1 files changed, 53 insertions, 131 deletions
diff --git a/net/socket.c b/net/socket.c
index 245330ca0015..884e32997698 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -140,8 +140,6 @@ static ssize_t sock_splice_read(struct file *file, loff_t *ppos,
 static const struct file_operations socket_file_ops = {
        .owner =        THIS_MODULE,
        .llseek =       no_llseek,
-        .read =         new_sync_read,
-        .write =        new_sync_write,
        .read_iter =    sock_read_iter,
        .write_iter =   sock_write_iter,
        .poll =         sock_poll,
@@ -314,7 +312,7 @@ static const struct super_operations sockfs_ops = {
 static char *sockfs_dname(struct dentry *dentry, char *buffer, int buflen)
 {
        return dynamic_dname(dentry, buffer, buflen, "socket:[%lu]",
-                                dentry->d_inode->i_ino);
+                                d_inode(dentry)->i_ino);
 }
 static const struct dentry_operations sockfs_dentry_operations = {
@@ -377,7 +375,7 @@ struct file *sock_alloc_file(struct socket *sock, int flags, const char *dname)
                  &socket_file_ops);
        if (unlikely(IS_ERR(file))) {
                /* drop dentry, keep inode */
-                ihold(path.dentry->d_inode);
+                ihold(d_inode(path.dentry));
                path_put(&path);
                return file;
        }
@@ -499,7 +497,7 @@ static ssize_t sockfs_listxattr(struct dentry *dentry, char *buffer,
        ssize_t len;
        ssize_t used = 0;
-        len = security_inode_listsecurity(dentry->d_inode, buffer, size);
+        len = security_inode_listsecurity(d_inode(dentry), buffer, size);
        if (len < 0)
                return len;
        used += len;
@@ -610,60 +608,27 @@ void __sock_tx_timestamp(const struct sock *sk, __u8 *tx_flags)
 }
 EXPORT_SYMBOL(__sock_tx_timestamp);
-static inline int __sock_sendmsg_nosec(struct kiocb *iocb, struct socket *sock,
+static inline int sock_sendmsg_nosec(struct socket *sock, struct msghdr *msg)
-                                       struct msghdr *msg, size_t size)
 {
-        return sock->ops->sendmsg(iocb, sock, msg, size);
+        int ret = sock->ops->sendmsg(sock, msg, msg_data_left(msg));
-}
+        BUG_ON(ret == -EIOCBQUEUED);
-static inline int __sock_sendmsg(struct kiocb *iocb, struct socket *sock,
-                                 struct msghdr *msg, size_t size)
-{
-        int err = security_socket_sendmsg(sock, msg, size);
-        return err ?: __sock_sendmsg_nosec(iocb, sock, msg, size);
-}
-static int do_sock_sendmsg(struct socket *sock, struct msghdr *msg,
-                           size_t size, bool nosec)
-{
-        struct kiocb iocb;
-        int ret;
-        init_sync_kiocb(&iocb, NULL);
-        ret = nosec ? __sock_sendmsg_nosec(&iocb, sock, msg, size) :
-                      __sock_sendmsg(&iocb, sock, msg, size);
-        if (-EIOCBQUEUED == ret)
-                ret = wait_on_sync_kiocb(&iocb);
        return ret;
 }
-int sock_sendmsg(struct socket *sock, struct msghdr *msg, size_t size)
+int sock_sendmsg(struct socket *sock, struct msghdr *msg)
 {
-        return do_sock_sendmsg(sock, msg, size, false);
+        int err = security_socket_sendmsg(sock, msg,
-}
+                                          msg_data_left(msg));
-EXPORT_SYMBOL(sock_sendmsg);
-static int sock_sendmsg_nosec(struct socket *sock, struct msghdr *msg, size_t size)
+        return err ?: sock_sendmsg_nosec(sock, msg);
-{
-        return do_sock_sendmsg(sock, msg, size, true);
 }
+EXPORT_SYMBOL(sock_sendmsg);
 int kernel_sendmsg(struct socket *sock, struct msghdr *msg,
                   struct kvec *vec, size_t num, size_t size)
 {
-        mm_segment_t oldfs = get_fs();
+        iov_iter_kvec(&msg->msg_iter, WRITE | ITER_KVEC, vec, num, size);
-        int result;
+        return sock_sendmsg(sock, msg);
-        set_fs(KERNEL_DS);
-        /*
-         * the following is safe, since for compiler definitions of kvec and
-         * iovec are identical, yielding the same in-core layout and alignment
-         */
-        iov_iter_init(&msg->msg_iter, WRITE, (struct iovec *)vec, num, size);
-        result = sock_sendmsg(sock, msg, size);
-        set_fs(oldfs);
-        return result;
 }
 EXPORT_SYMBOL(kernel_sendmsg);
@@ -731,9 +696,9 @@ EXPORT_SYMBOL_GPL(__sock_recv_wifi_status);
 static inline void sock_recv_drops(struct msghdr *msg, struct sock *sk,
                                   struct sk_buff *skb)
 {
-        if (sock_flag(sk, SOCK_RXQ_OVFL) && skb && skb->dropcount)
+        if (sock_flag(sk, SOCK_RXQ_OVFL) && skb && SOCK_SKB_CB(skb)->dropcount)
                put_cmsg(msg, SOL_SOCKET, SO_RXQ_OVFL,
-                        sizeof(__u32), &skb->dropcount);
