mirror of
https://github.com/followmsi/android_kernel_google_msm.git
synced 2024-11-06 23:17:41 +00:00
net: rework recvmsg handler msg_name and msg_namelen logic
[ Upstream commit f3d3342602
]
This patch now always passes msg->msg_namelen as 0. recvmsg handlers must
set msg_namelen to the proper size <= sizeof(struct sockaddr_storage)
to return msg_name to the user.
This prevents numerous uninitialized memory leaks we had in the
recvmsg handlers and makes it harder for new code to accidentally leak
uninitialized memory.
Optimize for the case recvfrom is called with NULL as address. We don't
need to copy the address at all, so set it to NULL before invoking the
recvmsg handler. We can do so, because all the recvmsg handlers must
cope with the case a plain read() is called on them. read() also sets
msg_name to NULL.
Also document these changes in include/linux/net.h as suggested by David
Miller.
Changes since RFC:
Set msg->msg_name = NULL if user specified a NULL in msg_name but had a
non-null msg_namelen in verify_iovec/verify_compat_iovec. This doesn't
affect sendto as it would bail out earlier while trying to copy-in the
address. It also more naturally reflects the logic by the callers of
verify_iovec.
With this change in place I could remove "
if (!uaddr || msg_sys->msg_namelen == 0)
msg->msg_name = NULL
".
This change does not alter the user visible error logic as we ignore
msg_namelen as long as msg_name is NULL.
Also remove two unnecessary curly brackets in ___sys_recvmsg and change
comments to netdev style.
Cc: David Miller <davem@davemloft.net>
Suggested-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: Hannes Frederic Sowa <hannes@stressinduktion.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
parent
11afb94fbe
commit
18719a4c7a
31 changed files with 65 additions and 105 deletions
|
@ -161,8 +161,6 @@ static int hash_recvmsg(struct kiocb *unused, struct socket *sock,
|
||||||
else if (len < ds)
|
else if (len < ds)
|
||||||
msg->msg_flags |= MSG_TRUNC;
|
msg->msg_flags |= MSG_TRUNC;
|
||||||
|
|
||||||
msg->msg_namelen = 0;
|
|
||||||
|
|
||||||
lock_sock(sk);
|
lock_sock(sk);
|
||||||
if (ctx->more) {
|
if (ctx->more) {
|
||||||
ctx->more = 0;
|
ctx->more = 0;
|
||||||
|
|
|
@ -432,7 +432,6 @@ static int skcipher_recvmsg(struct kiocb *unused, struct socket *sock,
|
||||||
long copied = 0;
|
long copied = 0;
|
||||||
|
|
||||||
lock_sock(sk);
|
lock_sock(sk);
|
||||||
msg->msg_namelen = 0;
|
|
||||||
for (iov = msg->msg_iov, iovlen = msg->msg_iovlen; iovlen > 0;
|
for (iov = msg->msg_iov, iovlen = msg->msg_iovlen; iovlen > 0;
|
||||||
iovlen--, iov++) {
|
iovlen--, iov++) {
|
||||||
unsigned long seglen = iov->iov_len;
|
unsigned long seglen = iov->iov_len;
|
||||||
|
|
|
@ -117,7 +117,6 @@ mISDN_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
|
||||||
{
|
{
|
||||||
struct sk_buff *skb;
|
struct sk_buff *skb;
|
||||||
struct sock *sk = sock->sk;
|
struct sock *sk = sock->sk;
|
||||||
struct sockaddr_mISDN *maddr;
|
|
||||||
|
|
||||||
int copied, err;
|
int copied, err;
|
||||||
|
|
||||||
|
@ -135,9 +134,9 @@ mISDN_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
|
||||||
if (!skb)
|
if (!skb)
|
||||||
return err;
|
return err;
|
||||||
|
|
||||||
if (msg->msg_namelen >= sizeof(struct sockaddr_mISDN)) {
|
if (msg->msg_name) {
|
||||||
msg->msg_namelen = sizeof(struct sockaddr_mISDN);
|
struct sockaddr_mISDN *maddr = msg->msg_name;
|
||||||
maddr = (struct sockaddr_mISDN *)msg->msg_name;
|
|
||||||
maddr->family = AF_ISDN;
|
maddr->family = AF_ISDN;
|
||||||
maddr->dev = _pms(sk)->dev->id;
|
maddr->dev = _pms(sk)->dev->id;
|
||||||
