License cleanup: add SPDX GPL-2.0 license identifier to files with no license
Many source files in the tree are missing licensing information, which
makes it harder for compliance tools to determine the correct license.
By default all files without license information are under the default
license of the kernel, which is GPL version 2.
Update the files which contain no license information with the 'GPL-2.0'
SPDX license identifier. The SPDX identifier is a legally binding
shorthand, which can be used instead of the full boiler plate text.
This patch is based on work done by Thomas Gleixner and Kate Stewart and
Philippe Ombredanne.
How this work was done:
Patches were generated and checked against linux-4.14-rc6 for a subset of
the use cases:
- file had no licensing information it it.
- file was a */uapi/* one with no licensing information in it,
- file was a */uapi/* one with existing licensing information,
Further patches will be generated in subsequent months to fix up cases
where non-standard license headers were used, and references to license
had to be inferred by heuristics based on keywords.
The analysis to determine which SPDX License Identifier to be applied to
a file was done in a spreadsheet of side by side results from of the
output of two independent scanners (ScanCode & Windriver) producing SPDX
tag:value files created by Philippe Ombredanne. Philippe prepared the
base worksheet, and did an initial spot review of a few 1000 files.
The 4.13 kernel was the starting point of the analysis with 60,537 files
assessed. Kate Stewart did a file by file comparison of the scanner
results in the spreadsheet to determine which SPDX license identifier(s)
to be applied to the file. She confirmed any determination that was not
immediately clear with lawyers working with the Linux Foundation.
Criteria used to select files for SPDX license identifier tagging was:
- Files considered eligible had to be source code files.
- Make and config files were included as candidates if they contained >5
lines of source
- File already had some variant of a license header in it (even if <5
lines).
All documentation files were explicitly excluded.
The following heuristics were used to determine which SPDX license
identifiers to apply.
- when both scanners couldn't find any license traces, file was
considered to have no license information in it, and the top level
COPYING file license applied.
For non */uapi/* files that summary was:
SPDX license identifier # files
---------------------------------------------------|-------
GPL-2.0 11139
and resulted in the first patch in this series.
If that file was a */uapi/* path one, it was "GPL-2.0 WITH
Linux-syscall-note" otherwise it was "GPL-2.0". Results of that was:
SPDX license identifier # files
---------------------------------------------------|-------
GPL-2.0 WITH Linux-syscall-note 930
and resulted in the second patch in this series.
- if a file had some form of licensing information in it, and was one
of the */uapi/* ones, it was denoted with the Linux-syscall-note if
any GPL family license was found in the file or had no licensing in
it (per prior point). Results summary:
SPDX license identifier # files
---------------------------------------------------|------
GPL-2.0 WITH Linux-syscall-note 270
GPL-2.0+ WITH Linux-syscall-note 169
((GPL-2.0 WITH Linux-syscall-note) OR BSD-2-Clause) 21
((GPL-2.0 WITH Linux-syscall-note) OR BSD-3-Clause) 17
LGPL-2.1+ WITH Linux-syscall-note 15
GPL-1.0+ WITH Linux-syscall-note 14
((GPL-2.0+ WITH Linux-syscall-note) OR BSD-3-Clause) 5
LGPL-2.0+ WITH Linux-syscall-note 4
LGPL-2.1 WITH Linux-syscall-note 3
((GPL-2.0 WITH Linux-syscall-note) OR MIT) 3
((GPL-2.0 WITH Linux-syscall-note) AND MIT) 1
and that resulted in the third patch in this series.
- when the two scanners agreed on the detected license(s), that became
the concluded license(s).
- when there was disagreement between the two scanners (one detected a
license but the other didn't, or they both detected different
licenses) a manual inspection of the file occurred.
- In most cases a manual inspection of the information in the file
resulted in a clear resolution of the license that should apply (and
which scanner probably needed to revisit its heuristics).
- When it was not immediately clear, the license identifier was
confirmed with lawyers working with the Linux Foundation.
- If there was any question as to the appropriate license identifier,
the file was flagged for further research and to be revisited later
in time.
In total, over 70 hours of logged manual review was done on the
spreadsheet to determine the SPDX license identifiers to apply to the
source files by Kate, Philippe, Thomas and, in some cases, confirmation
by lawyers working with the Linux Foundation.
Kate also obtained a third independent scan of the 4.13 code base from
FOSSology, and compared selected files where the other two scanners
disagreed against that SPDX file, to see if there was new insights. The
Windriver scanner is based on an older version of FOSSology in part, so
they are related.
Thomas did random spot checks in about 500 files from the spreadsheets
for the uapi headers and agreed with SPDX license identifier in the
files he inspected. For the non-uapi files Thomas did random spot checks
in about 15000 files.
In initial set of patches against 4.14-rc6, 3 files were found to have
copy/paste license identifier errors, and have been fixed to reflect the
correct identifier.
Additionally Philippe spent 10 hours this week doing a detailed manual
inspection and review of the 12,461 patched files from the initial patch
version early this week with:
- a full scancode scan run, collecting the matched texts, detected
license ids and scores
- reviewing anything where there was a license detected (about 500+
files) to ensure that the applied SPDX license was correct
- reviewing anything where there was no detection but the patch license
was not GPL-2.0 WITH Linux-syscall-note to ensure that the applied
SPDX license was correct
This produced a worksheet with 20 files needing minor correction. This
worksheet was then exported into 3 different .csv files for the
different types of files to be modified.
These .csv files were then reviewed by Greg. Thomas wrote a script to
parse the csv files and add the proper SPDX tag to the file, in the
format that the file expected. This script was further refined by Greg
based on the output to detect more types of files automatically and to
distinguish between header and source .c files (which need different
comment types.) Finally Greg ran the script using the .csv files to
generate the patches.
Reviewed-by: Kate Stewart <kstewart@linuxfoundation.org>
Reviewed-by: Philippe Ombredanne <pombredanne@nexb.com>
Reviewed-by: Thomas Gleixner <tglx@linutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2017-11-01 15:07:57 +01:00
|
|
|
/* SPDX-License-Identifier: GPL-2.0 */
|
2005-04-16 15:20:36 -07:00
|
|
|
#ifndef _LINUX_SOCKET_H
|
|
|
|
#define _LINUX_SOCKET_H
|
|
|
|
|
|
|
|
|
|
|
|
#include <asm/socket.h> /* arch-dependent defines */
|
|
|
|
#include <linux/sockios.h> /* the SIOCxxx I/O controls */
|
|
|
|
#include <linux/uio.h> /* iovec support */
|
|
|
|
#include <linux/types.h> /* pid_t */
|
|
|
|
#include <linux/compiler.h> /* __user */
|
2012-10-13 10:46:48 +01:00
|
|
|
#include <uapi/linux/socket.h>
|
2005-04-16 15:20:36 -07:00
|
|
|
|
2020-06-12 16:57:37 +10:00
|
|
|
struct file;
|
2010-06-13 03:28:59 +00:00
|
|
|
struct pid;
|
|
|
|
struct cred;
|
2019-04-19 13:34:07 -06:00
|
|
|
struct socket;
|
2022-07-12 21:52:30 +01:00
|
|
|
struct sock;
|
|
|
|
struct sk_buff;
|
2010-06-13 03:28:59 +00:00
|
|
|
|
2009-10-29 02:59:18 -07:00
|
|
|
#define __sockaddr_check_size(size) \
|
|
|
|
BUILD_BUG_ON(((size) > sizeof(struct __kernel_sockaddr_storage)))
|
|
|
|
|
2011-01-06 11:41:42 -08:00
|
|
|
#ifdef CONFIG_PROC_FS
|
2005-08-16 02:18:02 -03:00
|
|
|
struct seq_file;
|
|
|
|
extern void socket_seq_show(struct seq_file *seq);
|
2011-01-06 11:41:42 -08:00
|
|
|
#endif
|
2005-08-16 02:18:02 -03:00
|
|
|
|
2011-08-07 22:48:07 -07:00
|
|
|
typedef __kernel_sa_family_t sa_family_t;
|
2005-04-16 15:20:36 -07:00
|
|
|
|
|
|
|
/*
|
|
|
|
* 1003.1g requires sa_family_t and that sa_data is char.
