diff options
Diffstat (limited to 'net/socket.c')
| -rw-r--r-- | net/socket.c | 230 |
1 files changed, 168 insertions, 62 deletions
diff --git a/net/socket.c b/net/socket.c index 310d16b1b3c9..02dc82db3d23 100644 --- a/net/socket.c +++ b/net/socket.c | |||
| @@ -263,15 +263,6 @@ static struct inode *sock_alloc_inode(struct super_block *sb) | |||
| 263 | return &ei->vfs_inode; | 263 | return &ei->vfs_inode; |
| 264 | } | 264 | } |
| 265 | 265 | ||
| 266 | |||
| 267 | |||
| 268 | static void wq_free_rcu(struct rcu_head *head) | ||
| 269 | { | ||
| 270 | struct socket_wq *wq = container_of(head, struct socket_wq, rcu); | ||
| 271 | |||
| 272 | kfree(wq); | ||
| 273 | } | ||
| 274 | |||
| 275 | static void sock_destroy_inode(struct inode *inode) | 266 | static void sock_destroy_inode(struct inode *inode) |
| 276 | { | 267 | { |
| 277 | struct socket_alloc *ei; | 268 | struct socket_alloc *ei; |
| @@ -279,7 +270,7 @@ static void sock_destroy_inode(struct inode *inode) | |||
| 279 | 270 | ||
| 280 | ei = container_of(inode, struct socket_alloc, vfs_inode); | 271 | ei = container_of(inode, struct socket_alloc, vfs_inode); |
| 281 | wq = rcu_dereference_protected(ei->socket.wq, 1); | 272 | wq = rcu_dereference_protected(ei->socket.wq, 1); |
| 282 | call_rcu(&wq->rcu, wq_free_rcu); | 273 | kfree_rcu(wq, rcu); |
| 283 | kmem_cache_free(sock_inode_cachep, ei); | 274 | kmem_cache_free(sock_inode_cachep, ei); |
| 284 | } | 275 | } |
| 285 | 276 | ||
| @@ -551,11 +542,10 @@ int sock_tx_timestamp(struct sock *sk, __u8 *tx_flags) | |||
| 551 | } | 542 | } |
| 552 | EXPORT_SYMBOL(sock_tx_timestamp); | 543 | EXPORT_SYMBOL(sock_tx_timestamp); |
| 553 | 544 | ||
| 554 | static inline int __sock_sendmsg(struct kiocb *iocb, struct socket *sock, | 545 | static inline int __sock_sendmsg_nosec(struct kiocb *iocb, struct socket *sock, |
| 555 | struct msghdr *msg, size_t size) | 546 | struct msghdr *msg, size_t size) |
| 556 | { | 547 | { |
| 557 | struct sock_iocb *si = kiocb_to_siocb(iocb); | 548 | struct sock_iocb *si = kiocb_to_siocb(iocb); |
| 558 | int err; | ||
| 559 | 549 | ||
| 560 | sock_update_classid(sock->sk); | 550 | sock_update_classid(sock->sk); |
| 561 | 551 | ||
| @@ -564,13 +554,17 @@ static inline int __sock_sendmsg(struct kiocb *iocb, struct socket *sock, | |||
| 564 | si->msg = msg; | 554 | si->msg = msg; |
| 565 | si->size = size; | 555 | si->size = size; |
| 566 | 556 | ||
| 567 | err = security_socket_sendmsg(sock, msg, size); | ||
| 568 | if (err) | ||
| 569 | return err; | ||
| 570 | |||
| 571 | return sock->ops->sendmsg(iocb, sock, msg, size); | 557 | return sock->ops->sendmsg(iocb, sock, msg, size); |
| 572 | } | 558 | } |
| 573 | 559 | ||
| 560 | static inline int __sock_sendmsg(struct kiocb *iocb, struct socket *sock, | ||
| 561 | struct msghdr *msg, size_t size) | ||
| 562 | { | ||
| 563 | int err = security_socket_sendmsg(sock, msg, size); | ||
| 564 | |||
| 565 | return err ?: __sock_sendmsg_nosec(iocb, sock, msg, size); | ||
| 566 | } | ||
