~ [ source navigation ] ~ [ diff markup ] ~ [ identifier search ] ~

TOMOYO Linux Cross Reference
Linux/net/sctp/socket.c

Version: ~ [ linux-5.11-rc3 ] ~ [ linux-5.10.7 ] ~ [ linux-5.9.16 ] ~ [ linux-5.8.18 ] ~ [ linux-5.7.19 ] ~ [ linux-5.6.19 ] ~ [ linux-5.5.19 ] ~ [ linux-5.4.89 ] ~ [ linux-5.3.18 ] ~ [ linux-5.2.21 ] ~ [ linux-5.1.21 ] ~ [ linux-5.0.21 ] ~ [ linux-4.20.17 ] ~ [ linux-4.19.167 ] ~ [ linux-4.18.20 ] ~ [ linux-4.17.19 ] ~ [ linux-4.16.18 ] ~ [ linux-4.15.18 ] ~ [ linux-4.14.215 ] ~ [ linux-4.13.16 ] ~ [ linux-4.12.14 ] ~ [ linux-4.11.12 ] ~ [ linux-4.10.17 ] ~ [ linux-4.9.251 ] ~ [ linux-4.8.17 ] ~ [ linux-4.7.10 ] ~ [ linux-4.6.7 ] ~ [ linux-4.5.7 ] ~ [ linux-4.4.251 ] ~ [ linux-4.3.6 ] ~ [ linux-4.2.8 ] ~ [ linux-4.1.52 ] ~ [ linux-4.0.9 ] ~ [ linux-3.19.8 ] ~ [ linux-3.18.140 ] ~ [ linux-3.17.8 ] ~ [ linux-3.16.85 ] ~ [ linux-3.15.10 ] ~ [ linux-3.14.79 ] ~ [ linux-3.13.11 ] ~ [ linux-3.12.74 ] ~ [ linux-3.11.10 ] ~ [ linux-3.10.108 ] ~ [ linux-2.6.32.71 ] ~ [ linux-2.6.0 ] ~ [ linux-2.4.37.11 ] ~ [ unix-v6-master ] ~ [ ccs-tools-1.8.5 ] ~ [ policy-sample ] ~
Architecture: ~ [ i386 ] ~ [ alpha ] ~ [ m68k ] ~ [ mips ] ~ [ ppc ] ~ [ sparc ] ~ [ sparc64 ] ~

  1 /* SCTP kernel implementation
  2  * (C) Copyright IBM Corp. 2001, 2004
  3  * Copyright (c) 1999-2000 Cisco, Inc.
  4  * Copyright (c) 1999-2001 Motorola, Inc.
  5  * Copyright (c) 2001-2003 Intel Corp.
  6  * Copyright (c) 2001-2002 Nokia, Inc.
  7  * Copyright (c) 2001 La Monte H.P. Yarroll
  8  *
  9  * This file is part of the SCTP kernel implementation
 10  *
 11  * These functions interface with the sockets layer to implement the
 12  * SCTP Extensions for the Sockets API.
 13  *
 14  * Note that the descriptions from the specification are USER level
 15  * functions--this file is the functions which populate the struct proto
 16  * for SCTP which is the BOTTOM of the sockets interface.
 17  *
 18  * This SCTP implementation is free software;
 19  * you can redistribute it and/or modify it under the terms of
 20  * the GNU General Public License as published by
 21  * the Free Software Foundation; either version 2, or (at your option)
 22  * any later version.
 23  *
 24  * This SCTP implementation is distributed in the hope that it
 25  * will be useful, but WITHOUT ANY WARRANTY; without even the implied
 26  *                 ************************
 27  * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 28  * See the GNU General Public License for more details.
 29  *
 30  * You should have received a copy of the GNU General Public License
 31  * along with GNU CC; see the file COPYING.  If not, see
 32  * <http://www.gnu.org/licenses/>.
 33  *
 34  * Please send any bug reports or fixes you make to the
 35  * email address(es):
 36  *    lksctp developers <linux-sctp@vger.kernel.org>
 37  *
 38  * Written or modified by:
 39  *    La Monte H.P. Yarroll <piggy@acm.org>
 40  *    Narasimha Budihal     <narsi@refcode.org>
 41  *    Karl Knutson          <karl@athena.chicago.il.us>
 42  *    Jon Grimm             <jgrimm@us.ibm.com>
 43  *    Xingang Guo           <xingang.guo@intel.com>
 44  *    Daisy Chang           <daisyc@us.ibm.com>
 45  *    Sridhar Samudrala     <samudrala@us.ibm.com>
 46  *    Inaky Perez-Gonzalez  <inaky.gonzalez@intel.com>
 47  *    Ardelle Fan           <ardelle.fan@intel.com>
 48  *    Ryan Layer            <rmlayer@us.ibm.com>
 49  *    Anup Pemmaiah         <pemmaiah@cc.usu.edu>
 50  *    Kevin Gao             <kevin.gao@intel.com>
 51  */
 52 
 53 #define pr_fmt(fmt) KBUILD_MODNAME ": " fmt
 54 
 55 #include <crypto/hash.h>
 56 #include <linux/types.h>
 57 #include <linux/kernel.h>
 58 #include <linux/wait.h>
 59 #include <linux/time.h>
 60 #include <linux/sched/signal.h>
 61 #include <linux/ip.h>
 62 #include <linux/capability.h>
 63 #include <linux/fcntl.h>
 64 #include <linux/poll.h>
 65 #include <linux/init.h>
 66 #include <linux/slab.h>
 67 #include <linux/file.h>
 68 #include <linux/compat.h>
 69 
 70 #include <net/ip.h>
 71 #include <net/icmp.h>
 72 #include <net/route.h>
 73 #include <net/ipv6.h>
 74 #include <net/inet_common.h>
 75 #include <net/busy_poll.h>
 76 
 77 #include <linux/socket.h> /* for sa_family_t */
 78 #include <linux/export.h>
 79 #include <net/sock.h>
 80 #include <net/sctp/sctp.h>
 81 #include <net/sctp/sm.h>
 82 #include <net/sctp/stream_sched.h>
 83 
 84 /* Forward declarations for internal helper functions. */
 85 static int sctp_writeable(struct sock *sk);
 86 static void sctp_wfree(struct sk_buff *skb);
 87 static int sctp_wait_for_sndbuf(struct sctp_association *asoc, long *timeo_p,
 88                                 size_t msg_len);
 89 static int sctp_wait_for_packet(struct sock *sk, int *err, long *timeo_p);
 90 static int sctp_wait_for_connect(struct sctp_association *, long *timeo_p);
 91 static int sctp_wait_for_accept(struct sock *sk, long timeo);
 92 static void sctp_wait_for_close(struct sock *sk, long timeo);
 93 static void sctp_destruct_sock(struct sock *sk);
 94 static struct sctp_af *sctp_sockaddr_af(struct sctp_sock *opt,
 95                                         union sctp_addr *addr, int len);
 96 static int sctp_bindx_add(struct sock *, struct sockaddr *, int);
 97 static int sctp_bindx_rem(struct sock *, struct sockaddr *, int);
 98 static int sctp_send_asconf_add_ip(struct sock *, struct sockaddr *, int);
 99 static int sctp_send_asconf_del_ip(struct sock *, struct sockaddr *, int);
100 static int sctp_send_asconf(struct sctp_association *asoc,
101                             struct sctp_chunk *chunk);
102 static int sctp_do_bind(struct sock *, union sctp_addr *, int);
103 static int sctp_autobind(struct sock *sk);
104 static void sctp_sock_migrate(struct sock *oldsk, struct sock *newsk,
105                               struct sctp_association *assoc,
106                               enum sctp_socket_type type);
107 
108 static unsigned long sctp_memory_pressure;
109 static atomic_long_t sctp_memory_allocated;
110 struct percpu_counter sctp_sockets_allocated;
111 
112 static void sctp_enter_memory_pressure(struct sock *sk)
113 {
114         sctp_memory_pressure = 1;
115 }
116 
117 
118 /* Get the sndbuf space available at the time on the association.  */
119 static inline int sctp_wspace(struct sctp_association *asoc)
120 {
121         int amt;
122 
123         if (asoc->ep->sndbuf_policy)
124                 amt = asoc->sndbuf_used;
125         else
126                 amt = sk_wmem_alloc_get(asoc->base.sk);
127 
128         if (amt >= asoc->base.sk->sk_sndbuf) {
129                 if (asoc->base.sk->sk_userlocks & SOCK_SNDBUF_LOCK)
130                         amt = 0;
131                 else {
132                         amt = sk_stream_wspace(asoc->base.sk);
133                         if (amt < 0)
134                                 amt = 0;
135                 }
136         } else {
137                 amt = asoc->base.sk->sk_sndbuf - amt;
138         }
139         return amt;
140 }
141 
142 /* Increment the used sndbuf space count of the corresponding association by
143  * the size of the outgoing data chunk.
144  * Also, set the skb destructor for sndbuf accounting later.
145  *
146  * Since it is always 1-1 between chunk and skb, and also a new skb is always
147  * allocated for chunk bundling in sctp_packet_transmit(), we can use the
148  * destructor in the data chunk skb for the purpose of the sndbuf space
149  * tracking.
150  */
151 static inline void sctp_set_owner_w(struct sctp_chunk *chunk)
152 {
153         struct sctp_association *asoc = chunk->asoc;
154         struct sock *sk = asoc->base.sk;
155 
156         /* The sndbuf space is tracked per association.  */
157         sctp_association_hold(asoc);
158 
159         skb_set_owner_w(chunk->skb, sk);
160 
161         chunk->skb->destructor = sctp_wfree;
162         /* Save the chunk pointer in skb for sctp_wfree to use later.  */
163         skb_shinfo(chunk->skb)->destructor_arg = chunk;
164 
165         asoc->sndbuf_used += SCTP_DATA_SNDSIZE(chunk) +
166                                 sizeof(struct sk_buff) +
167                                 sizeof(struct sctp_chunk);
168 
169         refcount_add(sizeof(struct sctp_chunk), &sk->sk_wmem_alloc);
170         sk->sk_wmem_queued += chunk->skb->truesize;
171         sk_mem_charge(sk, chunk->skb->truesize);
172 }
173 
174 static void sctp_clear_owner_w(struct sctp_chunk *chunk)
175 {
176         skb_orphan(chunk->skb);
177 }
178 
179 static void sctp_for_each_tx_datachunk(struct sctp_association *asoc,
180                                        void (*cb)(struct sctp_chunk *))
181 
182 {
183         struct sctp_outq *q = &asoc->outqueue;
184         struct sctp_transport *t;
185         struct sctp_chunk *chunk;
186 
187         list_for_each_entry(t, &asoc->peer.transport_addr_list, transports)
188                 list_for_each_entry(chunk, &t->transmitted, transmitted_list)
189                         cb(chunk);
190 
191         list_for_each_entry(chunk, &q->retransmit, transmitted_list)
192                 cb(chunk);
193 
194         list_for_each_entry(chunk, &q->sacked, transmitted_list)
195                 cb(chunk);
196 
197         list_for_each_entry(chunk, &q->abandoned, transmitted_list)
198                 cb(chunk);
199 
200         list_for_each_entry(chunk, &q->out_chunk_list, list)
201                 cb(chunk);
202 }
203 
204 static void sctp_for_each_rx_skb(struct sctp_association *asoc, struct sock *sk,
205                                  void (*cb)(struct sk_buff *, struct sock *))
206 
207 {
208         struct sk_buff *skb, *tmp;
209 
210         sctp_skb_for_each(skb, &asoc->ulpq.lobby, tmp)
211                 cb(skb, sk);
212 
213         sctp_skb_for_each(skb, &asoc->ulpq.reasm, tmp)
214                 cb(skb, sk);
215 
216         sctp_skb_for_each(skb, &asoc->ulpq.reasm_uo, tmp)
217                 cb(skb, sk);
218 }
219 
220 /* Verify that this is a valid address. */
221 static inline int sctp_verify_addr(struct sock *sk, union sctp_addr *addr,
222                                    int len)
223 {
224         struct sctp_af *af;
225 
226         /* Verify basic sockaddr. */
227         af = sctp_sockaddr_af(sctp_sk(sk), addr, len);
228         if (!af)
229                 return -EINVAL;
230 
231         /* Is this a valid SCTP address?  */
232         if (!af->addr_valid(addr, sctp_sk(sk), NULL))
233                 return -EINVAL;
234 
235         if (!sctp_sk(sk)->pf->send_verify(sctp_sk(sk), (addr)))
236                 return -EINVAL;
237 
238         return 0;
239 }
240 
241 /* Look up the association by its id.  If this is not a UDP-style
242  * socket, the ID field is always ignored.
