1 // SPDX-License-Identifier: GPL-2.0-only
3 * 32bit Socket syscall emulation. Based on arch/sparc64/kernel/sys_sparc32.c.
5 * Copyright (C) 2000 VA Linux Co
6 * Copyright (C) 2000 Don Dugger <n0ano@valinux.com>
7 * Copyright (C) 1999 Arun Sharma <arun.sharma@intel.com>
8 * Copyright (C) 1997,1998 Jakub Jelinek (jj@sunsite.mff.cuni.cz)
9 * Copyright (C) 1997 David S. Miller (davem@caip.rutgers.edu)
10 * Copyright (C) 2000 Hewlett-Packard Co.
11 * Copyright (C) 2000 David Mosberger-Tang <davidm@hpl.hp.com>
12 * Copyright (C) 2000,2001 Andi Kleen, SuSE Labs
15 #include <linux/kernel.h>
16 #include <linux/gfp.h>
18 #include <linux/types.h>
19 #include <linux/file.h>
20 #include <linux/icmpv6.h>
21 #include <linux/socket.h>
22 #include <linux/syscalls.h>
23 #include <linux/filter.h>
24 #include <linux/compat.h>
25 #include <linux/security.h>
26 #include <linux/audit.h>
27 #include <linux/export.h>
33 #include <linux/uaccess.h>
34 #include <net/compat.h>
36 int __get_compat_msghdr(struct msghdr *kmsg,
37 struct compat_msghdr __user *umsg,
38 struct sockaddr __user **save_addr,
39 compat_uptr_t *ptr, compat_size_t *len)
41 struct compat_msghdr msg;
44 if (copy_from_user(&msg, umsg, sizeof(*umsg)))
47 kmsg->msg_flags = msg.msg_flags;
48 kmsg->msg_namelen = msg.msg_namelen;
51 kmsg->msg_namelen = 0;
53 if (kmsg->msg_namelen < 0)
56 if (kmsg->msg_namelen > sizeof(struct sockaddr_storage))
57 kmsg->msg_namelen = sizeof(struct sockaddr_storage);
59 kmsg->msg_control_is_user = true;
60 kmsg->msg_control_user = compat_ptr(msg.msg_control);
61 kmsg->msg_controllen = msg.msg_controllen;
64 *save_addr = compat_ptr(msg.msg_name);
66 if (msg.msg_name && kmsg->msg_namelen) {
68 err = move_addr_to_kernel(compat_ptr(msg.msg_name),
75 kmsg->msg_name = NULL;
76 kmsg->msg_namelen = 0;
79 if (msg.msg_iovlen > UIO_MAXIOV)
82 kmsg->msg_iocb = NULL;
84 *len = msg.msg_iovlen;
88 int get_compat_msghdr(struct msghdr *kmsg,
89 struct compat_msghdr __user *umsg,
90 struct sockaddr __user **save_addr,
97 err = __get_compat_msghdr(kmsg, umsg, save_addr, &ptr, &len);
101 err = compat_import_iovec(save_addr ? READ : WRITE, compat_ptr(ptr),
102 len, UIO_FASTIOV, iov, &kmsg->msg_iter);
103 return err < 0 ? err : 0;
107 #define CMSG_COMPAT_ALIGN(len) ALIGN((len), sizeof(s32))
109 #define CMSG_COMPAT_DATA(cmsg) \
110 ((void __user *)((char __user *)(cmsg) + sizeof(struct compat_cmsghdr)))
111 #define CMSG_COMPAT_SPACE(len) \
112 (sizeof(struct compat_cmsghdr) + CMSG_COMPAT_ALIGN(len))
113 #define CMSG_COMPAT_LEN(len) \
114 (sizeof(struct compat_cmsghdr) + (len))
116 #define CMSG_COMPAT_FIRSTHDR(msg) \
117 (((msg)->msg_controllen) >= sizeof(struct compat_cmsghdr) ? \
118 (struct compat_cmsghdr __user *)((msg)->msg_control) : \
119 (struct compat_cmsghdr __user *)NULL)
