/mm.h>
1da177e4SLinus Torvalds#include <linux/smp_lock.h>
1da177e4SLinus Torvalds#include <linux/socket.h>
1da177e4SLinus Torvalds#include <linux/file.h>
1da177e4SLinus Torvalds#include <linux/net.h>
1da177e4SLinus Torvalds#include <linux/interrupt.h>
1da177e4SLinus Torvalds#include <linux/netdevice.h>
1da177e4SLinus Torvalds#include <linux/proc_fs.h>
1da177e4SLinus Torvalds#include <linux/seq_file.h>
*4a3e2f71SArjan van de Ven#include <linux/mutex.h>
1da177e4SLinus Torvalds#include <linux/wanrouter.h>
1da177e4SLinus Torvalds#include <linux/if_bridge.h>
20380731SArnaldo Carvalho de Melo#include <linux/if_frad.h>
20380731SArnaldo Carvalho de Melo#include <linux/if_vlan.h>
1da177e4SLinus Torvalds#include <linux/init.h>
1da177e4SLinus Torvalds#include <linux/poll.h>
1da177e4SLinus Torvalds#include <linux/cache.h>
1da177e4SLinus Torvalds#include <linux/module.h>
1da177e4SLinus Torvalds#include <linux/highmem.h>
1da177e4SLinus Torvalds#include <linux/divert.h>
1da177e4SLinus Torvalds#include <linux/mount.h>
1da177e4SLinus Torvalds#include <linux/security.h>
1da177e4SLinus Torvalds#include <linux/syscalls.h>
1da177e4SLinus Torvalds#include <linux/compat.h>
1da177e4SLinus Torvalds#include <linux/kmod.h>
3ec3b2fbSDavid Woodhouse#include <linux/audit.h>
d86b5e0eSAdrian Bunk#include <linux/wireless.h>
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds#include <asm/uaccess.h>
1da177e4SLinus Torvalds#include <asm/unistd.h>
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds#include <net/compat.h>
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds#include <net/sock.h>
1da177e4SLinus Torvalds#include <linux/netfilter.h>
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsstatic int sock_no_open(struct inode *irrelevant, struct file *dontcare);
1da177e4SLinus Torvaldsstatic ssize_t sock_aio_read(struct kiocb *iocb, char __user *buf,
1da177e4SLinus Torvalds			 size_t size, loff_t pos);
1da177e4SLinus Torvaldsstatic ssize_t sock_aio_write(struct kiocb *iocb, const char __user *buf,
1da177e4SLinus Torvalds			  size_t size, loff_t pos);
1da177e4SLinus Torvaldsstatic int sock_mmap(struct file *file, struct vm_area_struct * vma);
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsstatic int sock_close(struct inode *inode, struct file *file);
1da177e4SLinus Torvaldsstatic unsigned int sock_poll(struct file *file,
1da177e4SLinus Torvalds			      struct poll_table_struct *wait);
1da177e4SLinus Torvaldsstatic long sock_ioctl(struct file *file,
1da177e4SLinus Torvalds		      unsigned int cmd, unsigned long arg);
1da177e4SLinus Torvaldsstatic int sock_fasync(int fd, struct file *filp, int on);
1da177e4SLinus Torvaldsstatic ssize_t sock_readv(struct file *file, const struct iovec *vector,
1da177e4SLinus Torvalds			  unsigned long count, loff_t *ppos);
1da177e4SLinus Torvaldsstatic ssize_t sock_writev(struct file *file, const struct iovec *vector,
1da177e4SLinus Torvalds			  unsigned long count, loff_t *ppos);
1da177e4SLinus Torvaldsstatic ssize_t sock_sendpage(struct file *file, struct page *page,
1da177e4SLinus Torvalds			     int offset, size_t size, loff_t *ppos, int more);
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds/*
1da177e4SLinus Torvalds *	Socket files have a set of 'special' operations as well as the generic file ones. These don't appear
1da177e4SLinus Torvalds *	in the operation structures but are done directly via the socketcall() multiplexor.
1da177e4SLinus Torvalds */
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsstatic struct file_operations socket_file_ops = {
1da177e4SLinus Torvalds	.owner =	THIS_MODULE,
1da177e4SLinus Torvalds	.llseek =	no_llseek,
1da177e4SLinus Torvalds	.aio_read =	sock_aio_read,
1da177e4SLinus Torvalds	.aio_write =	sock_aio_write,
1da177e4SLinus Torvalds	.poll =		sock_poll,
1da177e4SLinus Torvalds	.unlocked_ioctl = sock_ioctl,
1da177e4SLinus Torvalds	.mmap =		sock_mmap,
1da177e4SLinus Torvalds	.open =		sock_no_open,	/* special open code to disallow open via /proc */
1da177e4SLinus Torvalds	.release =	sock_close,
1da177e4SLinus Torvalds	.fasync =	sock_fasync,
1da177e4SLinus Torvalds	.readv =	sock_readv,
1da177e4SLinus Torvalds	.writev =	sock_writev,
1da177e4SLinus Torvalds	.sendpage =	sock_sendpage
1da177e4SLinus Torvalds};
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds/*
1da177e4SLinus Torvalds *	The protocol list. Each protocol is registered in here.
1da177e4SLinus Torvalds */
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsstatic struct net_proto_family *net_families[NPROTO];
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds#if defined(CONFIG_SMP) || defined(CONFIG_PREEMPT)
1da177e4SLinus Torvaldsstatic atomic_t net_family_lockct = ATOMIC_INIT(0);
1da177e4SLinus Torvaldsstatic DEFINE_SPINLOCK(net_family_lock);
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds/* The strategy is: modifications net_family vector are short, do not
1da177e4SLinus Torvalds   sleep and veeery rare, but read access should be free of any exclusive
1da177e4SLinus Torvalds   locks.
1da177e4SLinus Torvalds */
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsstatic void net_family_write_lock(void)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	spin_lock(&net_family_lock);
1da177e4SLinus Torvalds	while (atomic_read(&net_family_lockct) != 0) {
1da177e4SLinus Torvalds		spin_unlock(&net_family_lock);
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds		yield();
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds		spin_lock(&net_family_lock);
1da177e4SLinus Torvalds	}
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsstatic __inline__ void net_family_write_unlock(void)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	spin_unlock(&net_family_lock);
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsstatic __inline__ void net_family_read_lock(void)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	atomic_inc(&net_family_lockct);
1da177e4SLinus Torvalds	spin_unlock_wait(&net_family_lock);
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsstatic __inline__ void net_family_read_unlock(void)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	atomic_dec(&net_family_lockct);
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds#else
1da177e4SLinus Torvalds#define net_family_write_lock() do { } while(0)
1da177e4SLinus Torvalds#define net_family_write_unlock() do { } while(0)
1da177e4SLinus Torvalds#define net_family_read_lock() do { } while(0)
1da177e4SLinus Torvalds#define net_family_read_unlock() do { } while(0)
1da177e4SLinus Torvalds#endif
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds/*
1da177e4SLinus Torvalds *	Statistics counters of the socket lists
1da177e4SLinus Torvalds */
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsstatic DEFINE_PER_CPU(int, sockets_in_use) = 0;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds/*
1da177e4SLinus Torvalds *	Support routines. Move socket addresses back and forth across the kernel/user
1da177e4SLinus Torvalds *	divide and look after the messy bits.
1da177e4SLinus Torvalds */
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds#define MAX_SOCK_ADDR	128		/* 108 for Unix domain -
1da177e4SLinus Torvalds					   16 for IP, 16 for IPX,
1da177e4SLinus Torvalds					   24 for IPv6,
1da177e4SLinus Torvalds					   about 80 for AX.25
1da177e4SLinus Torvalds					   must be at least one bigger than
1da177e4SLinus Torvalds					   the AF_UNIX size (see net/unix/af_unix.c
1da177e4SLinus Torvalds					   :unix_mkname()).
1da177e4SLinus Torvalds					 */
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds/**
1da177e4SLinus Torvalds *	move_addr_to_kernel	-	copy a socket address into kernel space
1da177e4SLinus Torvalds *	@uaddr: Address in user space
1da177e4SLinus Torvalds *	@kaddr: Address in kernel space
1da177e4SLinus Torvalds *	@ulen: Length in user space
1da177e4SLinus Torvalds *
1da177e4SLinus Torvalds *	The address is copied into kernel space. If the provided address is
1da177e4SLinus Torvalds *	too long an error code of -EINVAL is returned. If the copy gives
1da177e4SLinus Torvalds *	invalid addresses -EFAULT is returned. On a success 0 is returned.
1da177e4SLinus Torvalds */
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsint move_addr_to_kernel(void __user *uaddr, int ulen, void *kaddr)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	if(ulen<0||ulen>MAX_SOCK_ADDR)
1da177e4SLinus Torvalds		return -EINVAL;
1da177e4SLinus Torvalds	if(ulen==0)
1da177e4SLinus Torvalds		return 0;
1da177e4SLinus Torvalds	if(copy_from_user(kaddr,uaddr,ulen))
1da177e4SLinus Torvalds		return -EFAULT;
3ec3b2fbSDavid Woodhouse	return audit_sockaddr(ulen, kaddr);
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds/**
1da177e4SLinus Torvalds *	move_addr_to_user	-	copy an address to user space
1da177e4SLinus Torvalds *	@kaddr: kernel space address
1da177e4SLinus Torvalds *	@klen: length of address in kernel
1da177e4SLinus Torvalds *	@uaddr: user space address
1da177e4SLinus Torvalds *	@ulen: pointer to user length field
1da177e4SLinus Torvalds *
1da177e4SLinus Torvalds *	The value pointed to by ulen on entry is the buffer length available.
1da177e4SLinus Torvalds *	This is overwritten with the buffer space used. -EINVAL is returned
1da177e4SLinus Torvalds *	if an overlong buffer is specified or a negative buffer size. -EFAULT
1da177e4SLinus Torvalds *	is returned if either the buffer or the length field are not
1da177e4SLinus Torvalds *	accessible.
1da177e4SLinus Torvalds *	After copying the data up to the limit the user specifies, the true
1da177e4SLinus Torvalds *	length of the data is written over the length limit the user
1da177e4SLinus Torvalds *	specified. Zero is returned for a success.
1da177e4SLinus Torvalds */
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsint move_addr_to_user(void *kaddr, int klen, void __user *uaddr, int __user *ulen)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	int err;
1da177e4SLinus Torvalds	int len;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	if((err=get_user(len, ulen)))
1da177e4SLinus Torvalds		return err;
1da177e4SLinus Torvalds	if(len>klen)
1da177e4SLinus Torvalds		len=klen;
1da177e4SLinus Torvalds	if(len<0 || len> MAX_SOCK_ADDR)
1da177e4SLinus Torvalds		return -EINVAL;
1da177e4SLinus Torvalds	if(len)
1da177e4SLinus Torvalds	{
1da177e4SLinus Torvalds		if(copy_to_user(uaddr,kaddr,len))
1da177e4SLinus Torvalds			return -EFAULT;
1da177e4SLinus Torvalds	}
1da177e4SLinus Torvalds	/*
1da177e4SLinus Torvalds	 *	"fromlen shall refer to the value before truncation.."
1da177e4SLinus Torvalds	 *			1003.1g
1da177e4SLinus Torvalds	 */
1da177e4SLinus Torvalds	return __put_user(klen, ulen);
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds#define SOCKFS_MAGIC 0x534F434B
1da177e4SLinus Torvalds
ba89966cSEric Dumazetstatic kmem_cache_t * sock_inode_cachep __read_mostly;
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsstatic struct inode *sock_alloc_inode(struct super_block *sb)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	struct socket_alloc *ei;
1da177e4SLinus Torvalds	ei = (struct socket_alloc *)kmem_cache_alloc(sock_inode_cachep, SLAB_KERNEL);
1da177e4SLinus Torvalds	if (!ei)
1da177e4SLinus Torvalds		return NULL;
1da177e4SLinus Torvalds	init_waitqueue_head(&ei->socket.wait);
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	ei->socket.fasync_list = NULL;
1da177e4SLinus Torvalds	ei->socket.state = SS_UNCONNECTED;
1da177e4SLinus Torvalds	ei->socket.flags = 0;
1da177e4SLinus Torvalds	ei->socket.ops = NULL;
1da177e4SLinus Torvalds	ei->socket.sk = NULL;
1da177e4SLinus Torvalds	ei->socket.file = NULL;
1da177e4SLinus Torvalds	ei->socket.flags = 0;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	return &ei->vfs_inode;
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsstatic void sock_destroy_inode(struct inode *inode)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	kmem_cache_free(sock_inode_cachep,
1da177e4SLinus Torvalds			container_of(inode, struct socket_alloc, vfs_inode));
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsstatic void init_once(void * foo, kmem_cache_t * cachep, unsigned long flags)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	struct socket_alloc *ei = (struct socket_alloc *) foo;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	if ((flags & (SLAB_CTOR_VERIFY|SLAB_CTOR_CONSTRUCTOR)) ==
1da177e4SLinus Torvalds	    SLAB_CTOR_CONSTRUCTOR)
1da177e4SLinus Torvalds		inode_init_once(&ei->vfs_inode);
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsstatic int init_inodecache(void)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	sock_inode_cachep = kmem_cache_create("sock_inode_cache",
1da177e4SLinus Torvalds				sizeof(struct socket_alloc),
1da177e4SLinus Torvalds				0, SLAB_HWCACHE_ALIGN|SLAB_RECLAIM_ACCOUNT,
1da177e4SLinus Torvalds				init_once, NULL);
1da177e4SLinus Torvalds	if (sock_inode_cachep == NULL)
1da177e4SLinus Torvalds		return -ENOMEM;
1da177e4SLinus Torvalds	return 0;
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsstatic struct super_operations sockfs_ops = {
1da177e4SLinus Torvalds	.alloc_inode =	sock_alloc_inode,
1da177e4SLinus Torvalds	.destroy_inode =sock_destroy_inode,
1da177e4SLinus Torvalds	.statfs =	simple_statfs,
1da177e4SLinus Torvalds};
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsstatic struct super_block *sockfs_get_sb(struct file_system_type *fs_type,
1da177e4SLinus Torvalds	int flags, const char *dev_name, void *data)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	return get_sb_pseudo(fs_type, "socket:", &sockfs_ops, SOCKFS_MAGIC);
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
ba89966cSEric Dumazetstatic struct vfsmount *sock_mnt __read_mostly;
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsstatic struct file_system_type sock_fs_type = {
1da177e4SLinus Torvalds	.name =		"sockfs",
1da177e4SLinus Torvalds	.get_sb =	sockfs_get_sb,
1da177e4SLinus Torvalds	.kill_sb =	kill_anon_super,
1da177e4SLinus Torvalds};
1da177e4SLinus Torvaldsstatic int sockfs_delete_dentry(struct dentry *dentry)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	return 1;
1da177e4SLinus Torvalds}
1da177e4SLinus Torvaldsstatic struct dentry_operations sockfs_dentry_operations = {
1da177e4SLinus Torvalds	.d_delete =	sockfs_delete_dentry,
1da177e4SLinus Torvalds};
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds/*
1da177e4SLinus Torvalds *	Obtains the first available file descriptor and sets it up for use.