243  */
244 struct sctp_association *sctp_id2assoc(struct sock *sk, sctp_assoc_t id)
245 {
246         struct sctp_association *asoc = NULL;
247 
248         /* If this is not a UDP-style socket, assoc id should be ignored. */
249         if (!sctp_style(sk, UDP)) {
250                 /* Return NULL if the socket state is not ESTABLISHED. It
251                  * could be a TCP-style listening socket or a socket which
252                  * hasn't yet called connect() to establish an association.
253                  */
254                 if (!sctp_sstate(sk, ESTABLISHED) && !sctp_sstate(sk, CLOSING))
255                         return NULL;
256 
257                 /* Get the first and the only association from the list. */
258                 if (!list_empty(&sctp_sk(sk)->ep->asocs))
259                         asoc = list_entry(sctp_sk(sk)->ep->asocs.next,
260                                           struct sctp_association, asocs);
261                 return asoc;
262         }
263 
264         /* Otherwise this is a UDP-style socket. */
265         if (!id || (id == (sctp_assoc_t)-1))
266                 return NULL;
267 
268         spin_lock_bh(&sctp_assocs_id_lock);
269         asoc = (struct sctp_association *)idr_find(&sctp_assocs_id, (int)id);
270         spin_unlock_bh(&sctp_assocs_id_lock);
271 
272         if (!asoc || (asoc->base.sk != sk) || asoc->base.dead)
273                 return NULL;
274 
275         return asoc;
276 }
277 
278 /* Look up the transport from an address and an assoc id. If both address and
279  * id are specified, the associations matching the address and the id should be
280  * the same.
281  */
282 static struct sctp_transport *sctp_addr_id2transport(struct sock *sk,
283                                               struct sockaddr_storage *addr,
284                                               sctp_assoc_t id)
285 {
286         struct sctp_association *addr_asoc = NULL, *id_asoc = NULL;
287         struct sctp_af *af = sctp_get_af_specific(addr->ss_family);
288         union sctp_addr *laddr = (union sctp_addr *)addr;
289         struct sctp_transport *transport;
290 
291         if (!af || sctp_verify_addr(sk, laddr, af->sockaddr_len))
292                 return NULL;
293 
294         addr_asoc = sctp_endpoint_lookup_assoc(sctp_sk(sk)->ep,
295                                                laddr,
296                                                &transport);
297 
298         if (!addr_asoc)
299                 return NULL;
300 
301         id_asoc = sctp_id2assoc(sk, id);
302         if (id_asoc && (id_asoc != addr_asoc))
303                 return NULL;
304 
305         sctp_get_pf_specific(sk->sk_family)->addr_to_user(sctp_sk(sk),
306                                                 (union sctp_addr *)addr);
307 
308         return transport;
309 }
310 
311 /* API 3.1.2 bind() - UDP Style Syntax
312  * The syntax of bind() is,
313  *
314  *   ret = bind(int sd, struct sockaddr *addr, int addrlen);
315  *
316  *   sd      - the socket descriptor returned by socket().
317  *   addr    - the address structure (struct sockaddr_in or struct
318  *             sockaddr_in6 [RFC 2553]),
319  *   addr_len - the size of the address structure.
320  */
321 static int sctp_bind(struct sock *sk, struct sockaddr *addr, int addr_len)
322 {
323         int retval = 0;
324 
325         lock_sock(sk);
326 
327         pr_debug("%s: sk:%p, addr:%p, addr_len:%d\n", __func__, sk,
328                  addr, addr_len);
329 
330         /* Disallow binding twice. */
331         if (!sctp_sk(sk)->ep->base.bind_addr.port)
332                 retval = sctp_do_bind(sk, (union sctp_addr *)addr,
333                                       addr_len);
334         else
335                 retval = -EINVAL;
336 
337         release_sock(sk);
338 
339         return retval;
340 }
341 
342 static long sctp_get_port_local(struct sock *, union sctp_addr *);
343 
344 /* Verify this is a valid sockaddr. */
345 static struct sctp_af *sctp_sockaddr_af(struct sctp_sock *opt,
346                                         union sctp_addr *addr, int len)
347 {
348         struct sctp_af *af;
349 
350         /* Check minimum size.  */
351         if (len < sizeof (struct sockaddr))
352                 return NULL;
353 
354         if (!opt->pf->af_supported(addr->sa.sa_family, opt))
355                 return NULL;
356 
357         if (addr->sa.sa_family == AF_INET6) {
358                 if (len < SIN6_LEN_RFC2133)
359                         return NULL;
360                 /* V4 mapped address are really of AF_INET family */
361                 if (ipv6_addr_v4mapped(&addr->v6.sin6_addr) &&
362                     !opt->pf->af_supported(AF_INET, opt))
363                         return NULL;
364         }
365 
366         /* If we get this far, af is valid. */
367         af = sctp_get_af_specific(addr->sa.sa_family);
368 
369         if (len < af->sockaddr_len)
370                 return NULL;
371 
372         return af;
373 }
374 
375 /* Bind a local address either to an endpoint or to an association.  */
376 static int sctp_do_bind(struct sock *sk, union sctp_addr *addr, int len)
377 {
378         struct net *net = sock_net(sk);
379         struct sctp_sock *sp = sctp_sk(sk);
380         struct sctp_endpoint *ep = sp->ep;
381         struct sctp_bind_addr *bp = &ep->base.bind_addr;
382         struct sctp_af *af;
383         unsigned short snum;
384         int ret = 0;
385 
386         /* Common sockaddr verification. */
387         af = sctp_sockaddr_af(sp, addr, len);
388         if (!af) {
389                 pr_debug("%s: sk:%p, newaddr:%p, len:%d EINVAL\n",
390                          __func__, sk, addr, len);
391                 return -EINVAL;
392         }
393 
394         snum = ntohs(addr->v4.sin_port);
395 
396         pr_debug("%s: sk:%p, new addr:%pISc, port:%d, new port:%d, len:%d\n",
397                  __func__, sk, &addr->sa, bp->port, snum, len);
398 
399         /* PF specific bind() address verification. */
400         if (!sp->pf->bind_verify(sp, addr))
401                 return -EADDRNOTAVAIL;
402 
403         /* We must either be unbound, or bind to the same port.
404          * It's OK to allow 0 ports if we are already bound.
405          * We'll just inhert an already bound port in this case
406          */
407         if (bp->port) {
408                 if (!snum)
409                         snum = bp->port;
410                 else if (snum != bp->port) {
411                         pr_debug("%s: new port %d doesn't match existing port "
412                                  "%d\n", __func__, snum, bp->port);
413                         return -EINVAL;
414                 }
415         }
416 
417         if (snum && snum < inet_prot_sock(net) &&
418             !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE))
419                 return -EACCES;
420 
421         /* See if the address matches any of the addresses we may have
422          * already bound before checking against other endpoints.
423          */
424         if (sctp_bind_addr_match(bp, addr, sp))
425                 return -EINVAL;
426 
427         /* Make sure we are allowed to bind here.
428          * The function sctp_get_port_local() does duplicate address
429          * detection.
430          */
431         addr->v4.sin_port = htons(snum);
432         if ((ret = sctp_get_port_local(sk, addr))) {
433                 return -EADDRINUSE;
434         }
435 
436         /* Refresh ephemeral port.  */
437         if (!bp->port)
438                 bp->port = inet_sk(sk)->inet_num;
439 
440         /* Add the address to the bind address list.
441          * Use GFP_ATOMIC since BHs will be disabled.
442          */
443         ret = sctp_add_bind_addr(bp, addr, af->sockaddr_len,
444                                  SCTP_ADDR_SRC, GFP_ATOMIC);
445 
446         /* Copy back into socket for getsockname() use. */
447         if (!ret) {
448                 inet_sk(sk)->inet_sport = htons(inet_sk(sk)->inet_num);
449                 sp->pf->to_sk_saddr(addr, sk);
450         }
451 
452         return ret;
453 }
454 
455  /* ADDIP Section 4.1.1 Congestion Control of ASCONF Chunks
456  *
457  * R1) One and only one ASCONF Chunk MAY be in transit and unacknowledged
458  * at any one time.  If a sender, after sending an ASCONF chunk, decides
459  * it needs to transfer another ASCONF Chunk, it MUST wait until the
460  * ASCONF-ACK Chunk returns from the previous ASCONF Chunk before sending a
461  * subsequent ASCONF. Note this restriction binds each side, so at any
462  * time two ASCONF may be in-transit on any given association (one sent
463  * from each endpoint).
464  */
465 static int sctp_send_asconf(struct sctp_association *asoc,
466                             struct sctp_chunk *chunk)
467 {
468         struct net      *net = sock_net(asoc->base.sk);
469         int             retval = 0;
470 
471         /* If there is an outstanding ASCONF chunk, queue it for later
472          * transmission.
473          */
474         if (asoc->addip_last_asconf) {
475                 list_add_tail(&chunk->list, &asoc->addip_chunk_list);
476                 goto out;
477         }
478 
479         /* Hold the chunk until an ASCONF_ACK is received. */
480         sctp_chunk_hold(chunk);
481         retval = sctp_primitive_ASCONF(net, asoc, chunk);
482         if (retval)
483                 sctp_chunk_free(chunk);
484         else
485                 asoc->addip_last_asconf = chunk;
486 
487 out:
488         return retval;
489 }
490 
491 /* Add a list of addresses as bind addresses to local endpoint or
492  * association.
493  *
494  * Basically run through each address specified in the addrs/addrcnt
495  * array/length pair, determine if it is IPv6 or IPv4 and call
496  * sctp_do_bind() on it.
497  *
498  * If any of them fails, then the operation will be reversed and the
499  * ones that were added will be removed.
500  *
501  * Only sctp_setsockopt_bindx() is supposed to call this function.
502  */
503 static int sctp_bindx_add(struct sock *sk, struct sockaddr *addrs, int addrcnt)
504 {
505         int cnt;
506         int retval = 0;
507         void *addr_buf;
508         struct sockaddr *sa_addr;
509         struct sctp_af *af;
510 
511         pr_debug("%s: sk:%p, addrs:%p, addrcnt:%d\n", __func__, sk,
512                  addrs, addrcnt);
513 
514         addr_buf = addrs;
515         for (cnt = 0; cnt < addrcnt; cnt++) {
516                 /* The list may contain either IPv4 or IPv6 address;
517                  * determine the address length for walking thru the list.
518                  */
519                 sa_addr = addr_buf;
520                 af = sctp_get_af_specific(sa_addr->sa_family);
521                 if (!af) {
522                         retval = -EINVAL;
523                         goto err_bindx_add;
524                 }
525 
526                 retval = sctp_do_bind(sk, (union sctp_addr *)sa_addr,
527                                       af->sockaddr_len);
528 
529                 addr_buf += af->sockaddr_len;
530 
531 err_bindx_add:
532                 if (retval < 0) {
533                         /* Failed. Cleanup the ones that have been added */
534                         if (cnt > 0)
535                                 sctp_bindx_rem(sk, addrs, cnt);
536                         return retval;
537                 }
538         }
539 
540         return retval;
541 }
542 
543 /* Send an ASCONF chunk with Add IP address parameters to all the peers of the
544  * associations that are part of the endpoint indicating that a list of local
545  * addresses are added to the endpoint.