| 567 | |||
| 574 | int sock_sendmsg(struct socket *sock, struct msghdr *msg, size_t size) | 568 | int sock_sendmsg(struct socket *sock, struct msghdr *msg, size_t size) |
| 575 | { | 569 | { |
| 576 | struct kiocb iocb; | 570 | struct kiocb iocb; |
| @@ -586,6 +580,20 @@ int sock_sendmsg(struct socket *sock, struct msghdr *msg, size_t size) | |||
| 586 | } | 580 | } |
| 587 | EXPORT_SYMBOL(sock_sendmsg); | 581 | EXPORT_SYMBOL(sock_sendmsg); |
| 588 | 582 | ||
| 583 | int sock_sendmsg_nosec(struct socket *sock, struct msghdr *msg, size_t size) | ||
| 584 | { | ||
| 585 | struct kiocb iocb; | ||
| 586 | struct sock_iocb siocb; | ||
| 587 | int ret; | ||
| 588 | |||
| 589 | init_sync_kiocb(&iocb, NULL); | ||
| 590 | iocb.private = &siocb; | ||
| 591 | ret = __sock_sendmsg_nosec(&iocb, sock, msg, size); | ||
| 592 | if (-EIOCBQUEUED == ret) | ||
| 593 | ret = wait_on_sync_kiocb(&iocb); | ||
| 594 | return ret; | ||
| 595 | } | ||
| 596 | |||
| 589 | int kernel_sendmsg(struct socket *sock, struct msghdr *msg, | 597 | int kernel_sendmsg(struct socket *sock, struct msghdr *msg, |
| 590 | struct kvec *vec, size_t num, size_t size) | 598 | struct kvec *vec, size_t num, size_t size) |
| 591 | { | 599 | { |
| @@ -1863,57 +1871,47 @@ SYSCALL_DEFINE2(shutdown, int, fd, int, how) | |||
| 1863 | #define COMPAT_NAMELEN(msg) COMPAT_MSG(msg, msg_namelen) | 1871 | #define COMPAT_NAMELEN(msg) COMPAT_MSG(msg, msg_namelen) |
| 1864 | #define COMPAT_FLAGS(msg) COMPAT_MSG(msg, msg_flags) | 1872 | #define COMPAT_FLAGS(msg) COMPAT_MSG(msg, msg_flags) |
| 1865 | 1873 | ||
| 1866 | /* | 1874 | static int __sys_sendmsg(struct socket *sock, struct msghdr __user *msg, |
| 1867 | * BSD sendmsg interface | 1875 | struct msghdr *msg_sys, unsigned flags, int nosec) |
| 1868 | */ | ||
| 1869 | |||
| 1870 | SYSCALL_DEFINE3(sendmsg, int, fd, struct msghdr __user *, msg, unsigned, flags) | ||
| 1871 | { | 1876 | { |
| 1872 | struct compat_msghdr __user *msg_compat = | 1877 | struct compat_msghdr __user *msg_compat = |
| 1873 | (struct compat_msghdr __user *)msg; | 1878 | (struct compat_msghdr __user *)msg; |
| 1874 | struct socket *sock; | ||
| 1875 | struct sockaddr_storage address; | 1879 | struct sockaddr_storage address; |
| 1876 | struct iovec iovstack[UIO_FASTIOV], *iov = iovstack; | 1880 | struct iovec iovstack[UIO_FASTIOV], *iov = iovstack; |
| 1877 | unsigned char ctl[sizeof(struct cmsghdr) + 20] | 1881 | unsigned char ctl[sizeof(struct cmsghdr) + 20] |
| 1878 | __attribute__ ((aligned(sizeof(__kernel_size_t)))); | 1882 | __attribute__ ((aligned(sizeof(__kernel_size_t)))); |
| 1879 | /* 20 is size of ipv6_pktinfo */ | 1883 | /* 20 is size of ipv6_pktinfo */ |
| 1880 | unsigned char *ctl_buf = ctl; | 1884 | unsigned char *ctl_buf = ctl; |
| 1881 | struct msghdr msg_sys; | ||
| 1882 | int err, ctl_len, iov_size, total_len; | 1885 | int err, ctl_len, iov_size, total_len; |
| 1883 | int fput_needed; | ||
| 1884 | 1886 | ||
| 1885 | err = -EFAULT; | 1887 | err = -EFAULT; |
