aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorHannes Frederic Sowa <hannes@stressinduktion.org>2013-11-20 21:14:22 -0500
committerDavid S. Miller <davem@davemloft.net>2013-11-20 21:52:30 -0500
commitf3d3342602f8bcbf37d7c46641cb9bca7618eb1c (patch)
tree11aebad9cca99426db27130b19417141259c81f4
parentf873042093c0b418d2351fe142222b625c740149 (diff)
net: rework recvmsg handler msg_name and msg_namelen logic
This patch now always passes msg->msg_namelen as 0. recvmsg handlers must set msg_namelen to the proper size <= sizeof(struct sockaddr_storage) to return msg_name to the user. This prevents numerous uninitialized memory leaks we had in the recvmsg handlers and makes it harder for new code to accidentally leak uninitialized memory. Optimize for the case recvfrom is called with NULL as address. We don't need to copy the address at all, so set it to NULL before invoking the recvmsg handler. We can do so, because all the recvmsg handlers must cope with the case a plain read() is called on them. read() also sets msg_name to NULL. Also document these changes in include/linux/net.h as suggested by David Miller. Changes since RFC: Set msg->msg_name = NULL if user specified a NULL in msg_name but had a non-null msg_namelen in verify_iovec/verify_compat_iovec. This doesn't affect sendto as it would bail out earlier while trying to copy-in the address. It also more naturally reflects the logic by the callers of verify_iovec. With this change in place I could remove " if (!uaddr || msg_sys->msg_namelen == 0) msg->msg_name = NULL ". This change does not alter the user visible error logic as we ignore msg_namelen as long as msg_name is NULL. Also remove two unnecessary curly brackets in ___sys_recvmsg and change comments to netdev style. Cc: David Miller <davem@davemloft.net> Suggested-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat
-rw-r--r--crypto/algif_hash.c2
-rw-r--r--crypto/algif_skcipher.c1
-rw-r--r--drivers/isdn/mISDN/socket.c13
-rw-r--r--drivers/net/ppp/pppoe.c2
-rw-r--r--include/linux/net.h8
-rw-r--r--net/appletalk/ddp.c16
-rw-r--r--net/atm/common.c2
-rw-r--r--net/ax25/af_ax25.c4
-rw-r--r--net/bluetooth/af_bluetooth.c9
-rw-r--r--net/bluetooth/hci_sock.c2
-rw-r--r--net/bluetooth/rfcomm/sock.c1
-rw-r--r--net/bluetooth/sco.c1
-rw-r--r--net/caif/caif_socket.c4
-rw-r--r--net/compat.c3
-rw-r--r--net/core/iovec.c3
-rw-r--r--net/ipx/af_ipx.c3
-rw-r--r--net/irda/af_irda.c4
-rw-r--r--net/iucv/af_iucv.c2
-rw-r--r--net/key/af_key.c1
-rw-r--r--net/l2tp/l2tp_ppp.c2
-rw-r--r--net/llc/af_llc.c2
-rw-r--r--net/netlink/af_netlink.c2
-rw-r--r--net/netrom/af_netrom.c3
-rw-r--r--net/nfc/llcp_sock.c2
-rw-r--r--net/nfc/rawsock.c2
-rw-r--r--net/packet/af_packet.c32
-rw-r--r--net/rds/recv.c2
-rw-r--r--net/rose/af_rose.c8
-rw-r--r--net/rxrpc/ar-recvmsg.c9
-rw-r--r--net/socket.c19
-rw-r--r--net/tipc/socket.c6
-rw-r--r--net/unix/af_unix.c5
-rw-r--r--net/vmw_vsock/af_vsock.c2
-rw-r--r--net/vmw_vsock/vmci_transport.c2
-rw-r--r--net/x25/af_x25.c3
35 files changed, 67 insertions, 115 deletions
diff --git a/crypto/algif_hash.c b/crypto/algif_hash.c
index 0262210cad38..ef5356cd280a 100644
--- a/crypto/algif_hash.c
+++ b/crypto/algif_hash.c
@@ -161,8 +161,6 @@ static int hash_recvmsg(struct kiocb *unused, struct socket *sock,
161 else if (len < ds) 161 else if (len < ds)
162 msg->msg_flags |= MSG_TRUNC; 162 msg->msg_flags |= MSG_TRUNC;
163 163
164 msg->msg_namelen = 0;
165
166 lock_sock(sk); 164 lock_sock(sk);
167 if (ctx->more) { 165 if (ctx->more) {
168 ctx->more = 0; 166 ctx->more = 0;
diff --git a/crypto/algif_skcipher.c b/crypto/algif_skcipher.c
index a1c4f0a55583..6a6dfc062d2a 100644