121 #define CMSG_COMPAT_OK(ucmlen, ucmsg, mhdr) \
122 ((ucmlen) >= sizeof(struct compat_cmsghdr) && \
123 (ucmlen) <= (unsigned long) \
124 ((mhdr)->msg_controllen - \
125 ((char __user *)(ucmsg) - (char __user *)(mhdr)->msg_control_user)))
127 static inline struct compat_cmsghdr __user *cmsg_compat_nxthdr(struct msghdr *msg,
128 struct compat_cmsghdr __user *cmsg, int cmsg_len)
130 char __user *ptr = (char __user *)cmsg + CMSG_COMPAT_ALIGN(cmsg_len);
131 if ((unsigned long)(ptr + 1 - (char __user *)msg->msg_control) >
134 return (struct compat_cmsghdr __user *)ptr;
137 /* There is a lot of hair here because the alignment rules (and
138 * thus placement) of cmsg headers and length are different for
139 * 32-bit apps. -DaveM
141 int cmsghdr_from_user_compat_to_kern(struct msghdr *kmsg, struct sock *sk,
142 unsigned char *stackbuf, int stackbuf_size)
144 struct compat_cmsghdr __user *ucmsg;
145 struct cmsghdr *kcmsg, *kcmsg_base;
146 compat_size_t ucmlen;
147 __kernel_size_t kcmlen, tmp;
150 BUILD_BUG_ON(sizeof(struct compat_cmsghdr) !=
151 CMSG_COMPAT_ALIGN(sizeof(struct compat_cmsghdr)));
154 kcmsg_base = kcmsg = (struct cmsghdr *)stackbuf;
155 ucmsg = CMSG_COMPAT_FIRSTHDR(kmsg);
156 while (ucmsg != NULL) {
157 if (get_user(ucmlen, &ucmsg->cmsg_len))
161 if (!CMSG_COMPAT_OK(ucmlen, ucmsg, kmsg))
164 tmp = ((ucmlen - sizeof(*ucmsg)) + sizeof(struct cmsghdr));
165 tmp = CMSG_ALIGN(tmp);
167 ucmsg = cmsg_compat_nxthdr(kmsg, ucmsg, ucmlen);
172 /* The kcmlen holds the 64-bit version of the control length.
173 * It may not be modified as we do not stick it into the kmsg
174 * until we have successfully copied over all of the data
177 if (kcmlen > stackbuf_size)
178 kcmsg_base = kcmsg = sock_kmalloc(sk, kcmlen, GFP_KERNEL);
182 /* Now copy them over neatly. */
183 memset(kcmsg, 0, kcmlen);
184 ucmsg = CMSG_COMPAT_FIRSTHDR(kmsg);
185 while (ucmsg != NULL) {
186 if (__get_user(ucmlen, &ucmsg->cmsg_len))
188 if (!CMSG_COMPAT_OK(ucmlen, ucmsg, kmsg))
190 tmp = ((ucmlen - sizeof(*ucmsg)) + sizeof(struct cmsghdr));
191 if ((char *)kcmsg_base + kcmlen - (char *)kcmsg < CMSG_ALIGN(tmp))
193 kcmsg->cmsg_len = tmp;
194 tmp = CMSG_ALIGN(tmp);
195 if (__get_user(kcmsg->cmsg_level, &ucmsg->cmsg_level) ||
196 __get_user(kcmsg->cmsg_type, &ucmsg->cmsg_type) ||
197 copy_from_user(CMSG_DATA(kcmsg),
198 CMSG_COMPAT_DATA(ucmsg),
199 (ucmlen - sizeof(*ucmsg))))
203 kcmsg = (struct cmsghdr *)((char *)kcmsg + tmp);
204 ucmsg = cmsg_compat_nxthdr(kmsg, ucmsg, ucmlen);
208 * check the length of messages copied in is the same as the
209 * what we get from the first loop
211 if ((char *)kcmsg - (char *)kcmsg_base != kcmlen)
214 /* Ok, looks like we made it. Hook it up and return success. */
215 kmsg->msg_control = kcmsg_base;