| 1886 | if (MSG_CMSG_COMPAT & flags) { | 1888 | if (MSG_CMSG_COMPAT & flags) { |
| 1887 | if (get_compat_msghdr(&msg_sys, msg_compat)) | 1889 | if (get_compat_msghdr(msg_sys, msg_compat)) |
| 1888 | return -EFAULT; | 1890 | return -EFAULT; |
| 1889 | } else if (copy_from_user(&msg_sys, msg, sizeof(struct msghdr))) | 1891 | } else if (copy_from_user(msg_sys, msg, sizeof(struct msghdr))) |
| 1890 | return -EFAULT; | 1892 | return -EFAULT; |
| 1891 | 1893 | ||
| 1892 | sock = sockfd_lookup_light(fd, &err, &fput_needed); | ||
| 1893 | if (!sock) | ||
| 1894 | goto out; | ||
| 1895 | |||
| 1896 | /* do not move before msg_sys is valid */ | 1894 | /* do not move before msg_sys is valid */ |
| 1897 | err = -EMSGSIZE; | 1895 | err = -EMSGSIZE; |
| 1898 | if (msg_sys.msg_iovlen > UIO_MAXIOV) | 1896 | if (msg_sys->msg_iovlen > UIO_MAXIOV) |
| 1899 | goto out_put; | 1897 | goto out; |
| 1900 | 1898 | ||
| 1901 | /* Check whether to allocate the iovec area */ | 1899 | /* Check whether to allocate the iovec area */ |
| 1902 | err = -ENOMEM; | 1900 | err = -ENOMEM; |
| 1903 | iov_size = msg_sys.msg_iovlen * sizeof(struct iovec); | 1901 | iov_size = msg_sys->msg_iovlen * sizeof(struct iovec); |
| 1904 | if (msg_sys.msg_iovlen > UIO_FASTIOV) { | 1902 | if (msg_sys->msg_iovlen > UIO_FASTIOV) { |
| 1905 | iov = sock_kmalloc(sock->sk, iov_size, GFP_KERNEL); | 1903 | iov = sock_kmalloc(sock->sk, iov_size, GFP_KERNEL); |
| 1906 | if (!iov) | 1904 | if (!iov) |
| 1907 | goto out_put; | 1905 | goto out; |
| 1908 | } | 1906 | } |
| 1909 | 1907 | ||
| 1910 | /* This will also move the address data into kernel space */ | 1908 | /* This will also move the address data into kernel space */ |
| 1911 | if (MSG_CMSG_COMPAT & flags) { | 1909 | if (MSG_CMSG_COMPAT & flags) { |
| 1912 | err = verify_compat_iovec(&msg_sys, iov, | 1910 | err = verify_compat_iovec(msg_sys, iov, |
| 1913 | (struct sockaddr *)&address, | 1911 | (struct sockaddr *)&address, |
| 1914 | VERIFY_READ); | 1912 | VERIFY_READ); |
| 1915 | } else | 1913 | } else |
| 1916 | err = verify_iovec(&msg_sys, iov, | 1914 | err = verify_iovec(msg_sys, iov, |
| 1917 | (struct sockaddr *)&address, | 1915 | (struct sockaddr *)&address, |
| 1918 | VERIFY_READ); | 1916 | VERIFY_READ); |
| 1919 | if (err < 0) | 1917 | if (err < 0) |
| @@ -1922,17 +1920,17 @@ SYSCALL_DEFINE3(sendmsg, int, fd, struct msghdr __user *, msg, unsigned, flags) | |||
| 1922 | 1920 | ||
| 1923 | err = -ENOBUFS; | 1921 | err = -ENOBUFS; |
| 1924 | 1922 | ||
| 1925 | if (msg_sys.msg_controllen > INT_MAX) | 1923 | if (msg_sys->msg_controllen > INT_MAX) |
| 1926 | goto out_freeiov; | 1924 | goto out_freeiov; |
| 1927 | ctl_len = msg_sys.msg_controllen; | 1925 | ctl_len = msg_sys->msg_controllen; |
| 1928 | if ((MSG_CMSG_COMPAT & flags) && ctl_len) { | 1926 | if ((MSG_CMSG_COMPAT & flags) && ctl_len) { |
| 1929 | err = | 1927 | err = |
| 1930 | cmsghdr_from_user_compat_to_kern(&msg_sys, sock->sk, ctl, | 1928 | cmsghdr_from_user_compat_to_kern(msg_sys, sock->sk, ctl, |