if ((sk->sk_protocol == ISDN_P_LAPD_TE) ||
|
if ((sk->sk_protocol == ISDN_P_LAPD_TE) ||
|
||||||
|
@ -150,11 +149,7 @@ mISDN_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
|
||||||
maddr->sapi = _pms(sk)->ch.addr & 0xFF;
|
maddr->sapi = _pms(sk)->ch.addr & 0xFF;
|
||||||
maddr->tei = (_pms(sk)->ch.addr >> 8) & 0xFF;
|
maddr->tei = (_pms(sk)->ch.addr >> 8) & 0xFF;
|
||||||
}
|
}
|
||||||
} else {
|
msg->msg_namelen = sizeof(*maddr);
|
||||||
if (msg->msg_namelen)
|
|
||||||
printk(KERN_WARNING "%s: too small namelen %d\n",
|
|
||||||
__func__, msg->msg_namelen);
|
|
||||||
msg->msg_namelen = 0;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
copied = skb->len + MISDN_HEADER_LEN;
|
copied = skb->len + MISDN_HEADER_LEN;
|
||||||
|
|
|
@ -985,8 +985,6 @@ static int pppoe_recvmsg(struct kiocb *iocb, struct socket *sock,
|
||||||
if (error < 0)
|
if (error < 0)
|
||||||
goto end;
|
goto end;
|
||||||
|
|
||||||
m->msg_namelen = 0;
|
|
||||||
|
|
||||||
if (skb) {
|
if (skb) {
|
||||||
total_len = min_t(size_t, total_len, skb->len);
|
total_len = min_t(size_t, total_len, skb->len);
|
||||||
error = skb_copy_datagram_iovec(skb, 0, m->msg_iov, total_len);
|
error = skb_copy_datagram_iovec(skb, 0, m->msg_iov, total_len);
|
||||||
|
|
|
@ -198,6 +198,14 @@ struct proto_ops {
|
||||||
#endif
|
#endif
|
||||||
int (*sendmsg) (struct kiocb *iocb, struct socket *sock,
|
int (*sendmsg) (struct kiocb *iocb, struct socket *sock,
|
||||||
struct msghdr *m, size_t total_len);
|
struct msghdr *m, size_t total_len);
|
||||||
|
/* Notes for implementing recvmsg:
|
||||||
|
* ===============================
|
||||||
|
* msg->msg_namelen should get updated by the recvmsg handlers
|
||||||
|
* iff msg_name != NULL. It is by default 0 to prevent
|
||||||
|
* returning uninitialized memory to user space. The recvfrom
|
||||||
|
* handlers can assume that msg.msg_name is either NULL or has
|
||||||
|
* a minimum size of sizeof(struct sockaddr_storage).
|
||||||
|
*/
|
||||||
int (*recvmsg) (struct kiocb *iocb, struct socket *sock,
|
int (*recvmsg) (struct kiocb *iocb, struct socket *sock,
|
||||||
struct msghdr *m, size_t total_len,
|
struct msghdr *m, size_t total_len,
|
||||||
int flags);
|
int flags);
|
||||||
|
|
|
@ -1740,7 +1740,6 @@ static int atalk_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr
|
||||||
size_t size, int flags)
|
size_t size, int flags)
|
||||||
{
|
{
|
||||||
struct sock *sk = sock->sk;
|
struct sock *sk = sock->sk;
|
||||||
struct sockaddr_at *sat = (struct sockaddr_at *)msg->msg_name;
|
|
||||||
struct ddpehdr *ddp;
|
struct ddpehdr *ddp;
|
||||||
int copied = 0;
|
int copied = 0;
|
||||||
int offset = 0;
|
int offset = 0;
|
||||||
|
@ -1769,14 +1768,13 @@ static int atalk_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr
|
||||||
}
|
}
|
||||||
err = skb_copy_datagram_iovec(skb, offset, msg->msg_iov, copied);
|
err = skb_copy_datagram_iovec(skb, offset, msg->msg_iov, copied);
|
||||||
|
|
||||||
if (!err) {
|
if (!err && msg->msg_name) {
|
||||||
if (sat) {
|
struct sockaddr_at *sat = msg->msg_name;
|
||||||
sat->sat_family = AF_APPLETALK;
|
sat->sat_family = AF_APPLETALK;
|
||||||
sat->sat_port = ddp->deh_sport;
|
sat->sat_port = ddp->deh_sport;
|
||||||
sat->sat_addr.s_node = ddp->deh_snode;
|
sat->sat_addr.s_node = ddp->deh_snode;
|
||||||
sat->sat_addr.s_net = ddp->deh_snet;
|
sat->sat_addr.s_net = ddp->deh_snet;
|
||||||
}
|
msg->msg_namelen = sizeof(*sat);
|
||||||
msg->msg_namelen = sizeof(*sat);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
skb_free_datagram(sk, skb); /* Free the datagram. */
|