|
|
|
|
*/
|
2019-03-14 10:45:23 -03:00
|
|
|
|
2005-04-16 15:20:36 -07:00
|
|
|
struct sockaddr {
|
|
|
|
sa_family_t sa_family; /* address family, AF_xxx */
|
net: dev: Convert sa_data to flexible array in struct sockaddr
One of the worst offenders of "fake flexible arrays" is struct sockaddr,
as it is the classic example of why GCC and Clang have been traditionally
forced to treat all trailing arrays as fake flexible arrays: in the
distant misty past, sa_data became too small, and code started just
treating it as a flexible array, even though it was fixed-size. The
special case by the compiler is specifically that sizeof(sa->sa_data)
and FORTIFY_SOURCE (which uses __builtin_object_size(sa->sa_data, 1))
do not agree (14 and -1 respectively), which makes FORTIFY_SOURCE treat
it as a flexible array.
However, the coming -fstrict-flex-arrays compiler flag will remove
these special cases so that FORTIFY_SOURCE can gain coverage over all
the trailing arrays in the kernel that are _not_ supposed to be treated
as a flexible array. To deal with this change, convert sa_data to a true
flexible array. To keep the structure size the same, move sa_data into
a union with a newly introduced sa_data_min with the original size. The
result is that FORTIFY_SOURCE can continue to have no idea how large
sa_data may actually be, but anything using sizeof(sa->sa_data) must
switch to sizeof(sa->sa_data_min).
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Pavel Begunkov <asml.silence@gmail.com>
Cc: David Ahern <dsahern@kernel.org>
Cc: Dylan Yudaken <dylany@fb.com>
Cc: Yajun Deng <yajun.deng@linux.dev>
Cc: Petr Machata <petrm@nvidia.com>
Cc: Hangbin Liu <liuhangbin@gmail.com>
Cc: Leon Romanovsky <leon@kernel.org>
Cc: syzbot <syzkaller@googlegroups.com>
Cc: Willem de Bruijn <willemb@google.com>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: Kees Cook <keescook@chromium.org>
Link: https://lore.kernel.org/r/20221018095503.never.671-kees@kernel.org
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2022-10-18 02:56:03 -07:00
|
|
|
union {
|
|
|
|
char sa_data_min[14]; /* Minimum 14 bytes of protocol address */
|
|
|
|
DECLARE_FLEX_ARRAY(char, sa_data);
|
|
|
|
};
|
2005-04-16 15:20:36 -07:00
|
|
|
};
|
|
|
|
|
|
|
|
struct linger {
|
|
|
|
int l_onoff; /* Linger active */
|
|
|
|
int l_linger; /* How long to linger for */
|
|
|
|
};
|
|
|
|
|
|
|
|
#define sockaddr_storage __kernel_sockaddr_storage
|
|
|
|
|
|
|
|
/*
|
|
|
|
* As we do 4.4BSD message passing we use a 4.4BSD message passing
|
|
|
|
* system, not 4.3. Thus msg_accrights(len) are now missing. They
|
|
|
|
* belong in an obscure libc emulation or the bin.
|
|
|
|
*/
|
2019-03-14 10:45:23 -03:00
|
|
|
|
2005-04-16 15:20:36 -07:00
|
|
|
struct msghdr {
|
2014-01-22 05:39:46 +01:00
|
|
|
void *msg_name; /* ptr to socket address structure */
|
|
|
|
int msg_namelen; /* size of socket address structure */
|
2022-04-28 18:45:06 -06:00
|
|
|
|
|
|
|
int msg_inq; /* output, data left in socket */
|
|
|
|
|
2014-11-24 10:42:55 -05:00
|
|
|
struct iov_iter msg_iter; /* data */
|
2020-05-11 13:59:13 +02:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Ancillary data. msg_control_user is the user buffer used for the
|
|
|
|
* recv* side when msg_control_is_user is set, msg_control is the kernel
|
|
|
|
* buffer used for all other cases.
|
|
|
|
*/
|
|
|
|
union {
|
|
|
|
void *msg_control;
|
|
|
|
void __user *msg_control_user;
|
|
|
|
};
|
|
|
|
bool msg_control_is_user : 1;
|
2022-04-28 18:45:06 -06:00
|
|
|
bool msg_get_inq : 1;/* return INQ after receive */
|
2014-01-22 05:39:46 +01:00
|
|
|
unsigned int msg_flags; /* flags on received message */
|
2022-04-28 18:45:06 -06:00
|
|
|
__kernel_size_t msg_controllen; /* ancillary data buffer length */
|
2015-03-19 12:31:25 -07:00
|
|
|
struct kiocb *msg_iocb; /* ptr to iocb for async requests */
|
2022-07-12 21:52:29 +01:00
|
|
|
struct ubuf_info *msg_ubuf;
|
2022-07-12 21:52:30 +01:00
|
|
|
int (*sg_from_iter)(struct sock *sk, struct sk_buff *skb,
|
|
|
|
struct iov_iter *from, size_t length);
|
2005-04-16 15:20:36 -07:00
|
|
|
};
|
2019-03-14 10:45:23 -03:00
|
|
|
|
separate kernel- and userland-side msghdr
Kernel-side struct msghdr is (currently) using the same layout as
userland one, but it's not a one-to-one copy - even without considering
32bit compat issues, we have msg_iov, msg_name and msg_control copied
to kernel[1]. It's fairly localized, so we get away with a few functions
where that knowledge is needed (and we could shrink that set even
more). Pretty much everything deals with the kernel-side variant and
the few places that want userland one just use a bunch of force-casts
to paper over the differences.
The thing is, kernel-side definition of struct msghdr is *not* exposed
in include/uapi - libc doesn't see it, etc. So we can add struct user_msghdr,
with proper annotations and let the few places that ever deal with those
beasts use it for userland pointers. Saner typechecking aside, that will
allow to change the layout of kernel-side msghdr - e.g. replace
msg_iov/msg_iovlen there with struct iov_iter, getting rid of the need
to modify the iovec as we copy data to/from it, etc.
We could introduce kernel_msghdr instead, but that would create much more
noise - the absolute majority of the instances would need to have the
type switched to kernel_msghdr and definition of struct msghdr in
include/linux/socket.h is not going to be seen by userland anyway.
This commit just introduces user_msghdr and switches the few places that
are dealing with userland-side msghdr to it.