| 1931 | sizeof(ctl)); | 1929 | sizeof(ctl)); |
| 1932 | if (err) | 1930 | if (err) |
| 1933 | goto out_freeiov; | 1931 | goto out_freeiov; |
| 1934 | ctl_buf = msg_sys.msg_control; | 1932 | ctl_buf = msg_sys->msg_control; |
| 1935 | ctl_len = msg_sys.msg_controllen; | 1933 | ctl_len = msg_sys->msg_controllen; |
| 1936 | } else if (ctl_len) { | 1934 | } else if (ctl_len) { |
| 1937 | if (ctl_len > sizeof(ctl)) { | 1935 | if (ctl_len > sizeof(ctl)) { |
| 1938 | ctl_buf = sock_kmalloc(sock->sk, ctl_len, GFP_KERNEL); | 1936 | ctl_buf = sock_kmalloc(sock->sk, ctl_len, GFP_KERNEL); |
| @@ -1941,21 +1939,22 @@ SYSCALL_DEFINE3(sendmsg, int, fd, struct msghdr __user *, msg, unsigned, flags) | |||
| 1941 | } | 1939 | } |
| 1942 | err = -EFAULT; | 1940 | err = -EFAULT; |
| 1943 | /* | 1941 | /* |
| 1944 | * Careful! Before this, msg_sys.msg_control contains a user pointer. | 1942 | * Careful! Before this, msg_sys->msg_control contains a user pointer. |
| 1945 | * Afterwards, it will be a kernel pointer. Thus the compiler-assisted | 1943 | * Afterwards, it will be a kernel pointer. Thus the compiler-assisted |
| 1946 | * checking falls down on this. | 1944 | * checking falls down on this. |
| 1947 | */ | 1945 | */ |
| 1948 | if (copy_from_user(ctl_buf, | 1946 | if (copy_from_user(ctl_buf, |
| 1949 | (void __user __force *)msg_sys.msg_control, | 1947 | (void __user __force *)msg_sys->msg_control, |
| 1950 | ctl_len)) | 1948 | ctl_len)) |
| 1951 | goto out_freectl; | 1949 | goto out_freectl; |
| 1952 | msg_sys.msg_control = ctl_buf; | 1950 | msg_sys->msg_control = ctl_buf; |
| 1953 | } | 1951 | } |
| 1954 | msg_sys.msg_flags = flags; | 1952 | msg_sys->msg_flags = flags; |
| 1955 | 1953 | ||
| 1956 | if (sock->file->f_flags & O_NONBLOCK) | 1954 | if (sock->file->f_flags & O_NONBLOCK) |
| 1957 | msg_sys.msg_flags |= MSG_DONTWAIT; | 1955 | msg_sys->msg_flags |= MSG_DONTWAIT; |
| 1958 | err = sock_sendmsg(sock, &msg_sys, total_len); | 1956 | err = (nosec ? sock_sendmsg_nosec : sock_sendmsg)(sock, msg_sys, |
| 1957 | total_len); | ||
| 1959 | 1958 | ||
| 1960 | out_freectl: | 1959 | out_freectl: |
| 1961 | if (ctl_buf != ctl) | 1960 | if (ctl_buf != ctl) |
| @@ -1963,12 +1962,114 @@ out_freectl: | |||
| 1963 | out_freeiov: | 1962 | out_freeiov: |
| 1964 | if (iov != iovstack) | 1963 | if (iov != iovstack) |
| 1965 | sock_kfree_s(sock->sk, iov, iov_size); | 1964 | sock_kfree_s(sock->sk, iov, iov_size); |
| 1966 | out_put: | 1965 | out: |
| 1966 | return err; | ||
| 1967 | } | ||
| 1968 | |||
| 1969 | /* | ||
| 1970 | * BSD sendmsg interface | ||
| 1971 | */ | ||
| 1972 | |||
| 1973 | SYSCALL_DEFINE3(sendmsg, int, fd, struct msghdr __user *, msg, unsigned, flags) | ||
| 1974 | { | ||
| 1975 | int fput_needed, err; | ||
| 1976 | struct msghdr msg_sys; | ||
| 1977 | struct socket *sock = sockfd_lookup_light(fd, &err, &fput_needed); | ||
| 1978 | |||
| 1979 | if (!sock) | ||
| 1980 | goto out; | ||
| 1981 | |||
| 1982 | err = __sys_sendmsg(sock, msg, &msg_sys, flags, 0); | ||