skb_free_datagram(sk, skb); /* Free the datagram. */
|
||||||
|
|
|
@ -520,8 +520,6 @@ int vcc_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg,
|
||||||
struct sk_buff *skb;
|
struct sk_buff *skb;
|
||||||
int copied, error = -EINVAL;
|
int copied, error = -EINVAL;
|
||||||
|
|
||||||
msg->msg_namelen = 0;
|
|
||||||
|
|
||||||
if (sock->state != SS_CONNECTED)
|
if (sock->state != SS_CONNECTED)
|
||||||
return -ENOTCONN;
|
return -ENOTCONN;
|
||||||
|
|
||||||
|
|
|
@ -1640,11 +1640,11 @@ static int ax25_recvmsg(struct kiocb *iocb, struct socket *sock,
|
||||||
|
|
||||||
skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
|
skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
|
||||||
|
|
||||||
if (msg->msg_namelen != 0) {
|
if (msg->msg_name) {
|
||||||
struct sockaddr_ax25 *sax = (struct sockaddr_ax25 *)msg->msg_name;
|
|
||||||
ax25_digi digi;
|
ax25_digi digi;
|
||||||
ax25_address src;
|
ax25_address src;
|
||||||
const unsigned char *mac = skb_mac_header(skb);
|
const unsigned char *mac = skb_mac_header(skb);
|
||||||
|
struct sockaddr_ax25 *sax = msg->msg_name;
|
||||||
|
|
||||||
memset(sax, 0, sizeof(struct full_sockaddr_ax25));
|
memset(sax, 0, sizeof(struct full_sockaddr_ax25));
|
||||||
ax25_addr_parse(mac + 1, skb->data - mac - 1, &src, NULL,
|
ax25_addr_parse(mac + 1, skb->data - mac - 1, &src, NULL,
|
||||||
|
|
|
@ -240,8 +240,6 @@ int bt_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
|
||||||
if (flags & (MSG_OOB))
|
if (flags & (MSG_OOB))
|
||||||
return -EOPNOTSUPP;
|
return -EOPNOTSUPP;
|
||||||
|
|
||||||
msg->msg_namelen = 0;
|
|
||||||
|
|
||||||
skb = skb_recv_datagram(sk, flags, noblock, &err);
|
skb = skb_recv_datagram(sk, flags, noblock, &err);
|
||||||
if (!skb) {
|
if (!skb) {
|
||||||
if (sk->sk_shutdown & RCV_SHUTDOWN)
|
if (sk->sk_shutdown & RCV_SHUTDOWN)
|
||||||
|
@ -306,8 +304,6 @@ int bt_sock_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
|
||||||
if (flags & MSG_OOB)
|
if (flags & MSG_OOB)
|
||||||
return -EOPNOTSUPP;
|
return -EOPNOTSUPP;
|
||||||
|
|
||||||
msg->msg_namelen = 0;
|
|
||||||
|
|
||||||
BT_DBG("sk %p size %zu", sk, size);
|
BT_DBG("sk %p size %zu", sk, size);
|
||||||
|
|
||||||
lock_sock(sk);
|
lock_sock(sk);
|
||||||
|
|
|
@ -767,8 +767,6 @@ static int hci_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
|
||||||
if (!skb)
|
if (!skb)
|
||||||
return err;
|
return err;
|
||||||
|
|
||||||
msg->msg_namelen = 0;
|
|
||||||
|
|
||||||
copied = skb->len;
|
copied = skb->len;
|
||||||
if (len < copied) {
|
if (len < copied) {
|
||||||
msg->msg_flags |= MSG_TRUNC;
|
msg->msg_flags |= MSG_TRUNC;
|
||||||
|
|
|
@ -628,7 +628,6 @@ static int rfcomm_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
|
||||||
|
|
||||||
if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
|
if (test_and_clear_bit(RFCOMM_DEFER_SETUP, &d->flags)) {
|
||||||
rfcomm_dlc_accept(d);
|
rfcomm_dlc_accept(d);
|
||||||
msg->msg_namelen = 0;
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -287,8 +287,6 @@ static int caif_seqpkt_recvmsg(struct kiocb *iocb, struct socket *sock,
|
||||||
if (m->msg_flags&MSG_OOB)
|
if (m->msg_flags&MSG_OOB)
|
||||||
goto read_error;
|
goto read_error;
|
||||||
|
|
||||||
m->msg_namelen = 0;
|
|
||||||
|
|
||||||
skb = skb_recv_datagram(sk, flags, 0 , &ret);
|
skb = skb_recv_datagram(sk, flags, 0 , &ret);
|
||||||
if (!skb)
|
if (!skb)
|
||||||
goto read_error;
|
goto read_error;
|
||||||
|
@ -362,8 +360,6 @@ static int caif_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
|
||||||
if (flags&MSG_OOB)
|
if (flags&MSG_OOB)
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
msg->msg_namelen = 0;