546  *
547  * If any of the addresses is already in the bind address list of the
548  * association, we do not send the chunk for that association.  But it will not
549  * affect other associations.
550  *
551  * Only sctp_setsockopt_bindx() is supposed to call this function.
552  */
553 static int sctp_send_asconf_add_ip(struct sock          *sk,
554                                    struct sockaddr      *addrs,
555                                    int                  addrcnt)
556 {
557         struct net *net = sock_net(sk);
558         struct sctp_sock                *sp;
559         struct sctp_endpoint            *ep;
560         struct sctp_association         *asoc;
561         struct sctp_bind_addr           *bp;
562         struct sctp_chunk               *chunk;
563         struct sctp_sockaddr_entry      *laddr;
564         union sctp_addr                 *addr;
565         union sctp_addr                 saveaddr;
566         void                            *addr_buf;
567         struct sctp_af                  *af;
568         struct list_head                *p;
569         int                             i;
570         int                             retval = 0;
571 
572         if (!net->sctp.addip_enable)
573                 return retval;
574 
575         sp = sctp_sk(sk);
576         ep = sp->ep;
577 
578         pr_debug("%s: sk:%p, addrs:%p, addrcnt:%d\n",
579                  __func__, sk, addrs, addrcnt);
580 
581         list_for_each_entry(asoc, &ep->asocs, asocs) {
582                 if (!asoc->peer.asconf_capable)
583                         continue;
584 
585                 if (asoc->peer.addip_disabled_mask & SCTP_PARAM_ADD_IP)
586                         continue;
587 
588                 if (!sctp_state(asoc, ESTABLISHED))
589                         continue;
590 
591                 /* Check if any address in the packed array of addresses is
592                  * in the bind address list of the association. If so,
593                  * do not send the asconf chunk to its peer, but continue with
594                  * other associations.
595                  */
596                 addr_buf = addrs;
597                 for (i = 0; i < addrcnt; i++) {
598                         addr = addr_buf;
599                         af = sctp_get_af_specific(addr->v4.sin_family);
600                         if (!af) {
601                                 retval = -EINVAL;
602                                 goto out;
603                         }
604 
605                         if (sctp_assoc_lookup_laddr(asoc, addr))
606                                 break;
607 
608                         addr_buf += af->sockaddr_len;
609                 }
610                 if (i < addrcnt)
611                         continue;
612 
613                 /* Use the first valid address in bind addr list of
614                  * association as Address Parameter of ASCONF CHUNK.
615                  */
616                 bp = &asoc->base.bind_addr;
617                 p = bp->address_list.next;
618                 laddr = list_entry(p, struct sctp_sockaddr_entry, list);
619                 chunk = sctp_make_asconf_update_ip(asoc, &laddr->a, addrs,
620                                                    addrcnt, SCTP_PARAM_ADD_IP);
621                 if (!chunk) {
622                         retval = -ENOMEM;
623                         goto out;
624                 }
625 
626                 /* Add the new addresses to the bind address list with
627                  * use_as_src set to 0.
628                  */
629                 addr_buf = addrs;
630                 for (i = 0; i < addrcnt; i++) {
631                         addr = addr_buf;
632                         af = sctp_get_af_specific(addr->v4.sin_family);
633                         memcpy(&saveaddr, addr, af->sockaddr_len);
634                         retval = sctp_add_bind_addr(bp, &saveaddr,
635                                                     sizeof(saveaddr),
636                                                     SCTP_ADDR_NEW, GFP_ATOMIC);
637                         addr_buf += af->sockaddr_len;
638                 }
639                 if (asoc->src_out_of_asoc_ok) {
640                         struct sctp_transport *trans;
641 
642                         list_for_each_entry(trans,
643                             &asoc->peer.transport_addr_list, transports) {
644                                 /* Clear the source and route cache */
645                                 sctp_transport_dst_release(trans);
646                                 trans->cwnd = min(4*asoc->pathmtu, max_t(__u32,
647                                     2*asoc->pathmtu, 4380));
648                                 trans->ssthresh = asoc->peer.i.a_rwnd;
649                                 trans->rto = asoc->rto_initial;
650                                 sctp_max_rto(asoc, trans);
651                                 trans->rtt = trans->srtt = trans->rttvar = 0;
652                                 sctp_transport_route(trans, NULL,
653                                     sctp_sk(asoc->base.sk));
654                         }
655                 }
656                 retval = sctp_send_asconf(asoc, chunk);
657         }
658 
659 out:
660         return retval;
661 }
662 
663 /* Remove a list of addresses from bind addresses list.  Do not remove the
664  * last address.
665  *
666  * Basically run through each address specified in the addrs/addrcnt
667  * array/length pair, determine if it is IPv6 or IPv4 and call
668  * sctp_del_bind() on it.
669  *
670  * If any of them fails, then the operation will be reversed and the
671  * ones that were removed will be added back.
672  *
673  * At least one address has to be left; if only one address is
674  * available, the operation will return -EBUSY.
675  *
676  * Only sctp_setsockopt_bindx() is supposed to call this function.
677  */
678 static int sctp_bindx_rem(struct sock *sk, struct sockaddr *addrs, int addrcnt)
679 {
680         struct sctp_sock *sp = sctp_sk(sk);
681         struct sctp_endpoint *ep = sp->ep;
682         int cnt;
683         struct sctp_bind_addr *bp = &ep->base.bind_addr;
684         int retval = 0;
685         void *addr_buf;
686         union sctp_addr *sa_addr;
687         struct sctp_af *af;
688 
689         pr_debug("%s: sk:%p, addrs:%p, addrcnt:%d\n",
690                  __func__, sk, addrs, addrcnt);
691 
692         addr_buf = addrs;
693         for (cnt = 0; cnt < addrcnt; cnt++) {
694                 /* If the bind address list is empty or if there is only one
695                  * bind address, there is nothing more to be removed (we need
696                  * at least one address here).
697                  */
698                 if (list_empty(&bp->address_list) ||
699                     (sctp_list_single_entry(&bp->address_list))) {
700                         retval = -EBUSY;
701                         goto err_bindx_rem;
702                 }
703 
704                 sa_addr = addr_buf;
705                 af = sctp_get_af_specific(sa_addr->sa.sa_family);
706                 if (!af) {
707                         retval = -EINVAL;
708                         goto err_bindx_rem;
709                 }
710 
711                 if (!af->addr_valid(sa_addr, sp, NULL)) {
712                         retval = -EADDRNOTAVAIL;
713                         goto err_bindx_rem;
714                 }
715 
716                 if (sa_addr->v4.sin_port &&
717                     sa_addr->v4.sin_port != htons(bp->port)) {
718                         retval = -EINVAL;
719                         goto err_bindx_rem;
720                 }
721 
722                 if (!sa_addr->v4.sin_port)
723                         sa_addr->v4.sin_port = htons(bp->port);
724 
725                 /* FIXME - There is probably a need to check if sk->sk_saddr and
726                  * sk->sk_rcv_addr are currently set to one of the addresses to
727                  * be removed. This is something which needs to be looked into
728                  * when we are fixing the outstanding issues with multi-homing
729                  * socket routing and failover schemes. Refer to comments in
730                  * sctp_do_bind(). -daisy
731                  */
732                 retval = sctp_del_bind_addr(bp, sa_addr);
733 
734                 addr_buf += af->sockaddr_len;
735 err_bindx_rem:
736                 if (retval < 0) {
737                         /* Failed. Add the ones that has been removed back */
738                         if (cnt > 0)
739                                 sctp_bindx_add(sk, addrs, cnt);
740                         return retval;
741                 }
742         }
743 
744         return retval;
745 }
746 
747 /* Send an ASCONF chunk with Delete IP address parameters to all the peers of
748  * the associations that are part of the endpoint indicating that a list of
749  * local addresses are removed from the endpoint.
750  *
751  * If any of the addresses is already in the bind address list of the
752  * association, we do not send the chunk for that association.  But it will not
753  * affect other associations.
754  *
755  * Only sctp_setsockopt_bindx() is supposed to call this function.
756  */
757 static int sctp_send_asconf_del_ip(struct sock          *sk,
758                                    struct sockaddr      *addrs,
759                                    int                  addrcnt)
760 {
761         struct net *net = sock_net(sk);
762         struct sctp_sock        *sp;
763         struct sctp_endpoint    *ep;
764         struct sctp_association *asoc;
765         struct sctp_transport   *transport;
766         struct sctp_bind_addr   *bp;
767         struct sctp_chunk       *chunk;
768         union sctp_addr         *laddr;
769         void                    *addr_buf;
770         struct sctp_af          *af;
771         struct sctp_sockaddr_entry *saddr;
772         int                     i;
773         int                     retval = 0;
774         int                     stored = 0;
775 
776         chunk = NULL;
777         if (!net->sctp.addip_enable)
778                 return retval;
779 
780         sp = sctp_sk(sk);
781         ep = sp->ep;
782 
783         pr_debug("%s: sk:%p, addrs:%p, addrcnt:%d\n",
784                  __func__, sk, addrs, addrcnt);
785 
786         list_for_each_entry(asoc, &ep->asocs, asocs) {
787 
788                 if (!asoc->peer.asconf_capable)
789                         continue;
790 
791                 if (asoc->peer.addip_disabled_mask & SCTP_PARAM_DEL_IP)
792                         continue;
793 
794                 if (!sctp_state(asoc, ESTABLISHED))
795                         continue;
796 
797                 /* Check if any address in the packed array of addresses is
798                  * not present in the bind address list of the association.
799                  * If so, do not send the asconf chunk to its peer, but
800                  * continue with other associations.
801                  */
802                 addr_buf = addrs;
803                 for (i = 0; i < addrcnt; i++) {
804                         laddr = addr_buf;
805                         af = sctp_get_af_specific(laddr->v4.sin_family);
806                         if (!af) {
807                                 retval = -EINVAL;
808                                 goto out;
809                         }
810 
811                         if (!sctp_assoc_lookup_laddr(asoc, laddr))
812                                 break;
813 
814                         addr_buf += af->sockaddr_len;
815                 }
816                 if (i < addrcnt)
817                         continue;
818 
819                 /* Find one address in the association's bind address list
820                  * that is not in the packed array of addresses. This is to
821                  * make sure that we do not delete all the addresses in the
822                  * association.
823                  */
824                 bp = &asoc->base.bind_addr;
825                 laddr = sctp_find_unmatch_addr(bp, (union sctp_addr *)addrs,
826                                                addrcnt, sp);
827                 if ((laddr == NULL) && (addrcnt == 1)) {
828                         if (asoc->asconf_addr_del_pending)
829                                 continue;
830                         asoc->asconf_addr_del_pending =
831                             kzalloc(sizeof(union sctp_addr), GFP_ATOMIC);
832                         if (asoc->asconf_addr_del_pending == NULL) {
833                                 retval = -ENOMEM;
834                                 goto out;
835                         }
836                         asoc->asconf_addr_del_pending->sa.sa_family =
837                                     addrs->sa_family;
838                         asoc->asconf_addr_del_pending->v4.sin_port =
839                                     htons(bp->port);
840                         if (addrs->sa_family == AF_INET) {
841                                 struct sockaddr_in *sin;
842 
843                                 sin = (struct sockaddr_in *)addrs;
844                                 asoc->asconf_addr_del_pending->v4.sin_addr.s_addr = sin->sin_addr.s_addr;
845                         } else if (addrs->sa_family == AF_INET6) {
846                                 struct sockaddr_in6 *sin6;
847 
848                                 sin6 = (struct sockaddr_in6 *)addrs;
849                                 asoc->asconf_addr_del_pending->v6.sin6_addr = sin6->sin6_addr;
850                         }
851 
852                         pr_debug("%s: keep the last address asoc:%p %pISc at %p\n",
853                                  __func__, asoc, &asoc->asconf_addr_del_pending->sa,
854                                  asoc->asconf_addr_del_pending);
855 
856                         asoc->src_out_of_asoc_ok = 1;
857                         stored = 1;
858                         goto skip_mkasconf;
859                 }
860 
861                 if (laddr == NULL)
862                         return -EINVAL;
863 
864                 /* We do not need RCU protection throughout this loop
865                  * because this is done under a socket lock from the
866                  * setsockopt call.