+                        sizeof(__u32), &SOCK_SKB_CB(skb)->dropcount);
 }
 void __sock_recv_ts_and_drops(struct msghdr *msg, struct sock *sk,
@@ -744,47 +709,21 @@ void __sock_recv_ts_and_drops(struct msghdr *msg, struct sock *sk,
 }
 EXPORT_SYMBOL_GPL(__sock_recv_ts_and_drops);
-static inline int __sock_recvmsg_nosec(struct kiocb *iocb, struct socket *sock,
+static inline int sock_recvmsg_nosec(struct socket *sock, struct msghdr *msg,
-                                       struct msghdr *msg, size_t size, int flags)
+                                     size_t size, int flags)
 {
-        return sock->ops->recvmsg(iocb, sock, msg, size, flags);
+        return sock->ops->recvmsg(sock, msg, size, flags);
 }
-static inline int __sock_recvmsg(struct kiocb *iocb, struct socket *sock,
+int sock_recvmsg(struct socket *sock, struct msghdr *msg, size_t size,
-                                 struct msghdr *msg, size_t size, int flags)
+                 int flags)
 {
        int err = security_socket_recvmsg(sock, msg, size, flags);
-        return err ?: __sock_recvmsg_nosec(iocb, sock, msg, size, flags);
+        return err ?: sock_recvmsg_nosec(sock, msg, size, flags);
-}
-int sock_recvmsg(struct socket *sock, struct msghdr *msg,
-                 size_t size, int flags)
-{
-        struct kiocb iocb;
-        int ret;
-        init_sync_kiocb(&iocb, NULL);
-        ret = __sock_recvmsg(&iocb, sock, msg, size, flags);
-        if (-EIOCBQUEUED == ret)
-                ret = wait_on_sync_kiocb(&iocb);
-        return ret;
 }
 EXPORT_SYMBOL(sock_recvmsg);
-static int sock_recvmsg_nosec(struct socket *sock, struct msghdr *msg,
-                              size_t size, int flags)
-{
-        struct kiocb iocb;
-        int ret;
-        init_sync_kiocb(&iocb, NULL);
-        ret = __sock_recvmsg_nosec(&iocb, sock, msg, size, flags);
-        if (-EIOCBQUEUED == ret)
-                ret = wait_on_sync_kiocb(&iocb);
-        return ret;
-}
 /**
 * kernel_recvmsg - Receive a message from a socket (kernel space)
 * @sock:       The socket to receive the message from
@@ -806,12 +745,8 @@ int kernel_recvmsg(struct socket *sock, struct msghdr *msg,
        mm_segment_t oldfs = get_fs();
        int result;
+        iov_iter_kvec(&msg->msg_iter, READ | ITER_KVEC, vec, num, size);
        set_fs(KERNEL_DS);
-        /*
-         * the following is safe, since for compiler definitions of kvec and
-         * iovec are identical, yielding the same in-core layout and alignment
-         */
-        iov_iter_init(&msg->msg_iter, READ, (struct iovec *)vec, num, size);
        result = sock_recvmsg(sock, msg, size, flags);
        set_fs(oldfs);
        return result;
@@ -849,7 +784,8 @@ static ssize_t sock_read_iter(struct kiocb *iocb, struct iov_iter *to)
 {
        struct file *file = iocb->ki_filp;
        struct socket *sock = file->private_data;
-        struct msghdr msg = {.msg_iter = *to};
+        struct msghdr msg = {.msg_iter = *to,
+                             .msg_iocb = iocb};
        ssize_t res;
        if (file->f_flags & O_NONBLOCK)
@@ -858,11 +794,10 @@ static ssize_t sock_read_iter(struct kiocb *iocb, struct iov_iter *to)
        if (iocb->ki_pos != 0)
                return -ESPIPE;
-        if (iocb->ki_nbytes == 0)       /* Match SYS5 behaviour */
+        if (!iov_iter_count(to))        /* Match SYS5 behaviour */
                return 0;
-        res = __sock_recvmsg(iocb, sock, &msg,
+        res = sock_recvmsg(sock, &msg, iov_iter_count(to), msg.msg_flags);
-                             iocb->ki_nbytes, msg.msg_flags);
        *to = msg.msg_iter;
        return res;
 }
@@ -871,7 +806,8 @@ static ssize_t sock_write_iter(struct kiocb *iocb, struct iov_iter *from)
 {
        struct file *file = iocb->ki_filp;
        struct socket *sock = file->private_data;
-        struct msghdr msg = {.msg_iter = *from};
+        struct msghdr msg = {.msg_iter = *from,
+                             .msg_iocb = iocb};
        ssize_t res;
        if (iocb->ki_pos != 0)
@@ -883,7 +819,7 @@ static ssize_t sock_write_iter(struct kiocb *iocb, struct iov_iter *from)
        if (sock->type == SOCK_SEQPACKET)
                msg.msg_flags |= MSG_EOR;
-        res = __sock_sendmsg(iocb, sock, &msg, iocb->ki_nbytes);
+        res = sock_sendmsg(sock, &msg);
        *from = msg.msg_iter;
        return res;
 }
@@ -1700,18 +1636,14 @@ SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len,
        struct iovec iov;
        int fput_needed;
-        if (len > INT_MAX)
+        err = import_single_range(WRITE, buff, len, &iov, &msg.msg_iter);
-                len = INT_MAX;
+        if (unlikely(err))
-        if (unlikely(!access_ok(VERIFY_READ, buff, len)))