[1] actually, it's even trickier than that - we copy msg_control for
sendmsg, but keep the userland address on recvmsg.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2014-04-06 14:03:05 -04:00
|
|
|
struct user_msghdr {
|
|
|
|
void __user *msg_name; /* ptr to socket address structure */
|
|
|
|
int msg_namelen; /* size of socket address structure */
|
|
|
|
struct iovec __user *msg_iov; /* scatter/gather array */
|
|
|
|
__kernel_size_t msg_iovlen; /* # elements in msg_iov */
|
|
|
|
void __user *msg_control; /* ancillary data */
|
|
|
|
__kernel_size_t msg_controllen; /* ancillary data buffer length */
|
|
|
|
unsigned int msg_flags; /* flags on received message */
|
|
|
|
};
|
2005-04-16 15:20:36 -07:00
|
|
|
|
2009-10-12 23:40:10 -07:00
|
|
|
/* For recvmmsg/sendmmsg */
|
|
|
|
struct mmsghdr {
|
separate kernel- and userland-side msghdr
Kernel-side struct msghdr is (currently) using the same layout as
userland one, but it's not a one-to-one copy - even without considering
32bit compat issues, we have msg_iov, msg_name and msg_control copied
to kernel[1]. It's fairly localized, so we get away with a few functions
where that knowledge is needed (and we could shrink that set even
more). Pretty much everything deals with the kernel-side variant and
the few places that want userland one just use a bunch of force-casts
to paper over the differences.
The thing is, kernel-side definition of struct msghdr is *not* exposed
in include/uapi - libc doesn't see it, etc. So we can add struct user_msghdr,
with proper annotations and let the few places that ever deal with those
beasts use it for userland pointers. Saner typechecking aside, that will
allow to change the layout of kernel-side msghdr - e.g. replace
msg_iov/msg_iovlen there with struct iov_iter, getting rid of the need
to modify the iovec as we copy data to/from it, etc.
We could introduce kernel_msghdr instead, but that would create much more
noise - the absolute majority of the instances would need to have the
type switched to kernel_msghdr and definition of struct msghdr in
include/linux/socket.h is not going to be seen by userland anyway.
This commit just introduces user_msghdr and switches the few places that
are dealing with userland-side msghdr to it.
[1] actually, it's even trickier than that - we copy msg_control for
sendmsg, but keep the userland address on recvmsg.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
2014-04-06 14:03:05 -04:00
|
|
|
struct user_msghdr msg_hdr;
|
2012-04-15 05:58:06 +00:00
|
|
|
unsigned int msg_len;
|
2009-10-12 23:40:10 -07:00
|
|
|
};
|
|
|
|
|
2005-04-16 15:20:36 -07:00
|
|
|
/*
|
|
|
|
* POSIX 1003.1g - ancillary data object information
|
2021-04-26 09:44:47 -03:00
|
|
|
* Ancillary data consists of a sequence of pairs of
|
2005-04-16 15:20:36 -07:00
|
|
|
* (cmsghdr, cmsg_data[])
|
|
|
|
*/
|
|
|
|
|
|
|
|
struct cmsghdr {
|
|
|
|
__kernel_size_t cmsg_len; /* data byte count, including hdr */
|
|
|
|
int cmsg_level; /* originating protocol */
|
|
|
|
int cmsg_type; /* protocol-specific type */
|
|
|
|
};
|
|
|
|
|
|
|
|
/*
|
2011-03-30 22:57:33 -03:00
|
|
|
* Ancillary data object information MACROS
|
2005-04-16 15:20:36 -07:00
|
|
|
* Table 5-14 of POSIX 1003.1g
|
|
|
|
*/
|
|
|
|
|
|
|
|
#define __CMSG_NXTHDR(ctl, len, cmsg) __cmsg_nxthdr((ctl),(len),(cmsg))
|
|
|
|
#define CMSG_NXTHDR(mhdr, cmsg) cmsg_nxthdr((mhdr), (cmsg))
|
|
|
|
|
|
|
|
#define CMSG_ALIGN(len) ( ((len)+sizeof(long)-1) & ~(sizeof(long)-1) )
|
|
|
|
|
2020-05-11 13:59:11 +02:00
|
|
|
#define CMSG_DATA(cmsg) \
|
|
|
|
((void *)(cmsg) + sizeof(struct cmsghdr))
|
|
|
|
#define CMSG_USER_DATA(cmsg) \
|
|
|
|
((void __user *)(cmsg) + sizeof(struct cmsghdr))
|
2017-01-03 20:42:17 +08:00
|
|
|
#define CMSG_SPACE(len) (sizeof(struct cmsghdr) + CMSG_ALIGN(len))
|
|
|
|
#define CMSG_LEN(len) (sizeof(struct cmsghdr) + (len))
|
2005-04-16 15:20:36 -07:00
|
|
|
|
|
|
|
#define __CMSG_FIRSTHDR(ctl,len) ((len) >= sizeof(struct cmsghdr) ? \
|
|
|
|
(struct cmsghdr *)(ctl) : \
|
|
|
|
(struct cmsghdr *)NULL)
|
|
|
|
#define CMSG_FIRSTHDR(msg) __CMSG_FIRSTHDR((msg)->msg_control, (msg)->msg_controllen)
|
|
|
|
#define CMSG_OK(mhdr, cmsg) ((cmsg)->cmsg_len >= sizeof(struct cmsghdr) && \
|
|
|
|
(cmsg)->cmsg_len <= (unsigned long) \
|
|
|
|
((mhdr)->msg_controllen - \
|
|
|
|
((char *)(cmsg) - (char *)(mhdr)->msg_control)))
|
2014-12-11 11:22:04 +08:00
|
|
|
#define for_each_cmsghdr(cmsg, msg) \
|
|
|
|
for (cmsg = CMSG_FIRSTHDR(msg); \
|
|
|
|
cmsg; \
|
|
|
|
cmsg = CMSG_NXTHDR(msg, cmsg))
|
2005-04-16 15:20:36 -07:00
|
|
|
|
|
|
|
/*
|
|
|
|
* Get the next cmsg header
|
|
|
|
*
|
|
|
|
* PLEASE, do not touch this function. If you think, that it is
|
|
|
|
* incorrect, grep kernel sources and think about consequences
|
|
|
|
* before trying to improve it.