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Lock the socket to prevent queue disordering
|
* Lock the socket to prevent queue disordering
|
||||||
* while sleeps in memcpy_tomsg
|
* while sleeps in memcpy_tomsg
|
||||||
|
|
|
@ -93,7 +93,8 @@ int verify_compat_iovec(struct msghdr *kern_msg, struct iovec *kern_iov,
|
||||||
if (err < 0)
|
if (err < 0)
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
kern_msg->msg_name = kern_address;
|
if (kern_msg->msg_name)
|
||||||
|
kern_msg->msg_name = kern_address;
|
||||||
} else
|
} else
|
||||||
kern_msg->msg_name = NULL;
|
kern_msg->msg_name = NULL;
|
||||||
|
|
||||||
|
|
|
@ -48,7 +48,8 @@ int verify_iovec(struct msghdr *m, struct iovec *iov, struct sockaddr_storage *a
|
||||||
if (err < 0)
|
if (err < 0)
|
||||||
return err;
|
return err;
|
||||||
}
|
}
|
||||||
m->msg_name = address;
|
if (m->msg_name)
|
||||||
|
m->msg_name = address;
|
||||||
} else {
|
} else {
|
||||||
m->msg_name = NULL;
|
m->msg_name = NULL;
|
||||||
}
|
}
|
||||||
|
|
|
@ -1835,8 +1835,6 @@ static int ipx_recvmsg(struct kiocb *iocb, struct socket *sock,
|
||||||
if (skb->tstamp.tv64)
|
if (skb->tstamp.tv64)
|
||||||
sk->sk_stamp = skb->tstamp;
|
sk->sk_stamp = skb->tstamp;
|
||||||
|
|
||||||
msg->msg_namelen = sizeof(*sipx);
|
|
||||||
|
|
||||||
if (sipx) {
|
if (sipx) {
|
||||||
sipx->sipx_family = AF_IPX;
|
sipx->sipx_family = AF_IPX;
|
||||||
sipx->sipx_port = ipx->ipx_source.sock;
|
sipx->sipx_port = ipx->ipx_source.sock;
|
||||||
|
@ -1844,6 +1842,7 @@ static int ipx_recvmsg(struct kiocb *iocb, struct socket *sock,
|
||||||
sipx->sipx_network = IPX_SKB_CB(skb)->ipx_source_net;
|
sipx->sipx_network = IPX_SKB_CB(skb)->ipx_source_net;
|
||||||
sipx->sipx_type = ipx->ipx_type;
|
sipx->sipx_type = ipx->ipx_type;
|
||||||
sipx->sipx_zero = 0;
|
sipx->sipx_zero = 0;
|
||||||
|
msg->msg_namelen = sizeof(*sipx);
|
||||||
}
|
}
|
||||||
rc = copied;
|
rc = copied;
|
||||||
|
|
||||||
|
|
|
@ -1386,8 +1386,6 @@ static int irda_recvmsg_dgram(struct kiocb *iocb, struct socket *sock,
|
||||||
|
|
||||||
IRDA_DEBUG(4, "%s()\n", __func__);
|
IRDA_DEBUG(4, "%s()\n", __func__);
|
||||||
|
|
||||||
msg->msg_namelen = 0;
|
|
||||||
|
|
||||||
skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
|
skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
|
||||||
flags & MSG_DONTWAIT, &err);
|
flags & MSG_DONTWAIT, &err);
|
||||||
if (!skb)
|
if (!skb)
|
||||||
|
@ -1452,8 +1450,6 @@ static int irda_recvmsg_stream(struct kiocb *iocb, struct socket *sock,
|
||||||
target = sock_rcvlowat(sk, flags & MSG_WAITALL, size);
|
target = sock_rcvlowat(sk, flags & MSG_WAITALL, size);
|
||||||
timeo = sock_rcvtimeo(sk, noblock);
|
timeo = sock_rcvtimeo(sk, noblock);
|
||||||
|
|
||||||
msg->msg_namelen = 0;
|
|
||||||
|
|
||||||
do {
|
do {
|
||||||
int chunk;
|
int chunk;
|
||||||
struct sk_buff *skb = skb_dequeue(&sk->sk_receive_queue);
|
struct sk_buff *skb = skb_dequeue(&sk->sk_receive_queue);
|
||||||
|
|
|
@ -1331,8 +1331,6 @@ static int iucv_sock_recvmsg(struct kiocb *iocb, struct socket *sock,
|
||||||
struct sk_buff *skb, *rskb, *cskb;
|
struct sk_buff *skb, *rskb, *cskb;
|
||||||
int err = 0;
|
int err = 0;
|
||||||
|
|
||||||
msg->msg_namelen = 0;
|
|
||||||
|
|
||||||
if ((sk->sk_state == IUCV_DISCONN) &&
|
if ((sk->sk_state == IUCV_DISCONN) &&
|
||||||
skb_queue_empty(&iucv->backlog_skb_q) &&
|
skb_queue_empty(&iucv->backlog_skb_q) &&
|
||||||
skb_queue_empty(&sk->sk_receive_queue) &&
|
skb_queue_empty(&sk->sk_receive_queue) &&
|
||||||
|
|
|
@ -3595,7 +3595,6 @@ static int pfkey_recvmsg(struct kiocb *kiocb,
|
||||||