--- a/crypto/algif_skcipher.c
+++ b/crypto/algif_skcipher.c
@@ -432,7 +432,6 @@ static int skcipher_recvmsg(struct kiocb *unused, struct socket *sock,
432 long copied = 0; 432 long copied = 0;
433 433
434 lock_sock(sk); 434 lock_sock(sk);
435 msg->msg_namelen = 0;
436 for (iov = msg->msg_iov, iovlen = msg->msg_iovlen; iovlen > 0; 435 for (iov = msg->msg_iov, iovlen = msg->msg_iovlen; iovlen > 0;
437 iovlen--, iov++) { 436 iovlen--, iov++) {
438 unsigned long seglen = iov->iov_len; 437 unsigned long seglen = iov->iov_len;
diff --git a/drivers/isdn/mISDN/socket.c b/drivers/isdn/mISDN/socket.c
index e47dcb9d1e91..5cefb479c707 100644
--- a/drivers/isdn/mISDN/socket.c
+++ b/drivers/isdn/mISDN/socket.c
@@ -117,7 +117,6 @@ mISDN_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
117{ 117{
118 struct sk_buff *skb; 118 struct sk_buff *skb;
119 struct sock *sk = sock->sk; 119 struct sock *sk = sock->sk;
120 struct sockaddr_mISDN *maddr;
121 120
122 int copied, err; 121 int copied, err;
123 122
@@ -135,9 +134,9 @@ mISDN_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
135 if (!skb) 134 if (!skb)
136 return err; 135 return err;
137 136
138 if (msg->msg_namelen >= sizeof(struct sockaddr_mISDN)) { 137 if (msg->msg_name) {
139 msg->msg_namelen = sizeof(struct sockaddr_mISDN); 138 struct sockaddr_mISDN *maddr = msg->msg_name;
140 maddr = (struct sockaddr_mISDN *)msg->msg_name; 139
141 maddr->family = AF_ISDN; 140 maddr->family = AF_ISDN;
142 maddr->dev = _pms(sk)->dev->id; 141 maddr->dev = _pms(sk)->dev->id;
143 if ((sk->sk_protocol == ISDN_P_LAPD_TE) || 142 if ((sk->sk_protocol == ISDN_P_LAPD_TE) ||
@@ -150,11 +149,7 @@ mISDN_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
150 maddr->sapi = _pms(sk)->ch.addr & 0xFF; 149 maddr->sapi = _pms(sk)->ch.addr & 0xFF;
151 maddr->tei = (_pms(sk)->ch.addr >> 8) & 0xFF; 150 maddr->tei = (_pms(sk)->ch.addr >> 8) & 0xFF;
152 } 151 }
153 } else { 152 msg->msg_namelen = sizeof(*maddr);
154 if (msg->msg_namelen)
155 printk(KERN_WARNING "%s: too small namelen %d\n",
156 __func__, msg->msg_namelen);
157 msg->msg_namelen = 0;
158 } 153 }
159 154
160 copied = skb->len + MISDN_HEADER_LEN; 155 copied = skb->len + MISDN_HEADER_LEN;
diff --git a/drivers/net/ppp/pppoe.c b/drivers/net/ppp/pppoe.c
index 5f66e30d9823..82ee6ed954cb 100644
--- a/drivers/net/ppp/pppoe.c
+++ b/drivers/net/ppp/pppoe.c
@@ -979,8 +979,6 @@ static int pppoe_recvmsg(struct kiocb *iocb, struct socket *sock,
979 if (error < 0) 979 if (error < 0)
980 goto end; 980 goto end;
981 981
982 m->msg_namelen = 0;
983
984 if (skb) { 982 if (skb) {
985 total_len = min_t(size_t, total_len, skb->len); 983 total_len = min_t(size_t, total_len, skb->len);
986 error = skb_copy_datagram_iovec(skb, 0, m->msg_iov, total_len); 984 error = skb_copy_datagram_iovec(skb, 0, m->msg_iov, total_len);
diff --git a/include/linux/net.h b/include/linux/net.h
index b292a0435571..4bcee94cef93 100644
--- a/include/linux/net.h
+++ b/include/linux/net.h
@@ -164,6 +164,14 @@ struct proto_ops {
164#endif 164#endif
165 int (*sendmsg) (struct kiocb *iocb, struct socket *sock, 165 int (*sendmsg) (struct kiocb *iocb, struct socket *sock,
166 struct msghdr *m, size_t total_len); 166 struct msghdr *m, size_t total_len);
167 /* Notes for implementing recvmsg:
168 * ===============================
169 * msg->msg_namelen should get updated by the recvmsg handlers
170 * iff msg_name != NULL. It is by default 0 to prevent
171 * returning uninitialized memory to user space. The recvfrom
172 * handlers can assume that msg.msg_name is either NULL or has
173 * a minimum size of sizeof(struct sockaddr_storage).