216 kmsg->msg_controllen = kcmlen;
222 if (kcmsg_base != (struct cmsghdr *)stackbuf)
223 sock_kfree_s(sk, kcmsg_base, kcmlen);
227 int put_cmsg_compat(struct msghdr *kmsg, int level, int type, int len, void *data)
229 struct compat_cmsghdr __user *cm = (struct compat_cmsghdr __user *) kmsg->msg_control;
230 struct compat_cmsghdr cmhdr;
231 struct old_timeval32 ctv;
232 struct old_timespec32 cts[3];
235 if (cm == NULL || kmsg->msg_controllen < sizeof(*cm)) {
236 kmsg->msg_flags |= MSG_CTRUNC;
237 return 0; /* XXX: return error? check spec. */
240 if (!COMPAT_USE_64BIT_TIME) {
241 if (level == SOL_SOCKET && type == SO_TIMESTAMP_OLD) {
242 struct __kernel_old_timeval *tv = (struct __kernel_old_timeval *)data;
243 ctv.tv_sec = tv->tv_sec;
244 ctv.tv_usec = tv->tv_usec;
248 if (level == SOL_SOCKET &&
249 (type == SO_TIMESTAMPNS_OLD || type == SO_TIMESTAMPING_OLD)) {
250 int count = type == SO_TIMESTAMPNS_OLD ? 1 : 3;
252 struct __kernel_old_timespec *ts = data;
253 for (i = 0; i < count; i++) {
254 cts[i].tv_sec = ts[i].tv_sec;
255 cts[i].tv_nsec = ts[i].tv_nsec;
258 len = sizeof(cts[0]) * count;
262 cmlen = CMSG_COMPAT_LEN(len);
263 if (kmsg->msg_controllen < cmlen) {
264 kmsg->msg_flags |= MSG_CTRUNC;
265 cmlen = kmsg->msg_controllen;
267 cmhdr.cmsg_level = level;
268 cmhdr.cmsg_type = type;
269 cmhdr.cmsg_len = cmlen;
271 if (copy_to_user(cm, &cmhdr, sizeof cmhdr))
273 if (copy_to_user(CMSG_COMPAT_DATA(cm), data, cmlen - sizeof(struct compat_cmsghdr)))
275 cmlen = CMSG_COMPAT_SPACE(len);
276 if (kmsg->msg_controllen < cmlen)
277 cmlen = kmsg->msg_controllen;
278 kmsg->msg_control += cmlen;
279 kmsg->msg_controllen -= cmlen;
283 void scm_detach_fds_compat(struct msghdr *kmsg, struct scm_cookie *scm)
285 struct compat_cmsghdr __user *cm = (struct compat_cmsghdr __user *) kmsg->msg_control;
286 int fdmax = (kmsg->msg_controllen - sizeof(struct compat_cmsghdr)) / sizeof(int);
287 int fdnum = scm->fp->count;
288 struct file **fp = scm->fp->fp;
295 for (i = 0, cmfptr = (int __user *) CMSG_COMPAT_DATA(cm); i < fdmax; i++, cmfptr++) {
297 err = security_file_receive(fp[i]);
300 err = get_unused_fd_flags(MSG_CMSG_CLOEXEC & kmsg->msg_flags
305 err = put_user(new_fd, cmfptr);
307 put_unused_fd(new_fd);
310 /* Bump the usage count and install the file. */
311 fd_install(new_fd, get_file(fp[i]));
315 int cmlen = CMSG_COMPAT_LEN(i * sizeof(int));
316 err = put_user(SOL_SOCKET, &cm->cmsg_level);
318 err = put_user(SCM_RIGHTS, &cm->cmsg_type);
320 err = put_user(cmlen, &cm->cmsg_len);
322 cmlen = CMSG_COMPAT_SPACE(i * sizeof(int));
323 kmsg->msg_control += cmlen;
324 kmsg->msg_controllen -= cmlen;
328 kmsg->msg_flags |= MSG_CTRUNC;
331 * All of the files that fit in the message have had their
332 * usage counts incremented, so we just free the list.