867                  */
868                 chunk = sctp_make_asconf_update_ip(asoc, laddr, addrs, addrcnt,
869                                                    SCTP_PARAM_DEL_IP);
870                 if (!chunk) {
871                         retval = -ENOMEM;
872                         goto out;
873                 }
874 
875 skip_mkasconf:
876                 /* Reset use_as_src flag for the addresses in the bind address
877                  * list that are to be deleted.
878                  */
879                 addr_buf = addrs;
880                 for (i = 0; i < addrcnt; i++) {
881                         laddr = addr_buf;
882                         af = sctp_get_af_specific(laddr->v4.sin_family);
883                         list_for_each_entry(saddr, &bp->address_list, list) {
884                                 if (sctp_cmp_addr_exact(&saddr->a, laddr))
885                                         saddr->state = SCTP_ADDR_DEL;
886                         }
887                         addr_buf += af->sockaddr_len;
888                 }
889 
890                 /* Update the route and saddr entries for all the transports
891                  * as some of the addresses in the bind address list are
892                  * about to be deleted and cannot be used as source addresses.
893                  */
894                 list_for_each_entry(transport, &asoc->peer.transport_addr_list,
895                                         transports) {
896                         sctp_transport_dst_release(transport);
897                         sctp_transport_route(transport, NULL,
898                                              sctp_sk(asoc->base.sk));
899                 }
900 
901                 if (stored)
902                         /* We don't need to transmit ASCONF */
903                         continue;
904                 retval = sctp_send_asconf(asoc, chunk);
905         }
906 out:
907         return retval;
908 }
909 
910 /* set addr events to assocs in the endpoint.  ep and addr_wq must be locked */
911 int sctp_asconf_mgmt(struct sctp_sock *sp, struct sctp_sockaddr_entry *addrw)
912 {
913         struct sock *sk = sctp_opt2sk(sp);
914         union sctp_addr *addr;
915         struct sctp_af *af;
916 
917         /* It is safe to write port space in caller. */
918         addr = &addrw->a;
919         addr->v4.sin_port = htons(sp->ep->base.bind_addr.port);
920         af = sctp_get_af_specific(addr->sa.sa_family);
921         if (!af)
922                 return -EINVAL;
923         if (sctp_verify_addr(sk, addr, af->sockaddr_len))
924                 return -EINVAL;
925 
926         if (addrw->state == SCTP_ADDR_NEW)
927                 return sctp_send_asconf_add_ip(sk, (struct sockaddr *)addr, 1);
928         else
929                 return sctp_send_asconf_del_ip(sk, (struct sockaddr *)addr, 1);
930 }
931 
932 /* Helper for tunneling sctp_bindx() requests through sctp_setsockopt()
933  *
934  * API 8.1
935  * int sctp_bindx(int sd, struct sockaddr *addrs, int addrcnt,
936  *                int flags);
937  *
938  * If sd is an IPv4 socket, the addresses passed must be IPv4 addresses.
939  * If the sd is an IPv6 socket, the addresses passed can either be IPv4
940  * or IPv6 addresses.
941  *
942  * A single address may be specified as INADDR_ANY or IN6ADDR_ANY, see
943  * Section 3.1.2 for this usage.
944  *
945  * addrs is a pointer to an array of one or more socket addresses. Each
946  * address is contained in its appropriate structure (i.e. struct
947  * sockaddr_in or struct sockaddr_in6) the family of the address type
948  * must be used to distinguish the address length (note that this
949  * representation is termed a "packed array" of addresses). The caller
950  * specifies the number of addresses in the array with addrcnt.
951  *
952  * On success, sctp_bindx() returns 0. On failure, sctp_bindx() returns
953  * -1, and sets errno to the appropriate error code.
954  *
955  * For SCTP, the port given in each socket address must be the same, or
956  * sctp_bindx() will fail, setting errno to EINVAL.
957  *
958  * The flags parameter is formed from the bitwise OR of zero or more of
959  * the following currently defined flags:
960  *
961  * SCTP_BINDX_ADD_ADDR
962  *
963  * SCTP_BINDX_REM_ADDR
964  *
965  * SCTP_BINDX_ADD_ADDR directs SCTP to add the given addresses to the
966  * association, and SCTP_BINDX_REM_ADDR directs SCTP to remove the given
967  * addresses from the association. The two flags are mutually exclusive;
968  * if both are given, sctp_bindx() will fail with EINVAL. A caller may
969  * not remove all addresses from an association; sctp_bindx() will
970  * reject such an attempt with EINVAL.
971  *
972  * An application can use sctp_bindx(SCTP_BINDX_ADD_ADDR) to associate
973  * additional addresses with an endpoint after calling bind().  Or use
974  * sctp_bindx(SCTP_BINDX_REM_ADDR) to remove some addresses a listening
975  * socket is associated with so that no new association accepted will be
976  * associated with those addresses. If the endpoint supports dynamic
977  * address a SCTP_BINDX_REM_ADDR or SCTP_BINDX_ADD_ADDR may cause a
978  * endpoint to send the appropriate message to the peer to change the
979  * peers address lists.
980  *
981  * Adding and removing addresses from a connected association is
982  * optional functionality. Implementations that do not support this
983  * functionality should return EOPNOTSUPP.
984  *
985  * Basically do nothing but copying the addresses from user to kernel
986  * land and invoking either sctp_bindx_add() or sctp_bindx_rem() on the sk.
987  * This is used for tunneling the sctp_bindx() request through sctp_setsockopt()
988  * from userspace.
989  *
990  * On exit there is no need to do sockfd_put(), sys_setsockopt() does
991  * it.
992  *
993  * sk        The sk of the socket
994  * addrs     The pointer to the addresses in user land
995  * addrssize Size of the addrs buffer
996  * op        Operation to perform (add or remove, see the flags of
997  *           sctp_bindx)
998  *
999  * Returns 0 if ok, <0 errno code on error.
1000  */
1001 static int sctp_setsockopt_bindx(struct sock *sk,
1002                                  struct sockaddr __user *addrs,
1003                                  int addrs_size, int op)
1004 {
1005         struct sockaddr *kaddrs;
1006         int err;
1007         int addrcnt = 0;
1008         int walk_size = 0;
1009         struct sockaddr *sa_addr;
1010         void *addr_buf;
1011         struct sctp_af *af;
1012 
1013         pr_debug("%s: sk:%p addrs:%p addrs_size:%d opt:%d\n",
1014                  __func__, sk, addrs, addrs_size, op);
1015 
1016         if (unlikely(addrs_size <= 0))
1017                 return -EINVAL;
1018 
1019         kaddrs = vmemdup_user(addrs, addrs_size);
1020         if (unlikely(IS_ERR(kaddrs)))
1021                 return PTR_ERR(kaddrs);
1022 
1023         /* Walk through the addrs buffer and count the number of addresses. */
1024         addr_buf = kaddrs;
1025         while (walk_size < addrs_size) {
1026                 if (walk_size + sizeof(sa_family_t) > addrs_size) {
1027                         kvfree(kaddrs);
1028                         return -EINVAL;
1029                 }
1030 
1031                 sa_addr = addr_buf;
1032                 af = sctp_get_af_specific(sa_addr->sa_family);
1033 
1034                 /* If the address family is not supported or if this address
1035                  * causes the address buffer to overflow return EINVAL.
1036                  */
1037                 if (!af || (walk_size + af->sockaddr_len) > addrs_size) {
1038                         kvfree(kaddrs);
1039                         return -EINVAL;
1040                 }
1041                 addrcnt++;
1042                 addr_buf += af->sockaddr_len;
1043                 walk_size += af->sockaddr_len;
1044         }
1045 
1046         /* Do the work. */
1047         switch (op) {
1048         case SCTP_BINDX_ADD_ADDR:
1049                 err = sctp_bindx_add(sk, kaddrs, addrcnt);
1050                 if (err)
1051                         goto out;
1052                 err = sctp_send_asconf_add_ip(sk, kaddrs, addrcnt);
1053                 break;
1054 
1055         case SCTP_BINDX_REM_ADDR:
1056                 err = sctp_bindx_rem(sk, kaddrs, addrcnt);
1057                 if (err)
1058                         goto out;
1059                 err = sctp_send_asconf_del_ip(sk, kaddrs, addrcnt);
1060                 break;
1061 
1062         default:
1063                 err = -EINVAL;
1064                 break;
1065         }
1066 
1067 out:
1068         kvfree(kaddrs);
1069 
1070         return err;
1071 }
1072 
1073 /* __sctp_connect(struct sock* sk, struct sockaddr *kaddrs, int addrs_size)
1074  *
1075  * Common routine for handling connect() and sctp_connectx().
1076  * Connect will come in with just a single address.
1077  */
1078 static int __sctp_connect(struct sock *sk,
1079                           struct sockaddr *kaddrs,
1080                           int addrs_size,
1081                           sctp_assoc_t *assoc_id)
1082 {
1083         struct net *net = sock_net(sk);
1084         struct sctp_sock *sp;
1085         struct sctp_endpoint *ep;
1086         struct sctp_association *asoc = NULL;
1087         struct sctp_association *asoc2;
1088         struct sctp_transport *transport;
1089         union sctp_addr to;
1090         enum sctp_scope scope;
1091         long timeo;
1092         int err = 0;
1093         int addrcnt = 0;
1094         int walk_size = 0;
1095         union sctp_addr *sa_addr = NULL;
1096         void *addr_buf;
1097         unsigned short port;
1098         unsigned int f_flags = 0;
1099 
1100         sp = sctp_sk(sk);
1101         ep = sp->ep;
1102 
1103         /* connect() cannot be done on a socket that is already in ESTABLISHED
1104          * state - UDP-style peeled off socket or a TCP-style socket that
1105          * is already connected.
1106          * It cannot be done even on a TCP-style listening socket.
1107          */
1108         if (sctp_sstate(sk, ESTABLISHED) || sctp_sstate(sk, CLOSING) ||
1109             (sctp_style(sk, TCP) && sctp_sstate(sk, LISTENING))) {
1110                 err = -EISCONN;
1111                 goto out_free;
1112         }
1113 
1114         /* Walk through the addrs buffer and count the number of addresses. */
1115         addr_buf = kaddrs;
1116         while (walk_size < addrs_size) {
1117                 struct sctp_af *af;
1118 
1119                 if (walk_size + sizeof(sa_family_t) > addrs_size) {
1120                         err = -EINVAL;
1121                         goto out_free;
1122                 }
1123 
1124                 sa_addr = addr_buf;
1125                 af = sctp_get_af_specific(sa_addr->sa.sa_family);
1126 
1127                 /* If the address family is not supported or if this address
1128                  * causes the address buffer to overflow return EINVAL.
1129                  */
1130                 if (!af || (walk_size + af->sockaddr_len) > addrs_size) {
1131                         err = -EINVAL;
1132                         goto out_free;
1133                 }
1134 
1135                 port = ntohs(sa_addr->v4.sin_port);
1136 
1137                 /* Save current address so we can work with it */
1138                 memcpy(&to, sa_addr, af->sockaddr_len);
1139 
1140                 err = sctp_verify_addr(sk, &to, af->sockaddr_len);
1141                 if (err)
1142                         goto out_free;
1143 
1144                 /* Make sure the destination port is correctly set
1145                  * in all addresses.
1146                  */
1147                 if (asoc && asoc->peer.port && asoc->peer.port != port) {
1148                         err = -EINVAL;
1149                         goto out_free;
1150                 }
1151 
1152                 /* Check if there already is a matching association on the
1153                  * endpoint (other than the one created here).
1154                  */
1155                 asoc2 = sctp_endpoint_lookup_assoc(ep, &to, &transport);
1156                 if (asoc2 && asoc2 != asoc) {
1157                         if (asoc2->state >= SCTP_STATE_ESTABLISHED)
1158                                 err = -EISCONN;
1159                         else
1160                                 err = -EALREADY;
1161                         goto out_free;
1162                 }
1163 
1164                 /* If we could not find a matching association on the endpoint,
1165                  * make sure that there is no peeled-off association matching
1166                  * the peer address even on another socket.