174 */
167 int (*recvmsg) (struct kiocb *iocb, struct socket *sock, 175 int (*recvmsg) (struct kiocb *iocb, struct socket *sock,
168 struct msghdr *m, size_t total_len, 176 struct msghdr *m, size_t total_len,
169 int flags); 177 int flags);
diff --git a/net/appletalk/ddp.c b/net/appletalk/ddp.c
index 7fee50d637f9..7d424ac6e760 100644
--- a/net/appletalk/ddp.c
+++ b/net/appletalk/ddp.c
@@ -1735,7 +1735,6 @@ static int atalk_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr
1735 size_t size, int flags) 1735 size_t size, int flags)
1736{ 1736{
1737 struct sock *sk = sock->sk; 1737 struct sock *sk = sock->sk;
1738 struct sockaddr_at *sat = (struct sockaddr_at *)msg->msg_name;
1739 struct ddpehdr *ddp; 1738 struct ddpehdr *ddp;
1740 int copied = 0; 1739 int copied = 0;
1741 int offset = 0; 1740 int offset = 0;
@@ -1764,14 +1763,13 @@ static int atalk_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr
1764 } 1763 }
1765 err = skb_copy_datagram_iovec(skb, offset, msg->msg_iov, copied); 1764 err = skb_copy_datagram_iovec(skb, offset, msg->msg_iov, copied);
1766 1765
1767 if (!err) { 1766 if (!err && msg->msg_name) {
1768 if (sat) { 1767 struct sockaddr_at *sat = msg->msg_name;
1769 sat->sat_family = AF_APPLETALK; 1768 sat->sat_family = AF_APPLETALK;
1770 sat->sat_port = ddp->deh_sport; 1769 sat->sat_port = ddp->deh_sport;
1771 sat->sat_addr.s_node = ddp->deh_snode; 1770 sat->sat_addr.s_node = ddp->deh_snode;
1772 sat->sat_addr.s_net = ddp->deh_snet; 1771 sat->sat_addr.s_net = ddp->deh_snet;
1773 } 1772 msg->msg_namelen = sizeof(*sat);
1774 msg->msg_namelen = sizeof(*sat);
1775 } 1773 }
1776 1774
1777 skb_free_datagram(sk, skb); /* Free the datagram. */ 1775 skb_free_datagram(sk, skb); /* Free the datagram. */
diff --git a/net/atm/common.c b/net/atm/common.c
index 737bef59ce89..7b491006eaf4 100644
--- a/net/atm/common.c
+++ b/net/atm/common.c
@@ -531,8 +531,6 @@ int vcc_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg,
531 struct sk_buff *skb; 531 struct sk_buff *skb;
532 int copied, error = -EINVAL; 532 int copied, error = -EINVAL;
533 533
534 msg->msg_namelen = 0;
535
536 if (sock->state != SS_CONNECTED) 534 if (sock->state != SS_CONNECTED)
537 return -ENOTCONN; 535 return -ENOTCONN;
538 536
diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c
index a00123ebb0ae..7bb1605bdfd9 100644
--- a/net/ax25/af_ax25.c
+++ b/net/ax25/af_ax25.c
@@ -1636,11 +1636,11 @@ static int ax25_recvmsg(struct kiocb *iocb, struct socket *sock,
1636 1636
1637 skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); 1637 skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
1638 1638
1639 if (msg->msg_namelen != 0) { 1639 if (msg->msg_name) {
1640 struct sockaddr_ax25 *sax = (struct sockaddr_ax25 *)msg->msg_name;
1641 ax25_digi digi; 1640 ax25_digi digi;
1642 ax25_address src; 1641 ax25_address src;
1643 const unsigned char *mac = skb_mac_header(skb); 1642 const unsigned char *mac = skb_mac_header(skb);
1643 struct sockaddr_ax25 *sax = msg->msg_name;
1644 1644
1645 memset(sax, 0, sizeof(struct full_sockaddr_ax25)); 1645 memset(sax, 0, sizeof(struct full_sockaddr_ax25));
1646 ax25_addr_parse(mac + 1, skb->data - mac - 1, &src, NULL, 1646 ax25_addr_parse(mac + 1, skb->data - mac - 1, &src, NULL,
diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c
index f6a1671ea2ff..56ca494621c6 100644
--- a/net/bluetooth/af_bluetooth.c
+++ b/net/bluetooth/af_bluetooth.c
@@ -224,10 +224,9 @@ int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
224 224
225 skb = skb_recv_datagram(sk, flags, noblock, &err); 225 skb = skb_recv_datagram(sk, flags, noblock, &err);
226 if (!skb) { 226 if (!skb) {
227 if (sk->sk_shutdown & RCV_SHUTDOWN) { 227 if (sk->sk_shutdown & RCV_SHUTDOWN)
228 msg->msg_namelen = 0;
229 return 0; 228 return 0;
230 } 229
231 return err; 230 return err;
232 } 231 }
233 232
@@ -245,8 +244,6 @@ int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
245 if (bt_sk(sk)->skb_msg_name) 244 if (bt_sk(sk)->skb_msg_name)
246 bt_sk(sk)->skb_msg_name(skb, msg->msg_name, 245 bt_sk(sk)->skb_msg_name(skb, msg->msg_name,
247 &msg->msg_namelen); 246 &msg->msg_namelen);
248 else
249 msg->msg_namelen = 0;
250 } 247 }
251 248
252 skb_free_datagram(sk, skb); 249 skb_free_datagram(sk, skb);
@@ -295,8 +292,6 @@ int bt_sock_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
295 if (flags & MSG_OOB) 292 if (flags & MSG_OOB)
296 return -EOPNOTSUPP; 293 return -EOPNOTSUPP;
297 294
298 msg->msg_namelen = 0;
299