|
|
|
|
*
|
|
|
|
* Now it always returns valid, not truncated ancillary object
|
|
|
|
* HEADER. But caller still MUST check, that cmsg->cmsg_len is
|
|
|
|
* inside range, given by msg->msg_controllen before using
|
|
|
|
* ancillary object DATA. --ANK (980731)
|
|
|
|
*/
|
2019-03-14 10:45:23 -03:00
|
|
|
|
2009-10-05 00:24:36 -07:00
|
|
|
static inline struct cmsghdr * __cmsg_nxthdr(void *__ctl, __kernel_size_t __size,
|
2005-04-16 15:20:36 -07:00
|
|
|
struct cmsghdr *__cmsg)
|
|
|
|
{
|
|
|
|
struct cmsghdr * __ptr;
|
|
|
|
|
|
|
|
__ptr = (struct cmsghdr*)(((unsigned char *) __cmsg) + CMSG_ALIGN(__cmsg->cmsg_len));
|
|
|
|
if ((unsigned long)((char*)(__ptr+1) - (char *) __ctl) > __size)
|
|
|
|
return (struct cmsghdr *)0;
|
|
|
|
|
|
|
|
return __ptr;
|
|
|
|
}
|
|
|
|
|
2009-10-05 00:24:36 -07:00
|
|
|
static inline struct cmsghdr * cmsg_nxthdr (struct msghdr *__msg, struct cmsghdr *__cmsg)
|
2005-04-16 15:20:36 -07:00
|
|
|
{
|
|
|
|
return __cmsg_nxthdr(__msg->msg_control, __msg->msg_controllen, __cmsg);
|
|
|
|
}
|
|
|
|
|
2014-12-15 21:39:31 -05:00
|
|
|
static inline size_t msg_data_left(struct msghdr *msg)
|
|
|
|
{
|
|
|
|
return iov_iter_count(&msg->msg_iter);
|
|
|
|
}
|
|
|
|
|
2005-04-16 15:20:36 -07:00
|
|
|
/* "Socket"-level control message types: */
|
|
|
|
|
|
|
|
#define SCM_RIGHTS 0x01 /* rw: access rights (array of int) */
|
|
|
|
#define SCM_CREDENTIALS 0x02 /* rw: struct ucred */
|
[SECURITY]: TCP/UDP getpeersec
This patch implements an application of the LSM-IPSec networking
controls whereby an application can determine the label of the
security association its TCP or UDP sockets are currently connected to
via getsockopt and the auxiliary data mechanism of recvmsg.
Patch purpose:
This patch enables a security-aware application to retrieve the
security context of an IPSec security association a particular TCP or
UDP socket is using. The application can then use this security
context to determine the security context for processing on behalf of
the peer at the other end of this connection. In the case of UDP, the
security context is for each individual packet. An example
application is the inetd daemon, which could be modified to start
daemons running at security contexts dependent on the remote client.
Patch design approach:
- Design for TCP
The patch enables the SELinux LSM to set the peer security context for
a socket based on the security context of the IPSec security
association. The application may retrieve this context using
getsockopt. When called, the kernel determines if the socket is a
connected (TCP_ESTABLISHED) TCP socket and, if so, uses the dst_entry
cache on the socket to retrieve the security associations. If a
security association has a security context, the context string is
returned, as for UNIX domain sockets.
- Design for UDP
Unlike TCP, UDP is connectionless. This requires a somewhat different
API to retrieve the peer security context. With TCP, the peer
security context stays the same throughout the connection, thus it can
be retrieved at any time between when the connection is established
and when it is torn down. With UDP, each read/write can have
different peer and thus the security context might change every time.
As a result the security context retrieval must be done TOGETHER with
the packet retrieval.
The solution is to build upon the existing Unix domain socket API for
retrieving user credentials. Linux offers the API for obtaining user
credentials via ancillary messages (i.e., out of band/control messages
that are bundled together with a normal message).
Patch implementation details:
- Implementation for TCP
The security context can be retrieved by applications using getsockopt
with the existing SO_PEERSEC flag. As an example (ignoring error
checking):
getsockopt(sockfd, SOL_SOCKET, SO_PEERSEC, optbuf, &optlen);
printf("Socket peer context is: %s\n", optbuf);
The SELinux function, selinux_socket_getpeersec, is extended to check
for labeled security associations for connected (TCP_ESTABLISHED ==
sk->sk_state) TCP sockets only. If so, the socket has a dst_cache of
struct dst_entry values that may refer to security associations. If
these have security associations with security contexts, the security
context is returned.
getsockopt returns a buffer that contains a security context string or
the buffer is unmodified.
- Implementation for UDP
To retrieve the security context, the application first indicates to
the kernel such desire by setting the IP_PASSSEC option via
getsockopt. Then the application retrieves the security context using
the auxiliary data mechanism.
An example server application for UDP should look like this:
toggle = 1;
toggle_len = sizeof(toggle);
setsockopt(sockfd, SOL_IP, IP_PASSSEC, &toggle, &toggle_len);
recvmsg(sockfd, &msg_hdr, 0);
if (msg_hdr.msg_controllen > sizeof(struct cmsghdr)) {
cmsg_hdr = CMSG_FIRSTHDR(&msg_hdr);
if (cmsg_hdr->cmsg_len <= CMSG_LEN(sizeof(scontext)) &&
cmsg_hdr->cmsg_level == SOL_IP &&
cmsg_hdr->cmsg_type == SCM_SECURITY) {
memcpy(&scontext, CMSG_DATA(cmsg_hdr), sizeof(scontext));
}
}
ip_setsockopt is enhanced with a new socket option IP_PASSSEC to allow
a server socket to receive security context of the peer. A new
ancillary message type SCM_SECURITY.
When the packet is received we get the security context from the
sec_path pointer which is contained in the sk_buff, and copy it to the
ancillary message space. An additional LSM hook,
selinux_socket_getpeersec_udp, is defined to retrieve the security
context from the SELinux space. The existing function,
selinux_socket_getpeersec does not suit our purpose, because the
security context is copied directly to user space, rather than to
kernel space.
Testing:
We have tested the patch by setting up TCP and UDP connections between
applications on two machines using the IPSec policies that result in
labeled security associations being built. For TCP, we can then
extract the peer security context using getsockopt on either end. For
UDP, the receiving end can retrieve the security context using the
auxiliary data mechanism of recvmsg.