+                return err;
-                return -EFAULT;
        sock = sockfd_lookup_light(fd, &err, &fput_needed);
        if (!sock)
                goto out;
-        iov.iov_base = buff;
-        iov.iov_len = len;
        msg.msg_name = NULL;
-        iov_iter_init(&msg.msg_iter, WRITE, &iov, 1, len);
        msg.msg_control = NULL;
        msg.msg_controllen = 0;
        msg.msg_namelen = 0;
@@ -1725,7 +1657,7 @@ SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len,
        if (sock->file->f_flags & O_NONBLOCK)
                flags |= MSG_DONTWAIT;
        msg.msg_flags = flags;
-        err = sock_sendmsg(sock, &msg, len);
+        err = sock_sendmsg(sock, &msg);
 out_put:
        fput_light(sock->file, fput_needed);
@@ -1760,26 +1692,22 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
        int err, err2;
        int fput_needed;
-        if (size > INT_MAX)
+        err = import_single_range(READ, ubuf, size, &iov, &msg.msg_iter);
-                size = INT_MAX;
+        if (unlikely(err))
-        if (unlikely(!access_ok(VERIFY_WRITE, ubuf, size)))
+                return err;
-                return -EFAULT;
        sock = sockfd_lookup_light(fd, &err, &fput_needed);
        if (!sock)
                goto out;
        msg.msg_control = NULL;
        msg.msg_controllen = 0;
-        iov.iov_len = size;
-        iov.iov_base = ubuf;
-        iov_iter_init(&msg.msg_iter, READ, &iov, 1, size);
        /* Save some cycles and don't copy the address if not needed */
        msg.msg_name = addr ? (struct sockaddr *)&address : NULL;
        /* We assume all kernel code knows the size of sockaddr_storage */
        msg.msg_namelen = 0;
        if (sock->file->f_flags & O_NONBLOCK)
                flags |= MSG_DONTWAIT;
-        err = sock_recvmsg(sock, &msg, size, flags);
+        err = sock_recvmsg(sock, &msg, iov_iter_count(&msg.msg_iter), flags);
        if (err >= 0 && addr != NULL) {
                err2 = move_addr_to_user(&address,
@@ -1899,10 +1827,10 @@ struct used_address {
        unsigned int name_len;
 };
-static ssize_t copy_msghdr_from_user(struct msghdr *kmsg,
+static int copy_msghdr_from_user(struct msghdr *kmsg,
-                                     struct user_msghdr __user *umsg,
+                                 struct user_msghdr __user *umsg,
-                                     struct sockaddr __user **save_addr,
+                                 struct sockaddr __user **save_addr,
-                                     struct iovec **iov)
+                                 struct iovec **iov)
 {
        struct sockaddr __user *uaddr;
        struct iovec __user *uiov;
@@ -1946,13 +1874,10 @@ static ssize_t copy_msghdr_from_user(struct msghdr *kmsg,
        if (nr_segs > UIO_MAXIOV)
                return -EMSGSIZE;
-        err = rw_copy_check_uvector(save_addr ? READ : WRITE,
+        kmsg->msg_iocb = NULL;
-                                    uiov, nr_segs,
-                                    UIO_FASTIOV, *iov, iov);
+        return import_iovec(save_addr ? READ : WRITE, uiov, nr_segs,
-        if (err >= 0)
+                            UIO_FASTIOV, iov, &kmsg->msg_iter);
-                iov_iter_init(&kmsg->msg_iter, save_addr ? READ : WRITE,
-                              *iov, nr_segs, err);
-        return err;
 }
 static int ___sys_sendmsg(struct socket *sock, struct user_msghdr __user *msg,
@@ -1967,7 +1892,7 @@ static int ___sys_sendmsg(struct socket *sock, struct user_msghdr __user *msg,
            __attribute__ ((aligned(sizeof(__kernel_size_t))));
        /* 20 is size of ipv6_pktinfo */
        unsigned char *ctl_buf = ctl;
-        int ctl_len, total_len;
+        int ctl_len;
        ssize_t err;
        msg_sys->msg_name = &address;
@@ -1977,8 +1902,7 @@ static int ___sys_sendmsg(struct socket *sock, struct user_msghdr __user *msg,
        else
                err = copy_msghdr_from_user(msg_sys, msg, NULL, &iov);
        if (err < 0)
-                goto out_freeiov;
+                return err;
-        total_len = err;
        err = -ENOBUFS;
@@ -2025,10 +1949,10 @@ static int ___sys_sendmsg(struct socket *sock, struct user_msghdr __user *msg,
            used_address->name_len == msg_sys->msg_namelen &&
            !memcmp(&used_address->name, msg_sys->msg_name,
                    used_address->name_len)) {
-                err = sock_sendmsg_nosec(sock, msg_sys, total_len);
+                err = sock_sendmsg_nosec(sock, msg_sys);
                goto out_freectl;
        }
-        err = sock_sendmsg(sock, msg_sys, total_len);
+        err = sock_sendmsg(sock, msg_sys);
        /*
         * If this is sendmmsg() and sending to current destination address was
         * successful, remember it.