300 BT_DBG("sk %p size %zu", sk, size); 295 BT_DBG("sk %p size %zu", sk, size);
301 296
302 lock_sock(sk); 297 lock_sock(sk);
diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
index 71f0be173080..6a6c8bb4fd72 100644
--- a/net/bluetooth/hci_sock.c
+++ b/net/bluetooth/hci_sock.c
@@ -856,8 +856,6 @@ static int hci_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
856 if (!skb) 856 if (!skb)
857 return err; 857 return err;
858 858
859 msg->msg_namelen = 0;
860
861 copied = skb->len; 859 copied = skb->len;
862 if (len < copied) { 860 if (len < copied) {
863 msg->msg_flags |= MSG_TRUNC; 861 msg->msg_flags |= MSG_TRUNC;
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
index c4d3d423f89b..c80766f892c3 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -615,7 +615,6 @@ static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
615 615
616 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) { 616 if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
617 rfcomm_dlc_accept(d); 617 rfcomm_dlc_accept(d);
618 msg->msg_namelen = 0;
619 return 0; 618 return 0;
620 } 619 }
621 620
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index 12a0e51e21e1..24fa3964b3c8 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -711,7 +711,6 @@ static int sco_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
711 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) { 711 test_bit(BT_SK_DEFER_SETUP, &bt_sk(sk)->flags)) {
712 sco_conn_defer_accept(pi->conn->hcon, pi->setting); 712 sco_conn_defer_accept(pi->conn->hcon, pi->setting);
713 sk->sk_state = BT_CONFIG; 713 sk->sk_state = BT_CONFIG;
714 msg->msg_namelen = 0;
715 714
716 release_sock(sk); 715 release_sock(sk);
717 return 0; 716 return 0;
diff --git a/net/caif/caif_socket.c b/net/caif/caif_socket.c
index 05a41c7ec304..d6be3edb7a43 100644
--- a/net/caif/caif_socket.c
+++ b/net/caif/caif_socket.c
@@ -286,8 +286,6 @@ static int caif_seqpkt_recvmsg(struct kiocb *iocb, struct socket *sock,
286 if (m->msg_flags&MSG_OOB) 286 if (m->msg_flags&MSG_OOB)
287 goto read_error; 287 goto read_error;
288 288
289 m->msg_namelen = 0;
290
291 skb = skb_recv_datagram(sk, flags, 0 , &ret); 289 skb = skb_recv_datagram(sk, flags, 0 , &ret);
292 if (!skb) 290 if (!skb)
293 goto read_error; 291 goto read_error;
@@ -361,8 +359,6 @@ static int caif_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
361 if (flags&MSG_OOB) 359 if (flags&MSG_OOB)
362 goto out; 360 goto out;
363 361
364 msg->msg_namelen = 0;
365
366 /* 362 /*
367 * Lock the socket to prevent queue disordering 363 * Lock the socket to prevent queue disordering
368 * while sleeps in memcpy_tomsg 364 * while sleeps in memcpy_tomsg
diff --git a/net/compat.c b/net/compat.c
index 89032580bd1d..618c6a8a911b 100644
--- a/net/compat.c
+++ b/net/compat.c
@@ -93,7 +93,8 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov,
93 if (err < 0) 93 if (err < 0)
94 return err; 94 return err;
95 } 95 }
96 kern_msg->msg_name = kern_address; 96 if (kern_msg->msg_name)
97 kern_msg->msg_name = kern_address;
97 } else 98 } else
98 kern_msg->msg_name = NULL; 99 kern_msg->msg_name = NULL;
99 100
diff --git a/net/core/iovec.c b/net/core/iovec.c
index 4cdb7c48dad6..b61869429f4c 100644
--- a/net/core/iovec.c
+++ b/net/core/iovec.c
@@ -48,7 +48,8 @@ int verify_iovec(struct msghdr *m, struct iovec *iov, struct sockaddr_storage *a
48 if (err < 0) 48 if (err < 0)
49 return err; 49 return err;
50 } 50 }
51 m->msg_name = address; 51 if (m->msg_name)
52 m->msg_name = address;
52 } else { 53 } else {
53 m->msg_name = NULL; 54 m->msg_name = NULL;
54 } 55 }
diff --git a/net/ipx/af_ipx.c b/net/ipx/af_ipx.c
index 7a1e0fc1bd4d..e096025b477f 100644
--- a/net/ipx/af_ipx.c
+++ b/net/ipx/af_ipx.c
@@ -1823,8 +1823,6 @@ static int ipx_recvmsg(struct kiocb *iocb, struct socket *sock,
1823 if (skb->tstamp.tv64) 1823 if (skb->tstamp.tv64)
1824 sk->sk_stamp = skb->tstamp; 1824 sk->sk_stamp = skb->tstamp;
1825 1825
1826 msg->msg_namelen = sizeof(*sipx);
1827
1828 if (sipx) { 1826 if (sipx) {
1829 sipx->sipx_family = AF_IPX; 1827 sipx->sipx_family = AF_IPX;
1830 sipx->sipx_port = ipx->ipx_source.sock; 1828 sipx->sipx_port = ipx->ipx_source.sock;
@@ -1832,6 +1830,7 @@ static int ipx_recvmsg(struct kiocb *iocb, struct socket *sock,
1832 sipx->sipx_network = IPX_SKB_CB(skb)->ipx_source_net; 1830 sipx->sipx_network = IPX_SKB_CB(skb)->ipx_source_net;
1833 sipx->sipx_type = ipx->ipx_type; 1831 sipx->sipx_type = ipx->ipx_type;
1834 sipx->sipx_zero = 0; 1832 sipx->sipx_zero = 0;
1833 msg->msg_namelen = sizeof(*sipx);