1da177e4SLinus Torvalds *
39d8c1b6SDavid S. Miller *	These functions create file structures and maps them to fd space
39d8c1b6SDavid S. Miller *	of the current process. On success it returns file descriptor
1da177e4SLinus Torvalds *	and file struct implicitly stored in sock->file.
1da177e4SLinus Torvalds *	Note that another thread may close file descriptor before we return
1da177e4SLinus Torvalds *	from this function. We use the fact that now we do not refer
1da177e4SLinus Torvalds *	to socket after mapping. If one day we will need it, this
1da177e4SLinus Torvalds *	function will increment ref. count on file by 1.
1da177e4SLinus Torvalds *
1da177e4SLinus Torvalds *	In any case returned fd MAY BE not valid!
1da177e4SLinus Torvalds *	This race condition is unavoidable
1da177e4SLinus Torvalds *	with shared fd spaces, we cannot solve it inside kernel,
1da177e4SLinus Torvalds *	but we take care of internal coherence yet.
1da177e4SLinus Torvalds */
1da177e4SLinus Torvalds
39d8c1b6SDavid S. Millerstatic int sock_alloc_fd(struct file **filep)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	int fd;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	fd = get_unused_fd();
39d8c1b6SDavid S. Miller	if (likely(fd >= 0)) {
1da177e4SLinus Torvalds		struct file *file = get_empty_filp();
1da177e4SLinus Torvalds
39d8c1b6SDavid S. Miller		*filep = file;
39d8c1b6SDavid S. Miller		if (unlikely(!file)) {
1da177e4SLinus Torvalds			put_unused_fd(fd);
39d8c1b6SDavid S. Miller			return -ENFILE;
1da177e4SLinus Torvalds		}
39d8c1b6SDavid S. Miller	} else
39d8c1b6SDavid S. Miller		*filep = NULL;
39d8c1b6SDavid S. Miller	return fd;
39d8c1b6SDavid S. Miller}
39d8c1b6SDavid S. Miller
39d8c1b6SDavid S. Millerstatic int sock_attach_fd(struct socket *sock, struct file *file)
39d8c1b6SDavid S. Miller{
39d8c1b6SDavid S. Miller	struct qstr this;
39d8c1b6SDavid S. Miller	char name[32];
1da177e4SLinus Torvalds
f31f5f05SEric Dumazet	this.len = sprintf(name, "[%lu]", SOCK_INODE(sock)->i_ino);
1da177e4SLinus Torvalds	this.name = name;
1da177e4SLinus Torvalds	this.hash = SOCK_INODE(sock)->i_ino;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	file->f_dentry = d_alloc(sock_mnt->mnt_sb->s_root, &this);
39d8c1b6SDavid S. Miller	if (unlikely(!file->f_dentry))
39d8c1b6SDavid S. Miller		return -ENOMEM;
39d8c1b6SDavid S. Miller
1da177e4SLinus Torvalds	file->f_dentry->d_op = &sockfs_dentry_operations;
1da177e4SLinus Torvalds	d_add(file->f_dentry, SOCK_INODE(sock));
1da177e4SLinus Torvalds	file->f_vfsmnt = mntget(sock_mnt);
1da177e4SLinus Torvalds	file->f_mapping = file->f_dentry->d_inode->i_mapping;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	sock->file = file;
1da177e4SLinus Torvalds	file->f_op = SOCK_INODE(sock)->i_fop = &socket_file_ops;
1da177e4SLinus Torvalds	file->f_mode = FMODE_READ | FMODE_WRITE;
1da177e4SLinus Torvalds	file->f_flags = O_RDWR;
1da177e4SLinus Torvalds	file->f_pos = 0;
07dc3f07SBenjamin LaHaise	file->private_data = sock;
39d8c1b6SDavid S. Miller
39d8c1b6SDavid S. Miller	return 0;
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
39d8c1b6SDavid S. Millerint sock_map_fd(struct socket *sock)
39d8c1b6SDavid S. Miller{
39d8c1b6SDavid S. Miller	struct file *newfile;
39d8c1b6SDavid S. Miller	int fd = sock_alloc_fd(&newfile);
39d8c1b6SDavid S. Miller
39d8c1b6SDavid S. Miller	if (likely(fd >= 0)) {
39d8c1b6SDavid S. Miller		int err = sock_attach_fd(sock, newfile);
39d8c1b6SDavid S. Miller
39d8c1b6SDavid S. Miller		if (unlikely(err < 0)) {
39d8c1b6SDavid S. Miller			put_filp(newfile);
39d8c1b6SDavid S. Miller			put_unused_fd(fd);
39d8c1b6SDavid S. Miller			return err;
39d8c1b6SDavid S. Miller		}
39d8c1b6SDavid S. Miller		fd_install(fd, newfile);
39d8c1b6SDavid S. Miller	}
1da177e4SLinus Torvalds	return fd;
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
6cb153caSBenjamin LaHaisestatic struct socket *sock_from_file(struct file *file, int *err)
6cb153caSBenjamin LaHaise{
6cb153caSBenjamin LaHaise	struct inode *inode;
6cb153caSBenjamin LaHaise	struct socket *sock;
6cb153caSBenjamin LaHaise
6cb153caSBenjamin LaHaise	if (file->f_op == &socket_file_ops)
6cb153caSBenjamin LaHaise		return file->private_data;	/* set in sock_map_fd */
6cb153caSBenjamin LaHaise
6cb153caSBenjamin LaHaise	inode = file->f_dentry->d_inode;
6cb153caSBenjamin LaHaise	if (!S_ISSOCK(inode->i_mode)) {
6cb153caSBenjamin LaHaise		*err = -ENOTSOCK;
6cb153caSBenjamin LaHaise		return NULL;
6cb153caSBenjamin LaHaise	}
6cb153caSBenjamin LaHaise
6cb153caSBenjamin LaHaise	sock = SOCKET_I(inode);
6cb153caSBenjamin LaHaise	if (sock->file != file) {
6cb153caSBenjamin LaHaise		printk(KERN_ERR "socki_lookup: socket file changed!\n");
6cb153caSBenjamin LaHaise		sock->file = file;
6cb153caSBenjamin LaHaise	}
6cb153caSBenjamin LaHaise	return sock;
6cb153caSBenjamin LaHaise}
6cb153caSBenjamin LaHaise
1da177e4SLinus Torvalds/**
1da177e4SLinus Torvalds *	sockfd_lookup	- 	Go from a file number to its socket slot
1da177e4SLinus Torvalds *	@fd: file handle
1da177e4SLinus Torvalds *	@err: pointer to an error code return
1da177e4SLinus Torvalds *
1da177e4SLinus Torvalds *	The file handle passed in is locked and the socket it is bound
1da177e4SLinus Torvalds *	too is returned. If an error occurs the err pointer is overwritten
1da177e4SLinus Torvalds *	with a negative errno code and NULL is returned. The function checks
1da177e4SLinus Torvalds *	for both invalid handles and passing a handle which is not a socket.
1da177e4SLinus Torvalds *
1da177e4SLinus Torvalds *	On a success the socket object pointer is returned.
1da177e4SLinus Torvalds */
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsstruct socket *sockfd_lookup(int fd, int *err)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	struct file *file;
1da177e4SLinus Torvalds	struct socket *sock;
1da177e4SLinus Torvalds
6cb153caSBenjamin LaHaise	if (!(file = fget(fd))) {
1da177e4SLinus Torvalds		*err = -EBADF;
1da177e4SLinus Torvalds		return NULL;
1da177e4SLinus Torvalds	}
6cb153caSBenjamin LaHaise	sock = sock_from_file(file, err);
6cb153caSBenjamin LaHaise	if (!sock)
1da177e4SLinus Torvalds		fput(file);
6cb153caSBenjamin LaHaise	return sock;
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
6cb153caSBenjamin LaHaisestatic struct socket *sockfd_lookup_light(int fd, int *err, int *fput_needed)
6cb153caSBenjamin LaHaise{
6cb153caSBenjamin LaHaise	struct file *file;
6cb153caSBenjamin LaHaise	struct socket *sock;
6cb153caSBenjamin LaHaise
6cb153caSBenjamin LaHaise	file = fget_light(fd, fput_needed);
6cb153caSBenjamin LaHaise	if (file) {
6cb153caSBenjamin LaHaise		sock = sock_from_file(file, err);
6cb153caSBenjamin LaHaise		if (sock)
1da177e4SLinus Torvalds			return sock;
6cb153caSBenjamin LaHaise		fput_light(file, *fput_needed);
6cb153caSBenjamin LaHaise	}
6cb153caSBenjamin LaHaise	return NULL;
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds/**
1da177e4SLinus Torvalds *	sock_alloc	-	allocate a socket
1da177e4SLinus Torvalds *
1da177e4SLinus Torvalds *	Allocate a new inode and socket object. The two are bound together
1da177e4SLinus Torvalds *	and initialised. The socket is then returned. If we are out of inodes
1da177e4SLinus Torvalds *	NULL is returned.
1da177e4SLinus Torvalds */
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsstatic struct socket *sock_alloc(void)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	struct inode * inode;
1da177e4SLinus Torvalds	struct socket * sock;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	inode = new_inode(sock_mnt->mnt_sb);
1da177e4SLinus Torvalds	if (!inode)
1da177e4SLinus Torvalds		return NULL;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	sock = SOCKET_I(inode);
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	inode->i_mode = S_IFSOCK|S_IRWXUGO;
1da177e4SLinus Torvalds	inode->i_uid = current->fsuid;
1da177e4SLinus Torvalds	inode->i_gid = current->fsgid;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	get_cpu_var(sockets_in_use)++;
1da177e4SLinus Torvalds	put_cpu_var(sockets_in_use);
1da177e4SLinus Torvalds	return sock;
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds/*
1da177e4SLinus Torvalds *	In theory you can't get an open on this inode, but /proc provides
1da177e4SLinus Torvalds *	a back door. Remember to keep it shut otherwise you'll let the
1da177e4SLinus Torvalds *	creepy crawlies in.
1da177e4SLinus Torvalds */
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsstatic int sock_no_open(struct inode *irrelevant, struct file *dontcare)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	return -ENXIO;
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsstruct file_operations bad_sock_fops = {
1da177e4SLinus Torvalds	.owner = THIS_MODULE,
1da177e4SLinus Torvalds	.open = sock_no_open,
1da177e4SLinus Torvalds};
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds/**
1da177e4SLinus Torvalds *	sock_release	-	close a socket
1da177e4SLinus Torvalds *	@sock: socket to close
1da177e4SLinus Torvalds *
1da177e4SLinus Torvalds *	The socket is released from the protocol stack if it has a release
1da177e4SLinus Torvalds *	callback, and the inode is then released if the socket is bound to
1da177e4SLinus Torvalds *	an inode not a file.