@@ -2044,8 +1968,7 @@ out_freectl:
        if (ctl_buf != ctl)
                sock_kfree_s(sock->sk, ctl_buf, ctl_len);
 out_freeiov:
-        if (iov != iovstack)
+        kfree(iov);
-                kfree(iov);
        return err;
 }
@@ -2170,8 +2093,8 @@ static int ___sys_recvmsg(struct socket *sock, struct user_msghdr __user *msg,
        else
                err = copy_msghdr_from_user(msg_sys, msg, &uaddr, &iov);
        if (err < 0)
-                goto out_freeiov;
+                return err;
-        total_len = err;
+        total_len = iov_iter_count(&msg_sys->msg_iter);
        cmsg_ptr = (unsigned long)msg_sys->msg_control;
        msg_sys->msg_flags = flags & (MSG_CMSG_CLOEXEC|MSG_CMSG_COMPAT);
@@ -2209,8 +2132,7 @@ static int ___sys_recvmsg(struct socket *sock, struct user_msghdr __user *msg,
        err = len;
 out_freeiov:
-        if (iov != iovstack)
+        kfree(iov);
-                kfree(iov);
        return err;
 }

diff --git a/net/socket.c b/net/socket.c index 245330ca0015..884e32997698 100644 --- a/net/socket.c +++ b/net/socket.c
@@ -140,8 +140,6 @@ static ssize_t sock_splice_read(struct file file, loff_t ppos,
140	static const struct file_operations socket_file_ops = {	140	static const struct file_operations socket_file_ops = {
141	.owner = THIS_MODULE,	141	.owner = THIS_MODULE,
142	.llseek = no_llseek,	142	.llseek = no_llseek,
143	.read = new_sync_read,
144	.write = new_sync_write,
145	.read_iter = sock_read_iter,	143	.read_iter = sock_read_iter,
146	.write_iter = sock_write_iter,	144	.write_iter = sock_write_iter,
147	.poll = sock_poll,	145	.poll = sock_poll,
@@ -314,7 +312,7 @@ static const struct super_operations sockfs_ops = {
314	static char sockfs_dname(struct dentry dentry, char *buffer, int buflen)	312	static char sockfs_dname(struct dentry dentry, char *buffer, int buflen)
315	{	313	{
316	return dynamic_dname(dentry, buffer, buflen, "socket:[%lu]",	314	return dynamic_dname(dentry, buffer, buflen, "socket:[%lu]",
317	dentry->d_inode->i_ino);	315	d_inode(dentry)->i_ino);
318	}	316	}
319		317
320	static const struct dentry_operations sockfs_dentry_operations = {	318	static const struct dentry_operations sockfs_dentry_operations = {
@@ -377,7 +375,7 @@ struct file sock_alloc_file(struct socket sock, int flags, const char *dname)
377	&socket_file_ops);	375	&socket_file_ops);
378	if (unlikely(IS_ERR(file))) {	376	if (unlikely(IS_ERR(file))) {
379	/* drop dentry, keep inode */	377	/* drop dentry, keep inode */
380	ihold(path.dentry->d_inode);	378	ihold(d_inode(path.dentry));
381	path_put(&path);	379	path_put(&path);
382	return file;	380	return file;
383	}	381	}
@@ -499,7 +497,7 @@ static ssize_t sockfs_listxattr(struct dentry dentry, char buffer,
499	ssize_t len;	497	ssize_t len;
500	ssize_t used = 0;	498	ssize_t used = 0;
501		499
502	len = security_inode_listsecurity(dentry->d_inode, buffer, size);	500	len = security_inode_listsecurity(d_inode(dentry), buffer, size);
503	if (len < 0)	501	if (len < 0)
504	return len;	502	return len;
505	used += len;	503	used += len;
@@ -610,60 +608,27 @@ void __sock_tx_timestamp(const struct sock sk, __u8 tx_flags)
610	}	608	}
611	EXPORT_SYMBOL(__sock_tx_timestamp);	609	EXPORT_SYMBOL(__sock_tx_timestamp);
612		610
613	static inline int __sock_sendmsg_nosec(struct kiocb iocb, struct socket sock,	611	static inline int sock_sendmsg_nosec(struct socket sock, struct msghdr msg)
614	struct msghdr *msg, size_t size)
615	{	612	{
616	return sock->ops->sendmsg(iocb, sock, msg, size);	613	int ret = sock->ops->sendmsg(sock, msg, msg_data_left(msg));
617	}	614	BUG_ON(ret == -EIOCBQUEUED);
618
619	static inline int __sock_sendmsg(struct kiocb iocb, struct socket sock,
620	struct msghdr *msg, size_t size)
621	{