Signed-off-by: Catherine Zhang <cxzhang@watson.ibm.com>
Acked-by: James Morris <jmorris@namei.org>
Acked-by: Herbert Xu <herbert@gondor.apana.org.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
2006-03-20 22:41:23 -08:00
|
|
|
#define SCM_SECURITY 0x03 /* rw: security label */
|
2023-06-08 22:26:25 +02:00
|
|
|
#define SCM_PIDFD 0x04 /* ro: pidfd (int) */
|
2005-04-16 15:20:36 -07:00
|
|
|
|
|
|
|
struct ucred {
|
|
|
|
__u32 pid;
|
|
|
|
__u32 uid;
|
|
|
|
__u32 gid;
|
|
|
|
};
|
|
|
|
|
|
|
|
/* Supported address families. */
|
|
|
|
#define AF_UNSPEC 0
|
|
|
|
#define AF_UNIX 1 /* Unix domain sockets */
|
|
|
|
#define AF_LOCAL 1 /* POSIX name for AF_UNIX */
|
|
|
|
#define AF_INET 2 /* Internet IP Protocol */
|
|
|
|
#define AF_AX25 3 /* Amateur Radio AX.25 */
|
|
|
|
#define AF_IPX 4 /* Novell IPX */
|
|
|
|
#define AF_APPLETALK 5 /* AppleTalk DDP */
|
|
|
|
#define AF_NETROM 6 /* Amateur Radio NET/ROM */
|
|
|
|
#define AF_BRIDGE 7 /* Multiprotocol bridge */
|
|
|
|
#define AF_ATMPVC 8 /* ATM PVCs */
|
|
|
|
#define AF_X25 9 /* Reserved for X.25 project */
|
|
|
|
#define AF_INET6 10 /* IP version 6 */
|
|
|
|
#define AF_ROSE 11 /* Amateur Radio X.25 PLP */
|
|
|
|
#define AF_DECnet 12 /* Reserved for DECnet project */
|
|
|
|
#define AF_NETBEUI 13 /* Reserved for 802.2LLC project*/
|
|
|
|
#define AF_SECURITY 14 /* Security callback pseudo AF */
|
|
|
|
#define AF_KEY 15 /* PF_KEY key management API */
|
|
|
|
#define AF_NETLINK 16
|
|
|
|
#define AF_ROUTE AF_NETLINK /* Alias to emulate 4.4BSD */
|
|
|
|
#define AF_PACKET 17 /* Packet family */
|
|
|
|
#define AF_ASH 18 /* Ash */
|
|
|
|
#define AF_ECONET 19 /* Acorn Econet */
|
|
|
|
#define AF_ATMSVC 20 /* ATM SVCs */
|
2009-02-26 23:41:38 -08:00
|
|
|
#define AF_RDS 21 /* RDS sockets */
|
2005-04-16 15:20:36 -07:00
|
|
|
#define AF_SNA 22 /* Linux SNA Project (nutters!) */
|
|
|
|
#define AF_IRDA 23 /* IRDA sockets */
|
|
|
|
#define AF_PPPOX 24 /* PPPoX sockets */
|
|
|
|
#define AF_WANPIPE 25 /* Wanpipe API Sockets */
|
|
|
|
#define AF_LLC 26 /* Linux LLC */
|
2013-05-29 10:09:07 -07:00
|
|
|
#define AF_IB 27 /* Native InfiniBand address */
|
2015-03-03 19:10:47 -06:00
|
|
|
#define AF_MPLS 28 /* MPLS */
|
2007-12-16 15:59:24 -08:00
|
|
|
#define AF_CAN 29 /* Controller Area Network */
|
2006-01-02 19:04:38 +01:00
|
|
|
#define AF_TIPC 30 /* TIPC sockets */
|
2005-04-16 15:20:36 -07:00
|
|
|
#define AF_BLUETOOTH 31 /* Bluetooth sockets */
|
2007-02-08 13:51:54 -08:00
|
|
|
#define AF_IUCV 32 /* IUCV sockets */
|
2007-04-26 15:48:28 -07:00
|
|
|
#define AF_RXRPC 33 /* RxRPC sockets */
|
2008-07-26 18:52:34 +02:00
|
|
|
#define AF_ISDN 34 /* mISDN sockets */
|
2008-09-22 19:51:15 -07:00
|
|
|
#define AF_PHONET 35 /* Phonet sockets */
|
2009-06-08 12:18:47 +00:00
|
|
|
#define AF_IEEE802154 36 /* IEEE802154 sockets */
|
2010-03-30 13:56:19 +00:00
|
|
|
#define AF_CAIF 37 /* CAIF sockets */
|
2010-10-19 21:04:42 +08:00
|
|
|
#define AF_ALG 38 /* Algorithm sockets */
|
2011-07-01 19:31:35 -03:00
|
|
|
#define AF_NFC 39 /* NFC sockets */
|
VSOCK: Introduce VM Sockets
VM Sockets allows communication between virtual machines and the hypervisor.
User level applications both in a virtual machine and on the host can use the
VM Sockets API, which facilitates fast and efficient communication between
guest virtual machines and their host. A socket address family, designed to be
compatible with UDP and TCP at the interface level, is provided.
Today, VM Sockets is used by various VMware Tools components inside the guest
for zero-config, network-less access to VMware host services. In addition to
this, VMware's users are using VM Sockets for various applications, where
network access of the virtual machine is restricted or non-existent. Examples
of this are VMs communicating with device proxies for proprietary hardware
running as host applications and automated testing of applications running
within virtual machines.
The VMware VM Sockets are similar to other socket types, like Berkeley UNIX
socket interface. The VM Sockets module supports both connection-oriented
stream sockets like TCP, and connectionless datagram sockets like UDP. The VM
Sockets protocol family is defined as "AF_VSOCK" and the socket operations
split for SOCK_DGRAM and SOCK_STREAM.
For additional information about the use of VM Sockets, please refer to the
VM Sockets Programming Guide available at:
https://www.vmware.com/support/developer/vmci-sdk/
Signed-off-by: George Zhang <georgezhang@vmware.com>
Signed-off-by: Dmitry Torokhov <dtor@vmware.com>
Signed-off-by: Andy king <acking@vmware.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-06 14:23:56 +00:00
|
|
|
#define AF_VSOCK 40 /* vSockets */
|
2016-03-07 14:11:06 -08:00
|
|
|
#define AF_KCM 41 /* Kernel Connection Multiplexor*/
|
2016-05-06 07:09:08 -07:00
|
|
|
#define AF_QIPCRTR 42 /* Qualcomm IPC Router */
|
2017-01-09 16:55:13 +01:00
|
|
|
#define AF_SMC 43 /* smc sockets: reserve number for
|
|
|
|
* PF_SMC protocol family that
|
|
|
|
* reuses AF_INET address family
|
|
|
|
*/
|
2018-05-02 13:01:22 +02:00
|
|
|
#define AF_XDP 44 /* XDP sockets */
|
2021-07-29 10:20:39 +08:00
|
|
|
#define AF_MCTP 45 /* Management component
|
|
|
|
* transport protocol
|
|
|
|
*/
|
2016-03-07 14:11:06 -08:00
|
|
|
|
2021-07-29 10:20:39 +08:00
|
|
|
#define AF_MAX 46 /* For now.. */
|
2005-04-16 15:20:36 -07:00
|
|
|
|
|
|
|
/* Protocol families, same as address families. */
|
|
|
|
#define PF_UNSPEC AF_UNSPEC
|
|
|
|
#define PF_UNIX AF_UNIX
|
|
|
|
#define PF_LOCAL AF_LOCAL
|
|
|
|
#define PF_INET AF_INET
|
|
|
|
#define PF_AX25 AF_AX25
|
|
|
|
#define PF_IPX AF_IPX
|
|
|
|
#define PF_APPLETALK AF_APPLETALK
|
|
|
|
#define PF_NETROM AF_NETROM
|
|
|
|
#define PF_BRIDGE AF_BRIDGE
|
|
|
|
#define PF_ATMPVC AF_ATMPVC
|
|
|
|
#define PF_X25 AF_X25
|
|
|
|
#define PF_INET6 AF_INET6
|
|
|
|
#define PF_ROSE AF_ROSE
|
|
|
|
#define PF_DECnet AF_DECnet
|
|
|
|
#define PF_NETBEUI AF_NETBEUI
|
|
|
|
#define PF_SECURITY AF_SECURITY
|
|
|
|
#define PF_KEY AF_KEY
|
|
|
|
#define PF_NETLINK AF_NETLINK
|
|
|
|
#define PF_ROUTE AF_ROUTE
|
|
|
|
#define PF_PACKET AF_PACKET
|
|
|
|
#define PF_ASH AF_ASH
|
|
|
|
#define PF_ECONET AF_ECONET
|
|
|
|
#define PF_ATMSVC AF_ATMSVC
|
2009-02-26 23:41:38 -08:00
|
|
|
#define PF_RDS AF_RDS
|
2005-04-16 15:20:36 -07:00
|
|
|
#define PF_SNA AF_SNA
|
|
|
|
#define PF_IRDA AF_IRDA
|
|
|
|
#define PF_PPPOX AF_PPPOX
|
|
|
|
#define PF_WANPIPE AF_WANPIPE
|
|
|
|
#define PF_LLC AF_LLC
|
2013-05-29 10:09:07 -07:00
|
|
|
#define PF_IB AF_IB
|
2015-03-03 19:10:47 -06:00
|
|
|
#define PF_MPLS AF_MPLS
|
2007-12-16 15:59:24 -08:00
|
|
|
#define PF_CAN AF_CAN
|
2006-01-02 19:04:38 +01:00
|
|
|
#define PF_TIPC AF_TIPC
|
2005-04-16 15:20:36 -07:00
|
|
|
#define PF_BLUETOOTH AF_BLUETOOTH
|
2007-02-08 13:51:54 -08:00
|
|
|
#define PF_IUCV AF_IUCV
|
2007-04-26 15:48:28 -07:00
|
|
|
#define PF_RXRPC AF_RXRPC
|
2008-07-26 18:52:34 +02:00
|
|
|
#define PF_ISDN AF_ISDN
|
2008-09-22 19:51:15 -07:00
|
|
|
#define PF_PHONET AF_PHONET
|
2009-06-08 12:18:47 +00:00
|
|
|
#define PF_IEEE802154 AF_IEEE802154
|
2010-03-30 13:56:19 +00:00
|
|
|
#define PF_CAIF AF_CAIF
|
2010-10-19 21:04:42 +08:00
|
|
|
#define PF_ALG AF_ALG
|
2011-07-01 19:31:35 -03:00
|
|
|
#define PF_NFC AF_NFC
|
VSOCK: Introduce VM Sockets
VM Sockets allows communication between virtual machines and the hypervisor.