1da177e4SLinus Torvalds */
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsvoid sock_release(struct socket *sock)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	if (sock->ops) {
1da177e4SLinus Torvalds		struct module *owner = sock->ops->owner;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds		sock->ops->release(sock);
1da177e4SLinus Torvalds		sock->ops = NULL;
1da177e4SLinus Torvalds		module_put(owner);
1da177e4SLinus Torvalds	}
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	if (sock->fasync_list)
1da177e4SLinus Torvalds		printk(KERN_ERR "sock_release: fasync list not empty!\n");
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	get_cpu_var(sockets_in_use)--;
1da177e4SLinus Torvalds	put_cpu_var(sockets_in_use);
1da177e4SLinus Torvalds	if (!sock->file) {
1da177e4SLinus Torvalds		iput(SOCK_INODE(sock));
1da177e4SLinus Torvalds		return;
1da177e4SLinus Torvalds	}
1da177e4SLinus Torvalds	sock->file=NULL;
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsstatic inline int __sock_sendmsg(struct kiocb *iocb, struct socket *sock,
1da177e4SLinus Torvalds				 struct msghdr *msg, size_t size)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	struct sock_iocb *si = kiocb_to_siocb(iocb);
1da177e4SLinus Torvalds	int err;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	si->sock = sock;
1da177e4SLinus Torvalds	si->scm = NULL;
1da177e4SLinus Torvalds	si->msg = msg;
1da177e4SLinus Torvalds	si->size = size;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	err = security_socket_sendmsg(sock, msg, size);
1da177e4SLinus Torvalds	if (err)
1da177e4SLinus Torvalds		return err;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	return sock->ops->sendmsg(iocb, sock, msg, size);
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsint sock_sendmsg(struct socket *sock, struct msghdr *msg, size_t size)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	struct kiocb iocb;
1da177e4SLinus Torvalds	struct sock_iocb siocb;
1da177e4SLinus Torvalds	int ret;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	init_sync_kiocb(&iocb, NULL);
1da177e4SLinus Torvalds	iocb.private = &siocb;
1da177e4SLinus Torvalds	ret = __sock_sendmsg(&iocb, sock, msg, size);
1da177e4SLinus Torvalds	if (-EIOCBQUEUED == ret)
1da177e4SLinus Torvalds		ret = wait_on_sync_kiocb(&iocb);
1da177e4SLinus Torvalds	return ret;
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsint kernel_sendmsg(struct socket *sock, struct msghdr *msg,
1da177e4SLinus Torvalds		   struct kvec *vec, size_t num, size_t size)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	mm_segment_t oldfs = get_fs();
1da177e4SLinus Torvalds	int result;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	set_fs(KERNEL_DS);
1da177e4SLinus Torvalds	/*
1da177e4SLinus Torvalds	 * the following is safe, since for compiler definitions of kvec and
1da177e4SLinus Torvalds	 * iovec are identical, yielding the same in-core layout and alignment
1da177e4SLinus Torvalds	 */
1da177e4SLinus Torvalds	msg->msg_iov = (struct iovec *)vec,
1da177e4SLinus Torvalds	msg->msg_iovlen = num;
1da177e4SLinus Torvalds	result = sock_sendmsg(sock, msg, size);
1da177e4SLinus Torvalds	set_fs(oldfs);
1da177e4SLinus Torvalds	return result;
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsstatic inline int __sock_recvmsg(struct kiocb *iocb, struct socket *sock,
1da177e4SLinus Torvalds				 struct msghdr *msg, size_t size, int flags)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	int err;
1da177e4SLinus Torvalds	struct sock_iocb *si = kiocb_to_siocb(iocb);
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	si->sock = sock;
1da177e4SLinus Torvalds	si->scm = NULL;
1da177e4SLinus Torvalds	si->msg = msg;
1da177e4SLinus Torvalds	si->size = size;
1da177e4SLinus Torvalds	si->flags = flags;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	err = security_socket_recvmsg(sock, msg, size, flags);
1da177e4SLinus Torvalds	if (err)
1da177e4SLinus Torvalds		return err;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	return sock->ops->recvmsg(iocb, sock, msg, size, flags);
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsint sock_recvmsg(struct socket *sock, struct msghdr *msg,
1da177e4SLinus Torvalds		 size_t size, int flags)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	struct kiocb iocb;
1da177e4SLinus Torvalds	struct sock_iocb siocb;
1da177e4SLinus Torvalds	int ret;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds        init_sync_kiocb(&iocb, NULL);
1da177e4SLinus Torvalds	iocb.private = &siocb;
1da177e4SLinus Torvalds	ret = __sock_recvmsg(&iocb, sock, msg, size, flags);
1da177e4SLinus Torvalds	if (-EIOCBQUEUED == ret)
1da177e4SLinus Torvalds		ret = wait_on_sync_kiocb(&iocb);
1da177e4SLinus Torvalds	return ret;
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsint kernel_recvmsg(struct socket *sock, struct msghdr *msg,
1da177e4SLinus Torvalds		   struct kvec *vec, size_t num,
1da177e4SLinus Torvalds		   size_t size, int flags)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	mm_segment_t oldfs = get_fs();
1da177e4SLinus Torvalds	int result;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	set_fs(KERNEL_DS);
1da177e4SLinus Torvalds	/*
1da177e4SLinus Torvalds	 * the following is safe, since for compiler definitions of kvec and
1da177e4SLinus Torvalds	 * iovec are identical, yielding the same in-core layout and alignment
1da177e4SLinus Torvalds	 */
1da177e4SLinus Torvalds	msg->msg_iov = (struct iovec *)vec,
1da177e4SLinus Torvalds	msg->msg_iovlen = num;
1da177e4SLinus Torvalds	result = sock_recvmsg(sock, msg, size, flags);
1da177e4SLinus Torvalds	set_fs(oldfs);
1da177e4SLinus Torvalds	return result;
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsstatic void sock_aio_dtor(struct kiocb *iocb)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	kfree(iocb->private);
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
20380731SArnaldo Carvalho de Melostatic ssize_t sock_sendpage(struct file *file, struct page *page,
1da177e4SLinus Torvalds			     int offset, size_t size, loff_t *ppos, int more)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	struct socket *sock;
1da177e4SLinus Torvalds	int flags;
1da177e4SLinus Torvalds
b69aee04SEric Dumazet	sock = file->private_data;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	flags = !(file->f_flags & O_NONBLOCK) ? 0 : MSG_DONTWAIT;
1da177e4SLinus Torvalds	if (more)
1da177e4SLinus Torvalds		flags |= MSG_MORE;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	return sock->ops->sendpage(sock, page, offset, size, flags);
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
ce1d4d3eSChristoph Hellwigstatic struct sock_iocb *alloc_sock_iocb(struct kiocb *iocb,
ce1d4d3eSChristoph Hellwig		char __user *ubuf, size_t size, struct sock_iocb *siocb)
ce1d4d3eSChristoph Hellwig{
ce1d4d3eSChristoph Hellwig	if (!is_sync_kiocb(iocb)) {
ce1d4d3eSChristoph Hellwig		siocb = kmalloc(sizeof(*siocb), GFP_KERNEL);
ce1d4d3eSChristoph Hellwig		if (!siocb)
ce1d4d3eSChristoph Hellwig			return NULL;
ce1d4d3eSChristoph Hellwig		iocb->ki_dtor = sock_aio_dtor;
ce1d4d3eSChristoph Hellwig	}
ce1d4d3eSChristoph Hellwig
ce1d4d3eSChristoph Hellwig	siocb->kiocb = iocb;
ce1d4d3eSChristoph Hellwig	siocb->async_iov.iov_base = ubuf;
ce1d4d3eSChristoph Hellwig	siocb->async_iov.iov_len = size;
ce1d4d3eSChristoph Hellwig
ce1d4d3eSChristoph Hellwig	iocb->private = siocb;
ce1d4d3eSChristoph Hellwig	return siocb;
ce1d4d3eSChristoph Hellwig}
ce1d4d3eSChristoph Hellwig
ce1d4d3eSChristoph Hellwigstatic ssize_t do_sock_read(struct msghdr *msg, struct kiocb *iocb,
ce1d4d3eSChristoph Hellwig		struct file *file, struct iovec *iov, unsigned long nr_segs)
ce1d4d3eSChristoph Hellwig{
ce1d4d3eSChristoph Hellwig	struct socket *sock = file->private_data;
ce1d4d3eSChristoph Hellwig	size_t size = 0;
ce1d4d3eSChristoph Hellwig	int i;
ce1d4d3eSChristoph Hellwig
ce1d4d3eSChristoph Hellwig        for (i = 0 ; i < nr_segs ; i++)
ce1d4d3eSChristoph Hellwig                size += iov[i].iov_len;
ce1d4d3eSChristoph Hellwig
ce1d4d3eSChristoph Hellwig	msg->msg_name = NULL;
ce1d4d3eSChristoph Hellwig	msg->msg_namelen = 0;
ce1d4d3eSChristoph Hellwig	msg->msg_control = NULL;
ce1d4d3eSChristoph Hellwig	msg->msg_controllen = 0;
ce1d4d3eSChristoph Hellwig	msg->msg_iov = (struct iovec *) iov;
ce1d4d3eSChristoph Hellwig	msg->msg_iovlen = nr_segs;
ce1d4d3eSChristoph Hellwig	msg->msg_flags = (file->f_flags & O_NONBLOCK) ? MSG_DONTWAIT : 0;
ce1d4d3eSChristoph Hellwig
ce1d4d3eSChristoph Hellwig	return __sock_recvmsg(iocb, sock, msg, size, msg->msg_flags);
ce1d4d3eSChristoph Hellwig}
ce1d4d3eSChristoph Hellwig
ce1d4d3eSChristoph Hellwigstatic ssize_t sock_readv(struct file *file, const struct iovec *iov,
ce1d4d3eSChristoph Hellwig			  unsigned long nr_segs, loff_t *ppos)
ce1d4d3eSChristoph Hellwig{
ce1d4d3eSChristoph Hellwig	struct kiocb iocb;
ce1d4d3eSChristoph Hellwig	struct sock_iocb siocb;
ce1d4d3eSChristoph Hellwig	struct msghdr msg;
ce1d4d3eSChristoph Hellwig	int ret;
ce1d4d3eSChristoph Hellwig
ce1d4d3eSChristoph Hellwig        init_sync_kiocb(&iocb, NULL);
ce1d4d3eSChristoph Hellwig	iocb.private = &siocb;
ce1d4d3eSChristoph Hellwig
ce1d4d3eSChristoph Hellwig	ret = do_sock_read(&msg, &iocb, file, (struct iovec *)iov, nr_segs);
ce1d4d3eSChristoph Hellwig	if (-EIOCBQUEUED == ret)
ce1d4d3eSChristoph Hellwig		ret = wait_on_sync_kiocb(&iocb);
ce1d4d3eSChristoph Hellwig	return ret;
ce1d4d3eSChristoph Hellwig}
ce1d4d3eSChristoph Hellwig
ce1d4d3eSChristoph Hellwigstatic ssize_t sock_aio_read(struct kiocb *iocb, char __user *ubuf,
ce1d4d3eSChristoph Hellwig			 size_t count, loff_t pos)
ce1d4d3eSChristoph Hellwig{
ce1d4d3eSChristoph Hellwig	struct sock_iocb siocb, *x;
ce1d4d3eSChristoph Hellwig
ce1d4d3eSChristoph Hellwig	if (pos != 0)
ce1d4d3eSChristoph Hellwig		return -ESPIPE;
ce1d4d3eSChristoph Hellwig	if (count == 0)		/* Match SYS5 behaviour */
ce1d4d3eSChristoph Hellwig		return 0;
ce1d4d3eSChristoph Hellwig
ce1d4d3eSChristoph Hellwig	x = alloc_sock_iocb(iocb, ubuf, count, &siocb);
ce1d4d3eSChristoph Hellwig	if (!x)
ce1d4d3eSChristoph Hellwig		return -ENOMEM;
ce1d4d3eSChristoph Hellwig	return do_sock_read(&x->async_msg, iocb, iocb->ki_filp,
ce1d4d3eSChristoph Hellwig			&x->async_iov, 1);
ce1d4d3eSChristoph Hellwig}
ce1d4d3eSChristoph Hellwig
ce1d4d3eSChristoph Hellwigstatic ssize_t do_sock_write(struct msghdr *msg, struct kiocb *iocb,
ce1d4d3eSChristoph Hellwig		struct file *file, struct iovec *iov, unsigned long nr_segs)
ce1d4d3eSChristoph Hellwig{
ce1d4d3eSChristoph Hellwig	struct socket *sock = file->private_data;
ce1d4d3eSChristoph Hellwig	size_t size = 0;
ce1d4d3eSChristoph Hellwig	int i;
ce1d4d3eSChristoph Hellwig
ce1d4d3eSChristoph Hellwig        for (i = 0 ; i < nr_segs ; i++)
ce1d4d3eSChristoph Hellwig                size += iov[i].iov_len;
ce1d4d3eSChristoph Hellwig
ce1d4d3eSChristoph Hellwig	msg->msg_name = NULL;
ce1d4d3eSChristoph Hellwig	msg->msg_namelen = 0;
ce1d4d3eSChristoph Hellwig	msg->msg_control = NULL;
ce1d4d3eSChristoph Hellwig	msg->msg_controllen = 0;
ce1d4d3eSChristoph Hellwig	msg->msg_iov = (struct iovec *) iov;
ce1d4d3eSChristoph Hellwig	msg->msg_iovlen = nr_segs;
ce1d4d3eSChristoph Hellwig	msg->msg_flags = (file->f_flags & O_NONBLOCK) ? MSG_DONTWAIT : 0;
ce1d4d3eSChristoph Hellwig	if (sock->type == SOCK_SEQPACKET)
ce1d4d3eSChristoph Hellwig		msg->msg_flags |= MSG_EOR;
ce1d4d3eSChristoph Hellwig
ce1d4d3eSChristoph Hellwig	return __sock_sendmsg(iocb, sock, msg, size);
ce1d4d3eSChristoph Hellwig}
ce1d4d3eSChristoph Hellwig
ce1d4d3eSChristoph Hellwigstatic ssize_t sock_writev(struct file *file, const struct iovec *iov,
ce1d4d3eSChristoph Hellwig			   unsigned long nr_segs, loff_t *ppos)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	struct msghdr msg;
ce1d4d3eSChristoph Hellwig	struct kiocb iocb;
ce1d4d3eSChristoph Hellwig	struct sock_iocb siocb;
ce1d4d3eSChristoph Hellwig	int ret;
1da177e4SLinus Torvalds
ce1d4d3eSChristoph Hellwig	init_sync_kiocb(&iocb, NULL);
ce1d4d3eSChristoph Hellwig	iocb.private = &siocb;
1da177e4SLinus Torvalds
ce1d4d3eSChristoph Hellwig	ret = do_sock_write(&msg, &iocb, file, (struct iovec *)iov, nr_segs);
ce1d4d3eSChristoph Hellwig	if (-EIOCBQUEUED == ret)
ce1d4d3eSChristoph Hellwig		ret = wait_on_sync_kiocb(&iocb);
ce1d4d3eSChristoph Hellwig	return ret;
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
ce1d4d3eSChristoph Hellwigstatic ssize_t sock_aio_write(struct kiocb *iocb, const char __user *ubuf,
ce1d4d3eSChristoph Hellwig			  size_t count, loff_t pos)
1da177e4SLinus Torvalds{
ce1d4d3eSChristoph Hellwig	struct sock_iocb siocb, *x;
1da177e4SLinus Torvalds
ce1d4d3eSChristoph Hellwig	if (pos != 0)
ce1d4d3eSChristoph Hellwig		return -ESPIPE;
ce1d4d3eSChristoph Hellwig	if (count == 0)		/* Match SYS5 behaviour */
ce1d4d3eSChristoph Hellwig		return 0;
ce1d4d3eSChristoph Hellwig
ce1d4d3eSChristoph Hellwig	x = alloc_sock_iocb(iocb, (void __user *)ubuf, count, &siocb);
ce1d4d3eSChristoph Hellwig	if (!x)
ce1d4d3eSChristoph Hellwig		return -ENOMEM;
ce1d4d3eSChristoph Hellwig
ce1d4d3eSChristoph Hellwig	return do_sock_write(&x->async_msg, iocb, iocb->ki_filp,
ce1d4d3eSChristoph Hellwig			&x->async_iov, 1);
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds/*
1da177e4SLinus Torvalds * Atomic setting of ioctl hooks to avoid race
1da177e4SLinus Torvalds * with module unload.