622	int err = security_socket_sendmsg(sock, msg, size);
623
624	return err ?: __sock_sendmsg_nosec(iocb, sock, msg, size);
625	}
626
627	static int do_sock_sendmsg(struct socket sock, struct msghdr msg,
628	size_t size, bool nosec)
629	{
630	struct kiocb iocb;
631	int ret;
632
633	init_sync_kiocb(&iocb, NULL);
634	ret = nosec ? __sock_sendmsg_nosec(&iocb, sock, msg, size) :
635	__sock_sendmsg(&iocb, sock, msg, size);
636	if (-EIOCBQUEUED == ret)
637	ret = wait_on_sync_kiocb(&iocb);
638	return ret;	615	return ret;
639	}	616	}
640		617
641	int sock_sendmsg(struct socket sock, struct msghdr msg, size_t size)	618	int sock_sendmsg(struct socket sock, struct msghdr msg)
642	{	619	{
643	return do_sock_sendmsg(sock, msg, size, false);	620	int err = security_socket_sendmsg(sock, msg,
644	}	621	msg_data_left(msg));
645	EXPORT_SYMBOL(sock_sendmsg);
646		622
647	static int sock_sendmsg_nosec(struct socket sock, struct msghdr msg, size_t size)	623	return err ?: sock_sendmsg_nosec(sock, msg);
648	{
649	return do_sock_sendmsg(sock, msg, size, true);
650	}	624	}
		625	EXPORT_SYMBOL(sock_sendmsg);
651		626
652	int kernel_sendmsg(struct socket sock, struct msghdr msg,	627	int kernel_sendmsg(struct socket sock, struct msghdr msg,
653	struct kvec *vec, size_t num, size_t size)	628	struct kvec *vec, size_t num, size_t size)
654	{	629	{
655	mm_segment_t oldfs = get_fs();	630	iov_iter_kvec(&msg->msg_iter, WRITE \| ITER_KVEC, vec, num, size);
656	int result;	631	return sock_sendmsg(sock, msg);
657
658	set_fs(KERNEL_DS);
659	/*
660	* the following is safe, since for compiler definitions of kvec and
661	* iovec are identical, yielding the same in-core layout and alignment
662	*/
663	iov_iter_init(&msg->msg_iter, WRITE, (struct iovec *)vec, num, size);
664	result = sock_sendmsg(sock, msg, size);
665	set_fs(oldfs);
666	return result;
667	}	632	}
668	EXPORT_SYMBOL(kernel_sendmsg);	633	EXPORT_SYMBOL(kernel_sendmsg);
669		634
@@ -731,9 +696,9 @@ EXPORT_SYMBOL_GPL(__sock_recv_wifi_status);
731	static inline void sock_recv_drops(struct msghdr msg, struct sock sk,	696	static inline void sock_recv_drops(struct msghdr msg, struct sock sk,
732	struct sk_buff *skb)	697	struct sk_buff *skb)
733	{	698	{
734	if (sock_flag(sk, SOCK_RXQ_OVFL) && skb && skb->dropcount)	699	if (sock_flag(sk, SOCK_RXQ_OVFL) && skb && SOCK_SKB_CB(skb)->dropcount)
735	put_cmsg(msg, SOL_SOCKET, SO_RXQ_OVFL,	700	put_cmsg(msg, SOL_SOCKET, SO_RXQ_OVFL,
736	sizeof(__u32), &skb->dropcount);	701	sizeof(__u32), &SOCK_SKB_CB(skb)->dropcount);
737	}	702	}
738		703
739	void __sock_recv_ts_and_drops(struct msghdr msg, struct sock sk,	704	void __sock_recv_ts_and_drops(struct msghdr msg, struct sock sk,
@@ -744,47 +709,21 @@ void __sock_recv_ts_and_drops(struct msghdr msg, struct sock sk,
744	}	709	}
745	EXPORT_SYMBOL_GPL(__sock_recv_ts_and_drops);	710	EXPORT_SYMBOL_GPL(__sock_recv_ts_and_drops);
746		711
747	static inline int __sock_recvmsg_nosec(struct kiocb iocb, struct socket sock,	712	static inline int sock_recvmsg_nosec(struct socket sock, struct msghdr msg,
748	struct msghdr *msg, size_t size, int flags)	713	size_t size, int flags)
749	{	714	{
750	return sock->ops->recvmsg(iocb, sock, msg, size, flags);	715	return sock->ops->recvmsg(sock, msg, size, flags);
751	}	716	}
752		717
753	static inline int __sock_recvmsg(struct kiocb iocb, struct socket sock,	718	int sock_recvmsg(struct socket sock, struct msghdr msg, size_t size,
754	struct msghdr *msg, size_t size, int flags)	719	int flags)
755	{	720	{
756	int err = security_socket_recvmsg(sock, msg, size, flags);	721	int err = security_socket_recvmsg(sock, msg, size, flags);
757		722
758	return err ?: __sock_recvmsg_nosec(iocb, sock, msg, size, flags);	723	return err ?: sock_recvmsg_nosec(sock, msg, size, flags);
759	}
760