User level applications both in a virtual machine and on the host can use the
VM Sockets API, which facilitates fast and efficient communication between
guest virtual machines and their host. A socket address family, designed to be
compatible with UDP and TCP at the interface level, is provided.
Today, VM Sockets is used by various VMware Tools components inside the guest
for zero-config, network-less access to VMware host services. In addition to
this, VMware's users are using VM Sockets for various applications, where
network access of the virtual machine is restricted or non-existent. Examples
of this are VMs communicating with device proxies for proprietary hardware
running as host applications and automated testing of applications running
within virtual machines.
The VMware VM Sockets are similar to other socket types, like Berkeley UNIX
socket interface. The VM Sockets module supports both connection-oriented
stream sockets like TCP, and connectionless datagram sockets like UDP. The VM
Sockets protocol family is defined as "AF_VSOCK" and the socket operations
split for SOCK_DGRAM and SOCK_STREAM.
For additional information about the use of VM Sockets, please refer to the
VM Sockets Programming Guide available at:
https://www.vmware.com/support/developer/vmci-sdk/
Signed-off-by: George Zhang <georgezhang@vmware.com>
Signed-off-by: Dmitry Torokhov <dtor@vmware.com>
Signed-off-by: Andy king <acking@vmware.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2013-02-06 14:23:56 +00:00
|
|
|
#define PF_VSOCK AF_VSOCK
|
2016-03-07 14:11:06 -08:00
|
|
|
#define PF_KCM AF_KCM
|
2016-05-06 07:09:08 -07:00
|
|
|
#define PF_QIPCRTR AF_QIPCRTR
|
2017-01-09 16:55:13 +01:00
|
|
|
#define PF_SMC AF_SMC
|
2018-05-02 13:01:22 +02:00
|
|
|
#define PF_XDP AF_XDP
|
2021-07-29 10:20:39 +08:00
|
|
|
#define PF_MCTP AF_MCTP
|
2005-04-16 15:20:36 -07:00
|
|
|
#define PF_MAX AF_MAX
|
|
|
|
|
|
|
|
/* Maximum queue length specifiable by listen. */
|
2019-10-30 09:36:20 -07:00
|
|
|
#define SOMAXCONN 4096
|
2005-04-16 15:20:36 -07:00
|
|
|
|
2019-03-14 10:45:23 -03:00
|
|
|
/* Flags we can use with send/ and recv.
|
2005-04-16 15:20:36 -07:00
|
|
|
Added those for 1003.1g not all are supported yet
|
|
|
|
*/
|
2019-03-14 10:45:23 -03:00
|
|
|
|
2021-03-16 15:52:15 -07:00
|
|
|
#define MSG_OOB 1
|
|
|
|
#define MSG_PEEK 2
|
|
|
|
#define MSG_DONTROUTE 4
|
|
|
|
#define MSG_TRYHARD 4 /* Synonym for MSG_DONTROUTE for DECnet */
|
|
|
|
#define MSG_CTRUNC 8
|
|
|
|
#define MSG_PROBE 0x10 /* Do not send. Only probe path f.e. for MTU */
|
|
|
|
#define MSG_TRUNC 0x20
|
|
|
|
#define MSG_DONTWAIT 0x40 /* Nonblocking io */
|
|
|
|
#define MSG_EOR 0x80 /* End of record */
|
|
|
|
#define MSG_WAITALL 0x100 /* Wait for a full request */
|
|
|
|
#define MSG_FIN 0x200
|
|
|
|
#define MSG_SYN 0x400
|
|
|
|
#define MSG_CONFIRM 0x800 /* Confirm path validity */
|
|
|
|
#define MSG_RST 0x1000
|
|
|
|
#define MSG_ERRQUEUE 0x2000 /* Fetch message from error queue */
|
|
|
|
#define MSG_NOSIGNAL 0x4000 /* Do not generate SIGPIPE */
|
|
|
|
#define MSG_MORE 0x8000 /* Sender will send more */
|
|
|
|
#define MSG_WAITFORONE 0x10000 /* recvmmsg(): block until 1+ packets avail */
|
|
|
|
#define MSG_SENDPAGE_NOPOLICY 0x10000 /* sendpage() internal : do no apply policy */
|
|
|
|
#define MSG_BATCH 0x40000 /* sendmmsg(): more messages coming */
|
|
|
|
#define MSG_EOF MSG_FIN
|
|
|
|
#define MSG_NO_SHARED_FRAGS 0x80000 /* sendpage() internal : page frags are not shared */
|
|
|
|
#define MSG_SENDPAGE_DECRYPTED 0x100000 /* sendpage() internal : page may carry
|
|
|
|
* plain text and require encryption
|
|
|
|
*/
|
|
|
|
|
|
|
|
#define MSG_ZEROCOPY 0x4000000 /* Use user data in kernel path */
|
2023-05-22 13:11:10 +01:00
|
|
|
#define MSG_SPLICE_PAGES 0x8000000 /* Splice the pages from the iterator in sendmsg() */
|
2021-03-16 15:52:15 -07:00
|
|
|
#define MSG_FASTOPEN 0x20000000 /* Send data in TCP SYN */
|
|
|
|
#define MSG_CMSG_CLOEXEC 0x40000000 /* Set close_on_exec for file
|
|
|
|
descriptor received through
|
|
|
|
SCM_RIGHTS */
|
2005-04-16 15:20:36 -07:00
|
|
|
#if defined(CONFIG_COMPAT)
|
2021-03-16 15:52:15 -07:00
|
|
|
#define MSG_CMSG_COMPAT 0x80000000 /* This message needs 32 bit fixups */
|
2005-04-16 15:20:36 -07:00
|
|
|
#else
|
2021-03-16 15:52:15 -07:00
|
|
|
#define MSG_CMSG_COMPAT 0 /* We never have 32 bit fixups */
|
2005-04-16 15:20:36 -07:00
|
|
|
#endif
|
|
|
|
|
2023-05-22 13:11:10 +01:00
|
|
|
/* Flags to be cleared on entry by sendmsg and sendmmsg syscalls */
|
2023-06-07 19:19:07 +01:00
|
|
|
#define MSG_INTERNAL_SENDMSG_FLAGS \
|
2023-06-23 23:55:13 +01:00
|
|
|
(MSG_SPLICE_PAGES | MSG_SENDPAGE_NOPOLICY | MSG_SENDPAGE_DECRYPTED)
|
2005-04-16 15:20:36 -07:00
|
|
|
|
|
|
|
/* Setsockoptions(2) level. Thanks to BSD these must match IPPROTO_xxx */
|
|
|
|
#define SOL_IP 0
|
|
|
|
/* #define SOL_ICMP 1 No-no-no! Due to Linux :-) we cannot use SOL_ICMP=1 */
|
|
|
|
#define SOL_TCP 6
|
|
|
|
#define SOL_UDP 17
|
|
|
|
#define SOL_IPV6 41
|
|
|
|
#define SOL_ICMPV6 58
|
|
|
|
#define SOL_SCTP 132
|
2006-11-27 11:10:57 -08:00