1da177e4SLinus Torvalds */
1da177e4SLinus Torvalds
*4a3e2f71SArjan van de Venstatic DEFINE_MUTEX(br_ioctl_mutex);
1da177e4SLinus Torvaldsstatic int (*br_ioctl_hook)(unsigned int cmd, void __user *arg) = NULL;
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsvoid brioctl_set(int (*hook)(unsigned int, void __user *))
1da177e4SLinus Torvalds{
*4a3e2f71SArjan van de Ven	mutex_lock(&br_ioctl_mutex);
1da177e4SLinus Torvalds	br_ioctl_hook = hook;
*4a3e2f71SArjan van de Ven	mutex_unlock(&br_ioctl_mutex);
1da177e4SLinus Torvalds}
1da177e4SLinus TorvaldsEXPORT_SYMBOL(brioctl_set);
1da177e4SLinus Torvalds
*4a3e2f71SArjan van de Venstatic DEFINE_MUTEX(vlan_ioctl_mutex);
1da177e4SLinus Torvaldsstatic int (*vlan_ioctl_hook)(void __user *arg);
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsvoid vlan_ioctl_set(int (*hook)(void __user *))
1da177e4SLinus Torvalds{
*4a3e2f71SArjan van de Ven	mutex_lock(&vlan_ioctl_mutex);
1da177e4SLinus Torvalds	vlan_ioctl_hook = hook;
*4a3e2f71SArjan van de Ven	mutex_unlock(&vlan_ioctl_mutex);
1da177e4SLinus Torvalds}
1da177e4SLinus TorvaldsEXPORT_SYMBOL(vlan_ioctl_set);
1da177e4SLinus Torvalds
*4a3e2f71SArjan van de Venstatic DEFINE_MUTEX(dlci_ioctl_mutex);
1da177e4SLinus Torvaldsstatic int (*dlci_ioctl_hook)(unsigned int, void __user *);
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsvoid dlci_ioctl_set(int (*hook)(unsigned int, void __user *))
1da177e4SLinus Torvalds{
*4a3e2f71SArjan van de Ven	mutex_lock(&dlci_ioctl_mutex);
1da177e4SLinus Torvalds	dlci_ioctl_hook = hook;
*4a3e2f71SArjan van de Ven	mutex_unlock(&dlci_ioctl_mutex);
1da177e4SLinus Torvalds}
1da177e4SLinus TorvaldsEXPORT_SYMBOL(dlci_ioctl_set);
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds/*
1da177e4SLinus Torvalds *	With an ioctl, arg may well be a user mode pointer, but we don't know
1da177e4SLinus Torvalds *	what to do with it - that's up to the protocol still.
1da177e4SLinus Torvalds */
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsstatic long sock_ioctl(struct file *file, unsigned cmd, unsigned long arg)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	struct socket *sock;
1da177e4SLinus Torvalds	void __user *argp = (void __user *)arg;
1da177e4SLinus Torvalds	int pid, err;
1da177e4SLinus Torvalds
b69aee04SEric Dumazet	sock = file->private_data;
1da177e4SLinus Torvalds	if (cmd >= SIOCDEVPRIVATE && cmd <= (SIOCDEVPRIVATE + 15)) {
1da177e4SLinus Torvalds		err = dev_ioctl(cmd, argp);
1da177e4SLinus Torvalds	} else
d86b5e0eSAdrian Bunk#ifdef CONFIG_WIRELESS_EXT
1da177e4SLinus Torvalds	if (cmd >= SIOCIWFIRST && cmd <= SIOCIWLAST) {
1da177e4SLinus Torvalds		err = dev_ioctl(cmd, argp);
1da177e4SLinus Torvalds	} else
d86b5e0eSAdrian Bunk#endif	/* CONFIG_WIRELESS_EXT */
1da177e4SLinus Torvalds	switch (cmd) {
1da177e4SLinus Torvalds		case FIOSETOWN:
1da177e4SLinus Torvalds		case SIOCSPGRP:
1da177e4SLinus Torvalds			err = -EFAULT;
1da177e4SLinus Torvalds			if (get_user(pid, (int __user *)argp))
1da177e4SLinus Torvalds				break;
1da177e4SLinus Torvalds			err = f_setown(sock->file, pid, 1);
1da177e4SLinus Torvalds			break;
1da177e4SLinus Torvalds		case FIOGETOWN:
1da177e4SLinus Torvalds		case SIOCGPGRP:
1da177e4SLinus Torvalds			err = put_user(sock->file->f_owner.pid, (int __user *)argp);
1da177e4SLinus Torvalds			break;
1da177e4SLinus Torvalds		case SIOCGIFBR:
1da177e4SLinus Torvalds		case SIOCSIFBR:
1da177e4SLinus Torvalds		case SIOCBRADDBR:
1da177e4SLinus Torvalds		case SIOCBRDELBR:
1da177e4SLinus Torvalds			err = -ENOPKG;
1da177e4SLinus Torvalds			if (!br_ioctl_hook)
1da177e4SLinus Torvalds				request_module("bridge");
1da177e4SLinus Torvalds
*4a3e2f71SArjan van de Ven			mutex_lock(&br_ioctl_mutex);
1da177e4SLinus Torvalds			if (br_ioctl_hook)
1da177e4SLinus Torvalds				err = br_ioctl_hook(cmd, argp);
*4a3e2f71SArjan van de Ven			mutex_unlock(&br_ioctl_mutex);
1da177e4SLinus Torvalds			break;
1da177e4SLinus Torvalds		case SIOCGIFVLAN:
1da177e4SLinus Torvalds		case SIOCSIFVLAN:
1da177e4SLinus Torvalds			err = -ENOPKG;
1da177e4SLinus Torvalds			if (!vlan_ioctl_hook)
1da177e4SLinus Torvalds				request_module("8021q");
1da177e4SLinus Torvalds
*4a3e2f71SArjan van de Ven			mutex_lock(&vlan_ioctl_mutex);
1da177e4SLinus Torvalds			if (vlan_ioctl_hook)
1da177e4SLinus Torvalds				err = vlan_ioctl_hook(argp);
*4a3e2f71SArjan van de Ven			mutex_unlock(&vlan_ioctl_mutex);
1da177e4SLinus Torvalds			break;
1da177e4SLinus Torvalds		case SIOCGIFDIVERT:
1da177e4SLinus Torvalds		case SIOCSIFDIVERT:
1da177e4SLinus Torvalds		/* Convert this to call through a hook */
1da177e4SLinus Torvalds			err = divert_ioctl(cmd, argp);
1da177e4SLinus Torvalds			break;
1da177e4SLinus Torvalds		case SIOCADDDLCI:
1da177e4SLinus Torvalds		case SIOCDELDLCI:
1da177e4SLinus Torvalds			err = -ENOPKG;
1da177e4SLinus Torvalds			if (!dlci_ioctl_hook)
1da177e4SLinus Torvalds				request_module("dlci");
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds			if (dlci_ioctl_hook) {
*4a3e2f71SArjan van de Ven				mutex_lock(&dlci_ioctl_mutex);
1da177e4SLinus Torvalds				err = dlci_ioctl_hook(cmd, argp);
*4a3e2f71SArjan van de Ven				mutex_unlock(&dlci_ioctl_mutex);
1da177e4SLinus Torvalds			}
1da177e4SLinus Torvalds			break;
1da177e4SLinus Torvalds		default:
1da177e4SLinus Torvalds			err = sock->ops->ioctl(sock, cmd, arg);
b5e5fa5eSChristoph Hellwig
b5e5fa5eSChristoph Hellwig			/*
b5e5fa5eSChristoph Hellwig			 * If this ioctl is unknown try to hand it down
b5e5fa5eSChristoph Hellwig			 * to the NIC driver.
b5e5fa5eSChristoph Hellwig			 */
b5e5fa5eSChristoph Hellwig			if (err == -ENOIOCTLCMD)
b5e5fa5eSChristoph Hellwig				err = dev_ioctl(cmd, argp);
1da177e4SLinus Torvalds			break;
1da177e4SLinus Torvalds	}
1da177e4SLinus Torvalds	return err;
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsint sock_create_lite(int family, int type, int protocol, struct socket **res)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	int err;
1da177e4SLinus Torvalds	struct socket *sock = NULL;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	err = security_socket_create(family, type, protocol, 1);
1da177e4SLinus Torvalds	if (err)
1da177e4SLinus Torvalds		goto out;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	sock = sock_alloc();
1da177e4SLinus Torvalds	if (!sock) {
1da177e4SLinus Torvalds		err = -ENOMEM;
1da177e4SLinus Torvalds		goto out;
1da177e4SLinus Torvalds	}
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	security_socket_post_create(sock, family, type, protocol, 1);
1da177e4SLinus Torvalds	sock->type = type;
1da177e4SLinus Torvaldsout:
1da177e4SLinus Torvalds	*res = sock;
1da177e4SLinus Torvalds	return err;
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds/* No kernel lock held - perfect */
1da177e4SLinus Torvaldsstatic unsigned int sock_poll(struct file *file, poll_table * wait)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	struct socket *sock;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	/*
1da177e4SLinus Torvalds	 *	We can't return errors to poll, so it's either yes or no.
1da177e4SLinus Torvalds	 */
b69aee04SEric Dumazet	sock = file->private_data;
1da177e4SLinus Torvalds	return sock->ops->poll(file, sock, wait);
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsstatic int sock_mmap(struct file * file, struct vm_area_struct * vma)
1da177e4SLinus Torvalds{
b69aee04SEric Dumazet	struct socket *sock = file->private_data;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	return sock->ops->mmap(file, sock, vma);
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
20380731SArnaldo Carvalho de Melostatic int sock_close(struct inode *inode, struct file *filp)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	/*
1da177e4SLinus Torvalds	 *	It was possible the inode is NULL we were
1da177e4SLinus Torvalds	 *	closing an unfinished socket.
1da177e4SLinus Torvalds	 */
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	if (!inode)
1da177e4SLinus Torvalds	{
1da177e4SLinus Torvalds		printk(KERN_DEBUG "sock_close: NULL inode\n");
1da177e4SLinus Torvalds		return 0;
1da177e4SLinus Torvalds	}
1da177e4SLinus Torvalds	sock_fasync(-1, filp, 0);
1da177e4SLinus Torvalds	sock_release(SOCKET_I(inode));
1da177e4SLinus Torvalds	return 0;
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds/*
1da177e4SLinus Torvalds *	Update the socket async list
1da177e4SLinus Torvalds *
1da177e4SLinus Torvalds *	Fasync_list locking strategy.
1da177e4SLinus Torvalds *
1da177e4SLinus Torvalds *	1. fasync_list is modified only under process context socket lock
1da177e4SLinus Torvalds *	   i.e. under semaphore.
1da177e4SLinus Torvalds *	2. fasync_list is used under read_lock(&sk->sk_callback_lock)
1da177e4SLinus Torvalds *	   or under socket lock.
1da177e4SLinus Torvalds *	3. fasync_list can be used from softirq context, so that
1da177e4SLinus Torvalds *	   modification under socket lock have to be enhanced with
1da177e4SLinus Torvalds *	   write_lock_bh(&sk->sk_callback_lock).
1da177e4SLinus Torvalds *							--ANK (990710)
1da177e4SLinus Torvalds */
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsstatic int sock_fasync(int fd, struct file *filp, int on)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	struct fasync_struct *fa, *fna=NULL, **prev;
1da177e4SLinus Torvalds	struct socket *sock;
1da177e4SLinus Torvalds	struct sock *sk;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	if (on)
1da177e4SLinus Torvalds	{
8b3a7005SKris Katterjohn		fna = kmalloc(sizeof(struct fasync_struct), GFP_KERNEL);
1da177e4SLinus Torvalds		if(fna==NULL)
1da177e4SLinus Torvalds			return -ENOMEM;
1da177e4SLinus Torvalds	}
1da177e4SLinus Torvalds
b69aee04SEric Dumazet	sock = filp->private_data;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	if ((sk=sock->sk) == NULL) {
1da177e4SLinus Torvalds		kfree(fna);
1da177e4SLinus Torvalds		return -EINVAL;
1da177e4SLinus Torvalds	}
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	lock_sock(sk);
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	prev=&(sock->fasync_list);
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	for (fa=*prev; fa!=NULL; prev=&fa->fa_next,fa=*prev)
1da177e4SLinus Torvalds		if (fa->fa_file==filp)
1da177e4SLinus Torvalds			break;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	if(on)
1da177e4SLinus Torvalds	{
1da177e4SLinus Torvalds		if(fa!=NULL)
1da177e4SLinus Torvalds		{
1da177e4SLinus Torvalds			write_lock_bh(&sk->sk_callback_lock);
1da177e4SLinus Torvalds			fa->fa_fd=fd;
1da177e4SLinus Torvalds			write_unlock_bh(&sk->sk_callback_lock);
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds			kfree(fna);
1da177e4SLinus Torvalds			goto out;
1da177e4SLinus Torvalds		}
1da177e4SLinus Torvalds		fna->fa_file=filp;
1da177e4SLinus Torvalds		fna->fa_fd=fd;
1da177e4SLinus Torvalds		fna->magic=FASYNC_MAGIC;
1da177e4SLinus Torvalds		fna->fa_next=sock->fasync_list;
1da177e4SLinus Torvalds		write_lock_bh(&sk->sk_callback_lock);
1da177e4SLinus Torvalds		sock->fasync_list=fna;
1da177e4SLinus Torvalds		write_unlock_bh(&sk->sk_callback_lock);
1da177e4SLinus Torvalds	}
1da177e4SLinus Torvalds	else
1da177e4SLinus Torvalds	{
1da177e4SLinus Torvalds		if (fa!=NULL)
1da177e4SLinus Torvalds		{
1da177e4SLinus Torvalds			write_lock_bh(&sk->sk_callback_lock);
1da177e4SLinus Torvalds			*prev=fa->fa_next;
1da177e4SLinus Torvalds			write_unlock_bh(&sk->sk_callback_lock);
1da177e4SLinus Torvalds			kfree(fa);
1da177e4SLinus Torvalds		}
1da177e4SLinus Torvalds	}
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsout:
1da177e4SLinus Torvalds	release_sock(sock->sk);
1da177e4SLinus Torvalds	return 0;
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds/* This function may be called only under socket lock or callback_lock */
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsint sock_wake_async(struct socket *sock, int how, int band)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	if (!sock || !sock->fasync_list)
1da177e4SLinus Torvalds		return -1;
1da177e4SLinus Torvalds	switch (how)
1da177e4SLinus Torvalds	{
1da177e4SLinus Torvalds	case 1:
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds		if (test_bit(SOCK_ASYNC_WAITDATA, &sock->flags))
1da177e4SLinus Torvalds			break;
1da177e4SLinus Torvalds		goto call_kill;
1da177e4SLinus Torvalds	case 2:
1da177e4SLinus Torvalds		if (!test_and_clear_bit(SOCK_ASYNC_NOSPACE, &sock->flags))
1da177e4SLinus Torvalds			break;
1da177e4SLinus Torvalds		/* fall through */
1da177e4SLinus Torvalds	case 0:
1da177e4SLinus Torvalds	call_kill:
1da177e4SLinus Torvalds		__kill_fasync(sock->fasync_list, SIGIO, band);
1da177e4SLinus Torvalds		break;
1da177e4SLinus Torvalds	case 3:
1da177e4SLinus Torvalds		__kill_fasync(sock->fasync_list, SIGURG, band);
1da177e4SLinus Torvalds	}
1da177e4SLinus Torvalds	return 0;
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsstatic int __sock_create(int family, int type, int protocol, struct socket **res, int kern)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	int err;
1da177e4SLinus Torvalds	struct socket *sock;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	/*
1da177e4SLinus Torvalds	 *	Check protocol is in range
1da177e4SLinus Torvalds	 */
1da177e4SLinus Torvalds	if (family < 0 || family >= NPROTO)
1da177e4SLinus Torvalds		return -EAFNOSUPPORT;
1da177e4SLinus Torvalds	if (type < 0 || type >= SOCK_MAX)
1da177e4SLinus Torvalds		return -EINVAL;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	/* Compatibility.