| 1983 | |||
| 1967 | fput_light(sock->file, fput_needed); | 1984 | fput_light(sock->file, fput_needed); |
| 1968 | out: | 1985 | out: |
| 1969 | return err; | 1986 | return err; |
| 1970 | } | 1987 | } |
| 1971 | 1988 | ||
| 1989 | /* | ||
| 1990 | * Linux sendmmsg interface | ||
| 1991 | */ | ||
| 1992 | |||
| 1993 | int __sys_sendmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen, | ||
| 1994 | unsigned int flags) | ||
| 1995 | { | ||
| 1996 | int fput_needed, err, datagrams; | ||
| 1997 | struct socket *sock; | ||
| 1998 | struct mmsghdr __user *entry; | ||
| 1999 | struct compat_mmsghdr __user *compat_entry; | ||
| 2000 | struct msghdr msg_sys; | ||
| 2001 | |||
| 2002 | datagrams = 0; | ||
| 2003 | |||
| 2004 | sock = sockfd_lookup_light(fd, &err, &fput_needed); | ||
| 2005 | if (!sock) | ||
| 2006 | return err; | ||
| 2007 | |||
| 2008 | err = sock_error(sock->sk); | ||
| 2009 | if (err) | ||
| 2010 | goto out_put; | ||
| 2011 | |||
| 2012 | entry = mmsg; | ||
| 2013 | compat_entry = (struct compat_mmsghdr __user *)mmsg; | ||
| 2014 | |||
| 2015 | while (datagrams < vlen) { | ||
| 2016 | /* | ||
| 2017 | * No need to ask LSM for more than the first datagram. | ||
| 2018 | */ | ||
| 2019 | if (MSG_CMSG_COMPAT & flags) { | ||
| 2020 | err = __sys_sendmsg(sock, (struct msghdr __user *)compat_entry, | ||
| 2021 | &msg_sys, flags, datagrams); | ||
| 2022 | if (err < 0) | ||
| 2023 | break; | ||
| 2024 | err = __put_user(err, &compat_entry->msg_len); | ||
| 2025 | ++compat_entry; | ||
| 2026 | } else { | ||
| 2027 | err = __sys_sendmsg(sock, (struct msghdr __user *)entry, | ||
| 2028 | &msg_sys, flags, datagrams); | ||
| 2029 | if (err < 0) | ||
| 2030 | break; | ||
| 2031 | err = put_user(err, &entry->msg_len); | ||
| 2032 | ++entry; | ||
| 2033 | } | ||
| 2034 | |||
| 2035 | if (err) | ||
| 2036 | break; | ||
| 2037 | ++datagrams; | ||
| 2038 | } | ||
| 2039 | |||
| 2040 | out_put: | ||
| 2041 | fput_light(sock->file, fput_needed); | ||
| 2042 | |||
| 2043 | if (err == 0) | ||
| 2044 | return datagrams; | ||
| 2045 | |||
| 2046 | if (datagrams != 0) { | ||
| 2047 | /* | ||
| 2048 | * We may send less entries than requested (vlen) if the | ||
| 2049 | * sock is non blocking... | ||
| 2050 | */ | ||
| 2051 | if (err != -EAGAIN) { | ||
| 2052 | /* | ||
| 2053 | * ... or if sendmsg returns an error after we | ||
| 2054 | * send some datagrams, where we record the | ||
| 2055 | * error to return on the next call or if the | ||
| 2056 | * app asks about it using getsockopt(SO_ERROR). | ||
| 2057 | */ | ||
| 2058 | sock->sk->sk_err = -err; | ||
| 2059 | } | ||
| 2060 | |||
| 2061 | return datagrams; | ||
| 2062 | } | ||
| 2063 | |||
| 2064 | return err; | ||
| 2065 | } | ||
| 2066 | |||
| 2067 | SYSCALL_DEFINE4(sendmmsg, int, fd, struct mmsghdr __user *, mmsg, | ||
| 2068 | unsigned int, vlen, unsigned int, flags) | ||
| 2069 | { | ||
| 2070 | return __sys_sendmmsg(fd, mmsg, vlen, flags); | ||
| 2071 | } | ||
| 2072 | |||