761	int sock_recvmsg(struct socket sock, struct msghdr msg,
762	size_t size, int flags)
763	{
764	struct kiocb iocb;
765	int ret;
766
767	init_sync_kiocb(&iocb, NULL);
768	ret = __sock_recvmsg(&iocb, sock, msg, size, flags);
769	if (-EIOCBQUEUED == ret)
770	ret = wait_on_sync_kiocb(&iocb);
771	return ret;
772	}	724	}
773	EXPORT_SYMBOL(sock_recvmsg);	725	EXPORT_SYMBOL(sock_recvmsg);
774		726
775	static int sock_recvmsg_nosec(struct socket sock, struct msghdr msg,
776	size_t size, int flags)
777	{
778	struct kiocb iocb;
779	int ret;
780
781	init_sync_kiocb(&iocb, NULL);
782	ret = __sock_recvmsg_nosec(&iocb, sock, msg, size, flags);
783	if (-EIOCBQUEUED == ret)
784	ret = wait_on_sync_kiocb(&iocb);
785	return ret;
786	}
787
788	/**	727	/**
789	* kernel_recvmsg - Receive a message from a socket (kernel space)	728	* kernel_recvmsg - Receive a message from a socket (kernel space)
790	* @sock: The socket to receive the message from	729	* @sock: The socket to receive the message from
@@ -806,12 +745,8 @@ int kernel_recvmsg(struct socket sock, struct msghdr msg,
806	mm_segment_t oldfs = get_fs();	745	mm_segment_t oldfs = get_fs();
807	int result;	746	int result;
808		747
		748	iov_iter_kvec(&msg->msg_iter, READ \| ITER_KVEC, vec, num, size);
809	set_fs(KERNEL_DS);	749	set_fs(KERNEL_DS);
810	/*
811	* the following is safe, since for compiler definitions of kvec and
812	* iovec are identical, yielding the same in-core layout and alignment
813	*/
814	iov_iter_init(&msg->msg_iter, READ, (struct iovec *)vec, num, size);
815	result = sock_recvmsg(sock, msg, size, flags);	750	result = sock_recvmsg(sock, msg, size, flags);
816	set_fs(oldfs);	751	set_fs(oldfs);
817	return result;	752	return result;
@@ -849,7 +784,8 @@ static ssize_t sock_read_iter(struct kiocb iocb, struct iov_iter to)
849	{	784	{
850	struct file *file = iocb->ki_filp;	785	struct file *file = iocb->ki_filp;
851	struct socket *sock = file->private_data;	786	struct socket *sock = file->private_data;
852	struct msghdr msg = {.msg_iter = *to};	787	struct msghdr msg = {.msg_iter = *to,
		788	.msg_iocb = iocb};
853	ssize_t res;	789	ssize_t res;
854		790
855	if (file->f_flags & O_NONBLOCK)	791	if (file->f_flags & O_NONBLOCK)
@@ -858,11 +794,10 @@ static ssize_t sock_read_iter(struct kiocb iocb, struct iov_iter to)
858	if (iocb->ki_pos != 0)	794	if (iocb->ki_pos != 0)
859	return -ESPIPE;	795	return -ESPIPE;
860		796
861	if (iocb->ki_nbytes == 0) /* Match SYS5 behaviour */	797	if (!iov_iter_count(to)) /* Match SYS5 behaviour */
862	return 0;	798	return 0;
863		799
864	res = __sock_recvmsg(iocb, sock, &msg,	800	res = sock_recvmsg(sock, &msg, iov_iter_count(to), msg.msg_flags);
865	iocb->ki_nbytes, msg.msg_flags);
866	*to = msg.msg_iter;	801	*to = msg.msg_iter;
867	return res;	802	return res;
868	}	803	}
@@ -871,7 +806,8 @@ static ssize_t sock_write_iter(struct kiocb iocb, struct iov_iter from)
871	{	806	{
872	struct file *file = iocb->ki_filp;	807	struct file *file = iocb->ki_filp;
873	struct socket *sock = file->private_data;	808	struct socket *sock = file->private_data;
874	struct msghdr msg = {.msg_iter = *from};	809	struct msghdr msg = {.msg_iter = *from,
		810	.msg_iocb = iocb};
875	ssize_t res;	811	ssize_t res;
876		812
877	if (iocb->ki_pos != 0)	813	if (iocb->ki_pos != 0)
@@ -883,7 +819,7 @@ static ssize_t sock_write_iter(struct kiocb iocb, struct iov_iter from)
883	if (sock->type == SOCK_SEQPACKET)	819	if (sock->type == SOCK_SEQPACKET)
884	msg.msg_flags \|= MSG_EOR;	820	msg.msg_flags \|= MSG_EOR;
885		821
886	res = __sock_sendmsg(iocb, sock, &msg, iocb->ki_nbytes);	822	res = sock_sendmsg(sock, &msg);
887	*from = msg.msg_iter;	823	*from = msg.msg_iter;
888	return res;	824	return res;
889	}	825	}
@@ -1700,18 +1636,14 @@ SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len,