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	   This uglymoron is moved from INET layer to here to avoid
1da177e4SLinus Torvalds	   deadlock in module load.
1da177e4SLinus Torvalds	 */
1da177e4SLinus Torvalds	if (family == PF_INET && type == SOCK_PACKET) {
1da177e4SLinus Torvalds		static int warned;
1da177e4SLinus Torvalds		if (!warned) {
1da177e4SLinus Torvalds			warned = 1;
1da177e4SLinus Torvalds			printk(KERN_INFO "%s uses obsolete (PF_INET,SOCK_PACKET)\n", current->comm);
1da177e4SLinus Torvalds		}
1da177e4SLinus Torvalds		family = PF_PACKET;
1da177e4SLinus Torvalds	}
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	err = security_socket_create(family, type, protocol, kern);
1da177e4SLinus Torvalds	if (err)
1da177e4SLinus Torvalds		return err;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds#if defined(CONFIG_KMOD)
1da177e4SLinus Torvalds	/* Attempt to load a protocol module if the find failed.
1da177e4SLinus Torvalds	 *
1da177e4SLinus Torvalds	 * 12/09/1996 Marcin: But! this makes REALLY only sense, if the user
1da177e4SLinus Torvalds	 * requested real, full-featured networking support upon configuration.
1da177e4SLinus Torvalds	 * Otherwise module support will break!
1da177e4SLinus Torvalds	 */
1da177e4SLinus Torvalds	if (net_families[family]==NULL)
1da177e4SLinus Torvalds	{
1da177e4SLinus Torvalds		request_module("net-pf-%d",family);
1da177e4SLinus Torvalds	}
1da177e4SLinus Torvalds#endif
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	net_family_read_lock();
1da177e4SLinus Torvalds	if (net_families[family] == NULL) {
1da177e4SLinus Torvalds		err = -EAFNOSUPPORT;
1da177e4SLinus Torvalds		goto out;
1da177e4SLinus Torvalds	}
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds/*
1da177e4SLinus Torvalds *	Allocate the socket and allow the family to set things up. if
1da177e4SLinus Torvalds *	the protocol is 0, the family is instructed to select an appropriate
1da177e4SLinus Torvalds *	default.
1da177e4SLinus Torvalds */
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	if (!(sock = sock_alloc())) {
1da177e4SLinus Torvalds		printk(KERN_WARNING "socket: no more sockets\n");
1da177e4SLinus Torvalds		err = -ENFILE;		/* Not exactly a match, but its the
1da177e4SLinus Torvalds					   closest posix thing */
1da177e4SLinus Torvalds		goto out;
1da177e4SLinus Torvalds	}
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	sock->type  = type;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	/*
1da177e4SLinus Torvalds	 * We will call the ->create function, that possibly is in a loadable
1da177e4SLinus Torvalds	 * module, so we have to bump that loadable module refcnt first.
1da177e4SLinus Torvalds	 */
1da177e4SLinus Torvalds	err = -EAFNOSUPPORT;
1da177e4SLinus Torvalds	if (!try_module_get(net_families[family]->owner))
1da177e4SLinus Torvalds		goto out_release;
1da177e4SLinus Torvalds
a79af59eSFrank Filz	if ((err = net_families[family]->create(sock, protocol)) < 0) {
a79af59eSFrank Filz		sock->ops = NULL;
1da177e4SLinus Torvalds		goto out_module_put;
a79af59eSFrank Filz	}
a79af59eSFrank Filz
1da177e4SLinus Torvalds	/*
1da177e4SLinus Torvalds	 * Now to bump the refcnt of the [loadable] module that owns this
1da177e4SLinus Torvalds	 * socket at sock_release time we decrement its refcnt.
1da177e4SLinus Torvalds	 */
1da177e4SLinus Torvalds	if (!try_module_get(sock->ops->owner)) {
1da177e4SLinus Torvalds		sock->ops = NULL;
1da177e4SLinus Torvalds		goto out_module_put;
1da177e4SLinus Torvalds	}
1da177e4SLinus Torvalds	/*
1da177e4SLinus Torvalds	 * Now that we're done with the ->create function, the [loadable]
1da177e4SLinus Torvalds	 * module can have its refcnt decremented
1da177e4SLinus Torvalds	 */
1da177e4SLinus Torvalds	module_put(net_families[family]->owner);
1da177e4SLinus Torvalds	*res = sock;
1da177e4SLinus Torvalds	security_socket_post_create(sock, family, type, protocol, kern);
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsout:
1da177e4SLinus Torvalds	net_family_read_unlock();
1da177e4SLinus Torvalds	return err;
1da177e4SLinus Torvaldsout_module_put:
1da177e4SLinus Torvalds	module_put(net_families[family]->owner);
1da177e4SLinus Torvaldsout_release:
1da177e4SLinus Torvalds	sock_release(sock);
1da177e4SLinus Torvalds	goto out;
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsint sock_create(int family, int type, int protocol, struct socket **res)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	return __sock_create(family, type, protocol, res, 0);
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsint sock_create_kern(int family, int type, int protocol, struct socket **res)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	return __sock_create(family, type, protocol, res, 1);
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsasmlinkage long sys_socket(int family, int type, int protocol)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	int retval;
1da177e4SLinus Torvalds	struct socket *sock;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	retval = sock_create(family, type, protocol, &sock);
1da177e4SLinus Torvalds	if (retval < 0)
1da177e4SLinus Torvalds		goto out;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	retval = sock_map_fd(sock);
1da177e4SLinus Torvalds	if (retval < 0)
1da177e4SLinus Torvalds		goto out_release;
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsout:
1da177e4SLinus Torvalds	/* It may be already another descriptor 8) Not kernel problem. */
1da177e4SLinus Torvalds	return retval;
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsout_release:
1da177e4SLinus Torvalds	sock_release(sock);
1da177e4SLinus Torvalds	return retval;
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds/*
1da177e4SLinus Torvalds *	Create a pair of connected sockets.
1da177e4SLinus Torvalds */
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsasmlinkage long sys_socketpair(int family, int type, int protocol, int __user *usockvec)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	struct socket *sock1, *sock2;
1da177e4SLinus Torvalds	int fd1, fd2, err;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	/*
1da177e4SLinus Torvalds	 * Obtain the first socket and check if the underlying protocol
1da177e4SLinus Torvalds	 * supports the socketpair call.
1da177e4SLinus Torvalds	 */
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	err = sock_create(family, type, protocol, &sock1);
1da177e4SLinus Torvalds	if (err < 0)
1da177e4SLinus Torvalds		goto out;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	err = sock_create(family, type, protocol, &sock2);
1da177e4SLinus Torvalds	if (err < 0)
1da177e4SLinus Torvalds		goto out_release_1;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	err = sock1->ops->socketpair(sock1, sock2);
1da177e4SLinus Torvalds	if (err < 0)
1da177e4SLinus Torvalds		goto out_release_both;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	fd1 = fd2 = -1;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	err = sock_map_fd(sock1);
1da177e4SLinus Torvalds	if (err < 0)
1da177e4SLinus Torvalds		goto out_release_both;
1da177e4SLinus Torvalds	fd1 = err;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	err = sock_map_fd(sock2);
1da177e4SLinus Torvalds	if (err < 0)
1da177e4SLinus Torvalds		goto out_close_1;
1da177e4SLinus Torvalds	fd2 = err;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	/* fd1 and fd2 may be already another descriptors.
1da177e4SLinus Torvalds	 * Not kernel problem.
1da177e4SLinus Torvalds	 */
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	err = put_user(fd1, &usockvec[0]);
1da177e4SLinus Torvalds	if (!err)
1da177e4SLinus Torvalds		err = put_user(fd2, &usockvec[1]);
1da177e4SLinus Torvalds	if (!err)
1da177e4SLinus Torvalds		return 0;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	sys_close(fd2);
1da177e4SLinus Torvalds	sys_close(fd1);
1da177e4SLinus Torvalds	return err;
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsout_close_1:
1da177e4SLinus Torvalds        sock_release(sock2);
1da177e4SLinus Torvalds	sys_close(fd1);
1da177e4SLinus Torvalds	return err;
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsout_release_both:
1da177e4SLinus Torvalds        sock_release(sock2);
1da177e4SLinus Torvaldsout_release_1:
1da177e4SLinus Torvalds        sock_release(sock1);
1da177e4SLinus Torvaldsout:
1da177e4SLinus Torvalds	return err;
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds/*
1da177e4SLinus Torvalds *	Bind a name to a socket. Nothing much to do here since it's
1da177e4SLinus Torvalds *	the protocol's responsibility to handle the local address.
1da177e4SLinus Torvalds *
1da177e4SLinus Torvalds *	We move the socket address to kernel space before we call
1da177e4SLinus Torvalds *	the protocol layer (having also checked the address is ok).
1da177e4SLinus Torvalds */
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsasmlinkage long sys_bind(int fd, struct sockaddr __user *umyaddr, int addrlen)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	struct socket *sock;
1da177e4SLinus Torvalds	char address[MAX_SOCK_ADDR];
6cb153caSBenjamin LaHaise	int err, fput_needed;
1da177e4SLinus Torvalds
6cb153caSBenjamin LaHaise	if((sock = sockfd_lookup_light(fd, &err, &fput_needed))!=NULL)
1da177e4SLinus Torvalds	{
1da177e4SLinus Torvalds		if((err=move_addr_to_kernel(umyaddr,addrlen,address))>=0) {
1da177e4SLinus Torvalds			err = security_socket_bind(sock, (struct sockaddr *)address, addrlen);
6cb153caSBenjamin LaHaise			if (!err)
6cb153caSBenjamin LaHaise				err = sock->ops->bind(sock,
6cb153caSBenjamin LaHaise					(struct sockaddr *)address, addrlen);
1da177e4SLinus Torvalds		}
6cb153caSBenjamin LaHaise		fput_light(sock->file, fput_needed);
1da177e4SLinus Torvalds	}
1da177e4SLinus Torvalds	return err;
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds/*
1da177e4SLinus Torvalds *	Perform a listen. Basically, we allow the protocol to do anything
1da177e4SLinus Torvalds *	necessary for a listen, and if that works, we mark the socket as
1da177e4SLinus Torvalds *	ready for listening.
1da177e4SLinus Torvalds */
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsint sysctl_somaxconn = SOMAXCONN;
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsasmlinkage long sys_listen(int fd, int backlog)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	struct socket *sock;
6cb153caSBenjamin LaHaise	int err, fput_needed;
1da177e4SLinus Torvalds
6cb153caSBenjamin LaHaise	if ((sock = sockfd_lookup_light(fd, &err, &fput_needed)) != NULL) {
1da177e4SLinus Torvalds		if ((unsigned) backlog > sysctl_somaxconn)
1da177e4SLinus Torvalds			backlog = sysctl_somaxconn;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds		err = security_socket_listen(sock, backlog);
6cb153caSBenjamin LaHaise		if (!err)
1da177e4SLinus Torvalds			err = sock->ops->listen(sock, backlog);
6cb153caSBenjamin LaHaise
6cb153caSBenjamin LaHaise		fput_light(sock->file, fput_needed);
1da177e4SLinus Torvalds	}
1da177e4SLinus Torvalds	return err;
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds/*
1da177e4SLinus Torvalds *	For accept, we attempt to create a new socket, set up the link
1da177e4SLinus Torvalds *	with the client, wake up the client, then return the new
1da177e4SLinus Torvalds *	connected fd. We collect the address of the connector in kernel
1da177e4SLinus Torvalds *	space and move it to user at the very end. This is unclean because
1da177e4SLinus Torvalds *	we open the socket then return an error.
1da177e4SLinus Torvalds *
1da177e4SLinus Torvalds *	1003.1g adds the ability to recvmsg() to query connection pending
1da177e4SLinus Torvalds *	status to recvmsg. We need to add that support in a way thats
1da177e4SLinus Torvalds *	clean when we restucture accept also.
1da177e4SLinus Torvalds */
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsasmlinkage long sys_accept(int fd, struct sockaddr __user *upeer_sockaddr, int __user *upeer_addrlen)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	struct socket *sock, *newsock;
39d8c1b6SDavid S. Miller	struct file *newfile;
6cb153caSBenjamin LaHaise	int err, len, newfd, fput_needed;
1da177e4SLinus Torvalds	char address[MAX_SOCK_ADDR];
1da177e4SLinus Torvalds
6cb153caSBenjamin LaHaise	sock = sockfd_lookup_light(fd, &err, &fput_needed);
1da177e4SLinus Torvalds	if (!sock)
1da177e4SLinus Torvalds		goto out;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	err = -ENFILE;
1da177e4SLinus Torvalds	if (!(newsock = sock_alloc()))
1da177e4SLinus Torvalds		goto out_put;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	newsock->type = sock->type;
1da177e4SLinus Torvalds	newsock->ops = sock->ops;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	/*
1da177e4SLinus Torvalds	 * We don't need try_module_get here, as the listening socket (sock)
1da177e4SLinus Torvalds	 * has the protocol module (sock->ops->owner) held.
