]> git.proxmox.com Git - mirror_ubuntu-jammy-kernel.git/blob - net/compat.c
projects / mirror_ubuntu-jammy-kernel.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge git://git.kernel.org/pub/scm/linux/kernel/git/bpf/bpf-next
[mirror_ubuntu-jammy-kernel.git] / net / compat.c
1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * 32bit Socket syscall emulation. Based on arch/sparc64/kernel/sys_sparc32.c.
4 *
5 * Copyright (C) 2000 VA Linux Co
6 * Copyright (C) 2000 Don Dugger <n0ano@valinux.com>
7 * Copyright (C) 1999 Arun Sharma <arun.sharma@intel.com>
8 * Copyright (C) 1997,1998 Jakub Jelinek (jj@sunsite.mff.cuni.cz)
9 * Copyright (C) 1997 David S. Miller (davem@caip.rutgers.edu)
10 * Copyright (C) 2000 Hewlett-Packard Co.
11 * Copyright (C) 2000 David Mosberger-Tang <davidm@hpl.hp.com>
12 * Copyright (C) 2000,2001 Andi Kleen, SuSE Labs
13 */
14
15 #include <linux/kernel.h>
16 #include <linux/gfp.h>
17 #include <linux/fs.h>
18 #include <linux/types.h>
19 #include <linux/file.h>
20 #include <linux/icmpv6.h>
21 #include <linux/socket.h>
22 #include <linux/syscalls.h>
23 #include <linux/filter.h>
24 #include <linux/compat.h>
25 #include <linux/security.h>
26 #include <linux/audit.h>
27 #include <linux/export.h>
28
29 #include <net/scm.h>
30 #include <net/sock.h>
31 #include <net/ip.h>
32 #include <net/ipv6.h>
33 #include <linux/uaccess.h>
34 #include <net/compat.h>
35
36 int __get_compat_msghdr(struct msghdr *kmsg,
37 struct compat_msghdr __user *umsg,
38 struct sockaddr __user **save_addr,
39 compat_uptr_t *ptr, compat_size_t *len)
40 {
41 struct compat_msghdr msg;
42 ssize_t err;
43
44 if (copy_from_user(&msg, umsg, sizeof(*umsg)))
45 return -EFAULT;
46
47 kmsg->msg_flags = msg.msg_flags;
48 kmsg->msg_namelen = msg.msg_namelen;
49
50 if (!msg.msg_name)
51 kmsg->msg_namelen = 0;
52
53 if (kmsg->msg_namelen < 0)
54 return -EINVAL;
55
56 if (kmsg->msg_namelen > sizeof(struct sockaddr_storage))
57 kmsg->msg_namelen = sizeof(struct sockaddr_storage);
58
59 kmsg->msg_control_is_user = true;
60 kmsg->msg_control_user = compat_ptr(msg.msg_control);
61 kmsg->msg_controllen = msg.msg_controllen;
62
63 if (save_addr)
64 *save_addr = compat_ptr(msg.msg_name);
65
66 if (msg.msg_name && kmsg->msg_namelen) {
67 if (!save_addr) {
68 err = move_addr_to_kernel(compat_ptr(msg.msg_name),
69 kmsg->msg_namelen,
70 kmsg->msg_name);
71 if (err < 0)
72 return err;
73 }
74 } else {
75 kmsg->msg_name = NULL;
76 kmsg->msg_namelen = 0;
77 }
78
79 if (msg.msg_iovlen > UIO_MAXIOV)
80 return -EMSGSIZE;
81
82 kmsg->msg_iocb = NULL;
83 *ptr = msg.msg_iov;
84 *len = msg.msg_iovlen;
85 return 0;
86 }
87
88 int get_compat_msghdr(struct msghdr *kmsg,
89 struct compat_msghdr __user *umsg,
90 struct sockaddr __user **save_addr,