1167                  */
1168                 if (sctp_endpoint_is_peeled_off(ep, &to)) {
1169                         err = -EADDRNOTAVAIL;
1170                         goto out_free;
1171                 }
1172 
1173                 if (!asoc) {
1174                         /* If a bind() or sctp_bindx() is not called prior to
1175                          * an sctp_connectx() call, the system picks an
1176                          * ephemeral port and will choose an address set
1177                          * equivalent to binding with a wildcard address.
1178                          */
1179                         if (!ep->base.bind_addr.port) {
1180                                 if (sctp_autobind(sk)) {
1181                                         err = -EAGAIN;
1182                                         goto out_free;
1183                                 }
1184                         } else {
1185                                 /*
1186                                  * If an unprivileged user inherits a 1-many
1187                                  * style socket with open associations on a
1188                                  * privileged port, it MAY be permitted to
1189                                  * accept new associations, but it SHOULD NOT
1190                                  * be permitted to open new associations.
1191                                  */
1192                                 if (ep->base.bind_addr.port <
1193                                     inet_prot_sock(net) &&
1194                                     !ns_capable(net->user_ns,
1195                                     CAP_NET_BIND_SERVICE)) {
1196                                         err = -EACCES;
1197                                         goto out_free;
1198                                 }
1199                         }
1200 
1201                         scope = sctp_scope(&to);
1202                         asoc = sctp_association_new(ep, sk, scope, GFP_KERNEL);
1203                         if (!asoc) {
1204                                 err = -ENOMEM;
1205                                 goto out_free;
1206                         }
1207 
1208                         err = sctp_assoc_set_bind_addr_from_ep(asoc, scope,
1209                                                               GFP_KERNEL);
1210                         if (err < 0) {
1211                                 goto out_free;
1212                         }
1213 
1214                 }
1215 
1216                 /* Prime the peer's transport structures.  */
1217                 transport = sctp_assoc_add_peer(asoc, &to, GFP_KERNEL,
1218                                                 SCTP_UNKNOWN);
1219                 if (!transport) {
1220                         err = -ENOMEM;
1221                         goto out_free;
1222                 }
1223 
1224                 addrcnt++;
1225                 addr_buf += af->sockaddr_len;
1226                 walk_size += af->sockaddr_len;
1227         }
1228 
1229         /* In case the user of sctp_connectx() wants an association
1230          * id back, assign one now.
1231          */
1232         if (assoc_id) {
1233                 err = sctp_assoc_set_id(asoc, GFP_KERNEL);
1234                 if (err < 0)
1235                         goto out_free;
1236         }
1237 
1238         err = sctp_primitive_ASSOCIATE(net, asoc, NULL);
1239         if (err < 0) {
1240                 goto out_free;
1241         }
1242 
1243         /* Initialize sk's dport and daddr for getpeername() */
1244         inet_sk(sk)->inet_dport = htons(asoc->peer.port);
1245         sp->pf->to_sk_daddr(sa_addr, sk);
1246         sk->sk_err = 0;
1247 
1248         /* in-kernel sockets don't generally have a file allocated to them
1249          * if all they do is call sock_create_kern().
1250          */
1251         if (sk->sk_socket->file)
1252                 f_flags = sk->sk_socket->file->f_flags;
1253 
1254         timeo = sock_sndtimeo(sk, f_flags & O_NONBLOCK);
1255 
1256         if (assoc_id)
1257                 *assoc_id = asoc->assoc_id;
1258         err = sctp_wait_for_connect(asoc, &timeo);
1259         /* Note: the asoc may be freed after the return of
1260          * sctp_wait_for_connect.
1261          */
1262 
1263         /* Don't free association on exit. */
1264         asoc = NULL;
1265 
1266 out_free:
1267         pr_debug("%s: took out_free path with asoc:%p kaddrs:%p err:%d\n",
1268                  __func__, asoc, kaddrs, err);
1269 
1270         if (asoc) {
1271                 /* sctp_primitive_ASSOCIATE may have added this association
1272                  * To the hash table, try to unhash it, just in case, its a noop
1273                  * if it wasn't hashed so we're safe
1274                  */
1275                 sctp_association_free(asoc);
1276         }
1277         return err;
1278 }
1279 
1280 /* Helper for tunneling sctp_connectx() requests through sctp_setsockopt()
1281  *
1282  * API 8.9
1283  * int sctp_connectx(int sd, struct sockaddr *addrs, int addrcnt,
1284  *                      sctp_assoc_t *asoc);
1285  *
1286  * If sd is an IPv4 socket, the addresses passed must be IPv4 addresses.
1287  * If the sd is an IPv6 socket, the addresses passed can either be IPv4
1288  * or IPv6 addresses.
1289  *
1290  * A single address may be specified as INADDR_ANY or IN6ADDR_ANY, see
1291  * Section 3.1.2 for this usage.
1292  *
1293  * addrs is a pointer to an array of one or more socket addresses. Each
1294  * address is contained in its appropriate structure (i.e. struct
1295  * sockaddr_in or struct sockaddr_in6) the family of the address type
1296  * must be used to distengish the address length (note that this
1297  * representation is termed a "packed array" of addresses). The caller
1298  * specifies the number of addresses in the array with addrcnt.
1299  *
1300  * On success, sctp_connectx() returns 0. It also sets the assoc_id to
1301  * the association id of the new association.  On failure, sctp_connectx()
1302  * returns -1, and sets errno to the appropriate error code.  The assoc_id
1303  * is not touched by the kernel.
1304  *
1305  * For SCTP, the port given in each socket address must be the same, or
1306  * sctp_connectx() will fail, setting errno to EINVAL.
1307  *
1308  * An application can use sctp_connectx to initiate an association with
1309  * an endpoint that is multi-homed.  Much like sctp_bindx() this call
1310  * allows a caller to specify multiple addresses at which a peer can be
1311  * reached.  The way the SCTP stack uses the list of addresses to set up
1312  * the association is implementation dependent.  This function only
1313  * specifies that the stack will try to make use of all the addresses in
1314  * the list when needed.
1315  *
1316  * Note that the list of addresses passed in is only used for setting up
1317  * the association.  It does not necessarily equal the set of addresses
1318  * the peer uses for the resulting association.  If the caller wants to
1319  * find out the set of peer addresses, it must use sctp_getpaddrs() to
1320  * retrieve them after the association has been set up.
1321  *
1322  * Basically do nothing but copying the addresses from user to kernel
1323  * land and invoking either sctp_connectx(). This is used for tunneling
1324  * the sctp_connectx() request through sctp_setsockopt() from userspace.
1325  *
1326  * On exit there is no need to do sockfd_put(), sys_setsockopt() does
1327  * it.
1328  *
1329  * sk        The sk of the socket
1330  * addrs     The pointer to the addresses in user land
1331  * addrssize Size of the addrs buffer
1332  *
1333  * Returns >=0 if ok, <0 errno code on error.
1334  */
1335 static int __sctp_setsockopt_connectx(struct sock *sk,
1336                                       struct sockaddr __user *addrs,
1337                                       int addrs_size,
1338                                       sctp_assoc_t *assoc_id)
1339 {
1340         struct sockaddr *kaddrs;
1341         int err = 0;
1342 
1343         pr_debug("%s: sk:%p addrs:%p addrs_size:%d\n",
1344                  __func__, sk, addrs, addrs_size);
1345 
1346         if (unlikely(addrs_size <= 0))
1347                 return -EINVAL;
1348 
1349         kaddrs = vmemdup_user(addrs, addrs_size);
1350         if (unlikely(IS_ERR(kaddrs)))
1351                 return PTR_ERR(kaddrs);
1352 
1353         err = __sctp_connect(sk, kaddrs, addrs_size, assoc_id);
1354         kvfree(kaddrs);
1355 
1356         return err;
1357 }
1358 
1359 /*
1360  * This is an older interface.  It's kept for backward compatibility
1361  * to the option that doesn't provide association id.
1362  */
1363 static int sctp_setsockopt_connectx_old(struct sock *sk,
1364                                         struct sockaddr __user *addrs,
1365                                         int addrs_size)
1366 {
1367         return __sctp_setsockopt_connectx(sk, addrs, addrs_size, NULL);
1368 }
1369 
1370 /*
1371  * New interface for the API.  The since the API is done with a socket
1372  * option, to make it simple we feed back the association id is as a return
1373  * indication to the call.  Error is always negative and association id is
1374  * always positive.
1375  */
1376 static int sctp_setsockopt_connectx(struct sock *sk,
1377                                     struct sockaddr __user *addrs,
1378                                     int addrs_size)
1379 {
1380         sctp_assoc_t assoc_id = 0;
1381         int err = 0;
1382 
1383         err = __sctp_setsockopt_connectx(sk, addrs, addrs_size, &assoc_id);
1384 
1385         if (err)
1386                 return err;
1387         else
1388                 return assoc_id;
1389 }
1390 
1391 /*
1392  * New (hopefully final) interface for the API.
1393  * We use the sctp_getaddrs_old structure so that use-space library
1394  * can avoid any unnecessary allocations. The only different part
1395  * is that we store the actual length of the address buffer into the
1396  * addrs_num structure member. That way we can re-use the existing
1397  * code.
1398  */
1399 #ifdef CONFIG_COMPAT
1400 struct compat_sctp_getaddrs_old {
1401         sctp_assoc_t    assoc_id;
1402         s32             addr_num;
1403         compat_uptr_t   addrs;          /* struct sockaddr * */
1404 };
1405 #endif
1406 
1407 static int sctp_getsockopt_connectx3(struct sock *sk, int len,
1408                                      char __user *optval,
1409                                      int __user *optlen)
1410 {
1411         struct sctp_getaddrs_old param;
1412         sctp_assoc_t assoc_id = 0;
1413         int err = 0;
1414 
1415 #ifdef CONFIG_COMPAT
1416         if (in_compat_syscall()) {
1417                 struct compat_sctp_getaddrs_old param32;
1418 
1419                 if (len < sizeof(param32))
1420                         return -EINVAL;
1421                 if (copy_from_user(&param32, optval, sizeof(param32)))
1422                         return -EFAULT;
1423 
1424                 param.assoc_id = param32.assoc_id;
1425                 param.addr_num = param32.addr_num;
1426                 param.addrs = compat_ptr(param32.addrs);
1427         } else
1428 #endif
1429         {
1430                 if (len < sizeof(param))
1431                         return -EINVAL;
1432                 if (copy_from_user(&param, optval, sizeof(param)))
1433                         return -EFAULT;
1434         }
1435 
1436         err = __sctp_setsockopt_connectx(sk, (struct sockaddr __user *)
1437                                          param.addrs, param.addr_num,
1438                                          &assoc_id);
1439         if (err == 0 || err == -EINPROGRESS) {
1440                 if (copy_to_user(optval, &assoc_id, sizeof(assoc_id)))
1441                         return -EFAULT;
1442                 if (put_user(sizeof(assoc_id), optlen))
1443                         return -EFAULT;
1444         }
1445 
1446         return err;
1447 }
1448 
1449 /* API 3.1.4 close() - UDP Style Syntax
1450  * Applications use close() to perform graceful shutdown (as described in
1451  * Section 10.1 of [SCTP]) on ALL the associations currently represented
1452  * by a UDP-style socket.
1453  *
1454  * The syntax is
1455  *
1456  *   ret = close(int sd);
1457  *
1458  *   sd      - the socket descriptor of the associations to be closed.
1459  *
1460  * To gracefully shutdown a specific association represented by the
1461  * UDP-style socket, an application should use the sendmsg() call,
1462  * passing no user data, but including the appropriate flag in the
1463  * ancillary data (see Section xxxx).
1464  *
1465  * If sd in the close() call is a branched-off socket representing only
1466  * one association, the shutdown is performed on that association only.