1da177e4SLinus Torvalds	 */
1da177e4SLinus Torvalds	__module_get(newsock->ops->owner);
1da177e4SLinus Torvalds
39d8c1b6SDavid S. Miller	newfd = sock_alloc_fd(&newfile);
39d8c1b6SDavid S. Miller	if (unlikely(newfd < 0)) {
39d8c1b6SDavid S. Miller		err = newfd;
39d8c1b6SDavid S. Miller		goto out_release;
39d8c1b6SDavid S. Miller	}
39d8c1b6SDavid S. Miller
39d8c1b6SDavid S. Miller	err = sock_attach_fd(newsock, newfile);
39d8c1b6SDavid S. Miller	if (err < 0)
39d8c1b6SDavid S. Miller		goto out_fd;
39d8c1b6SDavid S. Miller
a79af59eSFrank Filz	err = security_socket_accept(sock, newsock);
a79af59eSFrank Filz	if (err)
39d8c1b6SDavid S. Miller		goto out_fd;
a79af59eSFrank Filz
1da177e4SLinus Torvalds	err = sock->ops->accept(sock, newsock, sock->file->f_flags);
1da177e4SLinus Torvalds	if (err < 0)
39d8c1b6SDavid S. Miller		goto out_fd;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	if (upeer_sockaddr) {
1da177e4SLinus Torvalds		if(newsock->ops->getname(newsock, (struct sockaddr *)address, &len, 2)<0) {
1da177e4SLinus Torvalds			err = -ECONNABORTED;
39d8c1b6SDavid S. Miller			goto out_fd;
1da177e4SLinus Torvalds		}
1da177e4SLinus Torvalds		err = move_addr_to_user(address, len, upeer_sockaddr, upeer_addrlen);
1da177e4SLinus Torvalds		if (err < 0)
39d8c1b6SDavid S. Miller			goto out_fd;
1da177e4SLinus Torvalds	}
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	/* File flags are not inherited via accept() unlike another OSes. */
1da177e4SLinus Torvalds
39d8c1b6SDavid S. Miller	fd_install(newfd, newfile);
39d8c1b6SDavid S. Miller	err = newfd;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	security_socket_post_accept(sock, newsock);
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsout_put:
6cb153caSBenjamin LaHaise	fput_light(sock->file, fput_needed);
1da177e4SLinus Torvaldsout:
1da177e4SLinus Torvalds	return err;
39d8c1b6SDavid S. Millerout_fd:
39d8c1b6SDavid S. Miller	put_filp(newfile);
39d8c1b6SDavid S. Miller	put_unused_fd(newfd);
1da177e4SLinus Torvaldsout_release:
1da177e4SLinus Torvalds	sock_release(newsock);
1da177e4SLinus Torvalds	goto out_put;
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds/*
1da177e4SLinus Torvalds *	Attempt to connect to a socket with the server address.  The address
1da177e4SLinus Torvalds *	is in user space so we verify it is OK and move it to kernel space.
1da177e4SLinus Torvalds *
1da177e4SLinus Torvalds *	For 1003.1g we need to add clean support for a bind to AF_UNSPEC to
1da177e4SLinus Torvalds *	break bindings
1da177e4SLinus Torvalds *
1da177e4SLinus Torvalds *	NOTE: 1003.1g draft 6.3 is broken with respect to AX.25/NetROM and
1da177e4SLinus Torvalds *	other SEQPACKET protocols that take time to connect() as it doesn't
1da177e4SLinus Torvalds *	include the -EINPROGRESS status for such sockets.
1da177e4SLinus Torvalds */
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsasmlinkage long sys_connect(int fd, struct sockaddr __user *uservaddr, int addrlen)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	struct socket *sock;
1da177e4SLinus Torvalds	char address[MAX_SOCK_ADDR];
6cb153caSBenjamin LaHaise	int err, fput_needed;
1da177e4SLinus Torvalds
6cb153caSBenjamin LaHaise	sock = sockfd_lookup_light(fd, &err, &fput_needed);
1da177e4SLinus Torvalds	if (!sock)
1da177e4SLinus Torvalds		goto out;
1da177e4SLinus Torvalds	err = move_addr_to_kernel(uservaddr, addrlen, address);
1da177e4SLinus Torvalds	if (err < 0)
1da177e4SLinus Torvalds		goto out_put;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	err = security_socket_connect(sock, (struct sockaddr *)address, addrlen);
1da177e4SLinus Torvalds	if (err)
1da177e4SLinus Torvalds		goto out_put;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	err = sock->ops->connect(sock, (struct sockaddr *) address, addrlen,
1da177e4SLinus Torvalds				 sock->file->f_flags);
1da177e4SLinus Torvaldsout_put:
6cb153caSBenjamin LaHaise	fput_light(sock->file, fput_needed);
1da177e4SLinus Torvaldsout:
1da177e4SLinus Torvalds	return err;
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds/*
1da177e4SLinus Torvalds *	Get the local address ('name') of a socket object. Move the obtained
1da177e4SLinus Torvalds *	name to user space.
1da177e4SLinus Torvalds */
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsasmlinkage long sys_getsockname(int fd, struct sockaddr __user *usockaddr, int __user *usockaddr_len)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	struct socket *sock;
1da177e4SLinus Torvalds	char address[MAX_SOCK_ADDR];
6cb153caSBenjamin LaHaise	int len, err, fput_needed;
1da177e4SLinus Torvalds
6cb153caSBenjamin LaHaise	sock = sockfd_lookup_light(fd, &err, &fput_needed);
1da177e4SLinus Torvalds	if (!sock)
1da177e4SLinus Torvalds		goto out;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	err = security_socket_getsockname(sock);
1da177e4SLinus Torvalds	if (err)
1da177e4SLinus Torvalds		goto out_put;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	err = sock->ops->getname(sock, (struct sockaddr *)address, &len, 0);
1da177e4SLinus Torvalds	if (err)
1da177e4SLinus Torvalds		goto out_put;
1da177e4SLinus Torvalds	err = move_addr_to_user(address, len, usockaddr, usockaddr_len);
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsout_put:
6cb153caSBenjamin LaHaise	fput_light(sock->file, fput_needed);
1da177e4SLinus Torvaldsout:
1da177e4SLinus Torvalds	return err;
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds/*
1da177e4SLinus Torvalds *	Get the remote address ('name') of a socket object. Move the obtained
1da177e4SLinus Torvalds *	name to user space.
1da177e4SLinus Torvalds */
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsasmlinkage long sys_getpeername(int fd, struct sockaddr __user *usockaddr, int __user *usockaddr_len)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	struct socket *sock;
1da177e4SLinus Torvalds	char address[MAX_SOCK_ADDR];
6cb153caSBenjamin LaHaise	int len, err, fput_needed;
1da177e4SLinus Torvalds
6cb153caSBenjamin LaHaise	if ((sock = sockfd_lookup_light(fd, &err, &fput_needed)) != NULL) {
1da177e4SLinus Torvalds		err = security_socket_getpeername(sock);
1da177e4SLinus Torvalds		if (err) {
6cb153caSBenjamin LaHaise			fput_light(sock->file, fput_needed);
1da177e4SLinus Torvalds			return err;
1da177e4SLinus Torvalds		}
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds		err = sock->ops->getname(sock, (struct sockaddr *)address, &len, 1);
1da177e4SLinus Torvalds		if (!err)
1da177e4SLinus Torvalds			err=move_addr_to_user(address,len, usockaddr, usockaddr_len);
6cb153caSBenjamin LaHaise		fput_light(sock->file, fput_needed);
1da177e4SLinus Torvalds	}
1da177e4SLinus Torvalds	return err;
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds/*
1da177e4SLinus Torvalds *	Send a datagram to a given address. We move the address into kernel
1da177e4SLinus Torvalds *	space and check the user space data area is readable before invoking
1da177e4SLinus Torvalds *	the protocol.
1da177e4SLinus Torvalds */
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsasmlinkage long sys_sendto(int fd, void __user * buff, size_t len, unsigned flags,
1da177e4SLinus Torvalds			   struct sockaddr __user *addr, int addr_len)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	struct socket *sock;
1da177e4SLinus Torvalds	char address[MAX_SOCK_ADDR];
1da177e4SLinus Torvalds	int err;
1da177e4SLinus Torvalds	struct msghdr msg;
1da177e4SLinus Torvalds	struct iovec iov;
6cb153caSBenjamin LaHaise	int fput_needed;
6cb153caSBenjamin LaHaise	struct file *sock_file;
1da177e4SLinus Torvalds
6cb153caSBenjamin LaHaise	sock_file = fget_light(fd, &fput_needed);
6cb153caSBenjamin LaHaise	if (!sock_file)
6cb153caSBenjamin LaHaise		return -EBADF;
6cb153caSBenjamin LaHaise
6cb153caSBenjamin LaHaise	sock = sock_from_file(sock_file, &err);
1da177e4SLinus Torvalds	if (!sock)
6cb153caSBenjamin LaHaise		goto out_put;
1da177e4SLinus Torvalds	iov.iov_base=buff;
1da177e4SLinus Torvalds	iov.iov_len=len;
1da177e4SLinus Torvalds	msg.msg_name=NULL;
1da177e4SLinus Torvalds	msg.msg_iov=&iov;
1da177e4SLinus Torvalds	msg.msg_iovlen=1;
1da177e4SLinus Torvalds	msg.msg_control=NULL;
1da177e4SLinus Torvalds	msg.msg_controllen=0;
1da177e4SLinus Torvalds	msg.msg_namelen=0;
6cb153caSBenjamin LaHaise	if (addr) {
1da177e4SLinus Torvalds		err = move_addr_to_kernel(addr, addr_len, address);
1da177e4SLinus Torvalds		if (err < 0)
1da177e4SLinus Torvalds			goto out_put;
1da177e4SLinus Torvalds		msg.msg_name=address;
1da177e4SLinus Torvalds		msg.msg_namelen=addr_len;
1da177e4SLinus Torvalds	}
1da177e4SLinus Torvalds	if (sock->file->f_flags & O_NONBLOCK)
1da177e4SLinus Torvalds		flags |= MSG_DONTWAIT;
1da177e4SLinus Torvalds	msg.msg_flags = flags;
1da177e4SLinus Torvalds	err = sock_sendmsg(sock, &msg, len);
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsout_put:
6cb153caSBenjamin LaHaise	fput_light(sock_file, fput_needed);
1da177e4SLinus Torvalds	return err;
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds/*
1da177e4SLinus Torvalds *	Send a datagram down a socket.
1da177e4SLinus Torvalds */
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsasmlinkage long sys_send(int fd, void __user * buff, size_t len, unsigned flags)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	return sys_sendto(fd, buff, len, flags, NULL, 0);
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds/*
1da177e4SLinus Torvalds *	Receive a frame from the socket and optionally record the address of the
1da177e4SLinus Torvalds *	sender. We verify the buffers are writable and if needed move the
1da177e4SLinus Torvalds *	sender address from kernel to user space.
1da177e4SLinus Torvalds */
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsasmlinkage long sys_recvfrom(int fd, void __user * ubuf, size_t size, unsigned flags,
1da177e4SLinus Torvalds			     struct sockaddr __user *addr, int __user *addr_len)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	struct socket *sock;
1da177e4SLinus Torvalds	struct iovec iov;
1da177e4SLinus Torvalds	struct msghdr msg;
1da177e4SLinus Torvalds	char address[MAX_SOCK_ADDR];
1da177e4SLinus Torvalds	int err,err2;
6cb153caSBenjamin LaHaise	struct file *sock_file;
6cb153caSBenjamin LaHaise	int fput_needed;
1da177e4SLinus Torvalds
6cb153caSBenjamin LaHaise	sock_file = fget_light(fd, &fput_needed);
6cb153caSBenjamin LaHaise	if (!sock_file)
6cb153caSBenjamin LaHaise		return -EBADF;
6cb153caSBenjamin LaHaise
6cb153caSBenjamin LaHaise	sock = sock_from_file(sock_file, &err);
1da177e4SLinus Torvalds	if (!sock)
1da177e4SLinus Torvalds		goto out;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	msg.msg_control=NULL;
1da177e4SLinus Torvalds	msg.msg_controllen=0;
1da177e4SLinus Torvalds	msg.msg_iovlen=1;
1da177e4SLinus Torvalds	msg.msg_iov=&iov;
1da177e4SLinus Torvalds	iov.iov_len=size;
1da177e4SLinus Torvalds	iov.iov_base=ubuf;
1da177e4SLinus Torvalds	msg.msg_name=address;
1da177e4SLinus Torvalds	msg.msg_namelen=MAX_SOCK_ADDR;
1da177e4SLinus Torvalds	if (sock->file->f_flags & O_NONBLOCK)
1da177e4SLinus Torvalds		flags |= MSG_DONTWAIT;
1da177e4SLinus Torvalds	err=sock_recvmsg(sock, &msg, size, flags);
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	if(err >= 0 && addr != NULL)
1da177e4SLinus Torvalds	{
1da177e4SLinus Torvalds		err2=move_addr_to_user(address, msg.msg_namelen, addr, addr_len);
1da177e4SLinus Torvalds		if(err2<0)
1da177e4SLinus Torvalds			err=err2;
1da177e4SLinus Torvalds	}
1da177e4SLinus Torvaldsout:
6cb153caSBenjamin LaHaise	fput_light(sock_file, fput_needed);
1da177e4SLinus Torvalds	return err;
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds/*
1da177e4SLinus Torvalds *	Receive a datagram from a socket.
1da177e4SLinus Torvalds */
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsasmlinkage long sys_recv(int fd, void __user * ubuf, size_t size, unsigned flags)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	return sys_recvfrom(fd, ubuf, size, flags, NULL, NULL);
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds/*
1da177e4SLinus Torvalds *	Set a socket option. Because we don't know the option lengths we have
1da177e4SLinus Torvalds *	to pass the user mode parameter for the protocols to sort out.