91 struct iovec **iov)
92 {
93 compat_uptr_t ptr;
94 compat_size_t len;
95 ssize_t err;
96
97 err = __get_compat_msghdr(kmsg, umsg, save_addr, &ptr, &len);
98 if (err)
99 return err;
100
101 err = compat_import_iovec(save_addr ? READ : WRITE, compat_ptr(ptr),
102 len, UIO_FASTIOV, iov, &kmsg->msg_iter);
103 return err < 0 ? err : 0;
104 }
105
106 /* Bleech... */
107 #define CMSG_COMPAT_ALIGN(len) ALIGN((len), sizeof(s32))
108
109 #define CMSG_COMPAT_DATA(cmsg) \
110 ((void __user *)((char __user *)(cmsg) + sizeof(struct compat_cmsghdr)))
111 #define CMSG_COMPAT_SPACE(len) \
112 (sizeof(struct compat_cmsghdr) + CMSG_COMPAT_ALIGN(len))
113 #define CMSG_COMPAT_LEN(len) \
114 (sizeof(struct compat_cmsghdr) + (len))
115
116 #define CMSG_COMPAT_FIRSTHDR(msg) \
117 (((msg)->msg_controllen) >= sizeof(struct compat_cmsghdr) ? \
118 (struct compat_cmsghdr __user *)((msg)->msg_control) : \
119 (struct compat_cmsghdr __user *)NULL)
120
121 #define CMSG_COMPAT_OK(ucmlen, ucmsg, mhdr) \
122 ((ucmlen) >= sizeof(struct compat_cmsghdr) && \
123 (ucmlen) <= (unsigned long) \
124 ((mhdr)->msg_controllen - \
125 ((char __user *)(ucmsg) - (char __user *)(mhdr)->msg_control_user)))
126
127 static inline struct compat_cmsghdr __user *cmsg_compat_nxthdr(struct msghdr *msg,
128 struct compat_cmsghdr __user *cmsg, int cmsg_len)
129 {
130 char __user *ptr = (char __user *)cmsg + CMSG_COMPAT_ALIGN(cmsg_len);
131 if ((unsigned long)(ptr + 1 - (char __user *)msg->msg_control) >
132 msg->msg_controllen)
133 return NULL;
134 return (struct compat_cmsghdr __user *)ptr;
135 }
136
137 /* There is a lot of hair here because the alignment rules (and
138 * thus placement) of cmsg headers and length are different for
139 * 32-bit apps. -DaveM
140 */
141 int cmsghdr_from_user_compat_to_kern(struct msghdr *kmsg, struct sock *sk,
142 unsigned char *stackbuf, int stackbuf_size)
143 {
144 struct compat_cmsghdr __user *ucmsg;
145 struct cmsghdr *kcmsg, *kcmsg_base;
146 compat_size_t ucmlen;
147 __kernel_size_t kcmlen, tmp;
148 int err = -EFAULT;
149
150 BUILD_BUG_ON(sizeof(struct compat_cmsghdr) !=
151 CMSG_COMPAT_ALIGN(sizeof(struct compat_cmsghdr)));
152
153 kcmlen = 0;
154 kcmsg_base = kcmsg = (struct cmsghdr *)stackbuf;
155 ucmsg = CMSG_COMPAT_FIRSTHDR(kmsg);
156 while (ucmsg != NULL) {
157 if (get_user(ucmlen, &ucmsg->cmsg_len))
158 return -EFAULT;
159
160 /* Catch bogons. */
161 if (!CMSG_COMPAT_OK(ucmlen, ucmsg, kmsg))
162 return -EINVAL;
163
164 tmp = ((ucmlen - sizeof(*ucmsg)) + sizeof(struct cmsghdr));
165 tmp = CMSG_ALIGN(tmp);
166 kcmlen += tmp;
167 ucmsg = cmsg_compat_nxthdr(kmsg, ucmsg, ucmlen);
168 }
169 if (kcmlen == 0)
170 return -EINVAL;
171
172 /* The kcmlen holds the 64-bit version of the control length.