1467  *
1468  * 4.1.6 close() - TCP Style Syntax
1469  *
1470  * Applications use close() to gracefully close down an association.
1471  *
1472  * The syntax is:
1473  *
1474  *    int close(int sd);
1475  *
1476  *      sd      - the socket descriptor of the association to be closed.
1477  *
1478  * After an application calls close() on a socket descriptor, no further
1479  * socket operations will succeed on that descriptor.
1480  *
1481  * API 7.1.4 SO_LINGER
1482  *
1483  * An application using the TCP-style socket can use this option to
1484  * perform the SCTP ABORT primitive.  The linger option structure is:
1485  *
1486  *  struct  linger {
1487  *     int     l_onoff;                // option on/off
1488  *     int     l_linger;               // linger time
1489  * };
1490  *
1491  * To enable the option, set l_onoff to 1.  If the l_linger value is set
1492  * to 0, calling close() is the same as the ABORT primitive.  If the
1493  * value is set to a negative value, the setsockopt() call will return
1494  * an error.  If the value is set to a positive value linger_time, the
1495  * close() can be blocked for at most linger_time ms.  If the graceful
1496  * shutdown phase does not finish during this period, close() will
1497  * return but the graceful shutdown phase continues in the system.
1498  */
1499 static void sctp_close(struct sock *sk, long timeout)
1500 {
1501         struct net *net = sock_net(sk);
1502         struct sctp_endpoint *ep;
1503         struct sctp_association *asoc;
1504         struct list_head *pos, *temp;
1505         unsigned int data_was_unread;
1506 
1507         pr_debug("%s: sk:%p, timeout:%ld\n", __func__, sk, timeout);
1508 
1509         lock_sock_nested(sk, SINGLE_DEPTH_NESTING);
1510         sk->sk_shutdown = SHUTDOWN_MASK;
1511         inet_sk_set_state(sk, SCTP_SS_CLOSING);
1512 
1513         ep = sctp_sk(sk)->ep;
1514 
1515         /* Clean up any skbs sitting on the receive queue.  */
1516         data_was_unread = sctp_queue_purge_ulpevents(&sk->sk_receive_queue);
1517         data_was_unread += sctp_queue_purge_ulpevents(&sctp_sk(sk)->pd_lobby);
1518 
1519         /* Walk all associations on an endpoint.  */
1520         list_for_each_safe(pos, temp, &ep->asocs) {
1521                 asoc = list_entry(pos, struct sctp_association, asocs);
1522 
1523                 if (sctp_style(sk, TCP)) {
1524                         /* A closed association can still be in the list if
1525                          * it belongs to a TCP-style listening socket that is
1526                          * not yet accepted. If so, free it. If not, send an
1527                          * ABORT or SHUTDOWN based on the linger options.
1528                          */
1529                         if (sctp_state(asoc, CLOSED)) {
1530                                 sctp_association_free(asoc);
1531                                 continue;
1532                         }
1533                 }
1534 
1535                 if (data_was_unread || !skb_queue_empty(&asoc->ulpq.lobby) ||
1536                     !skb_queue_empty(&asoc->ulpq.reasm) ||
1537                     !skb_queue_empty(&asoc->ulpq.reasm_uo) ||
1538                     (sock_flag(sk, SOCK_LINGER) && !sk->sk_lingertime)) {
1539                         struct sctp_chunk *chunk;
1540 
1541                         chunk = sctp_make_abort_user(asoc, NULL, 0);
1542                         sctp_primitive_ABORT(net, asoc, chunk);
1543                 } else
1544                         sctp_primitive_SHUTDOWN(net, asoc, NULL);
1545         }
1546 
1547         /* On a TCP-style socket, block for at most linger_time if set. */
1548         if (sctp_style(sk, TCP) && timeout)
1549                 sctp_wait_for_close(sk, timeout);
1550 
1551         /* This will run the backlog queue.  */
1552         release_sock(sk);
1553 
1554         /* Supposedly, no process has access to the socket, but
1555          * the net layers still may.
1556          * Also, sctp_destroy_sock() needs to be called with addr_wq_lock
1557          * held and that should be grabbed before socket lock.
1558          */
1559         spin_lock_bh(&net->sctp.addr_wq_lock);
1560         bh_lock_sock_nested(sk);
1561 
1562         /* Hold the sock, since sk_common_release() will put sock_put()
1563          * and we have just a little more cleanup.
1564          */
1565         sock_hold(sk);
1566         sk_common_release(sk);
1567 
1568         bh_unlock_sock(sk);
1569         spin_unlock_bh(&net->sctp.addr_wq_lock);
1570 
1571         sock_put(sk);
1572 
1573         SCTP_DBG_OBJCNT_DEC(sock);
1574 }
1575 
1576 /* Handle EPIPE error. */
1577 static int sctp_error(struct sock *sk, int flags, int err)
1578 {
1579         if (err == -EPIPE)
1580                 err = sock_error(sk) ? : -EPIPE;
1581         if (err == -EPIPE && !(flags & MSG_NOSIGNAL))
1582                 send_sig(SIGPIPE, current, 0);
1583         return err;
1584 }
1585 
1586 /* API 3.1.3 sendmsg() - UDP Style Syntax
1587  *
1588  * An application uses sendmsg() and recvmsg() calls to transmit data to
1589  * and receive data from its peer.
1590  *
1591  *  ssize_t sendmsg(int socket, const struct msghdr *message,
1592  *                  int flags);
1593  *
1594  *  socket  - the socket descriptor of the endpoint.
1595  *  message - pointer to the msghdr structure which contains a single
1596  *            user message and possibly some ancillary data.
1597  *
1598  *            See Section 5 for complete description of the data
1599  *            structures.
1600  *
1601  *  flags   - flags sent or received with the user message, see Section
1602  *            5 for complete description of the flags.
1603  *
1604  * Note:  This function could use a rewrite especially when explicit
1605  * connect support comes in.
1606  */
1607 /* BUG:  We do not implement the equivalent of sk_stream_wait_memory(). */
1608 
1609 static int sctp_msghdr_parse(const struct msghdr *msg,
1610                              struct sctp_cmsgs *cmsgs);
1611 
1612 static int sctp_sendmsg(struct sock *sk, struct msghdr *msg, size_t msg_len)
1613 {
1614         struct net *net = sock_net(sk);
1615         struct sctp_sock *sp;
1616         struct sctp_endpoint *ep;
1617         struct sctp_association *new_asoc = NULL, *asoc = NULL;
1618         struct sctp_transport *transport, *chunk_tp;
1619         struct sctp_chunk *chunk;
1620         union sctp_addr to;
1621         struct sockaddr *msg_name = NULL;
1622         struct sctp_sndrcvinfo default_sinfo;
1623         struct sctp_sndrcvinfo *sinfo;
1624         struct sctp_initmsg *sinit;
1625         sctp_assoc_t associd = 0;
1626         struct sctp_cmsgs cmsgs = { NULL };
1627         enum sctp_scope scope;
1628         bool fill_sinfo_ttl = false, wait_connect = false;
1629         struct sctp_datamsg *datamsg;
1630         int msg_flags = msg->msg_flags;
1631         __u16 sinfo_flags = 0;
1632         long timeo;
1633         int err;
1634 
1635         err = 0;
1636         sp = sctp_sk(sk);
1637         ep = sp->ep;
1638 
1639         pr_debug("%s: sk:%p, msg:%p, msg_len:%zu ep:%p\n", __func__, sk,
1640                  msg, msg_len, ep);
1641 
1642         /* We cannot send a message over a TCP-style listening socket. */
1643         if (sctp_style(sk, TCP) && sctp_sstate(sk, LISTENING)) {
1644                 err = -EPIPE;
1645                 goto out_nounlock;
1646         }
1647 
1648         /* Parse out the SCTP CMSGs.  */
1649         err = sctp_msghdr_parse(msg, &cmsgs);
1650         if (err) {
1651                 pr_debug("%s: msghdr parse err:%x\n", __func__, err);
1652                 goto out_nounlock;
1653         }
1654 
1655         /* Fetch the destination address for this packet.  This
1656          * address only selects the association--it is not necessarily
1657          * the address we will send to.
1658          * For a peeled-off socket, msg_name is ignored.
1659          */
1660         if (!sctp_style(sk, UDP_HIGH_BANDWIDTH) && msg->msg_name) {
1661                 int msg_namelen = msg->msg_namelen;
1662 
1663                 err = sctp_verify_addr(sk, (union sctp_addr *)msg->msg_name,
1664                                        msg_namelen);
1665                 if (err)
1666                         return err;
1667 
1668                 if (msg_namelen > sizeof(to))
1669                         msg_namelen = sizeof(to);
1670                 memcpy(&to, msg->msg_name, msg_namelen);
1671                 msg_name = msg->msg_name;
1672         }
1673 
1674         sinit = cmsgs.init;
1675         if (cmsgs.sinfo != NULL) {
1676                 memset(&default_sinfo, 0, sizeof(default_sinfo));
1677                 default_sinfo.sinfo_stream = cmsgs.sinfo->snd_sid;
1678                 default_sinfo.sinfo_flags = cmsgs.sinfo->snd_flags;
1679                 default_sinfo.sinfo_ppid = cmsgs.sinfo->snd_ppid;
1680                 default_sinfo.sinfo_context = cmsgs.sinfo->snd_context;
1681                 default_sinfo.sinfo_assoc_id = cmsgs.sinfo->snd_assoc_id;
1682 
1683                 sinfo = &default_sinfo;
1684                 fill_sinfo_ttl = true;
1685         } else {
1686                 sinfo = cmsgs.srinfo;
1687         }
1688         /* Did the user specify SNDINFO/SNDRCVINFO? */
1689         if (sinfo) {
1690                 sinfo_flags = sinfo->sinfo_flags;
1691                 associd = sinfo->sinfo_assoc_id;
1692         }
1693 
1694         pr_debug("%s: msg_len:%zu, sinfo_flags:0x%x\n", __func__,
1695                  msg_len, sinfo_flags);
1696 
1697         /* SCTP_EOF or SCTP_ABORT cannot be set on a TCP-style socket. */
1698         if (sctp_style(sk, TCP) && (sinfo_flags & (SCTP_EOF | SCTP_ABORT))) {
1699                 err = -EINVAL;
1700                 goto out_nounlock;
1701         }
1702 
1703         /* If SCTP_EOF is set, no data can be sent. Disallow sending zero
1704          * length messages when SCTP_EOF|SCTP_ABORT is not set.
1705          * If SCTP_ABORT is set, the message length could be non zero with
1706          * the msg_iov set to the user abort reason.
1707          */
1708         if (((sinfo_flags & SCTP_EOF) && (msg_len > 0)) ||
1709             (!(sinfo_flags & (SCTP_EOF|SCTP_ABORT)) && (msg_len == 0))) {
1710                 err = -EINVAL;
1711                 goto out_nounlock;
1712         }
1713 
1714         /* If SCTP_ADDR_OVER is set, there must be an address
1715          * specified in msg_name.
1716          */
1717         if ((sinfo_flags & SCTP_ADDR_OVER) && (!msg->msg_name)) {
1718                 err = -EINVAL;
1719                 goto out_nounlock;
1720         }
1721 
1722         transport = NULL;
1723 
1724         pr_debug("%s: about to look up association\n", __func__);
1725 
1726         lock_sock(sk);
1727 
1728         /* If a msg_name has been specified, assume this is to be used.  */
1729         if (msg_name) {
1730                 /* Look for a matching association on the endpoint. */
1731                 asoc = sctp_endpoint_lookup_assoc(ep, &to, &transport);
1732 
1733                 /* If we could not find a matching association on the
1734                  * endpoint, make sure that it is not a TCP-style
1735                  * socket that already has an association or there is
1736                  * no peeled-off association on another socket.