|
|
|
#define SOL_UDPLITE 136 /* UDP-Lite (RFC 3828) */
|
2005-04-16 15:20:36 -07:00
|
|
|
#define SOL_RAW 255
|
|
|
|
#define SOL_IPX 256
|
|
|
|
#define SOL_AX25 257
|
|
|
|
#define SOL_ATALK 258
|
|
|
|
#define SOL_NETROM 259
|
|
|
|
#define SOL_ROSE 260
|
|
|
|
#define SOL_DECNET 261
|
|
|
|
#define SOL_X25 262
|
|
|
|
#define SOL_PACKET 263
|
|
|
|
#define SOL_ATM 264 /* ATM layer (cell level) */
|
|
|
|
#define SOL_AAL 265 /* ATM Adaption Layer (packet level) */
|
|
|
|
#define SOL_IRDA 266
|
|
|
|
#define SOL_NETBEUI 267
|
|
|
|
#define SOL_LLC 268
|
2005-08-09 20:14:34 -07:00
|
|
|
#define SOL_DCCP 269
|
2005-08-15 12:32:15 -07:00
|
|
|
#define SOL_NETLINK 270
|
2006-01-02 19:04:38 +01:00
|
|
|
#define SOL_TIPC 271
|
2007-04-26 15:48:28 -07:00
|
|
|
#define SOL_RXRPC 272
|
2007-06-27 15:43:43 -07:00
|
|
|
#define SOL_PPPOL2TP 273
|
2007-10-20 15:28:08 +02:00
|
|
|
#define SOL_BLUETOOTH 274
|
2008-10-05 11:16:16 -07:00
|
|
|
#define SOL_PNPIPE 275
|
2009-02-26 23:41:38 -08:00
|
|
|
#define SOL_RDS 276
|
2009-04-21 23:26:22 +00:00
|
|
|
#define SOL_IUCV 277
|
2010-03-30 13:56:19 +00:00
|
|
|
#define SOL_CAIF 278
|
2010-10-19 21:04:42 +08:00
|
|
|
#define SOL_ALG 279
|
2013-02-22 10:53:25 +01:00
|
|
|
#define SOL_NFC 280
|
2016-03-07 14:11:06 -08:00
|
|
|
#define SOL_KCM 281
|
2017-06-14 11:37:39 -07:00
|
|
|
#define SOL_TLS 282
|
2018-05-02 13:01:22 +02:00
|
|
|
#define SOL_XDP 283
|
2021-09-17 16:33:19 -07:00
|
|
|
#define SOL_MPTCP 284
|
2021-10-26 09:57:28 +08:00
|
|
|
#define SOL_MCTP 285
|
2022-02-10 17:11:37 +08:00
|
|
|
#define SOL_SMC 286
|
2023-10-10 22:15:14 +03:00
|
|
|
#define SOL_VSOCK 287
|
2005-04-16 15:20:36 -07:00
|
|
|
|
|
|
|
/* IPX options */
|
|
|
|
#define IPX_TYPE 1
|
|
|
|
|
2012-03-11 12:51:50 +00:00
|
|
|
extern int move_addr_to_kernel(void __user *uaddr, int ulen, struct sockaddr_storage *kaddr);
|
2005-04-16 15:20:36 -07:00
|
|
|
extern int put_cmsg(struct msghdr*, int level, int type, int len, void *data);
|
|
|
|
|
2019-02-02 07:34:51 -08:00
|
|
|
struct timespec64;
|
y2038: socket: Add compat_sys_recvmmsg_time64
recvmmsg() takes two arguments to pointers of structures that differ
between 32-bit and 64-bit architectures: mmsghdr and timespec.
For y2038 compatbility, we are changing the native system call from
timespec to __kernel_timespec with a 64-bit time_t (in another patch),
and use the existing compat system call on both 32-bit and 64-bit
architectures for compatibility with traditional 32-bit user space.
As we now have two variants of recvmmsg() for 32-bit tasks that are both
different from the variant that we use on 64-bit tasks, this means we
also require two compat system calls!
The solution I picked is to flip things around: The existing
compat_sys_recvmmsg() call gets moved from net/compat.c into net/socket.c
and now handles the case for old user space on all architectures that
have set CONFIG_COMPAT_32BIT_TIME. A new compat_sys_recvmmsg_time64()
call gets added in the old place for 64-bit architectures only, this
one handles the case of a compat mmsghdr structure combined with
__kernel_timespec.
In the indirect sys_socketcall(), we now need to call either
do_sys_recvmmsg() or __compat_sys_recvmmsg(), depending on what kind of
architecture we are on. For compat_sys_socketcall(), no such change is
needed, we always call __compat_sys_recvmmsg().
I decided to not add a new SYS_RECVMMSG_TIME64 socketcall: Any libc
implementation for 64-bit time_t will need significant changes including
an updated asm/unistd.h, and it seems better to consistently use the
separate syscalls that configuration, leaving the socketcall only for
backward compatibility with 32-bit time_t based libc.
The naming is asymmetric for the moment, so both existing syscalls
entry points keep their names, while the new ones are recvmmsg_time32
and compat_recvmmsg_time64 respectively. I expect that we will rename
the compat syscalls later as we start using generated syscall tables
everywhere and add these entry points.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2018-04-18 13:43:52 +02:00
|
|
|
struct __kernel_timespec;
|
|
|
|
struct old_timespec32;
|
2009-10-12 23:40:10 -07:00
|
|
|
|
2019-02-02 07:34:51 -08:00
|
|
|
struct scm_timestamping_internal {
|
|
|
|
struct timespec64 ts[3];
|
|
|
|
};
|
|
|
|
|
|
|
|
extern void put_cmsg_scm_timestamping64(struct msghdr *msg, struct scm_timestamping_internal *tss);
|
|
|
|
extern void put_cmsg_scm_timestamping(struct msghdr *msg, struct scm_timestamping_internal *tss);
|
|
|
|
|
2018-03-13 20:35:57 +01:00
|
|
|
/* The __sys_...msg variants allow MSG_CMSG_COMPAT iff
|
|
|
|
* forbid_cmsg_compat==false
|
|
|
|
*/
|
|
|
|
extern long __sys_recvmsg(int fd, struct user_msghdr __user *msg,
|
|
|
|
unsigned int flags, bool forbid_cmsg_compat);
|
|
|
|
extern long __sys_sendmsg(int fd, struct user_msghdr __user *msg,
|
|
|
|
unsigned int flags, bool forbid_cmsg_compat);
|
y2038: socket: Add compat_sys_recvmmsg_time64
recvmmsg() takes two arguments to pointers of structures that differ
between 32-bit and 64-bit architectures: mmsghdr and timespec.