1835 } 1834 }
1836 rc = copied; 1835 rc = copied;
1837 1836
diff --git a/net/irda/af_irda.c b/net/irda/af_irda.c
index 0f676908d15b..de7db23049f1 100644
--- a/net/irda/af_irda.c
+++ b/net/irda/af_irda.c
@@ -1385,8 +1385,6 @@ static int irda_recvmsg_dgram(struct kiocb *iocb, struct socket *sock,
1385 1385
1386 IRDA_DEBUG(4, "%s()\n", __func__); 1386 IRDA_DEBUG(4, "%s()\n", __func__);
1387 1387
1388 msg->msg_namelen = 0;
1389
1390 skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, 1388 skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
1391 flags & MSG_DONTWAIT, &err); 1389 flags & MSG_DONTWAIT, &err);
1392 if (!skb) 1390 if (!skb)
@@ -1451,8 +1449,6 @@ static int irda_recvmsg_stream(struct kiocb *iocb, struct socket *sock,
1451 target = sock_rcvlowat(sk, flags & MSG_WAITALL, size); 1449 target = sock_rcvlowat(sk, flags & MSG_WAITALL, size);
1452 timeo = sock_rcvtimeo(sk, noblock); 1450 timeo = sock_rcvtimeo(sk, noblock);
1453 1451
1454 msg->msg_namelen = 0;
1455
1456 do { 1452 do {
1457 int chunk; 1453 int chunk;
1458 struct sk_buff *skb = skb_dequeue(&sk->sk_receive_queue); 1454 struct sk_buff *skb = skb_dequeue(&sk->sk_receive_queue);
diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c
index 168aff5e60de..c4b7218058b6 100644
--- a/net/iucv/af_iucv.c
+++ b/net/iucv/af_iucv.c
@@ -1324,8 +1324,6 @@ static int iucv_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
1324 int err = 0; 1324 int err = 0;
1325 u32 offset; 1325 u32 offset;
1326 1326
1327 msg->msg_namelen = 0;
1328
1329 if ((sk->sk_state == IUCV_DISCONN) && 1327 if ((sk->sk_state == IUCV_DISCONN) &&
1330 skb_queue_empty(&iucv->backlog_skb_q) && 1328 skb_queue_empty(&iucv->backlog_skb_q) &&
1331 skb_queue_empty(&sk->sk_receive_queue) && 1329 skb_queue_empty(&sk->sk_receive_queue) &&
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 911ef03bf8fb..545f047868ad 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -3616,7 +3616,6 @@ static int pfkey_recvmsg(struct kiocb *kiocb,
3616 if (flags & ~(MSG_PEEK|MSG_DONTWAIT|MSG_TRUNC|MSG_CMSG_COMPAT)) 3616 if (flags & ~(MSG_PEEK|MSG_DONTWAIT|MSG_TRUNC|MSG_CMSG_COMPAT))
3617 goto out; 3617 goto out;
3618 3618
3619 msg->msg_namelen = 0;
3620 skb = skb_recv_datagram(sk, flags, flags & MSG_DONTWAIT, &err); 3619 skb = skb_recv_datagram(sk, flags, flags & MSG_DONTWAIT, &err);
3621 if (skb == NULL) 3620 if (skb == NULL)
3622 goto out; 3621 goto out;
diff --git a/net/l2tp/l2tp_ppp.c b/net/l2tp/l2tp_ppp.c
index ffda81ef1a70..be5fadf34739 100644
--- a/net/l2tp/l2tp_ppp.c
+++ b/net/l2tp/l2tp_ppp.c
@@ -197,8 +197,6 @@ static int pppol2tp_recvmsg(struct kiocb *iocb, struct socket *sock,
197 if (sk->sk_state & PPPOX_BOUND) 197 if (sk->sk_state & PPPOX_BOUND)
198 goto end; 198 goto end;
199 199
200 msg->msg_namelen = 0;
201
202 err = 0; 200 err = 0;
203 skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT, 201 skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
204 flags & MSG_DONTWAIT, &err); 202 flags & MSG_DONTWAIT, &err);
diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c
index 6cba486353e8..7b01b9f5846c 100644
--- a/net/llc/af_llc.c
+++ b/net/llc/af_llc.c
@@ -720,8 +720,6 @@ static int llc_ui_recvmsg(struct kiocb *iocb, struct socket *sock,
720 int target; /* Read at least this many bytes */ 720 int target; /* Read at least this many bytes */
721 long timeo; 721 long timeo;
722 722
723 msg->msg_namelen = 0;
724
725 lock_sock(sk); 723 lock_sock(sk);
726 copied = -ENOTCONN; 724 copied = -ENOTCONN;
727 if (unlikely(sk->sk_type == SOCK_STREAM && sk->sk_state == TCP_LISTEN)) 725 if (unlikely(sk->sk_type == SOCK_STREAM && sk->sk_state == TCP_LISTEN))
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index f0176e1a5a81..bca50b95c182 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -2335,8 +2335,6 @@ static int netlink_recvmsg(struct kiocb *kiocb, struct socket *sock,
2335 } 2335 }
2336#endif 2336#endif
2337 2337
2338 msg->msg_namelen = 0;
2339
2340 copied = data_skb->len; 2338 copied = data_skb->len;
2341 if (len < copied) { 2339 if (len < copied) {
2342 msg->msg_flags |= MSG_TRUNC; 2340 msg->msg_flags |= MSG_TRUNC;
diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
index 698814bfa7ad..53c19a35fc6d 100644
--- a/net/netrom/af_netrom.c
+++ b/net/netrom/af_netrom.c
@@ -1179,10 +1179,9 @@ static int nr_recvmsg(struct kiocb *iocb, struct socket *sock,
1179 sax->sax25_family = AF_NETROM; 1179 sax->sax25_family = AF_NETROM;