if (flags & ~(MSG_PEEK|MSG_DONTWAIT|MSG_TRUNC|MSG_CMSG_COMPAT))
|
if (flags & ~(MSG_PEEK|MSG_DONTWAIT|MSG_TRUNC|MSG_CMSG_COMPAT))
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
msg->msg_namelen = 0;
|
|
||||||
skb = skb_recv_datagram(sk, flags, flags & MSG_DONTWAIT, &err);
|
skb = skb_recv_datagram(sk, flags, flags & MSG_DONTWAIT, &err);
|
||||||
if (skb == NULL)
|
if (skb == NULL)
|
||||||
goto out;
|
goto out;
|
||||||
|
|
|
@ -200,8 +200,6 @@ static int pppol2tp_recvmsg(struct kiocb *iocb, struct socket *sock,
|
||||||
if (sk->sk_state & PPPOX_BOUND)
|
if (sk->sk_state & PPPOX_BOUND)
|
||||||
goto end;
|
goto end;
|
||||||
|
|
||||||
msg->msg_namelen = 0;
|
|
||||||
|
|
||||||
err = 0;
|
err = 0;
|
||||||
skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
|
skb = skb_recv_datagram(sk, flags & ~MSG_DONTWAIT,
|
||||||
flags & MSG_DONTWAIT, &err);
|
flags & MSG_DONTWAIT, &err);
|
||||||
|
|
|
@ -721,8 +721,6 @@ static int llc_ui_recvmsg(struct kiocb *iocb, struct socket *sock,
|
||||||
int target; /* Read at least this many bytes */
|
int target; /* Read at least this many bytes */
|
||||||
long timeo;
|
long timeo;
|
||||||
|
|
||||||
msg->msg_namelen = 0;
|
|
||||||
|
|
||||||
lock_sock(sk);
|
lock_sock(sk);
|
||||||
copied = -ENOTCONN;
|
copied = -ENOTCONN;
|
||||||
if (unlikely(sk->sk_type == SOCK_STREAM && sk->sk_state == TCP_LISTEN))
|
if (unlikely(sk->sk_type == SOCK_STREAM && sk->sk_state == TCP_LISTEN))
|
||||||
|
|
|
@ -1443,8 +1443,6 @@ static int netlink_recvmsg(struct kiocb *kiocb, struct socket *sock,
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
msg->msg_namelen = 0;
|
|
||||||
|
|
||||||
copied = data_skb->len;
|
copied = data_skb->len;
|
||||||
if (len < copied) {
|
if (len < copied) {
|
||||||
msg->msg_flags |= MSG_TRUNC;
|
msg->msg_flags |= MSG_TRUNC;
|
||||||
|
|
|
@ -1181,10 +1181,9 @@ static int nr_recvmsg(struct kiocb *iocb, struct socket *sock,
|
||||||
sax->sax25_family = AF_NETROM;
|
sax->sax25_family = AF_NETROM;
|
||||||
skb_copy_from_linear_data_offset(skb, 7, sax->sax25_call.ax25_call,
|
skb_copy_from_linear_data_offset(skb, 7, sax->sax25_call.ax25_call,
|
||||||
AX25_ADDR_LEN);
|
AX25_ADDR_LEN);
|
||||||
|
msg->msg_namelen = sizeof(*sax);
|
||||||
}
|
}
|
||||||
|
|
||||||
msg->msg_namelen = sizeof(*sax);
|
|
||||||
|
|
||||||
skb_free_datagram(sk, skb);
|
skb_free_datagram(sk, skb);
|
||||||
|
|
||||||
release_sock(sk);
|
release_sock(sk);
|
||||||
|
|
|
@ -235,8 +235,6 @@ static int rawsock_recvmsg(struct kiocb *iocb, struct socket *sock,
|
||||||
if (!skb)
|
if (!skb)
|
||||||
return rc;
|
return rc;
|
||||||
|
|
||||||
msg->msg_namelen = 0;
|
|
||||||
|
|
||||||
copied = skb->len;
|
copied = skb->len;
|
||||||
if (len < copied) {
|
if (len < copied) {
|
||||||
msg->msg_flags |= MSG_TRUNC;
|
msg->msg_flags |= MSG_TRUNC;
|
||||||
|
|
|
@ -2691,7 +2691,6 @@ static int packet_recvmsg(struct kiocb *iocb, struct socket *sock,
|
||||||
struct sock *sk = sock->sk;
|
struct sock *sk = sock->sk;
|
||||||
struct sk_buff *skb;
|
struct sk_buff *skb;
|
||||||
int copied, err;
|
int copied, err;
|
||||||
struct sockaddr_ll *sll;
|
|
||||||
int vnet_hdr_len = 0;
|
int vnet_hdr_len = 0;
|
||||||
|
|
||||||
err = -EINVAL;
|
err = -EINVAL;
|
||||||
|
@ -2774,22 +2773,10 @@ static int packet_recvmsg(struct kiocb *iocb, struct socket *sock,
|
||||||
goto out_free;
|
goto out_free;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/* You lose any data beyond the buffer you gave. If it worries
|
||||||
* If the address length field is there to be filled in, we fill
|
* a user program they can ask the device for its MTU
|
||||||
* it in now.