1da177e4SLinus Torvalds */
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsasmlinkage long sys_setsockopt(int fd, int level, int optname, char __user *optval, int optlen)
1da177e4SLinus Torvalds{
6cb153caSBenjamin LaHaise	int err, fput_needed;
1da177e4SLinus Torvalds	struct socket *sock;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	if (optlen < 0)
1da177e4SLinus Torvalds		return -EINVAL;
1da177e4SLinus Torvalds
6cb153caSBenjamin LaHaise	if ((sock = sockfd_lookup_light(fd, &err, &fput_needed)) != NULL)
1da177e4SLinus Torvalds	{
1da177e4SLinus Torvalds		err = security_socket_setsockopt(sock,level,optname);
6cb153caSBenjamin LaHaise		if (err)
6cb153caSBenjamin LaHaise			goto out_put;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds		if (level == SOL_SOCKET)
1da177e4SLinus Torvalds			err=sock_setsockopt(sock,level,optname,optval,optlen);
1da177e4SLinus Torvalds		else
1da177e4SLinus Torvalds			err=sock->ops->setsockopt(sock, level, optname, optval, optlen);
6cb153caSBenjamin LaHaiseout_put:
6cb153caSBenjamin LaHaise		fput_light(sock->file, fput_needed);
1da177e4SLinus Torvalds	}
1da177e4SLinus Torvalds	return err;
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds/*
1da177e4SLinus Torvalds *	Get a socket option. Because we don't know the option lengths we have
1da177e4SLinus Torvalds *	to pass a user mode parameter for the protocols to sort out.
1da177e4SLinus Torvalds */
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsasmlinkage long sys_getsockopt(int fd, int level, int optname, char __user *optval, int __user *optlen)
1da177e4SLinus Torvalds{
6cb153caSBenjamin LaHaise	int err, fput_needed;
1da177e4SLinus Torvalds	struct socket *sock;
1da177e4SLinus Torvalds
6cb153caSBenjamin LaHaise	if ((sock = sockfd_lookup_light(fd, &err, &fput_needed)) != NULL) {
6cb153caSBenjamin LaHaise		err = security_socket_getsockopt(sock, level, optname);
6cb153caSBenjamin LaHaise		if (err)
6cb153caSBenjamin LaHaise			goto out_put;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds		if (level == SOL_SOCKET)
1da177e4SLinus Torvalds			err=sock_getsockopt(sock,level,optname,optval,optlen);
1da177e4SLinus Torvalds		else
1da177e4SLinus Torvalds			err=sock->ops->getsockopt(sock, level, optname, optval, optlen);
6cb153caSBenjamin LaHaiseout_put:
6cb153caSBenjamin LaHaise		fput_light(sock->file, fput_needed);
1da177e4SLinus Torvalds	}
1da177e4SLinus Torvalds	return err;
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds/*
1da177e4SLinus Torvalds *	Shutdown a socket.
1da177e4SLinus Torvalds */
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsasmlinkage long sys_shutdown(int fd, int how)
1da177e4SLinus Torvalds{
6cb153caSBenjamin LaHaise	int err, fput_needed;
1da177e4SLinus Torvalds	struct socket *sock;
1da177e4SLinus Torvalds
6cb153caSBenjamin LaHaise	if ((sock = sockfd_lookup_light(fd, &err, &fput_needed))!=NULL)
1da177e4SLinus Torvalds	{
1da177e4SLinus Torvalds		err = security_socket_shutdown(sock, how);
6cb153caSBenjamin LaHaise		if (!err)
1da177e4SLinus Torvalds			err = sock->ops->shutdown(sock, how);
6cb153caSBenjamin LaHaise		fput_light(sock->file, fput_needed);
1da177e4SLinus Torvalds	}
1da177e4SLinus Torvalds	return err;
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds/* A couple of helpful macros for getting the address of the 32/64 bit
1da177e4SLinus Torvalds * fields which are the same type (int / unsigned) on our platforms.
1da177e4SLinus Torvalds */
1da177e4SLinus Torvalds#define COMPAT_MSG(msg, member)	((MSG_CMSG_COMPAT & flags) ? &msg##_compat->member : &msg->member)
1da177e4SLinus Torvalds#define COMPAT_NAMELEN(msg)	COMPAT_MSG(msg, msg_namelen)
1da177e4SLinus Torvalds#define COMPAT_FLAGS(msg)	COMPAT_MSG(msg, msg_flags)
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds/*
1da177e4SLinus Torvalds *	BSD sendmsg interface
1da177e4SLinus Torvalds */
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsasmlinkage long sys_sendmsg(int fd, struct msghdr __user *msg, unsigned flags)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	struct compat_msghdr __user *msg_compat = (struct compat_msghdr __user *)msg;
1da177e4SLinus Torvalds	struct socket *sock;
1da177e4SLinus Torvalds	char address[MAX_SOCK_ADDR];
1da177e4SLinus Torvalds	struct iovec iovstack[UIO_FASTIOV], *iov = iovstack;
b9d717a7SAlex Williamson	unsigned char ctl[sizeof(struct cmsghdr) + 20]
b9d717a7SAlex Williamson			__attribute__ ((aligned (sizeof(__kernel_size_t))));
b9d717a7SAlex Williamson			/* 20 is size of ipv6_pktinfo */
1da177e4SLinus Torvalds	unsigned char *ctl_buf = ctl;
1da177e4SLinus Torvalds	struct msghdr msg_sys;
1da177e4SLinus Torvalds	int err, ctl_len, iov_size, total_len;
6cb153caSBenjamin LaHaise	int fput_needed;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	err = -EFAULT;
1da177e4SLinus Torvalds	if (MSG_CMSG_COMPAT & flags) {
1da177e4SLinus Torvalds		if (get_compat_msghdr(&msg_sys, msg_compat))
1da177e4SLinus Torvalds			return -EFAULT;
1da177e4SLinus Torvalds	} else if (copy_from_user(&msg_sys, msg, sizeof(struct msghdr)))
1da177e4SLinus Torvalds		return -EFAULT;
1da177e4SLinus Torvalds
6cb153caSBenjamin LaHaise	sock = sockfd_lookup_light(fd, &err, &fput_needed);
1da177e4SLinus Torvalds	if (!sock)
1da177e4SLinus Torvalds		goto out;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	/* do not move before msg_sys is valid */
1da177e4SLinus Torvalds	err = -EMSGSIZE;
1da177e4SLinus Torvalds	if (msg_sys.msg_iovlen > UIO_MAXIOV)
1da177e4SLinus Torvalds		goto out_put;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	/* Check whether to allocate the iovec area*/
1da177e4SLinus Torvalds	err = -ENOMEM;
1da177e4SLinus Torvalds	iov_size = msg_sys.msg_iovlen * sizeof(struct iovec);
1da177e4SLinus Torvalds	if (msg_sys.msg_iovlen > UIO_FASTIOV) {
1da177e4SLinus Torvalds		iov = sock_kmalloc(sock->sk, iov_size, GFP_KERNEL);
1da177e4SLinus Torvalds		if (!iov)
1da177e4SLinus Torvalds			goto out_put;
1da177e4SLinus Torvalds	}
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	/* This will also move the address data into kernel space */
1da177e4SLinus Torvalds	if (MSG_CMSG_COMPAT & flags) {
1da177e4SLinus Torvalds		err = verify_compat_iovec(&msg_sys, iov, address, VERIFY_READ);
1da177e4SLinus Torvalds	} else
1da177e4SLinus Torvalds		err = verify_iovec(&msg_sys, iov, address, VERIFY_READ);
1da177e4SLinus Torvalds	if (err < 0)
1da177e4SLinus Torvalds		goto out_freeiov;
1da177e4SLinus Torvalds	total_len = err;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	err = -ENOBUFS;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	if (msg_sys.msg_controllen > INT_MAX)
1da177e4SLinus Torvalds		goto out_freeiov;
1da177e4SLinus Torvalds	ctl_len = msg_sys.msg_controllen;
1da177e4SLinus Torvalds	if ((MSG_CMSG_COMPAT & flags) && ctl_len) {
8920e8f9SAl Viro		err = cmsghdr_from_user_compat_to_kern(&msg_sys, sock->sk, ctl, sizeof(ctl));
1da177e4SLinus Torvalds		if (err)
1da177e4SLinus Torvalds			goto out_freeiov;
1da177e4SLinus Torvalds		ctl_buf = msg_sys.msg_control;
8920e8f9SAl Viro		ctl_len = msg_sys.msg_controllen;
1da177e4SLinus Torvalds	} else if (ctl_len) {
1da177e4SLinus Torvalds		if (ctl_len > sizeof(ctl))
1da177e4SLinus Torvalds		{
1da177e4SLinus Torvalds			ctl_buf = sock_kmalloc(sock->sk, ctl_len, GFP_KERNEL);
1da177e4SLinus Torvalds			if (ctl_buf == NULL)
1da177e4SLinus Torvalds				goto out_freeiov;
1da177e4SLinus Torvalds		}
1da177e4SLinus Torvalds		err = -EFAULT;
1da177e4SLinus Torvalds		/*
1da177e4SLinus Torvalds		 * Careful! Before this, msg_sys.msg_control contains a user pointer.
1da177e4SLinus Torvalds		 * Afterwards, it will be a kernel pointer. Thus the compiler-assisted
1da177e4SLinus Torvalds		 * checking falls down on this.
1da177e4SLinus Torvalds		 */
1da177e4SLinus Torvalds		if (copy_from_user(ctl_buf, (void __user *) msg_sys.msg_control, ctl_len))
1da177e4SLinus Torvalds			goto out_freectl;
1da177e4SLinus Torvalds		msg_sys.msg_control = ctl_buf;
1da177e4SLinus Torvalds	}
1da177e4SLinus Torvalds	msg_sys.msg_flags = flags;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	if (sock->file->f_flags & O_NONBLOCK)
1da177e4SLinus Torvalds		msg_sys.msg_flags |= MSG_DONTWAIT;
1da177e4SLinus Torvalds	err = sock_sendmsg(sock, &msg_sys, total_len);
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsout_freectl:
1da177e4SLinus Torvalds	if (ctl_buf != ctl)
1da177e4SLinus Torvalds		sock_kfree_s(sock->sk, ctl_buf, ctl_len);
1da177e4SLinus Torvaldsout_freeiov:
1da177e4SLinus Torvalds	if (iov != iovstack)
1da177e4SLinus Torvalds		sock_kfree_s(sock->sk, iov, iov_size);
1da177e4SLinus Torvaldsout_put:
6cb153caSBenjamin LaHaise	fput_light(sock->file, fput_needed);
1da177e4SLinus Torvaldsout:
1da177e4SLinus Torvalds	return err;
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds/*
1da177e4SLinus Torvalds *	BSD recvmsg interface
1da177e4SLinus Torvalds */
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsasmlinkage long sys_recvmsg(int fd, struct msghdr __user *msg, unsigned int flags)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	struct compat_msghdr __user *msg_compat = (struct compat_msghdr __user *)msg;
1da177e4SLinus Torvalds	struct socket *sock;
1da177e4SLinus Torvalds	struct iovec iovstack[UIO_FASTIOV];
1da177e4SLinus Torvalds	struct iovec *iov=iovstack;
1da177e4SLinus Torvalds	struct msghdr msg_sys;
1da177e4SLinus Torvalds	unsigned long cmsg_ptr;
1da177e4SLinus Torvalds	int err, iov_size, total_len, len;
6cb153caSBenjamin LaHaise	int fput_needed;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	/* kernel mode address */
1da177e4SLinus Torvalds	char addr[MAX_SOCK_ADDR];
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	/* user mode address pointers */
1da177e4SLinus Torvalds	struct sockaddr __user *uaddr;
1da177e4SLinus Torvalds	int __user *uaddr_len;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	if (MSG_CMSG_COMPAT & flags) {
1da177e4SLinus Torvalds		if (get_compat_msghdr(&msg_sys, msg_compat))
1da177e4SLinus Torvalds			return -EFAULT;
1da177e4SLinus Torvalds	} else
1da177e4SLinus Torvalds		if (copy_from_user(&msg_sys,msg,sizeof(struct msghdr)))
1da177e4SLinus Torvalds			return -EFAULT;
1da177e4SLinus Torvalds
6cb153caSBenjamin LaHaise	sock = sockfd_lookup_light(fd, &err, &fput_needed);
1da177e4SLinus Torvalds	if (!sock)
1da177e4SLinus Torvalds		goto out;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	err = -EMSGSIZE;
1da177e4SLinus Torvalds	if (msg_sys.msg_iovlen > UIO_MAXIOV)
1da177e4SLinus Torvalds		goto out_put;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	/* Check whether to allocate the iovec area*/
1da177e4SLinus Torvalds	err = -ENOMEM;
1da177e4SLinus Torvalds	iov_size = msg_sys.msg_iovlen * sizeof(struct iovec);
1da177e4SLinus Torvalds	if (msg_sys.msg_iovlen > UIO_FASTIOV) {
1da177e4SLinus Torvalds		iov = sock_kmalloc(sock->sk, iov_size, GFP_KERNEL);
1da177e4SLinus Torvalds		if (!iov)
1da177e4SLinus Torvalds			goto out_put;
1da177e4SLinus Torvalds	}
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	/*
1da177e4SLinus Torvalds	 *	Save the user-mode address (verify_iovec will change the
1da177e4SLinus Torvalds	 *	kernel msghdr to use the kernel address space)
1da177e4SLinus Torvalds	 */
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	uaddr = (void __user *) msg_sys.msg_name;
1da177e4SLinus Torvalds	uaddr_len = COMPAT_NAMELEN(msg);
1da177e4SLinus Torvalds	if (MSG_CMSG_COMPAT & flags) {
1da177e4SLinus Torvalds		err = verify_compat_iovec(&msg_sys, iov, addr, VERIFY_WRITE);
1da177e4SLinus Torvalds	} else
1da177e4SLinus Torvalds		err = verify_iovec(&msg_sys, iov, addr, VERIFY_WRITE);
1da177e4SLinus Torvalds	if (err < 0)
1da177e4SLinus Torvalds		goto out_freeiov;
1da177e4SLinus Torvalds	total_len=err;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	cmsg_ptr = (unsigned long)msg_sys.msg_control;
1da177e4SLinus Torvalds	msg_sys.msg_flags = 0;
1da177e4SLinus Torvalds	if (MSG_CMSG_COMPAT & flags)
1da177e4SLinus Torvalds		msg_sys.msg_flags = MSG_CMSG_COMPAT;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	if (sock->file->f_flags & O_NONBLOCK)
1da177e4SLinus Torvalds		flags |= MSG_DONTWAIT;
1da177e4SLinus Torvalds	err = sock_recvmsg(sock, &msg_sys, total_len, flags);
1da177e4SLinus Torvalds	if (err < 0)
1da177e4SLinus Torvalds		goto out_freeiov;
1da177e4SLinus Torvalds	len = err;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	if (uaddr != NULL) {
1da177e4SLinus Torvalds		err = move_addr_to_user(addr, msg_sys.msg_namelen, uaddr, uaddr_len);
1da177e4SLinus Torvalds		if (err < 0)
1da177e4SLinus Torvalds			goto out_freeiov;
1da177e4SLinus Torvalds	}
37f7f421SDavid S. Miller	err = __put_user((msg_sys.msg_flags & ~MSG_CMSG_COMPAT),
37f7f421SDavid S. Miller			 COMPAT_FLAGS(msg));
1da177e4SLinus Torvalds	if (err)
1da177e4SLinus Torvalds		goto out_freeiov;
1da177e4SLinus Torvalds	if (MSG_CMSG_COMPAT & flags)
1da177e4SLinus Torvalds		err = __put_user((unsigned long)msg_sys.msg_control-cmsg_ptr,
1da177e4SLinus Torvalds				 &msg_compat->msg_controllen);
1da177e4SLinus Torvalds	else
1da177e4SLinus Torvalds		err = __put_user((unsigned long)msg_sys.msg_control-cmsg_ptr,
1da177e4SLinus Torvalds				 &msg->msg_controllen);
1da177e4SLinus Torvalds	if (err)
1da177e4SLinus Torvalds		goto out_freeiov;
1da177e4SLinus Torvalds	err = len;
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsout_freeiov:
1da177e4SLinus Torvalds	if (iov != iovstack)
1da177e4SLinus Torvalds		sock_kfree_s(sock->sk, iov, iov_size);
1da177e4SLinus Torvaldsout_put:
6cb153caSBenjamin LaHaise	fput_light(sock->file, fput_needed);
1da177e4SLinus Torvaldsout:
1da177e4SLinus Torvalds	return err;
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds#ifdef __ARCH_WANT_SYS_SOCKETCALL
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds/* Argument list sizes for sys_socketcall */
1da177e4SLinus Torvalds#define AL(x) ((x) * sizeof(unsigned long))
1da177e4SLinus Torvaldsstatic unsigned char nargs[18]={AL(0),AL(3),AL(3),AL(3),AL(2),AL(3),
1da177e4SLinus Torvalds				AL(3),AL(3),AL(4),AL(4),AL(4),AL(6),
1da177e4SLinus Torvalds				AL(6),AL(2),AL(5),AL(5),AL(3),AL(3)};
1da177e4SLinus Torvalds#undef AL
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds/*
1da177e4SLinus Torvalds *	System call vectors.