1180 skb_copy_from_linear_data_offset(skb, 7, sax->sax25_call.ax25_call, 1180 skb_copy_from_linear_data_offset(skb, 7, sax->sax25_call.ax25_call,
1181 AX25_ADDR_LEN); 1181 AX25_ADDR_LEN);
1182 msg->msg_namelen = sizeof(*sax);
1182 } 1183 }
1183 1184
1184 msg->msg_namelen = sizeof(*sax);
1185
1186 skb_free_datagram(sk, skb); 1185 skb_free_datagram(sk, skb);
1187 1186
1188 release_sock(sk); 1187 release_sock(sk);
diff --git a/net/nfc/llcp_sock.c b/net/nfc/llcp_sock.c
index d308402b67d8..824c6056bf82 100644
--- a/net/nfc/llcp_sock.c
+++ b/net/nfc/llcp_sock.c
@@ -807,8 +807,6 @@ static int llcp_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
807 807
808 pr_debug("%p %zu\n", sk, len); 808 pr_debug("%p %zu\n", sk, len);
809 809
810 msg->msg_namelen = 0;
811
812 lock_sock(sk); 810 lock_sock(sk);
813 811
814 if (sk->sk_state == LLCP_CLOSED && 812 if (sk->sk_state == LLCP_CLOSED &&
diff --git a/net/nfc/rawsock.c b/net/nfc/rawsock.c
index cd958b381f96..66bcd2eb5773 100644
--- a/net/nfc/rawsock.c
+++ b/net/nfc/rawsock.c
@@ -244,8 +244,6 @@ static int rawsock_recvmsg(struct kiocb *iocb, struct socket *sock,
244 if (!skb) 244 if (!skb)
245 return rc; 245 return rc;
246 246
247 msg->msg_namelen = 0;
248
249 copied = skb->len; 247 copied = skb->len;
250 if (len < copied) { 248 if (len < copied) {
251 msg->msg_flags |= MSG_TRUNC; 249 msg->msg_flags |= MSG_TRUNC;
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index 2e8286b47c28..61bd50adead1 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -2660,7 +2660,6 @@ static int packet_recvmsg(struct kiocb *iocb, struct socket *sock,
2660 struct sock *sk = sock->sk; 2660 struct sock *sk = sock->sk;
2661 struct sk_buff *skb; 2661 struct sk_buff *skb;
2662 int copied, err; 2662 int copied, err;
2663 struct sockaddr_ll *sll;
2664 int vnet_hdr_len = 0; 2663 int vnet_hdr_len = 0;
2665 2664
2666 err = -EINVAL; 2665 err = -EINVAL;
@@ -2744,22 +2743,10 @@ static int packet_recvmsg(struct kiocb *iocb, struct socket *sock,
2744 goto out_free; 2743 goto out_free;
2745 } 2744 }
2746 2745
2747 /* 2746 /* You lose any data beyond the buffer you gave. If it worries
2748 * If the address length field is there to be filled in, we fill 2747 * a user program they can ask the device for its MTU
2749 * it in now. 2748 * anyway.
2750 */
2751
2752 sll = &PACKET_SKB_CB(skb)->sa.ll;
2753 if (sock->type == SOCK_PACKET)
2754 msg->msg_namelen = sizeof(struct sockaddr_pkt);
2755 else
2756 msg->msg_namelen = sll->sll_halen + offsetof(struct sockaddr_ll, sll_addr);
2757
2758 /*
2759 * You lose any data beyond the buffer you gave. If it worries a
2760 * user program they can ask the device for its MTU anyway.
2761 */ 2749 */
2762
2763 copied = skb->len; 2750 copied = skb->len;
2764 if (copied > len) { 2751 if (copied > len) {
2765 copied = len; 2752 copied = len;
@@ -2772,9 +2759,20 @@ static int packet_recvmsg(struct kiocb *iocb, struct socket *sock,
2772 2759
2773 sock_recv_ts_and_drops(msg, sk, skb); 2760 sock_recv_ts_and_drops(msg, sk, skb);
2774 2761
2775 if (msg->msg_name) 2762 if (msg->msg_name) {
2763 /* If the address length field is there to be filled
2764 * in, we fill it in now.
2765 */
2766 if (sock->type == SOCK_PACKET) {
2767 msg->msg_namelen = sizeof(struct sockaddr_pkt);
2768 } else {
2769 struct sockaddr_ll *sll = &PACKET_SKB_CB(skb)->sa.ll;
2770 msg->msg_namelen = sll->sll_halen +
2771 offsetof(struct sockaddr_ll, sll_addr);
2772 }
2776 memcpy(msg->msg_name, &PACKET_SKB_CB(skb)->sa, 2773 memcpy(msg->msg_name, &PACKET_SKB_CB(skb)->sa,
2777 msg->msg_namelen); 2774 msg->msg_namelen);
2775 }
2778 2776
2779 if (pkt_sk(sk)->auxdata) { 2777 if (pkt_sk(sk)->auxdata) {
2780 struct tpacket_auxdata aux; 2778 struct tpacket_auxdata aux;
diff --git a/net/rds/recv.c b/net/rds/recv.c
index 9f0f17cf6bf9..de339b24ca14 100644
--- a/net/rds/recv.c
+++ b/net/rds/recv.c
@@ -410,8 +410,6 @@ int rds_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg,
410 410
411 rdsdebug("size %zu flags 0x%x timeo %ld\n", size, msg_flags, timeo); 411 rdsdebug("size %zu flags 0x%x timeo %ld\n", size, msg_flags, timeo);
412 412
413 msg->msg_namelen = 0;
414
415 if (msg_flags & MSG_OOB) 413 if (msg_flags & MSG_OOB)
416 goto out; 414 goto out;
417 415
diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c
index e98fcfbe6007..33af77246bfe 100644
--- a/net/rose/af_rose.c
+++ b/net/rose/af_rose.c
@@ -1216,7 +1216,6 @@ static int rose_recvmsg(struct kiocb *iocb, struct socket *sock,
1216{ 1216{
1217 struct sock *sk = sock->sk; 1217 struct sock *sk = sock->sk;