|
* anyway.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
sll = &PACKET_SKB_CB(skb)->sa.ll;
|
|
||||||
if (sock->type == SOCK_PACKET)
|
|
||||||
msg->msg_namelen = sizeof(struct sockaddr_pkt);
|
|
||||||
else
|
|
||||||
msg->msg_namelen = sll->sll_halen + offsetof(struct sockaddr_ll, sll_addr);
|
|
||||||
|
|
||||||
/*
|
|
||||||
* You lose any data beyond the buffer you gave. If it worries a
|
|
||||||
* user program they can ask the device for its MTU anyway.
|
|
||||||
*/
|
|
||||||
|
|
||||||
copied = skb->len;
|
copied = skb->len;
|
||||||
if (copied > len) {
|
if (copied > len) {
|
||||||
copied = len;
|
copied = len;
|
||||||
|
@ -2802,9 +2789,20 @@ static int packet_recvmsg(struct kiocb *iocb, struct socket *sock,
|
||||||
|
|
||||||
sock_recv_ts_and_drops(msg, sk, skb);
|
sock_recv_ts_and_drops(msg, sk, skb);
|
||||||
|
|
||||||
if (msg->msg_name)
|
if (msg->msg_name) {
|
||||||
|
/* If the address length field is there to be filled
|
||||||
|
* in, we fill it in now.
|
||||||
|
*/
|
||||||
|
if (sock->type == SOCK_PACKET) {
|
||||||
|
msg->msg_namelen = sizeof(struct sockaddr_pkt);
|
||||||
|
} else {
|
||||||
|
struct sockaddr_ll *sll = &PACKET_SKB_CB(skb)->sa.ll;
|
||||||
|
msg->msg_namelen = sll->sll_halen +
|
||||||
|
offsetof(struct sockaddr_ll, sll_addr);
|
||||||
|
}
|
||||||
memcpy(msg->msg_name, &PACKET_SKB_CB(skb)->sa,
|
memcpy(msg->msg_name, &PACKET_SKB_CB(skb)->sa,
|
||||||
msg->msg_namelen);
|
msg->msg_namelen);
|
||||||
|
}
|
||||||
|
|
||||||
if (pkt_sk(sk)->auxdata) {
|
if (pkt_sk(sk)->auxdata) {
|
||||||
struct tpacket_auxdata aux;
|
struct tpacket_auxdata aux;
|
||||||
|
|
|
@ -410,8 +410,6 @@ int rds_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg,
|
||||||
|
|
||||||
rdsdebug("size %zu flags 0x%x timeo %ld\n", size, msg_flags, timeo);
|
rdsdebug("size %zu flags 0x%x timeo %ld\n", size, msg_flags, timeo);
|
||||||
|
|
||||||
msg->msg_namelen = 0;
|
|
||||||
|
|
||||||
if (msg_flags & MSG_OOB)
|
if (msg_flags & MSG_OOB)
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
|
|
|
@ -1220,7 +1220,6 @@ static int rose_recvmsg(struct kiocb *iocb, struct socket *sock,
|
||||||
{
|
{
|
||||||
struct sock *sk = sock->sk;
|
struct sock *sk = sock->sk;
|
||||||
struct rose_sock *rose = rose_sk(sk);
|
struct rose_sock *rose = rose_sk(sk);
|
||||||
struct sockaddr_rose *srose = (struct sockaddr_rose *)msg->msg_name;
|
|
||||||
size_t copied;
|
size_t copied;
|
||||||
unsigned char *asmptr;
|
unsigned char *asmptr;
|
||||||
struct sk_buff *skb;
|
struct sk_buff *skb;
|
||||||
|
@ -1256,8 +1255,11 @@ static int rose_recvmsg(struct kiocb *iocb, struct socket *sock,
|
||||||
|
|
||||||
skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
|
skb_copy_datagram_iovec(skb, 0, msg->msg_iov, copied);
|
||||||
|
|
||||||
if (srose != NULL) {
|
if (msg->msg_name) {
|
||||||
memset(srose, 0, msg->msg_namelen);
|
struct sockaddr_rose *srose;
|
||||||
|
|
||||||
|
memset(msg->msg_name, 0, sizeof(struct full_sockaddr_rose));
|
||||||
|
srose = msg->msg_name;
|
||||||
srose->srose_family = AF_ROSE;
|
srose->srose_family = AF_ROSE;
|
||||||
srose->srose_addr = rose->dest_addr;
|
srose->srose_addr = rose->dest_addr;
|
||||||
srose->srose_call = rose->dest_call;
|
srose->srose_call = rose->dest_call;