337 /* allocate a 64-bit sock_fprog on the user stack for duration of syscall. */
338 struct sock_fprog __user *get_compat_bpf_fprog(char __user *optval)
340 struct compat_sock_fprog __user *fprog32 = (struct compat_sock_fprog __user *)optval;
341 struct sock_fprog __user *kfprog = compat_alloc_user_space(sizeof(struct sock_fprog));
342 struct compat_sock_fprog f32;
345 if (copy_from_user(&f32, fprog32, sizeof(*fprog32)))
347 memset(&f, 0, sizeof(f));
349 f.filter = compat_ptr(f32.filter);
350 if (copy_to_user(kfprog, &f, sizeof(struct sock_fprog)))
355 EXPORT_SYMBOL_GPL(get_compat_bpf_fprog);
357 static int do_set_attach_filter(struct socket *sock, int level, int optname,
358 char __user *optval, unsigned int optlen)
360 struct sock_fprog __user *kfprog;
362 kfprog = get_compat_bpf_fprog(optval);
366 return sock_setsockopt(sock, level, optname, (char __user *)kfprog,
367 sizeof(struct sock_fprog));
370 static int compat_sock_setsockopt(struct socket *sock, int level, int optname,
371 char __user *optval, unsigned int optlen)
373 if (optname == SO_ATTACH_FILTER ||
374 optname == SO_ATTACH_REUSEPORT_CBPF)
375 return do_set_attach_filter(sock, level, optname,
377 return sock_setsockopt(sock, level, optname, optval, optlen);
380 static int __compat_sys_setsockopt(int fd, int level, int optname,
381 char __user *optval, unsigned int optlen)
386 if (optlen > INT_MAX)
389 sock = sockfd_lookup(fd, &err);
391 err = security_socket_setsockopt(sock, level, optname);
397 if (level == SOL_SOCKET)
398 err = compat_sock_setsockopt(sock, level,
399 optname, optval, optlen);
400 else if (sock->ops->compat_setsockopt)
401 err = sock->ops->compat_setsockopt(sock, level,
402 optname, optval, optlen);
404 err = sock->ops->setsockopt(sock, level,
405 optname, optval, optlen);
411 COMPAT_SYSCALL_DEFINE5(setsockopt, int, fd, int, level, int, optname,
412 char __user *, optval, unsigned int, optlen)
414 return __compat_sys_setsockopt(fd, level, optname, optval, optlen);
417 static int __compat_sys_getsockopt(int fd, int level, int optname,
422 struct socket *sock = sockfd_lookup(fd, &err);
425 err = security_socket_getsockopt(sock, level, optname);
431 if (level == SOL_SOCKET)
432 err = sock_getsockopt(sock, level,
433 optname, optval, optlen);
434 else if (sock->ops->compat_getsockopt)
435 err = sock->ops->compat_getsockopt(sock, level,
436 optname, optval, optlen);
438 err = sock->ops->getsockopt(sock, level,
439 optname, optval, optlen);
445 COMPAT_SYSCALL_DEFINE5(getsockopt, int, fd, int, level, int, optname,
446 char __user *, optval, int __user *, optlen)
448 return __compat_sys_getsockopt(fd, level, optname, optval, optlen);
451 #define __COMPAT_GF0_SIZE (sizeof(struct compat_group_filter) - \
452 sizeof(struct __kernel_sockaddr_storage))
454 int compat_mc_setsockopt(struct sock *sock, int level, int optname,
455 char __user *optval, unsigned int optlen,
456 int (*setsockopt)(struct sock *, int, int, char __user *, unsigned int))
458 char __user *koptval = optval;
459 int koptlen = optlen;
462 case MCAST_JOIN_GROUP:
463 case MCAST_LEAVE_GROUP:
465 struct compat_group_req __user *gr32 = (void __user *)optval;