1700	struct iovec iov;	1636	struct iovec iov;
1701	int fput_needed;	1637	int fput_needed;
1702		1638
1703	if (len > INT_MAX)	1639	err = import_single_range(WRITE, buff, len, &iov, &msg.msg_iter);
1704	len = INT_MAX;	1640	if (unlikely(err))
1705	if (unlikely(!access_ok(VERIFY_READ, buff, len)))	1641	return err;
1706	return -EFAULT;
1707	sock = sockfd_lookup_light(fd, &err, &fput_needed);	1642	sock = sockfd_lookup_light(fd, &err, &fput_needed);
1708	if (!sock)	1643	if (!sock)
1709	goto out;	1644	goto out;
1710		1645
1711	iov.iov_base = buff;
1712	iov.iov_len = len;
1713	msg.msg_name = NULL;	1646	msg.msg_name = NULL;
1714	iov_iter_init(&msg.msg_iter, WRITE, &iov, 1, len);
1715	msg.msg_control = NULL;	1647	msg.msg_control = NULL;
1716	msg.msg_controllen = 0;	1648	msg.msg_controllen = 0;
1717	msg.msg_namelen = 0;	1649	msg.msg_namelen = 0;
@@ -1725,7 +1657,7 @@ SYSCALL_DEFINE6(sendto, int, fd, void __user *, buff, size_t, len,
1725	if (sock->file->f_flags & O_NONBLOCK)	1657	if (sock->file->f_flags & O_NONBLOCK)
1726	flags \|= MSG_DONTWAIT;	1658	flags \|= MSG_DONTWAIT;
1727	msg.msg_flags = flags;	1659	msg.msg_flags = flags;
1728	err = sock_sendmsg(sock, &msg, len);	1660	err = sock_sendmsg(sock, &msg);
1729		1661
1730	out_put:	1662	out_put:
1731	fput_light(sock->file, fput_needed);	1663	fput_light(sock->file, fput_needed);
@@ -1760,26 +1692,22 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
1760	int err, err2;	1692	int err, err2;
1761	int fput_needed;	1693	int fput_needed;
1762		1694
1763	if (size > INT_MAX)	1695	err = import_single_range(READ, ubuf, size, &iov, &msg.msg_iter);
1764	size = INT_MAX;	1696	if (unlikely(err))
1765	if (unlikely(!access_ok(VERIFY_WRITE, ubuf, size)))	1697	return err;
1766	return -EFAULT;
1767	sock = sockfd_lookup_light(fd, &err, &fput_needed);	1698	sock = sockfd_lookup_light(fd, &err, &fput_needed);
1768	if (!sock)	1699	if (!sock)
1769	goto out;	1700	goto out;
1770		1701
1771	msg.msg_control = NULL;	1702	msg.msg_control = NULL;
1772	msg.msg_controllen = 0;	1703	msg.msg_controllen = 0;
1773	iov.iov_len = size;
1774	iov.iov_base = ubuf;
1775	iov_iter_init(&msg.msg_iter, READ, &iov, 1, size);
1776	/* Save some cycles and don't copy the address if not needed */	1704	/* Save some cycles and don't copy the address if not needed */
1777	msg.msg_name = addr ? (struct sockaddr *)&address : NULL;	1705	msg.msg_name = addr ? (struct sockaddr *)&address : NULL;
1778	/* We assume all kernel code knows the size of sockaddr_storage */	1706	/* We assume all kernel code knows the size of sockaddr_storage */
1779	msg.msg_namelen = 0;	1707	msg.msg_namelen = 0;
1780	if (sock->file->f_flags & O_NONBLOCK)	1708	if (sock->file->f_flags & O_NONBLOCK)
1781	flags \|= MSG_DONTWAIT;	1709	flags \|= MSG_DONTWAIT;
1782	err = sock_recvmsg(sock, &msg, size, flags);	1710	err = sock_recvmsg(sock, &msg, iov_iter_count(&msg.msg_iter), flags);
1783		1711
1784	if (err >= 0 && addr != NULL) {	1712	if (err >= 0 && addr != NULL) {
1785	err2 = move_addr_to_user(&address,	1713	err2 = move_addr_to_user(&address,
@@ -1899,10 +1827,10 @@ struct used_address {
1899	unsigned int name_len;	1827	unsigned int name_len;
1900	};	1828	};
1901		1829
1902	static ssize_t copy_msghdr_from_user(struct msghdr *kmsg,	1830	static int copy_msghdr_from_user(struct msghdr *kmsg,
1903	struct user_msghdr __user *umsg,	1831	struct user_msghdr __user *umsg,
1904	struct sockaddr __user **save_addr,	1832	struct sockaddr __user **save_addr,
1905	struct iovec **iov)	1833	struct iovec **iov)
1906	{	1834	{
1907	struct sockaddr __user *uaddr;	1835	struct sockaddr __user *uaddr;
1908	struct iovec __user *uiov;	1836	struct iovec __user *uiov;
@@ -1946,13 +1874,10 @@ static ssize_t copy_msghdr_from_user(struct msghdr *kmsg,