| 1972 | static int __sys_recvmsg(struct socket *sock, struct msghdr __user *msg, | 2073 | static int __sys_recvmsg(struct socket *sock, struct msghdr __user *msg, |
| 1973 | struct msghdr *msg_sys, unsigned flags, int nosec) | 2074 | struct msghdr *msg_sys, unsigned flags, int nosec) |
| 1974 | { | 2075 | { |
| @@ -2122,14 +2223,16 @@ int __sys_recvmmsg(int fd, struct mmsghdr __user *mmsg, unsigned int vlen, | |||
| 2122 | */ | 2223 | */ |
| 2123 | if (MSG_CMSG_COMPAT & flags) { | 2224 | if (MSG_CMSG_COMPAT & flags) { |
| 2124 | err = __sys_recvmsg(sock, (struct msghdr __user *)compat_entry, | 2225 | err = __sys_recvmsg(sock, (struct msghdr __user *)compat_entry, |
| 2125 | &msg_sys, flags, datagrams); | 2226 | &msg_sys, flags & ~MSG_WAITFORONE, |
| 2227 | datagrams); | ||
| 2126 | if (err < 0) | 2228 | if (err < 0) |
| 2127 | break; | 2229 | break; |
| 2128 | err = __put_user(err, &compat_entry->msg_len); | 2230 | err = __put_user(err, &compat_entry->msg_len); |
| 2129 | ++compat_entry; | 2231 | ++compat_entry; |
| 2130 | } else { | 2232 | } else { |
| 2131 | err = __sys_recvmsg(sock, (struct msghdr __user *)entry, | 2233 | err = __sys_recvmsg(sock, (struct msghdr __user *)entry, |
| 2132 | &msg_sys, flags, datagrams); | 2234 | &msg_sys, flags & ~MSG_WAITFORONE, |
| 2235 | datagrams); | ||
| 2133 | if (err < 0) | 2236 | if (err < 0) |
| 2134 | break; | 2237 | break; |
| 2135 | err = put_user(err, &entry->msg_len); | 2238 | err = put_user(err, &entry->msg_len); |
| @@ -2214,11 +2317,11 @@ SYSCALL_DEFINE5(recvmmsg, int, fd, struct mmsghdr __user *, mmsg, | |||
| 2214 | #ifdef __ARCH_WANT_SYS_SOCKETCALL | 2317 | #ifdef __ARCH_WANT_SYS_SOCKETCALL |
| 2215 | /* Argument list sizes for sys_socketcall */ | 2318 | /* Argument list sizes for sys_socketcall */ |
| 2216 | #define AL(x) ((x) * sizeof(unsigned long)) | 2319 | #define AL(x) ((x) * sizeof(unsigned long)) |
| 2217 | static const unsigned char nargs[20] = { | 2320 | static const unsigned char nargs[21] = { |
| 2218 | AL(0), AL(3), AL(3), AL(3), AL(2), AL(3), | 2321 | AL(0), AL(3), AL(3), AL(3), AL(2), AL(3), |
| 2219 | AL(3), AL(3), AL(4), AL(4), AL(4), AL(6), | 2322 | AL(3), AL(3), AL(4), AL(4), AL(4), AL(6), |
| 2220 | AL(6), AL(2), AL(5), AL(5), AL(3), AL(3), | 2323 | AL(6), AL(2), AL(5), AL(5), AL(3), AL(3), |
| 2221 | AL(4), AL(5) | 2324 | AL(4), AL(5), AL(4) |
| 2222 | }; | 2325 | }; |
| 2223 | 2326 | ||
| 2224 | #undef AL | 2327 | #undef AL |
| @@ -2238,7 +2341,7 @@ SYSCALL_DEFINE2(socketcall, int, call, unsigned long __user *, args) | |||
| 2238 | int err; | 2341 | int err; |
| 2239 | unsigned int len; | 2342 | unsigned int len; |
| 2240 | 2343 | ||
| 2241 | if (call < 1 || call > SYS_RECVMMSG) | 2344 | if (call < 1 || call > SYS_SENDMMSG) |
| 2242 | return -EINVAL; | 2345 | return -EINVAL; |
| 2243 | 2346 | ||
| 2244 | len = nargs[call]; | 2347 | len = nargs[call]; |
| @@ -2313,6 +2416,9 @@ SYSCALL_DEFINE2(socketcall, int, call, unsigned long __user *, args) | |||
| 2313 | case SYS_SENDMSG: | 2416 | case SYS_SENDMSG: |