173 * It may not be modified as we do not stick it into the kmsg
174 * until we have successfully copied over all of the data
175 * from the user.
176 */
177 if (kcmlen > stackbuf_size)
178 kcmsg_base = kcmsg = sock_kmalloc(sk, kcmlen, GFP_KERNEL);
179 if (kcmsg == NULL)
180 return -ENOBUFS;
181
182 /* Now copy them over neatly. */
183 memset(kcmsg, 0, kcmlen);
184 ucmsg = CMSG_COMPAT_FIRSTHDR(kmsg);
185 while (ucmsg != NULL) {
186 struct compat_cmsghdr cmsg;
187 if (copy_from_user(&cmsg, ucmsg, sizeof(cmsg)))
188 goto Efault;
189 if (!CMSG_COMPAT_OK(cmsg.cmsg_len, ucmsg, kmsg))
190 goto Einval;
191 tmp = ((cmsg.cmsg_len - sizeof(*ucmsg)) + sizeof(struct cmsghdr));
192 if ((char *)kcmsg_base + kcmlen - (char *)kcmsg < CMSG_ALIGN(tmp))
193 goto Einval;
194 kcmsg->cmsg_len = tmp;
195 kcmsg->cmsg_level = cmsg.cmsg_level;
196 kcmsg->cmsg_type = cmsg.cmsg_type;
197 tmp = CMSG_ALIGN(tmp);
198 if (copy_from_user(CMSG_DATA(kcmsg),
199 CMSG_COMPAT_DATA(ucmsg),
200 (cmsg.cmsg_len - sizeof(*ucmsg))))
201 goto Efault;
202
203 /* Advance. */
204 kcmsg = (struct cmsghdr *)((char *)kcmsg + tmp);
205 ucmsg = cmsg_compat_nxthdr(kmsg, ucmsg, cmsg.cmsg_len);
206 }
207
208 /*
209 * check the length of messages copied in is the same as the
210 * what we get from the first loop
211 */
212 if ((char *)kcmsg - (char *)kcmsg_base != kcmlen)
213 goto Einval;
214
215 /* Ok, looks like we made it. Hook it up and return success. */
216 kmsg->msg_control = kcmsg_base;
217 kmsg->msg_controllen = kcmlen;
218 return 0;
219
220 Einval:
221 err = -EINVAL;
222 Efault:
223 if (kcmsg_base != (struct cmsghdr *)stackbuf)
224 sock_kfree_s(sk, kcmsg_base, kcmlen);
225 return err;
226 }
227
228 int put_cmsg_compat(struct msghdr *kmsg, int level, int type, int len, void *data)
229 {
230 struct compat_cmsghdr __user *cm = (struct compat_cmsghdr __user *) kmsg->msg_control;
231 struct compat_cmsghdr cmhdr;
232 struct old_timeval32 ctv;
233 struct old_timespec32 cts[3];
234 int cmlen;
235
236 if (cm == NULL || kmsg->msg_controllen < sizeof(*cm)) {
237 kmsg->msg_flags |= MSG_CTRUNC;
238 return 0; /* XXX: return error? check spec. */
239 }
240
241 if (!COMPAT_USE_64BIT_TIME) {
242 if (level == SOL_SOCKET && type == SO_TIMESTAMP_OLD) {
243 struct __kernel_old_timeval *tv = (struct __kernel_old_timeval *)data;
244 ctv.tv_sec = tv->tv_sec;
245 ctv.tv_usec = tv->tv_usec;
246 data = &ctv;
247 len = sizeof(ctv);
248 }
249 if (level == SOL_SOCKET &&