1737                  */
1738                 if (!asoc &&
1739                     ((sctp_style(sk, TCP) &&
1740                       (sctp_sstate(sk, ESTABLISHED) ||
1741                        sctp_sstate(sk, CLOSING))) ||
1742                      sctp_endpoint_is_peeled_off(ep, &to))) {
1743                         err = -EADDRNOTAVAIL;
1744                         goto out_unlock;
1745                 }
1746         } else {
1747                 asoc = sctp_id2assoc(sk, associd);
1748                 if (!asoc) {
1749                         err = -EPIPE;
1750                         goto out_unlock;
1751                 }
1752         }
1753 
1754         if (asoc) {
1755                 pr_debug("%s: just looked up association:%p\n", __func__, asoc);
1756 
1757                 /* We cannot send a message on a TCP-style SCTP_SS_ESTABLISHED
1758                  * socket that has an association in CLOSED state. This can
1759                  * happen when an accepted socket has an association that is
1760                  * already CLOSED.
1761                  */
1762                 if (sctp_state(asoc, CLOSED) && sctp_style(sk, TCP)) {
1763                         err = -EPIPE;
1764                         goto out_unlock;
1765                 }
1766 
1767                 if (sinfo_flags & SCTP_EOF) {
1768                         pr_debug("%s: shutting down association:%p\n",
1769                                  __func__, asoc);
1770 
1771                         sctp_primitive_SHUTDOWN(net, asoc, NULL);
1772                         err = 0;
1773                         goto out_unlock;
1774                 }
1775                 if (sinfo_flags & SCTP_ABORT) {
1776 
1777                         chunk = sctp_make_abort_user(asoc, msg, msg_len);
1778                         if (!chunk) {
1779                                 err = -ENOMEM;
1780                                 goto out_unlock;
1781                         }
1782 
1783                         pr_debug("%s: aborting association:%p\n",
1784                                  __func__, asoc);
1785 
1786                         sctp_primitive_ABORT(net, asoc, chunk);
1787                         err = 0;
1788                         goto out_unlock;
1789                 }
1790         }
1791 
1792         /* Do we need to create the association?  */
1793         if (!asoc) {
1794                 pr_debug("%s: there is no association yet\n", __func__);
1795 
1796                 if (sinfo_flags & (SCTP_EOF | SCTP_ABORT)) {
1797                         err = -EINVAL;
1798                         goto out_unlock;
1799                 }
1800 
1801                 /* Check for invalid stream against the stream counts,
1802                  * either the default or the user specified stream counts.
1803                  */
1804                 if (sinfo) {
1805                         if (!sinit || !sinit->sinit_num_ostreams) {
1806                                 /* Check against the defaults. */
1807                                 if (sinfo->sinfo_stream >=
1808                                     sp->initmsg.sinit_num_ostreams) {
1809                                         err = -EINVAL;
1810                                         goto out_unlock;
1811                                 }
1812                         } else {
1813                                 /* Check against the requested.  */
1814                                 if (sinfo->sinfo_stream >=
1815                                     sinit->sinit_num_ostreams) {
1816                                         err = -EINVAL;
1817                                         goto out_unlock;
1818                                 }
1819                         }
1820                 }
1821 
1822                 /*
1823                  * API 3.1.2 bind() - UDP Style Syntax
1824                  * If a bind() or sctp_bindx() is not called prior to a
1825                  * sendmsg() call that initiates a new association, the
1826                  * system picks an ephemeral port and will choose an address
1827                  * set equivalent to binding with a wildcard address.
1828                  */
1829                 if (!ep->base.bind_addr.port) {
1830                         if (sctp_autobind(sk)) {
1831                                 err = -EAGAIN;
1832                                 goto out_unlock;
1833                         }
1834                 } else {
1835                         /*
1836                          * If an unprivileged user inherits a one-to-many
1837                          * style socket with open associations on a privileged
1838                          * port, it MAY be permitted to accept new associations,
1839                          * but it SHOULD NOT be permitted to open new
1840                          * associations.
1841                          */
1842                         if (ep->base.bind_addr.port < inet_prot_sock(net) &&
1843                             !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE)) {
1844                                 err = -EACCES;
1845                                 goto out_unlock;
1846                         }
1847                 }
1848 
1849                 scope = sctp_scope(&to);
1850                 new_asoc = sctp_association_new(ep, sk, scope, GFP_KERNEL);
1851                 if (!new_asoc) {
1852                         err = -ENOMEM;
1853                         goto out_unlock;
1854                 }
1855                 asoc = new_asoc;
1856                 err = sctp_assoc_set_bind_addr_from_ep(asoc, scope, GFP_KERNEL);
1857                 if (err < 0) {
1858                         err = -ENOMEM;
1859                         goto out_free;
1860                 }
1861 
1862                 /* If the SCTP_INIT ancillary data is specified, set all
1863                  * the association init values accordingly.
1864                  */
1865                 if (sinit) {
1866                         if (sinit->sinit_num_ostreams) {
1867                                 __u16 outcnt = sinit->sinit_num_ostreams;
1868 
1869                                 asoc->c.sinit_num_ostreams = outcnt;
1870                                 /* outcnt has been changed, so re-init stream */
1871                                 err = sctp_stream_init(&asoc->stream, outcnt, 0,
1872                                                        GFP_KERNEL);
1873                                 if (err)
1874                                         goto out_free;
1875                         }
1876                         if (sinit->sinit_max_instreams) {
1877                                 asoc->c.sinit_max_instreams =
1878                                         sinit->sinit_max_instreams;
1879                         }
1880                         if (sinit->sinit_max_attempts) {
1881                                 asoc->max_init_attempts
1882                                         = sinit->sinit_max_attempts;
1883                         }
1884                         if (sinit->sinit_max_init_timeo) {
1885                                 asoc->max_init_timeo =
1886                                  msecs_to_jiffies(sinit->sinit_max_init_timeo);
1887                         }
1888                 }
1889 
1890                 /* Prime the peer's transport structures.  */
1891                 transport = sctp_assoc_add_peer(asoc, &to, GFP_KERNEL, SCTP_UNKNOWN);
1892                 if (!transport) {
1893                         err = -ENOMEM;
1894                         goto out_free;
1895                 }
1896         }
1897 
1898         /* ASSERT: we have a valid association at this point.  */
1899         pr_debug("%s: we have a valid association\n", __func__);
1900 
1901         if (!sinfo) {
1902                 /* If the user didn't specify SNDINFO/SNDRCVINFO, make up
1903                  * one with some defaults.
1904                  */
1905                 memset(&default_sinfo, 0, sizeof(default_sinfo));
1906                 default_sinfo.sinfo_stream = asoc->default_stream;
1907                 default_sinfo.sinfo_flags = asoc->default_flags;
1908                 default_sinfo.sinfo_ppid = asoc->default_ppid;
1909                 default_sinfo.sinfo_context = asoc->default_context;
1910                 default_sinfo.sinfo_timetolive = asoc->default_timetolive;
1911                 default_sinfo.sinfo_assoc_id = sctp_assoc2id(asoc);
1912 
1913                 sinfo = &default_sinfo;
1914         } else if (fill_sinfo_ttl) {
1915                 /* In case SNDINFO was specified, we still need to fill
1916                  * it with a default ttl from the assoc here.
1917                  */
1918                 sinfo->sinfo_timetolive = asoc->default_timetolive;
1919         }
1920 
1921         /* API 7.1.7, the sndbuf size per association bounds the
1922          * maximum size of data that can be sent in a single send call.
1923          */
1924         if (msg_len > sk->sk_sndbuf) {
1925                 err = -EMSGSIZE;
1926                 goto out_free;
1927         }
1928 
1929         if (asoc->pmtu_pending)
1930                 sctp_assoc_pending_pmtu(asoc);
1931 
1932         /* If fragmentation is disabled and the message length exceeds the
1933          * association fragmentation point, return EMSGSIZE.  The I-D
1934          * does not specify what this error is, but this looks like
1935          * a great fit.
1936          */
1937         if (sctp_sk(sk)->disable_fragments && (msg_len > asoc->frag_point)) {
1938                 err = -EMSGSIZE;
1939                 goto out_free;
1940         }
1941 
1942         /* Check for invalid stream. */
1943         if (sinfo->sinfo_stream >= asoc->stream.outcnt) {
1944                 err = -EINVAL;
1945                 goto out_free;
1946         }
1947 
1948         /* Allocate sctp_stream_out_ext if not already done */
1949         if (unlikely(!asoc->stream.out[sinfo->sinfo_stream].ext)) {
1950                 err = sctp_stream_init_ext(&asoc->stream, sinfo->sinfo_stream);
1951                 if (err)
1952                         goto out_free;
1953         }
1954 
1955         if (sctp_wspace(asoc) < msg_len)
1956                 sctp_prsctp_prune(asoc, sinfo, msg_len - sctp_wspace(asoc));
1957 
1958         timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
1959         if (!sctp_wspace(asoc)) {
1960                 /* sk can be changed by peel off when waiting for buf. */
1961                 err = sctp_wait_for_sndbuf(asoc, &timeo, msg_len);
1962                 if (err) {
1963                         if (err == -ESRCH) {
1964                                 /* asoc is already dead. */
1965                                 new_asoc = NULL;
1966                                 err = -EPIPE;
1967                         }
1968                         goto out_free;
1969                 }
1970         }
1971 
1972         /* If an address is passed with the sendto/sendmsg call, it is used
1973          * to override the primary destination address in the TCP model, or
1974          * when SCTP_ADDR_OVER flag is set in the UDP model.
1975          */
1976         if ((sctp_style(sk, TCP) && msg_name) ||
1977             (sinfo_flags & SCTP_ADDR_OVER)) {
1978                 chunk_tp = sctp_assoc_lookup_paddr(asoc, &to);
1979                 if (!chunk_tp) {
1980                         err = -EINVAL;
1981                         goto out_free;
1982                 }
1983         } else
1984                 chunk_tp = NULL;
1985 
1986         /* Auto-connect, if we aren't connected already. */
1987         if (sctp_state(asoc, CLOSED)) {
1988                 err = sctp_primitive_ASSOCIATE(net, asoc, NULL);
1989                 if (err < 0)
1990                         goto out_free;
1991 
1992                 /* If stream interleave is enabled, wait_connect has to be
1993                  * done earlier than data enqueue, as it needs to make data
1994                  * or idata according to asoc->intl_enable which is set
1995                  * after connection is done.
1996                  */
1997                 if (sctp_sk(asoc->base.sk)->strm_interleave) {
1998                         timeo = sock_sndtimeo(sk, 0);
1999                         err = sctp_wait_for_connect(asoc, &timeo);
2000                         if (err)
2001                                 goto out_unlock;
2002                 } else {
2003                         wait_connect = true;
2004                 }
2005 
2006                 pr_debug("%s: we associated primitively\n", __func__);
2007         }
2008 
2009         /* Break the message into multiple chunks of maximum size. */
2010         datamsg = sctp_datamsg_from_user(asoc, sinfo, &msg->msg_iter);
2011         if (IS_ERR(datamsg)) {
2012                 err = PTR_ERR(datamsg);
2013                 goto out_free;
2014         }
2015         asoc->force_delay = !!(msg->msg_flags & MSG_MORE);
2016 
2017         /* Now send the (possibly) fragmented message. */
2018         list_for_each_entry(chunk, &datamsg->chunks, frag_list) {
2019                 sctp_chunk_hold(chunk);
2020 
2021                 /* Do accounting for the write space.  */
2022                 sctp_set_owner_w(chunk);
2023 
2024                 chunk->transport = chunk_tp;
2025         }
2026 
2027         /* Send it to the lower layers.  Note:  all chunks
2028          * must either fail or succeed.   The lower layer
2029          * works that way today.  Keep it that way or this
2030          * breaks.
2031          */
2032         err = sctp_primitive_SEND(net, asoc, datamsg);
2033         /* Did the lower layer accept the chunk? */
2034         if (err) {
2035                 sctp_datamsg_free(datamsg);
2036                 goto out_free;
2037         }
2038 
2039         pr_debug("%s: we sent primitively\n", __func__);
2040 
2041         sctp_datamsg_put(datamsg);
2042         err = msg_len;
2043 
2044         if (unlikely(wait_connect)) {
2045                 timeo = sock_sndtimeo(sk, msg_flags & MSG_DONTWAIT);
2046                 sctp_wait_for_connect(asoc, &timeo);
2047         }
2048 
2049         /* If we are already past ASSOCIATE, the lower
2050          * layers are responsible for association cleanup.