1da177e4SLinus Torvalds *
1da177e4SLinus Torvalds *	Argument checking cleaned up. Saved 20% in size.
1da177e4SLinus Torvalds *  This function doesn't need to set the kernel lock because
1da177e4SLinus Torvalds *  it is set by the callees.
1da177e4SLinus Torvalds */
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsasmlinkage long sys_socketcall(int call, unsigned long __user *args)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	unsigned long a[6];
1da177e4SLinus Torvalds	unsigned long a0,a1;
1da177e4SLinus Torvalds	int err;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	if(call<1||call>SYS_RECVMSG)
1da177e4SLinus Torvalds		return -EINVAL;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	/* copy_from_user should be SMP safe. */
1da177e4SLinus Torvalds	if (copy_from_user(a, args, nargs[call]))
1da177e4SLinus Torvalds		return -EFAULT;
1da177e4SLinus Torvalds
4bcff1b3SDavid Woodhouse	err = audit_socketcall(nargs[call]/sizeof(unsigned long), a);
3ec3b2fbSDavid Woodhouse	if (err)
3ec3b2fbSDavid Woodhouse		return err;
3ec3b2fbSDavid Woodhouse
1da177e4SLinus Torvalds	a0=a[0];
1da177e4SLinus Torvalds	a1=a[1];
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	switch(call)
1da177e4SLinus Torvalds	{
1da177e4SLinus Torvalds		case SYS_SOCKET:
1da177e4SLinus Torvalds			err = sys_socket(a0,a1,a[2]);
1da177e4SLinus Torvalds			break;
1da177e4SLinus Torvalds		case SYS_BIND:
1da177e4SLinus Torvalds			err = sys_bind(a0,(struct sockaddr __user *)a1, a[2]);
1da177e4SLinus Torvalds			break;
1da177e4SLinus Torvalds		case SYS_CONNECT:
1da177e4SLinus Torvalds			err = sys_connect(a0, (struct sockaddr __user *)a1, a[2]);
1da177e4SLinus Torvalds			break;
1da177e4SLinus Torvalds		case SYS_LISTEN:
1da177e4SLinus Torvalds			err = sys_listen(a0,a1);
1da177e4SLinus Torvalds			break;
1da177e4SLinus Torvalds		case SYS_ACCEPT:
1da177e4SLinus Torvalds			err = sys_accept(a0,(struct sockaddr __user *)a1, (int __user *)a[2]);
1da177e4SLinus Torvalds			break;
1da177e4SLinus Torvalds		case SYS_GETSOCKNAME:
1da177e4SLinus Torvalds			err = sys_getsockname(a0,(struct sockaddr __user *)a1, (int __user *)a[2]);
1da177e4SLinus Torvalds			break;
1da177e4SLinus Torvalds		case SYS_GETPEERNAME:
1da177e4SLinus Torvalds			err = sys_getpeername(a0, (struct sockaddr __user *)a1, (int __user *)a[2]);
1da177e4SLinus Torvalds			break;
1da177e4SLinus Torvalds		case SYS_SOCKETPAIR:
1da177e4SLinus Torvalds			err = sys_socketpair(a0,a1, a[2], (int __user *)a[3]);
1da177e4SLinus Torvalds			break;
1da177e4SLinus Torvalds		case SYS_SEND:
1da177e4SLinus Torvalds			err = sys_send(a0, (void __user *)a1, a[2], a[3]);
1da177e4SLinus Torvalds			break;
1da177e4SLinus Torvalds		case SYS_SENDTO:
1da177e4SLinus Torvalds			err = sys_sendto(a0,(void __user *)a1, a[2], a[3],
1da177e4SLinus Torvalds					 (struct sockaddr __user *)a[4], a[5]);
1da177e4SLinus Torvalds			break;
1da177e4SLinus Torvalds		case SYS_RECV:
1da177e4SLinus Torvalds			err = sys_recv(a0, (void __user *)a1, a[2], a[3]);
1da177e4SLinus Torvalds			break;
1da177e4SLinus Torvalds		case SYS_RECVFROM:
1da177e4SLinus Torvalds			err = sys_recvfrom(a0, (void __user *)a1, a[2], a[3],
1da177e4SLinus Torvalds					   (struct sockaddr __user *)a[4], (int __user *)a[5]);
1da177e4SLinus Torvalds			break;
1da177e4SLinus Torvalds		case SYS_SHUTDOWN:
1da177e4SLinus Torvalds			err = sys_shutdown(a0,a1);
1da177e4SLinus Torvalds			break;
1da177e4SLinus Torvalds		case SYS_SETSOCKOPT:
1da177e4SLinus Torvalds			err = sys_setsockopt(a0, a1, a[2], (char __user *)a[3], a[4]);
1da177e4SLinus Torvalds			break;
1da177e4SLinus Torvalds		case SYS_GETSOCKOPT:
1da177e4SLinus Torvalds			err = sys_getsockopt(a0, a1, a[2], (char __user *)a[3], (int __user *)a[4]);
1da177e4SLinus Torvalds			break;
1da177e4SLinus Torvalds		case SYS_SENDMSG:
1da177e4SLinus Torvalds			err = sys_sendmsg(a0, (struct msghdr __user *) a1, a[2]);
1da177e4SLinus Torvalds			break;
1da177e4SLinus Torvalds		case SYS_RECVMSG:
1da177e4SLinus Torvalds			err = sys_recvmsg(a0, (struct msghdr __user *) a1, a[2]);
1da177e4SLinus Torvalds			break;
1da177e4SLinus Torvalds		default:
1da177e4SLinus Torvalds			err = -EINVAL;
1da177e4SLinus Torvalds			break;
1da177e4SLinus Torvalds	}
1da177e4SLinus Torvalds	return err;
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds#endif /* __ARCH_WANT_SYS_SOCKETCALL */
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds/*
1da177e4SLinus Torvalds *	This function is called by a protocol handler that wants to
1da177e4SLinus Torvalds *	advertise its address family, and have it linked into the
1da177e4SLinus Torvalds *	SOCKET module.
1da177e4SLinus Torvalds */
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsint sock_register(struct net_proto_family *ops)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	int err;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	if (ops->family >= NPROTO) {
1da177e4SLinus Torvalds		printk(KERN_CRIT "protocol %d >= NPROTO(%d)\n", ops->family, NPROTO);
1da177e4SLinus Torvalds		return -ENOBUFS;
1da177e4SLinus Torvalds	}
1da177e4SLinus Torvalds	net_family_write_lock();
1da177e4SLinus Torvalds	err = -EEXIST;
1da177e4SLinus Torvalds	if (net_families[ops->family] == NULL) {
1da177e4SLinus Torvalds		net_families[ops->family]=ops;
1da177e4SLinus Torvalds		err = 0;
1da177e4SLinus Torvalds	}
1da177e4SLinus Torvalds	net_family_write_unlock();
1da177e4SLinus Torvalds	printk(KERN_INFO "NET: Registered protocol family %d\n",
1da177e4SLinus Torvalds	       ops->family);
1da177e4SLinus Torvalds	return err;
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds/*
1da177e4SLinus Torvalds *	This function is called by a protocol handler that wants to
1da177e4SLinus Torvalds *	remove its address family, and have it unlinked from the
1da177e4SLinus Torvalds *	SOCKET module.
1da177e4SLinus Torvalds */
1da177e4SLinus Torvalds
1da177e4SLinus Torvaldsint sock_unregister(int family)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	if (family < 0 || family >= NPROTO)
1da177e4SLinus Torvalds		return -1;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	net_family_write_lock();
1da177e4SLinus Torvalds	net_families[family]=NULL;
1da177e4SLinus Torvalds	net_family_write_unlock();
1da177e4SLinus Torvalds	printk(KERN_INFO "NET: Unregistered protocol family %d\n",
1da177e4SLinus Torvalds	       family);
1da177e4SLinus Torvalds	return 0;
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
77d76ea3SAndi Kleenstatic int __init sock_init(void)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	/*
1da177e4SLinus Torvalds	 *	Initialize sock SLAB cache.
1da177e4SLinus Torvalds	 */
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	sk_init();
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	/*
1da177e4SLinus Torvalds	 *	Initialize skbuff SLAB cache
1da177e4SLinus Torvalds	 */
1da177e4SLinus Torvalds	skb_init();
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	/*
1da177e4SLinus Torvalds	 *	Initialize the protocols module.
1da177e4SLinus Torvalds	 */
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	init_inodecache();
1da177e4SLinus Torvalds	register_filesystem(&sock_fs_type);
1da177e4SLinus Torvalds	sock_mnt = kern_mount(&sock_fs_type);
77d76ea3SAndi Kleen
77d76ea3SAndi Kleen	/* The real protocol initialization is performed in later initcalls.
1da177e4SLinus Torvalds	 */
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds#ifdef CONFIG_NETFILTER
1da177e4SLinus Torvalds	netfilter_init();
1da177e4SLinus Torvalds#endif
cbeb321aSDavid S. Miller
cbeb321aSDavid S. Miller	return 0;
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds
77d76ea3SAndi Kleencore_initcall(sock_init);	/* early initcall */
77d76ea3SAndi Kleen
1da177e4SLinus Torvalds#ifdef CONFIG_PROC_FS
1da177e4SLinus Torvaldsvoid socket_seq_show(struct seq_file *seq)
1da177e4SLinus Torvalds{
1da177e4SLinus Torvalds	int cpu;
1da177e4SLinus Torvalds	int counter = 0;
1da177e4SLinus Torvalds
88a2a4acSEric Dumazet	for_each_cpu(cpu)
1da177e4SLinus Torvalds		counter += per_cpu(sockets_in_use, cpu);
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	/* It can be negative, by the way. 8) */
1da177e4SLinus Torvalds	if (counter < 0)
1da177e4SLinus Torvalds		counter = 0;
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds	seq_printf(seq, "sockets: used %d\n", counter);
1da177e4SLinus Torvalds}
1da177e4SLinus Torvalds#endif /* CONFIG_PROC_FS */
1da177e4SLinus Torvalds
1da177e4SLinus Torvalds/* ABI emulation layers need these two */
1da177e4SLinus TorvaldsEXPORT_SYMBOL(move_addr_to_kernel);
1da177e4SLinus TorvaldsEXPORT_SYMBOL(move_addr_to_user);
1da177e4SLinus TorvaldsEXPORT_SYMBOL(sock_create);
1da177e4SLinus TorvaldsEXPORT_SYMBOL(sock_create_kern);
1da177e4SLinus TorvaldsEXPORT_SYMBOL(sock_create_lite);
1da177e4SLinus TorvaldsEXPORT_SYMBOL(sock_map_fd);
1da177e4SLinus TorvaldsEXPORT_SYMBOL(sock_recvmsg);
1da177e4SLinus TorvaldsEXPORT_SYMBOL(sock_register);
1da177e4SLinus TorvaldsEXPORT_SYMBOL(sock_release);
1da177e4SLinus TorvaldsEXPORT_SYMBOL(sock_sendmsg);
1da177e4SLinus TorvaldsEXPORT_SYMBOL(sock_unregister);
1da177e4SLinus TorvaldsEXPORT_SYMBOL(sock_wake_async);
1da177e4SLinus TorvaldsEXPORT_SYMBOL(sockfd_lookup);
1da177e4SLinus TorvaldsEXPORT_SYMBOL(kernel_sendmsg);
1da177e4SLinus TorvaldsEXPORT_SYMBOL(kernel_recvmsg);