For y2038 compatbility, we are changing the native system call from
timespec to __kernel_timespec with a 64-bit time_t (in another patch),
and use the existing compat system call on both 32-bit and 64-bit
architectures for compatibility with traditional 32-bit user space.
As we now have two variants of recvmmsg() for 32-bit tasks that are both
different from the variant that we use on 64-bit tasks, this means we
also require two compat system calls!
The solution I picked is to flip things around: The existing
compat_sys_recvmmsg() call gets moved from net/compat.c into net/socket.c
and now handles the case for old user space on all architectures that
have set CONFIG_COMPAT_32BIT_TIME. A new compat_sys_recvmmsg_time64()
call gets added in the old place for 64-bit architectures only, this
one handles the case of a compat mmsghdr structure combined with
__kernel_timespec.
In the indirect sys_socketcall(), we now need to call either
do_sys_recvmmsg() or __compat_sys_recvmmsg(), depending on what kind of
architecture we are on. For compat_sys_socketcall(), no such change is
needed, we always call __compat_sys_recvmmsg().
I decided to not add a new SYS_RECVMMSG_TIME64 socketcall: Any libc
implementation for 64-bit time_t will need significant changes including
an updated asm/unistd.h, and it seems better to consistently use the
separate syscalls that configuration, leaving the socketcall only for
backward compatibility with 32-bit time_t based libc.
The naming is asymmetric for the moment, so both existing syscalls
entry points keep their names, while the new ones are recvmmsg_time32
and compat_recvmmsg_time64 respectively. I expect that we will rename
the compat syscalls later as we start using generated syscall tables
everywhere and add these entry points.
Signed-off-by: Arnd Bergmann <arnd@arndb.de>
2018-04-18 13:43:52 +02:00
|
|
|
extern int __sys_recvmmsg(int fd, struct mmsghdr __user *mmsg,
|
|
|
|
unsigned int vlen, unsigned int flags,
|
|
|
|
struct __kernel_timespec __user *timeout,
|
|
|
|
struct old_timespec32 __user *timeout32);
|
2011-05-02 20:21:35 +00:00
|
|
|
extern int __sys_sendmmsg(int fd, struct mmsghdr __user *mmsg,
|
2018-03-13 20:35:57 +01:00
|
|
|
unsigned int vlen, unsigned int flags,
|
|
|
|
bool forbid_cmsg_compat);
|
2019-12-02 18:50:25 -07:00
|
|
|
extern long __sys_sendmsg_sock(struct socket *sock, struct msghdr *msg,
|
2019-04-19 13:34:07 -06:00
|
|
|
unsigned int flags);
|
2019-12-02 18:50:25 -07:00
|
|
|
extern long __sys_recvmsg_sock(struct socket *sock, struct msghdr *msg,
|
|
|
|
struct user_msghdr __user *umsg,
|
|
|
|
struct sockaddr __user *uaddr,
|
2019-04-19 13:38:09 -06:00
|
|
|
unsigned int flags);
|
2019-12-02 18:50:25 -07:00
|
|
|
extern int sendmsg_copy_msghdr(struct msghdr *msg,
|
|
|
|
struct user_msghdr __user *umsg, unsigned flags,
|
|
|
|
struct iovec **iov);
|
|
|
|
extern int recvmsg_copy_msghdr(struct msghdr *msg,
|
|
|
|
struct user_msghdr __user *umsg, unsigned flags,
|
|
|
|
struct sockaddr __user **uaddr,
|
|
|
|
struct iovec **iov);
|
2022-07-14 04:02:56 -07:00
|
|
|
extern int __copy_msghdr(struct msghdr *kmsg,
|
|
|
|
struct user_msghdr *umsg,
|
|
|
|
struct sockaddr __user **save_addr);
|
2018-03-13 19:10:06 +01:00
|
|
|
|
|
|
|
/* helpers which do the actual work for syscalls */
|
|
|
|
extern int __sys_recvfrom(int fd, void __user *ubuf, size_t size,
|
|
|
|
unsigned int flags, struct sockaddr __user *addr,
|
|
|
|
int __user *addr_len);
|
2018-03-13 19:18:52 +01:00
|
|
|
extern int __sys_sendto(int fd, void __user *buff, size_t len,
|
|
|
|
unsigned int flags, struct sockaddr __user *addr,
|
|
|
|
int addr_len);
|
2021-08-25 12:25:44 +01:00
|
|
|
extern struct file *do_accept(struct file *file, unsigned file_flags,
|
|
|
|
struct sockaddr __user *upeer_sockaddr,
|
|
|
|
int __user *upeer_addrlen, int flags);
|
2018-03-13 19:24:23 +01:00
|
|
|
extern int __sys_accept4(int fd, struct sockaddr __user *upeer_sockaddr,
|
|
|
|
int __user *upeer_addrlen, int flags);
|
2018-03-13 19:29:43 +01:00
|
|
|
extern int __sys_socket(int family, int type, int protocol);
|
2022-04-12 14:22:39 -06:00
|
|
|
extern struct file *__sys_socket_file(int family, int type, int protocol);
|
2018-03-13 19:33:09 +01:00
|
|
|
extern int __sys_bind(int fd, struct sockaddr __user *umyaddr, int addrlen);
|
2019-12-02 16:28:46 -07:00
|
|
|
extern int __sys_connect_file(struct file *file, struct sockaddr_storage *addr,
|
|
|
|
int addrlen, int file_flags);
|
2018-03-13 19:35:09 +01:00
|
|
|
extern int __sys_connect(int fd, struct sockaddr __user *uservaddr,
|
|
|
|
int addrlen);
|
2018-03-13 19:36:54 +01:00
|
|
|
extern int __sys_listen(int fd, int backlog);
|
2018-03-13 19:43:14 +01:00
|
|
|
extern int __sys_getsockname(int fd, struct sockaddr __user *usockaddr,
|
|
|
|
int __user *usockaddr_len);
|
2018-03-13 19:47:00 +01:00
|
|
|
extern int __sys_getpeername(int fd, struct sockaddr __user *usockaddr,
|
|
|
|
int __user *usockaddr_len);
|
2018-03-13 19:49:23 +01:00
|
|
|
extern int __sys_socketpair(int family, int type, int protocol,
|
|
|
|
int __user *usockvec);
|
2020-09-05 11:13:35 -06:00
|
|
|
extern int __sys_shutdown_sock(struct socket *sock, int how);
|
2018-03-13 20:07:05 +01:00
|
|
|
extern int __sys_shutdown(int fd, int how);
|
2005-04-16 15:20:36 -07:00
|
|
|
#endif /* _LINUX_SOCKET_H */
|