250 (type == SO_TIMESTAMPNS_OLD || type == SO_TIMESTAMPING_OLD)) {
251 int count = type == SO_TIMESTAMPNS_OLD ? 1 : 3;
252 int i;
253 struct __kernel_old_timespec *ts = data;
254 for (i = 0; i < count; i++) {
255 cts[i].tv_sec = ts[i].tv_sec;
256 cts[i].tv_nsec = ts[i].tv_nsec;
257 }
258 data = &cts;
259 len = sizeof(cts[0]) * count;
260 }
261 }
262
263 cmlen = CMSG_COMPAT_LEN(len);
264 if (kmsg->msg_controllen < cmlen) {
265 kmsg->msg_flags |= MSG_CTRUNC;
266 cmlen = kmsg->msg_controllen;
267 }
268 cmhdr.cmsg_level = level;
269 cmhdr.cmsg_type = type;
270 cmhdr.cmsg_len = cmlen;
271
272 if (copy_to_user(cm, &cmhdr, sizeof cmhdr))
273 return -EFAULT;
274 if (copy_to_user(CMSG_COMPAT_DATA(cm), data, cmlen - sizeof(struct compat_cmsghdr)))
275 return -EFAULT;
276 cmlen = CMSG_COMPAT_SPACE(len);
277 if (kmsg->msg_controllen < cmlen)
278 cmlen = kmsg->msg_controllen;
279 kmsg->msg_control += cmlen;
280 kmsg->msg_controllen -= cmlen;
281 return 0;
282 }
283
284 void scm_detach_fds_compat(struct msghdr *kmsg, struct scm_cookie *scm)
285 {
286 struct compat_cmsghdr __user *cm = (struct compat_cmsghdr __user *) kmsg->msg_control;
287 int fdmax = (kmsg->msg_controllen - sizeof(struct compat_cmsghdr)) / sizeof(int);
288 int fdnum = scm->fp->count;
289 struct file **fp = scm->fp->fp;
290 int __user *cmfptr;
291 int err = 0, i;
292
293 if (fdnum < fdmax)
294 fdmax = fdnum;
295
296 for (i = 0, cmfptr = (int __user *) CMSG_COMPAT_DATA(cm); i < fdmax; i++, cmfptr++) {
297 int new_fd;
298 err = security_file_receive(fp[i]);
299 if (err)
300 break;
301 err = get_unused_fd_flags(MSG_CMSG_CLOEXEC & kmsg->msg_flags
302 ? O_CLOEXEC : 0);
303 if (err < 0)
304 break;
305 new_fd = err;
306 err = put_user(new_fd, cmfptr);
307 if (err) {
308 put_unused_fd(new_fd);
309 break;
310 }
311 /* Bump the usage count and install the file. */
312 fd_install(new_fd, get_file(fp[i]));
313 }
314
315 if (i > 0) {
316 int cmlen = CMSG_COMPAT_LEN(i * sizeof(int));
317 err = put_user(SOL_SOCKET, &cm->cmsg_level);
318 if (!err)
319 err = put_user(SCM_RIGHTS, &cm->cmsg_type);
320 if (!err)
321 err = put_user(cmlen, &cm->cmsg_len);
322 if (!err) {
323 cmlen = CMSG_COMPAT_SPACE(i * sizeof(int));
324 kmsg->msg_control += cmlen;
325 kmsg->msg_controllen -= cmlen;
326 }
327 }
328 if (i < fdnum)
329 kmsg->msg_flags |= MSG_CTRUNC;
330
331 /*
332 * All of the files that fit in the message have had their
333 * usage counts incremented, so we just free the list.