1218 struct rose_sock *rose = rose_sk(sk); 1218 struct rose_sock *rose = rose_sk(sk);
1219 struct sockaddr_rose *srose = (struct sockaddr_rose *)msg->msg_name;
1220 size_t copied; 1219 size_t copied;
1221 unsigned char *asmptr; 1220 unsigned char *asmptr;
1222 struct sk_buff *skb; 1221 struct sk_buff *skb;
@@ -1252,8 +1251,11 @@ static int rose_recvmsg(struct kiocb *iocb, struct socket *sock,
1252 1251
1253 skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied); 1252 skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
1254 1253
1255 if (srose != NULL) { 1254 if (msg->msg_name) {
1256 memset(srose, 0, msg->msg_namelen); 1255 struct sockaddr_rose *srose;
1256
1257 memset(msg->msg_name, 0, sizeof(struct full_sockaddr_rose));
1258 srose = msg->msg_name;
1257 srose->srose_family = AF_ROSE; 1259 srose->srose_family = AF_ROSE;
1258 srose->srose_addr = rose->dest_addr; 1260 srose->srose_addr = rose->dest_addr;
1259 srose->srose_call = rose->dest_call; 1261 srose->srose_call = rose->dest_call;
diff --git a/net/rxrpc/ar-recvmsg.c b/net/rxrpc/ar-recvmsg.c
index 4b48687c3890..898492a8d61b 100644
--- a/net/rxrpc/ar-recvmsg.c
+++ b/net/rxrpc/ar-recvmsg.c
@@ -143,10 +143,13 @@ int rxrpc_recvmsg(struct kiocb *iocb, struct socket *sock,
143 143
144 /* copy the peer address and timestamp */ 144 /* copy the peer address and timestamp */
145 if (!continue_call) { 145 if (!continue_call) {
146 if (msg->msg_name && msg->msg_namelen > 0) 146 if (msg->msg_name) {
147 size_t len =
148 sizeof(call->conn->trans->peer->srx);
147 memcpy(msg->msg_name, 149 memcpy(msg->msg_name,
148 &call->conn->trans->peer->srx, 150 &call->conn->trans->peer->srx, len);
149 sizeof(call->conn->trans->peer->srx)); 151 msg->msg_namelen = len;
152 }
150 sock_recv_ts_and_drops(msg, &rx->sk, skb); 153 sock_recv_ts_and_drops(msg, &rx->sk, skb);
151 } 154 }
152 155
diff --git a/net/socket.c b/net/socket.c
index c226aceee65b..fc285564e49e 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -1840,8 +1840,10 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
1840 msg.msg_iov = &iov; 1840 msg.msg_iov = &iov;
1841 iov.iov_len = size; 1841 iov.iov_len = size;
1842 iov.iov_base = ubuf; 1842 iov.iov_base = ubuf;
1843 msg.msg_name = (struct sockaddr *)&address; 1843 /* Save some cycles and don't copy the address if not needed */
1844 msg.msg_namelen = sizeof(address); 1844 msg.msg_name = addr ? (struct sockaddr *)&address : NULL;
1845 /* We assume all kernel code knows the size of sockaddr_storage */
1846 msg.msg_namelen = 0;
1845 if (sock->file->f_flags & O_NONBLOCK) 1847 if (sock->file->f_flags & O_NONBLOCK)
1846 flags |= MSG_DONTWAIT; 1848 flags |= MSG_DONTWAIT;
1847 err = sock_recvmsg(sock, &msg, size, flags); 1849 err = sock_recvmsg(sock, &msg, size, flags);
@@ -2221,16 +2223,14 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
2221 goto out; 2223 goto out;
2222 } 2224 }
2223 2225
2224 /* 2226 /* Save the user-mode address (verify_iovec will change the
2225 * Save the user-mode address (verify_iovec will change the 2227 * kernel msghdr to use the kernel address space)
2226 * kernel msghdr to use the kernel address space)
2227 */ 2228 */
2228
2229 uaddr = (__force void __user *)msg_sys->msg_name; 2229 uaddr = (__force void __user *)msg_sys->msg_name;
2230 uaddr_len = COMPAT_NAMELEN(msg); 2230 uaddr_len = COMPAT_NAMELEN(msg);
2231 if (MSG_CMSG_COMPAT & flags) { 2231 if (MSG_CMSG_COMPAT & flags)
2232 err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE); 2232 err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE);
2233 } else 2233 else
2234 err = verify_iovec(msg_sys, iov, &addr, VERIFY_WRITE); 2234 err = verify_iovec(msg_sys, iov, &addr, VERIFY_WRITE);
2235 if (err < 0) 2235 if (err < 0)
2236 goto out_freeiov; 2236 goto out_freeiov;
@@ -2239,6 +2239,9 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
2239 cmsg_ptr = (unsigned long)msg_sys->msg_control; 2239 cmsg_ptr = (unsigned long)msg_sys->msg_control;
2240 msg_sys->msg_flags = flags & (MSG_CMSG_CLOEXEC|MSG_CMSG_COMPAT); 2240 msg_sys->msg_flags = flags & (MSG_CMSG_CLOEXEC|MSG_CMSG_COMPAT);
2241 2241
2242 /* We assume all kernel code knows the size of sockaddr_storage */
2243 msg_sys->msg_namelen = 0;
2244
2242 if (sock->file->f_flags & O_NONBLOCK) 2245 if (sock->file->f_flags & O_NONBLOCK)
2243 flags |= MSG_DONTWAIT; 2246 flags |= MSG_DONTWAIT;
2244 err = (nosec ? sock_recvmsg_nosec : sock_recvmsg)(sock, msg_sys, 2247 err = (nosec ? sock_recvmsg_nosec : sock_recvmsg)(sock, msg_sys,
diff --git a/net/tipc/socket.c b/net/tipc/socket.c