1946	if (nr_segs > UIO_MAXIOV)	1874	if (nr_segs > UIO_MAXIOV)
1947	return -EMSGSIZE;	1875	return -EMSGSIZE;
1948		1876
1949	err = rw_copy_check_uvector(save_addr ? READ : WRITE,	1877	kmsg->msg_iocb = NULL;
1950	uiov, nr_segs,	1878
1951	UIO_FASTIOV, *iov, iov);	1879	return import_iovec(save_addr ? READ : WRITE, uiov, nr_segs,
1952	if (err >= 0)	1880	UIO_FASTIOV, iov, &kmsg->msg_iter);
1953	iov_iter_init(&kmsg->msg_iter, save_addr ? READ : WRITE,
1954	*iov, nr_segs, err);
1955	return err;
1956	}	1881	}
1957		1882
1958	static int ___sys_sendmsg(struct socket sock, struct user_msghdr __user msg,	1883	static int ___sys_sendmsg(struct socket sock, struct user_msghdr __user msg,
@@ -1967,7 +1892,7 @@ static int ___sys_sendmsg(struct socket sock, struct user_msghdr __user msg,
1967	__attribute__ ((aligned(sizeof(__kernel_size_t))));	1892	__attribute__ ((aligned(sizeof(__kernel_size_t))));
1968	/* 20 is size of ipv6_pktinfo */	1893	/* 20 is size of ipv6_pktinfo */
1969	unsigned char *ctl_buf = ctl;	1894	unsigned char *ctl_buf = ctl;
1970	int ctl_len, total_len;	1895	int ctl_len;
1971	ssize_t err;	1896	ssize_t err;
1972		1897
1973	msg_sys->msg_name = &address;	1898	msg_sys->msg_name = &address;
@@ -1977,8 +1902,7 @@ static int ___sys_sendmsg(struct socket sock, struct user_msghdr __user msg,
1977	else	1902	else
1978	err = copy_msghdr_from_user(msg_sys, msg, NULL, &iov);	1903	err = copy_msghdr_from_user(msg_sys, msg, NULL, &iov);
1979	if (err < 0)	1904	if (err < 0)
1980	goto out_freeiov;	1905	return err;
1981	total_len = err;
1982		1906
1983	err = -ENOBUFS;	1907	err = -ENOBUFS;
1984		1908
@@ -2025,10 +1949,10 @@ static int ___sys_sendmsg(struct socket sock, struct user_msghdr __user msg,
2025	used_address->name_len == msg_sys->msg_namelen &&	1949	used_address->name_len == msg_sys->msg_namelen &&
2026	!memcmp(&used_address->name, msg_sys->msg_name,	1950	!memcmp(&used_address->name, msg_sys->msg_name,
2027	used_address->name_len)) {	1951	used_address->name_len)) {
2028	err = sock_sendmsg_nosec(sock, msg_sys, total_len);	1952	err = sock_sendmsg_nosec(sock, msg_sys);
2029	goto out_freectl;	1953	goto out_freectl;
2030	}	1954	}
2031	err = sock_sendmsg(sock, msg_sys, total_len);	1955	err = sock_sendmsg(sock, msg_sys);
2032	/*	1956	/*
2033	* If this is sendmmsg() and sending to current destination address was	1957	* If this is sendmmsg() and sending to current destination address was
2034	* successful, remember it.	1958	* successful, remember it.
@@ -2044,8 +1968,7 @@ out_freectl:
2044	if (ctl_buf != ctl)	1968	if (ctl_buf != ctl)
2045	sock_kfree_s(sock->sk, ctl_buf, ctl_len);	1969	sock_kfree_s(sock->sk, ctl_buf, ctl_len);
2046	out_freeiov:	1970	out_freeiov:
2047	if (iov != iovstack)	1971	kfree(iov);
2048	kfree(iov);
2049	return err;	1972	return err;
2050	}	1973	}
2051		1974
@@ -2170,8 +2093,8 @@ static int ___sys_recvmsg(struct socket sock, struct user_msghdr __user msg,
2170	else	2093	else
2171	err = copy_msghdr_from_user(msg_sys, msg, &uaddr, &iov);	2094	err = copy_msghdr_from_user(msg_sys, msg, &uaddr, &iov);
2172	if (err < 0)	2095	if (err < 0)
2173	goto out_freeiov;	2096	return err;
2174	total_len = err;	2097	total_len = iov_iter_count(&msg_sys->msg_iter);
2175		2098
2176	cmsg_ptr = (unsigned long)msg_sys->msg_control;	2099	cmsg_ptr = (unsigned long)msg_sys->msg_control;
2177	msg_sys->msg_flags = flags & (MSG_CMSG_CLOEXEC\|MSG_CMSG_COMPAT);	2100	msg_sys->msg_flags = flags & (MSG_CMSG_CLOEXEC\|MSG_CMSG_COMPAT);
@@ -2209,8 +2132,7 @@ static int ___sys_recvmsg(struct socket sock, struct user_msghdr __user msg,
2209	err = len;	2132	err = len;
2210		2133
2211	out_freeiov:	2134	out_freeiov:
2212	if (iov != iovstack)	2135	kfree(iov);
2213	kfree(iov);
2214	return err;	2136	return err;
2215	}	2137	}
2216		2138