466 struct group_req __user *kgr =
467 compat_alloc_user_space(sizeof(struct group_req));
470 if (!access_ok(gr32, sizeof(*gr32)) ||
471 !access_ok(kgr, sizeof(struct group_req)) ||
472 __get_user(interface, &gr32->gr_interface) ||
473 __put_user(interface, &kgr->gr_interface) ||
474 copy_in_user(&kgr->gr_group, &gr32->gr_group,
475 sizeof(kgr->gr_group)))
477 koptval = (char __user *)kgr;
478 koptlen = sizeof(struct group_req);
481 case MCAST_JOIN_SOURCE_GROUP:
482 case MCAST_LEAVE_SOURCE_GROUP:
483 case MCAST_BLOCK_SOURCE:
484 case MCAST_UNBLOCK_SOURCE:
486 struct compat_group_source_req __user *gsr32 = (void __user *)optval;
487 struct group_source_req __user *kgsr = compat_alloc_user_space(
488 sizeof(struct group_source_req));
491 if (!access_ok(gsr32, sizeof(*gsr32)) ||
493 sizeof(struct group_source_req)) ||
494 __get_user(interface, &gsr32->gsr_interface) ||
495 __put_user(interface, &kgsr->gsr_interface) ||
496 copy_in_user(&kgsr->gsr_group, &gsr32->gsr_group,
497 sizeof(kgsr->gsr_group)) ||
498 copy_in_user(&kgsr->gsr_source, &gsr32->gsr_source,
499 sizeof(kgsr->gsr_source)))
501 koptval = (char __user *)kgsr;
502 koptlen = sizeof(struct group_source_req);
507 struct compat_group_filter __user *gf32 = (void __user *)optval;
508 struct group_filter __user *kgf;
509 u32 interface, fmode, numsrc;
511 if (!access_ok(gf32, __COMPAT_GF0_SIZE) ||
512 __get_user(interface, &gf32->gf_interface) ||
513 __get_user(fmode, &gf32->gf_fmode) ||
514 __get_user(numsrc, &gf32->gf_numsrc))
516 koptlen = optlen + sizeof(struct group_filter) -
517 sizeof(struct compat_group_filter);
518 if (koptlen < GROUP_FILTER_SIZE(numsrc))
520 kgf = compat_alloc_user_space(koptlen);
521 if (!access_ok(kgf, koptlen) ||
522 __put_user(interface, &kgf->gf_interface) ||
523 __put_user(fmode, &kgf->gf_fmode) ||
524 __put_user(numsrc, &kgf->gf_numsrc) ||
525 copy_in_user(&kgf->gf_group, &gf32->gf_group,
526 sizeof(kgf->gf_group)) ||
527 (numsrc && copy_in_user(kgf->gf_slist, gf32->gf_slist,
528 numsrc * sizeof(kgf->gf_slist[0]))))
530 koptval = (char __user *)kgf;
537 return setsockopt(sock, level, optname, koptval, koptlen);
539 EXPORT_SYMBOL(compat_mc_setsockopt);
541 /* Argument list sizes for compat_sys_socketcall */
542 #define AL(x) ((x) * sizeof(u32))
543 static unsigned char nas[21] = {
544 AL(0), AL(3), AL(3), AL(3), AL(2), AL(3),
545 AL(3), AL(3), AL(4), AL(4), AL(4), AL(6),
546 AL(6), AL(2), AL(5), AL(5), AL(3), AL(3),
551 static inline long __compat_sys_sendmsg(int fd,
552 struct compat_msghdr __user *msg,
555 return __sys_sendmsg(fd, (struct user_msghdr __user *)msg,
556 flags | MSG_CMSG_COMPAT, false);
559 COMPAT_SYSCALL_DEFINE3(sendmsg, int, fd, struct compat_msghdr __user *, msg,
562 return __compat_sys_sendmsg(fd, msg, flags);
565 static inline long __compat_sys_sendmmsg(int fd,
566 struct compat_mmsghdr __user *mmsg,
567 unsigned int vlen, unsigned int flags)
569 return __sys_sendmmsg(fd, (struct mmsghdr __user *)mmsg, vlen,
570 flags | MSG_CMSG_COMPAT, false);
573 COMPAT_SYSCALL_DEFINE4(sendmmsg, int, fd, struct compat_mmsghdr __user *, mmsg,