|
||||||
|
|
|
@ -143,10 +143,13 @@ int rxrpc_recvmsg(struct kiocb *iocb, struct socket *sock,
|
||||||
|
|
||||||
/* copy the peer address and timestamp */
|
/* copy the peer address and timestamp */
|
||||||
if (!continue_call) {
|
if (!continue_call) {
|
||||||
if (msg->msg_name && msg->msg_namelen > 0)
|
if (msg->msg_name) {
|
||||||
|
size_t len =
|
||||||
|
sizeof(call->conn->trans->peer->srx);
|
||||||
memcpy(msg->msg_name,
|
memcpy(msg->msg_name,
|
||||||
&call->conn->trans->peer->srx,
|
&call->conn->trans->peer->srx, len);
|
||||||
sizeof(call->conn->trans->peer->srx));
|
msg->msg_namelen = len;
|
||||||
|
}
|
||||||
sock_recv_ts_and_drops(msg, &rx->sk, skb);
|
sock_recv_ts_and_drops(msg, &rx->sk, skb);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
19
net/socket.c
19
net/socket.c
|
@ -1775,8 +1775,10 @@ SYSCALL_DEFINE6(recvfrom, int, fd, void __user *, ubuf, size_t, size,
|
||||||
msg.msg_iov = &iov;
|
msg.msg_iov = &iov;
|
||||||
iov.iov_len = size;
|
iov.iov_len = size;
|
||||||
iov.iov_base = ubuf;
|
iov.iov_base = ubuf;
|
||||||
msg.msg_name = (struct sockaddr *)&address;
|
/* Save some cycles and don't copy the address if not needed */
|
||||||
msg.msg_namelen = sizeof(address);
|
msg.msg_name = addr ? (struct sockaddr *)&address : NULL;
|
||||||
|
/* We assume all kernel code knows the size of sockaddr_storage */
|
||||||
|
msg.msg_namelen = 0;
|
||||||
if (sock->file->f_flags & O_NONBLOCK)
|
if (sock->file->f_flags & O_NONBLOCK)
|
||||||
flags |= MSG_DONTWAIT;
|
flags |= MSG_DONTWAIT;
|
||||||
err = sock_recvmsg(sock, &msg, size, flags);
|
err = sock_recvmsg(sock, &msg, size, flags);
|
||||||
|
@ -2161,16 +2163,14 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/* Save the user-mode address (verify_iovec will change the
|
||||||
* Save the user-mode address (verify_iovec will change the
|
* kernel msghdr to use the kernel address space)
|
||||||
* kernel msghdr to use the kernel address space)
|
|
||||||
*/
|
*/
|
||||||
|
|
||||||
uaddr = (__force void __user *)msg_sys->msg_name;
|
uaddr = (__force void __user *)msg_sys->msg_name;
|
||||||
uaddr_len = COMPAT_NAMELEN(msg);
|
uaddr_len = COMPAT_NAMELEN(msg);
|
||||||
if (MSG_CMSG_COMPAT & flags) {
|
if (MSG_CMSG_COMPAT & flags)
|
||||||
err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE);
|
err = verify_compat_iovec(msg_sys, iov, &addr, VERIFY_WRITE);
|
||||||
} else
|
else
|
||||||
err = verify_iovec(msg_sys, iov, &addr, VERIFY_WRITE);
|
err = verify_iovec(msg_sys, iov, &addr, VERIFY_WRITE);
|
||||||
if (err < 0)
|
if (err < 0)
|
||||||
goto out_freeiov;
|
goto out_freeiov;
|
||||||
|
@ -2179,6 +2179,9 @@ static int ___sys_recvmsg(struct socket *sock, struct msghdr __user *msg,
|
||||||
cmsg_ptr = (unsigned long)msg_sys->msg_control;
|
cmsg_ptr = (unsigned long)msg_sys->msg_control;
|
||||||
msg_sys->msg_flags = flags & (MSG_CMSG_CLOEXEC|MSG_CMSG_COMPAT);
|
msg_sys->msg_flags = flags & (MSG_CMSG_CLOEXEC|MSG_CMSG_COMPAT);
|
||||||
|
|
||||||
|
/* We assume all kernel code knows the size of sockaddr_storage */
|
||||||
|
msg_sys->msg_namelen = 0;
|
||||||
|
|
||||||
if (sock->file->f_flags & O_NONBLOCK)
|
if (sock->file->f_flags & O_NONBLOCK)
|
||||||
flags |= MSG_DONTWAIT;
|
flags |= MSG_DONTWAIT;
|
||||||