334 */
335 __scm_destroy(scm);
336 }
337
338 /* Argument list sizes for compat_sys_socketcall */
339 #define AL(x) ((x) * sizeof(u32))
340 static unsigned char nas[21] = {
341 AL(0), AL(3), AL(3), AL(3), AL(2), AL(3),
342 AL(3), AL(3), AL(4), AL(4), AL(4), AL(6),
343 AL(6), AL(2), AL(5), AL(5), AL(3), AL(3),
344 AL(4), AL(5), AL(4)
345 };
346 #undef AL
347
348 static inline long __compat_sys_sendmsg(int fd,
349 struct compat_msghdr __user *msg,
350 unsigned int flags)
351 {
352 return __sys_sendmsg(fd, (struct user_msghdr __user *)msg,
353 flags | MSG_CMSG_COMPAT, false);
354 }
355
356 COMPAT_SYSCALL_DEFINE3(sendmsg, int, fd, struct compat_msghdr __user *, msg,
357 unsigned int, flags)
358 {
359 return __compat_sys_sendmsg(fd, msg, flags);
360 }
361
362 static inline long __compat_sys_sendmmsg(int fd,
363 struct compat_mmsghdr __user *mmsg,
364 unsigned int vlen, unsigned int flags)
365 {
366 return __sys_sendmmsg(fd, (struct mmsghdr __user *)mmsg, vlen,
367 flags | MSG_CMSG_COMPAT, false);
368 }
369
370 COMPAT_SYSCALL_DEFINE4(sendmmsg, int, fd, struct compat_mmsghdr __user *, mmsg,
371 unsigned int, vlen, unsigned int, flags)
372 {
373 return __compat_sys_sendmmsg(fd, mmsg, vlen, flags);
374 }
375
376 static inline long __compat_sys_recvmsg(int fd,
377 struct compat_msghdr __user *msg,
378 unsigned int flags)
379 {
380 return __sys_recvmsg(fd, (struct user_msghdr __user *)msg,
381 flags | MSG_CMSG_COMPAT, false);
382 }
383
384 COMPAT_SYSCALL_DEFINE3(recvmsg, int, fd, struct compat_msghdr __user *, msg,
385 unsigned int, flags)
386 {
387 return __compat_sys_recvmsg(fd, msg, flags);
388 }
389
390 static inline long __compat_sys_recvfrom(int fd, void __user *buf,
391 compat_size_t len, unsigned int flags,
392 struct sockaddr __user *addr,
393 int __user *addrlen)
394 {
395 return __sys_recvfrom(fd, buf, len, flags | MSG_CMSG_COMPAT, addr,
396 addrlen);
397 }
398
399 COMPAT_SYSCALL_DEFINE4(recv, int, fd, void __user *, buf, compat_size_t, len, unsigned int, flags)
400 {
401 return __compat_sys_recvfrom(fd, buf, len, flags, NULL, NULL);
402 }
403
404 COMPAT_SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, buf, compat_size_t, len,
405 unsigned int, flags, struct sockaddr __user *, addr,
406 int __user *, addrlen)
407 {
408 return __compat_sys_recvfrom(fd, buf, len, flags, addr, addrlen);
409 }
410
411 COMPAT_SYSCALL_DEFINE5(recvmmsg_time64, int, fd, struct compat_mmsghdr __user *, mmsg,
412 unsigned int, vlen, unsigned int, flags,
413 struct __kernel_timespec __user *, timeout)
414 {
415 return __sys_recvmmsg(fd, (struct mmsghdr __user *)mmsg, vlen,
416 flags | MSG_CMSG_COMPAT, timeout, NULL);
417 }
418
419 #ifdef CONFIG_COMPAT_32BIT_TIME
420 COMPAT_SYSCALL_DEFINE5(recvmmsg_time32, int, fd, struct compat_mmsghdr __user *, mmsg,