574 unsigned int, vlen, unsigned int, flags)
576 return __compat_sys_sendmmsg(fd, mmsg, vlen, flags);
579 static inline long __compat_sys_recvmsg(int fd,
580 struct compat_msghdr __user *msg,
583 return __sys_recvmsg(fd, (struct user_msghdr __user *)msg,
584 flags | MSG_CMSG_COMPAT, false);
587 COMPAT_SYSCALL_DEFINE3(recvmsg, int, fd, struct compat_msghdr __user *, msg,
590 return __compat_sys_recvmsg(fd, msg, flags);
593 static inline long __compat_sys_recvfrom(int fd, void __user *buf,
594 compat_size_t len, unsigned int flags,
595 struct sockaddr __user *addr,
598 return __sys_recvfrom(fd, buf, len, flags | MSG_CMSG_COMPAT, addr,
602 COMPAT_SYSCALL_DEFINE4(recv, int, fd, void __user *, buf, compat_size_t, len, unsigned int, flags)
604 return __compat_sys_recvfrom(fd, buf, len, flags, NULL, NULL);
607 COMPAT_SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, buf, compat_size_t, len,
608 unsigned int, flags, struct sockaddr __user *, addr,
609 int __user *, addrlen)
611 return __compat_sys_recvfrom(fd, buf, len, flags, addr, addrlen);
614 COMPAT_SYSCALL_DEFINE5(recvmmsg_time64, int, fd, struct compat_mmsghdr __user *, mmsg,
615 unsigned int, vlen, unsigned int, flags,
616 struct __kernel_timespec __user *, timeout)
618 return __sys_recvmmsg(fd, (struct mmsghdr __user *)mmsg, vlen,
619 flags | MSG_CMSG_COMPAT, timeout, NULL);
622 #ifdef CONFIG_COMPAT_32BIT_TIME
623 COMPAT_SYSCALL_DEFINE5(recvmmsg_time32, int, fd, struct compat_mmsghdr __user *, mmsg,
624 unsigned int, vlen, unsigned int, flags,
625 struct old_timespec32 __user *, timeout)
627 return __sys_recvmmsg(fd, (struct mmsghdr __user *)mmsg, vlen,
628 flags | MSG_CMSG_COMPAT, NULL, timeout);
632 COMPAT_SYSCALL_DEFINE2(socketcall, int, call, u32 __user *, args)
639 if (call < SYS_SOCKET || call > SYS_SENDMMSG)
645 if (copy_from_user(a, args, len))
648 ret = audit_socketcall_compat(len / sizeof(a[0]), a);
657 ret = __sys_socket(a0, a1, a[2]);
660 ret = __sys_bind(a0, compat_ptr(a1), a[2]);
663 ret = __sys_connect(a0, compat_ptr(a1), a[2]);
666 ret = __sys_listen(a0, a1);
669 ret = __sys_accept4(a0, compat_ptr(a1), compat_ptr(a[2]), 0);
671 case SYS_GETSOCKNAME:
672 ret = __sys_getsockname(a0, compat_ptr(a1), compat_ptr(a[2]));
674 case SYS_GETPEERNAME:
675 ret = __sys_getpeername(a0, compat_ptr(a1), compat_ptr(a[2]));
678 ret = __sys_socketpair(a0, a1, a[2], compat_ptr(a[3]));
681 ret = __sys_sendto(a0, compat_ptr(a1), a[2], a[3], NULL, 0);
684 ret = __sys_sendto(a0, compat_ptr(a1), a[2], a[3],
685 compat_ptr(a[4]), a[5]);
688 ret = __compat_sys_recvfrom(a0, compat_ptr(a1), a[2], a[3],
692 ret = __compat_sys_recvfrom(a0, compat_ptr(a1), a[2], a[3],
697 ret = __sys_shutdown(a0, a1);
700 ret = __compat_sys_setsockopt(a0, a1, a[2],
701 compat_ptr(a[3]), a[4]);
704 ret = __compat_sys_getsockopt(a0, a1, a[2],
709 ret = __compat_sys_sendmsg(a0, compat_ptr(a1), a[2]);
712 ret = __compat_sys_sendmmsg(a0, compat_ptr(a1), a[2], a[3]);
715 ret = __compat_sys_recvmsg(a0, compat_ptr(a1), a[2]);
718 ret = __sys_recvmmsg(a0, compat_ptr(a1), a[2],
719 a[3] | MSG_CMSG_COMPAT, NULL,
723 ret = __sys_accept4(a0, compat_ptr(a1), compat_ptr(a[2]), a[3]);