err = (nosec ? sock_recvmsg_nosec : sock_recvmsg)(sock, msg_sys,
|
err = (nosec ? sock_recvmsg_nosec : sock_recvmsg)(sock, msg_sys,
|
||||||
|
|
|
@ -949,9 +949,6 @@ static int recv_msg(struct kiocb *iocb, struct socket *sock,
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* will be updated in set_orig_addr() if needed */
|
|
||||||
m->msg_namelen = 0;
|
|
||||||
|
|
||||||
timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
|
timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
|
||||||
restart:
|
restart:
|
||||||
|
|
||||||
|
@ -1078,9 +1075,6 @@ static int recv_stream(struct kiocb *iocb, struct socket *sock,
|
||||||
goto exit;
|
goto exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* will be updated in set_orig_addr() if needed */
|
|
||||||
m->msg_namelen = 0;
|
|
||||||
|
|
||||||
target = sock_rcvlowat(sk, flags & MSG_WAITALL, buf_len);
|
target = sock_rcvlowat(sk, flags & MSG_WAITALL, buf_len);
|
||||||
timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
|
timeout = sock_rcvtimeo(sk, flags & MSG_DONTWAIT);
|
||||||
restart:
|
restart:
|
||||||
|
|
|
@ -1755,7 +1755,6 @@ static void unix_copy_addr(struct msghdr *msg, struct sock *sk)
|
||||||
{
|
{
|
||||||
struct unix_sock *u = unix_sk(sk);
|
struct unix_sock *u = unix_sk(sk);
|
||||||
|
|
||||||
msg->msg_namelen = 0;
|
|
||||||
if (u->addr) {
|
if (u->addr) {
|
||||||
msg->msg_namelen = u->addr->len;
|
msg->msg_namelen = u->addr->len;
|
||||||
memcpy(msg->msg_name, u->addr->name, u->addr->len);
|
memcpy(msg->msg_name, u->addr->name, u->addr->len);
|
||||||
|
@ -1779,8 +1778,6 @@ static int unix_dgram_recvmsg(struct kiocb *iocb, struct socket *sock,
|
||||||
if (flags&MSG_OOB)
|
if (flags&MSG_OOB)
|
||||||
goto out;
|
goto out;
|
||||||
|
|
||||||
msg->msg_namelen = 0;
|
|
||||||
|
|
||||||
err = mutex_lock_interruptible(&u->readlock);
|
err = mutex_lock_interruptible(&u->readlock);
|
||||||
if (err) {
|
if (err) {
|
||||||
err = sock_intr_errno(sock_rcvtimeo(sk, noblock));
|
err = sock_intr_errno(sock_rcvtimeo(sk, noblock));
|
||||||
|
@ -1922,8 +1919,6 @@ static int unix_stream_recvmsg(struct kiocb *iocb, struct socket *sock,
|
||||||
target = sock_rcvlowat(sk, flags&MSG_WAITALL, size);
|
target = sock_rcvlowat(sk, flags&MSG_WAITALL, size);
|
||||||
timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT);
|
timeo = sock_rcvtimeo(sk, flags&MSG_DONTWAIT);
|
||||||
|
|
||||||
msg->msg_namelen = 0;
|
|
||||||
|
|
||||||
/* Lock the socket to prevent queue disordering
|
/* Lock the socket to prevent queue disordering
|
||||||
* while sleeps in memcpy_tomsg
|
* while sleeps in memcpy_tomsg
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -1343,10 +1343,9 @@ static int x25_recvmsg(struct kiocb *iocb, struct socket *sock,
|
||||||
if (sx25) {
|
if (sx25) {
|
||||||
sx25->sx25_family = AF_X25;
|
sx25->sx25_family = AF_X25;
|
||||||
sx25->sx25_addr = x25->dest_addr;
|
sx25->sx25_addr = x25->dest_addr;
|
||||||
|
msg->msg_namelen = sizeof(*sx25);
|
||||||
}
|
}
|
||||||
|
|
||||||
msg->msg_namelen = sizeof(struct sockaddr_x25);
|
|
||||||
|
|
||||||
x25_check_rbuf(sk);
|
x25_check_rbuf(sk);
|
||||||
rc = copied;
|
rc = copied;
|
||||||
out_free_dgram:
|
out_free_dgram:
|
||||||
|
|
Loading…
Reference in a new issue