421 unsigned int, vlen, unsigned int, flags,
422 struct old_timespec32 __user *, timeout)
423 {
424 return __sys_recvmmsg(fd, (struct mmsghdr __user *)mmsg, vlen,
425 flags | MSG_CMSG_COMPAT, NULL, timeout);
426 }
427 #endif
428
429 COMPAT_SYSCALL_DEFINE2(socketcall, int, call, u32 __user *, args)
430 {
431 u32 a[AUDITSC_ARGS];
432 unsigned int len;
433 u32 a0, a1;
434 int ret;
435
436 if (call < SYS_SOCKET || call > SYS_SENDMMSG)
437 return -EINVAL;
438 len = nas[call];
439 if (len > sizeof(a))
440 return -EINVAL;
441
442 if (copy_from_user(a, args, len))
443 return -EFAULT;
444
445 ret = audit_socketcall_compat(len / sizeof(a[0]), a);
446 if (ret)
447 return ret;
448
449 a0 = a[0];
450 a1 = a[1];
451
452 switch (call) {
453 case SYS_SOCKET:
454 ret = __sys_socket(a0, a1, a[2]);
455 break;
456 case SYS_BIND:
457 ret = __sys_bind(a0, compat_ptr(a1), a[2]);
458 break;
459 case SYS_CONNECT:
460 ret = __sys_connect(a0, compat_ptr(a1), a[2]);
461 break;
462 case SYS_LISTEN:
463 ret = __sys_listen(a0, a1);
464 break;
465 case SYS_ACCEPT:
466 ret = __sys_accept4(a0, compat_ptr(a1), compat_ptr(a[2]), 0);
467 break;
468 case SYS_GETSOCKNAME:
469 ret = __sys_getsockname(a0, compat_ptr(a1), compat_ptr(a[2]));
470 break;
471 case SYS_GETPEERNAME:
472 ret = __sys_getpeername(a0, compat_ptr(a1), compat_ptr(a[2]));
473 break;
474 case SYS_SOCKETPAIR:
475 ret = __sys_socketpair(a0, a1, a[2], compat_ptr(a[3]));
476 break;
477 case SYS_SEND:
478 ret = __sys_sendto(a0, compat_ptr(a1), a[2], a[3], NULL, 0);
479 break;
480 case SYS_SENDTO:
481 ret = __sys_sendto(a0, compat_ptr(a1), a[2], a[3],
482 compat_ptr(a[4]), a[5]);
483 break;
484 case SYS_RECV:
485 ret = __compat_sys_recvfrom(a0, compat_ptr(a1), a[2], a[3],
486 NULL, NULL);
487 break;
488 case SYS_RECVFROM:
489 ret = __compat_sys_recvfrom(a0, compat_ptr(a1), a[2], a[3],
490 compat_ptr(a[4]),
491 compat_ptr(a[5]));
492 break;
493 case SYS_SHUTDOWN:
494 ret = __sys_shutdown(a0, a1);
495 break;
496 case SYS_SETSOCKOPT:
497 ret = __sys_setsockopt(a0, a1, a[2], compat_ptr(a[3]), a[4]);
498 break;
499 case SYS_GETSOCKOPT:
500 ret = __sys_getsockopt(a0, a1, a[2], compat_ptr(a[3]),
501 compat_ptr(a[4]));
502 break;
503 case SYS_SENDMSG:
504 ret = __compat_sys_sendmsg(a0, compat_ptr(a1), a[2]);
505 break;
506 case SYS_SENDMMSG:
507 ret = __compat_sys_sendmmsg(a0, compat_ptr(a1), a[2], a[3]);
508 break;
509 case SYS_RECVMSG:
510 ret = __compat_sys_recvmsg(a0, compat_ptr(a1), a[2]);
511 break;
512 case SYS_RECVMMSG:
513 ret = __sys_recvmmsg(a0, compat_ptr(a1), a[2],
514 a[3] | MSG_CMSG_COMPAT, NULL,
515 compat_ptr(a[4]));
516 break;
517 case SYS_ACCEPT4:
518 ret = __sys_accept4(a0, compat_ptr(a1), compat_ptr(a[2]), a[3]);
519 break;
520 default:
521 ret = -EINVAL;
522 break;
523 }
524 return ret;
525 }
Ubuntu Jammy Linux kernel mirror