index 3906527259d1..3b61851bb927 100644
--- a/net/tipc/socket.c
+++ b/net/tipc/socket.c
@@ -980,9 +980,6 @@ static int recv_msg(struct kiocb *iocb, struct socket *sock,
980 goto exit; 980 goto exit;
981 } 981 }
982 982
983 /* will be updated in set_orig_addr() if needed */
984 m->msg_namelen = 0;
985
986 timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); 983 timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
987restart: 984restart:
988 985
@@ -1091,9 +1088,6 @@ static int recv_stream(struct kiocb *iocb, struct socket *sock,
1091 goto exit; 1088 goto exit;
1092 } 1089 }
1093 1090
1094 /* will be updated in set_orig_addr() if needed */
1095 m->msg_namelen = 0;
1096
1097 target = sock_rcvlowat(sk, flags & MSG_WAITALL, buf_len); 1091 target = sock_rcvlowat(sk, flags & MSG_WAITALL, buf_len);
1098 timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT); 1092 timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
1099 1093
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index c1f403bed683..01625ccc3ae6 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -1754,7 +1754,6 @@ static void unix_copy_addr(struct msghdr *msg, struct sock *sk)
1754{ 1754{
1755 struct unix_sock *u = unix_sk(sk); 1755 struct unix_sock *u = unix_sk(sk);
1756 1756
1757 msg->msg_namelen = 0;
1758 if (u->addr) { 1757 if (u->addr) {
1759 msg->msg_namelen = u->addr->len; 1758 msg->msg_namelen = u->addr->len;
1760 memcpy(msg->msg_name, u->addr->name, u->addr->len); 1759 memcpy(msg->msg_name, u->addr->name, u->addr->len);
@@ -1778,8 +1777,6 @@ static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock,
1778 if (flags&MSG_OOB) 1777 if (flags&MSG_OOB)
1779 goto out; 1778 goto out;
1780 1779
1781 msg->msg_namelen = 0;
1782
1783 err = mutex_lock_interruptible(&u->readlock); 1780 err = mutex_lock_interruptible(&u->readlock);
1784 if (err) { 1781 if (err) {
1785 err = sock_intr_errno(sock_rcvtimeo(sk, noblock)); 1782 err = sock_intr_errno(sock_rcvtimeo(sk, noblock));
@@ -1924,8 +1921,6 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
1924 target = sock_rcvlowat(sk, flags&MSG_WAITALL, size); 1921 target = sock_rcvlowat(sk, flags&MSG_WAITALL, size);
1925 timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT); 1922 timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT);
1926 1923
1927 msg->msg_namelen = 0;
1928
1929 /* Lock the socket to prevent queue disordering 1924 /* Lock the socket to prevent queue disordering
1930 * while sleeps in memcpy_tomsg 1925 * while sleeps in memcpy_tomsg
1931 */ 1926 */
diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c
index 545c08b8a1d4..5adfd94c5b85 100644
--- a/net/vmw_vsock/af_vsock.c
+++ b/net/vmw_vsock/af_vsock.c
@@ -1662,8 +1662,6 @@ vsock_stream_recvmsg(struct kiocb *kiocb,
1662 vsk = vsock_sk(sk); 1662 vsk = vsock_sk(sk);
1663 err = 0; 1663 err = 0;
1664 1664
1665 msg->msg_namelen = 0;
1666
1667 lock_sock(sk); 1665 lock_sock(sk);
1668 1666
1669 if (sk->sk_state != SS_CONNECTED) { 1667 if (sk->sk_state != SS_CONNECTED) {
diff --git a/net/vmw_vsock/vmci_transport.c b/net/vmw_vsock/vmci_transport.c
index 9d6986634e0b..687360da62d9 100644
--- a/net/vmw_vsock/vmci_transport.c
+++ b/net/vmw_vsock/vmci_transport.c
@@ -1746,8 +1746,6 @@ static int vmci_transport_dgram_dequeue(struct kiocb *kiocb,
1746 if (flags & MSG_OOB || flags & MSG_ERRQUEUE) 1746 if (flags & MSG_OOB || flags & MSG_ERRQUEUE)
1747 return -EOPNOTSUPP; 1747 return -EOPNOTSUPP;
1748 1748
1749 msg->msg_namelen = 0;
1750
1751 /* Retrieve the head sk_buff from the socket's receive queue. */ 1749 /* Retrieve the head sk_buff from the socket's receive queue. */
1752 err = 0; 1750 err = 0;
1753 skb = skb_recv_datagram(&vsk->sk, flags, noblock, &err); 1751 skb = skb_recv_datagram(&vsk->sk, flags, noblock, &err);
diff --git a/net/x25/af_x25.c b/net/x25/af_x25.c
index 45a3ab5612c1..7622789d3750 100644
--- a/net/x25/af_x25.c
+++ b/net/x25/af_x25.c
@@ -1340,10 +1340,9 @@ static int x25_recvmsg(struct kiocb *iocb, struct socket *sock,
1340 if (sx25) { 1340 if (sx25) {
1341 sx25->sx25_family = AF_X25; 1341 sx25->sx25_family = AF_X25;
1342 sx25->sx25_addr = x25->dest_addr; 1342 sx25->sx25_addr = x25->dest_addr;
1343 msg->msg_namelen = sizeof(*sx25);
1343 } 1344 }
1344 1345
1345 msg->msg_namelen = sizeof(struct sockaddr_x25);
1346
1347 x25_check_rbuf(sk); 1346 x25_check_rbuf(sk);
1348 rc = copied; 1347 rc = copied;
1349out_free_dgram: 1348out_free_dgram:
generated by cgit v1.2.2 (git 2.25.0) at 2025-02-27 12:05:44 -0500