| 2314 | err = sys_sendmsg(a0, (struct msghdr __user *)a1, a[2]); | 2417 | err = sys_sendmsg(a0, (struct msghdr __user *)a1, a[2]); |
| 2315 | break; | 2418 | break; |
| 2419 | case SYS_SENDMMSG: | ||
| 2420 | err = sys_sendmmsg(a0, (struct mmsghdr __user *)a1, a[2], a[3]); | ||
| 2421 | break; | ||
| 2316 | case SYS_RECVMSG: | 2422 | case SYS_RECVMSG: |
| 2317 | err = sys_recvmsg(a0, (struct msghdr __user *)a1, a[2]); | 2423 | err = sys_recvmsg(a0, (struct msghdr __user *)a1, a[2]); |
| 2318 | break; | 2424 | break; |
| @@ -2643,13 +2749,13 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) | |||
| 2643 | return -EFAULT; | 2749 | return -EFAULT; |
| 2644 | 2750 | ||
| 2645 | if (convert_in) { | 2751 | if (convert_in) { |
| 2646 | /* We expect there to be holes between fs.m_u and | 2752 | /* We expect there to be holes between fs.m_ext and |
| 2647 | * fs.ring_cookie and at the end of fs, but nowhere else. | 2753 | * fs.ring_cookie and at the end of fs, but nowhere else. |
| 2648 | */ | 2754 | */ |
| 2649 | BUILD_BUG_ON(offsetof(struct compat_ethtool_rxnfc, fs.m_u) + | 2755 | BUILD_BUG_ON(offsetof(struct compat_ethtool_rxnfc, fs.m_ext) + |
| 2650 | sizeof(compat_rxnfc->fs.m_u) != | 2756 | sizeof(compat_rxnfc->fs.m_ext) != |
| 2651 | offsetof(struct ethtool_rxnfc, fs.m_u) + | 2757 | offsetof(struct ethtool_rxnfc, fs.m_ext) + |
| 2652 | sizeof(rxnfc->fs.m_u)); | 2758 | sizeof(rxnfc->fs.m_ext)); |
| 2653 | BUILD_BUG_ON( | 2759 | BUILD_BUG_ON( |
| 2654 | offsetof(struct compat_ethtool_rxnfc, fs.location) - | 2760 | offsetof(struct compat_ethtool_rxnfc, fs.location) - |
| 2655 | offsetof(struct compat_ethtool_rxnfc, fs.ring_cookie) != | 2761 | offsetof(struct compat_ethtool_rxnfc, fs.ring_cookie) != |
| @@ -2657,7 +2763,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) | |||
| 2657 | offsetof(struct ethtool_rxnfc, fs.ring_cookie)); | 2763 | offsetof(struct ethtool_rxnfc, fs.ring_cookie)); |
| 2658 | 2764 | ||
| 2659 | if (copy_in_user(rxnfc, compat_rxnfc, | 2765 | if (copy_in_user(rxnfc, compat_rxnfc, |
| 2660 | (void *)(&rxnfc->fs.m_u + 1) - | 2766 | (void *)(&rxnfc->fs.m_ext + 1) - |
| 2661 | (void *)rxnfc) || | 2767 | (void *)rxnfc) || |
| 2662 | copy_in_user(&rxnfc->fs.ring_cookie, | 2768 | copy_in_user(&rxnfc->fs.ring_cookie, |
| 2663 | &compat_rxnfc->fs.ring_cookie, | 2769 | &compat_rxnfc->fs.ring_cookie, |
| @@ -2674,7 +2780,7 @@ static int ethtool_ioctl(struct net *net, struct compat_ifreq __user *ifr32) | |||
| 2674 | 2780 | ||
| 2675 | if (convert_out) { | 2781 | if (convert_out) { |
| 2676 | if (copy_in_user(compat_rxnfc, rxnfc, | 2782 | if (copy_in_user(compat_rxnfc, rxnfc, |
| 2677 | (const void *)(&rxnfc->fs.m_u + 1) - | 2783 | (const void *)(&rxnfc->fs.m_ext + 1) - |
| 2678 | (const void *)rxnfc) || | 2784 | (const void *)rxnfc) || |
| 2679 | copy_in_user(&compat_rxnfc->fs.ring_cookie, | 2785 | copy_in_user(&compat_rxnfc->fs.ring_cookie, |
| 2680 | &rxnfc->fs.ring_cookie, | 2786 | &rxnfc->fs.ring_cookie, |