2051          */
2052         goto out_unlock;
2053 
2054 out_free:
2055         if (new_asoc)
2056                 sctp_association_free(asoc);
2057 out_unlock:
2058         release_sock(sk);
2059 
2060 out_nounlock:
2061         return sctp_error(sk, msg_flags, err);
2062 
2063 #if 0
2064 do_sock_err:
2065         if (msg_len)
2066                 err = msg_len;
2067         else
2068                 err = sock_error(sk);
2069         goto out;
2070 
2071 do_interrupted:
2072         if (msg_len)
2073                 err = msg_len;
2074         goto out;
2075 #endif /* 0 */
2076 }
2077 
2078 /* This is an extended version of skb_pull() that removes the data from the
2079  * start of a skb even when data is spread across the list of skb's in the
2080  * frag_list. len specifies the total amount of data that needs to be removed.
2081  * when 'len' bytes could be removed from the skb, it returns 0.
2082  * If 'len' exceeds the total skb length,  it returns the no. of bytes that
2083  * could not be removed.
2084  */
2085 static int sctp_skb_pull(struct sk_buff *skb, int len)
2086 {
2087         struct sk_buff *list;
2088         int skb_len = skb_headlen(skb);
2089         int rlen;
2090 
2091         if (len <= skb_len) {
2092                 __skb_pull(skb, len);
2093                 return 0;
2094         }
2095         len -= skb_len;
2096         __skb_pull(skb, skb_len);
2097 
2098         skb_walk_frags(skb, list) {
2099                 rlen = sctp_skb_pull(list, len);
2100                 skb->len -= (len-rlen);
2101                 skb->data_len -= (len-rlen);
2102 
2103                 if (!rlen)
2104                         return 0;
2105 
2106                 len = rlen;
2107         }
2108 
2109         return len;
2110 }
2111 
2112 /* API 3.1.3  recvmsg() - UDP Style Syntax
2113  *
2114  *  ssize_t recvmsg(int socket, struct msghdr *message,
2115  *                    int flags);
2116  *
2117  *  socket  - the socket descriptor of the endpoint.
2118  *  message - pointer to the msghdr structure which contains a single
2119  *            user message and possibly some ancillary data.
2120  *
2121  *            See Section 5 for complete description of the data
2122  *            structures.
2123  *
2124  *  flags   - flags sent or received with the user message, see Section
2125  *            5 for complete description of the flags.
2126  */
2127 static int sctp_recvmsg(struct sock *sk, struct msghdr *msg, size_t len,
2128                         int noblock, int flags, int *addr_len)
2129 {
2130         struct sctp_ulpevent *event = NULL;
2131         struct sctp_sock *sp = sctp_sk(sk);
2132         struct sk_buff *skb, *head_skb;
2133         int copied;
2134         int err = 0;
2135         int skb_len;
2136 
2137         pr_debug("%s: sk:%p, msghdr:%p, len:%zd, noblock:%d, flags:0x%x, "
2138                  "addr_len:%p)\n", __func__, sk, msg, len, noblock, flags,
2139                  addr_len);
2140 
2141         lock_sock(sk);
2142 
2143         if (sctp_style(sk, TCP) && !sctp_sstate(sk, ESTABLISHED) &&
2144             !sctp_sstate(sk, CLOSING) && !sctp_sstate(sk, CLOSED)) {
2145                 err = -ENOTCONN;
2146                 goto out;
2147         }
2148 
2149         skb = sctp_skb_recv_datagram(sk, flags, noblock, &err);
2150         if (!skb)
2151                 goto out;
2152 
2153         /* Get the total length of the skb including any skb's in the
2154          * frag_list.
2155          */
2156         skb_len = skb->len;
2157 
2158         copied = skb_len;
2159         if (copied > len)
2160                 copied = len;
2161 
2162         err = skb_copy_datagram_msg(skb, 0, msg, copied);
2163 
2164         event = sctp_skb2event(skb);
2165 
2166         if (err)
2167                 goto out_free;
2168 
2169         if (event->chunk && event->chunk->head_skb)
2170                 head_skb = event->chunk->head_skb;
2171         else
2172                 head_skb = skb;
2173         sock_recv_ts_and_drops(msg, sk, head_skb);
2174         if (sctp_ulpevent_is_notification(event)) {
2175                 msg->msg_flags |= MSG_NOTIFICATION;
2176                 sp->pf->event_msgname(event, msg->msg_name, addr_len);
2177         } else {
2178                 sp->pf->skb_msgname(head_skb, msg->msg_name, addr_len);
2179         }
2180 
2181         /* Check if we allow SCTP_NXTINFO. */
2182         if (sp->recvnxtinfo)
2183                 sctp_ulpevent_read_nxtinfo(event, msg, sk);
2184         /* Check if we allow SCTP_RCVINFO. */
2185         if (sp->recvrcvinfo)
2186                 sctp_ulpevent_read_rcvinfo(event, msg);
2187         /* Check if we allow SCTP_SNDRCVINFO. */
2188         if (sp->subscribe.sctp_data_io_event)
2189                 sctp_ulpevent_read_sndrcvinfo(event, msg);
2190 
2191         err = copied;
2192 
2193         /* If skb's length exceeds the user's buffer, update the skb and
2194          * push it back to the receive_queue so that the next call to
2195          * recvmsg() will return the remaining data. Don't set MSG_EOR.
2196          */
2197         if (skb_len > copied) {
2198                 msg->msg_flags &= ~MSG_EOR;
2199                 if (flags & MSG_PEEK)
2200                         goto out_free;
2201                 sctp_skb_pull(skb, copied);
2202                 skb_queue_head(&sk->sk_receive_queue, skb);
2203 
2204                 /* When only partial message is copied to the user, increase
2205                  * rwnd by that amount. If all the data in the skb is read,
2206                  * rwnd is updated when the event is freed.
2207                  */
2208                 if (!sctp_ulpevent_is_notification(event))
2209                         sctp_assoc_rwnd_increase(event->asoc, copied);
2210                 goto out;
2211         } else if ((event->msg_flags & MSG_NOTIFICATION) ||
2212                    (event->msg_flags & MSG_EOR))
2213                 msg->msg_flags |= MSG_EOR;
2214         else
2215                 msg->msg_flags &= ~MSG_EOR;
2216 
2217 out_free:
2218         if (flags & MSG_PEEK) {
2219                 /* Release the skb reference acquired after peeking the skb in
2220                  * sctp_skb_recv_datagram().
2221                  */
2222                 kfree_skb(skb);
2223         } else {
2224                 /* Free the event which includes releasing the reference to
2225                  * the owner of the skb, freeing the skb and updating the
2226                  * rwnd.
2227                  */
2228                 sctp_ulpevent_free(event);
2229         }
2230 out:
2231         release_sock(sk);
2232         return err;
2233 }
2234 
2235 /* 7.1.12 Enable/Disable message fragmentation (SCTP_DISABLE_FRAGMENTS)
2236  *
2237  * This option is a on/off flag.  If enabled no SCTP message
2238  * fragmentation will be performed.  Instead if a message being sent
2239  * exceeds the current PMTU size, the message will NOT be sent and
2240  * instead a error will be indicated to the user.
2241  */
2242 static int sctp_setsockopt_disable_fragments(struct sock *sk,
2243                                              char __user *optval,
2244                                              unsigned int optlen)
2245 {
2246         int val;
2247 
2248         if (optlen < sizeof(int))
2249                 return -EINVAL;
2250 
2251         if (get_user(val, (int __user *)optval))
2252                 return -EFAULT;
2253 
2254         sctp_sk(sk)->disable_fragments = (val == 0) ? 0 : 1;
2255 
2256         return 0;
2257 }
2258 
2259 static int sctp_setsockopt_events(struct sock *sk, char __user *optval,
2260                                   unsigned int optlen)
2261 {
2262         struct sctp_association *asoc;
2263         struct sctp_ulpevent *event;
2264 
2265         if (optlen > sizeof(struct sctp_event_subscribe))
2266                 return -EINVAL;
2267         if (copy_from_user(&sctp_sk(sk)->subscribe, optval, optlen))
2268                 return -EFAULT;
2269 
2270         /* At the time when a user app subscribes to SCTP_SENDER_DRY_EVENT,
2271          * if there is no data to be sent or retransmit, the stack will
2272          * immediately send up this notification.
2273          */
2274         if (sctp_ulpevent_type_enabled(SCTP_SENDER_DRY_EVENT,
2275                                        &sctp_sk(sk)->subscribe)) {
2276                 asoc = sctp_id2assoc(sk, 0);
2277 
2278                 if (asoc && sctp_outq_is_empty(&asoc->outqueue)) {
2279                         event = sctp_ulpevent_make_sender_dry_event(asoc,
2280                                         GFP_USER | __GFP_NOWARN);
2281                         if (!event)
2282                                 return -ENOMEM;
2283 
2284                         asoc->stream.si->enqueue_event(&asoc->ulpq, event);
2285                 }
2286         }
2287 
2288         return 0;
2289 }
2290 
2291 /* 7.1.8 Automatic Close of associations (SCTP_AUTOCLOSE)
2292  *
2293  * This socket option is applicable to the UDP-style socket only.  When
2294  * set it will cause associations that are idle for more than the
2295  * specified number of seconds to automatically close.  An association
2296  * being idle is defined an association that has NOT sent or received
2297  * user data.  The special value of '' indicates that no automatic
2298  * close of any associations should be performed.  The option expects an
2299  * integer defining the number of seconds of idle time before an
2300  * association is closed.
2301  */
2302 static int sctp_setsockopt_autoclose(struct sock *sk, char __user *optval,
2303                                      unsigned int optlen)
2304 {
2305         struct sctp_sock *sp = sctp_sk(sk);
2306         struct net *net = sock_net(sk);
2307 
2308         /* Applicable to UDP-style socket only */
2309         if (sctp_style(sk, TCP))
2310                 return -EOPNOTSUPP;
2311         if (optlen != sizeof(int))
2312                 return -EINVAL;
2313         if (copy_from_user(&sp->autoclose, optval, optlen))
2314                 return -EFAULT;
2315 
2316         if (sp->autoclose > net->sctp.max_autoclose)
2317                 sp->autoclose = net->sctp.max_autoclose;
2318 
2319         return 0;
2320 }
2321 
2322 /* 7.1.13 Peer Address Parameters (SCTP_PEER_ADDR_PARAMS)
2323  *
2324  * Applications can enable or disable heartbeats for any peer address of
2325  * an association, modify an address's heartbeat interval, force a
2326  * heartbeat to be sent immediately, and adjust the address's maximum
2327  * number of retransmissions sent before an address is considered
2328  * unreachable.  The following structure is used to access and modify an
2329  * address's parameters:
2330  *
2331  *  struct sctp_paddrparams {
2332  *     sctp_assoc_t            spp_assoc_id;
2333  *     struct sockaddr_storage spp_address;
2334  *     uint32_t                spp_hbinterval;
2335  *     uint16_t                spp_pathmaxrxt;
2336  *     uint32_t                spp_pathmtu;
2337  *     uint32_t                spp_sackdelay;
2338  *     uint32_t                spp_flags;
2339  * };
2340  *
2341  *   spp_assoc_id    - (one-to-many style socket) This is filled in the
2342  *                     application, and identifies the association for
2343  *                     this query.
2344  *   spp_address     - This specifies which address is of interest.
2345  *   spp_hbinterval  - This contains the value of the heartbeat interval,
2346  *                     in milliseconds.  If a  value of zero
2347  *                     is present in this field then no changes are to
2348  *                     be made to this parameter.
2349  *   spp_pathmaxrxt  - This contains the maximum number of
2350  *                     retransmissions before this address shall be
2351  *                     considered unreachable. If a  value of zero
2352  *                     is present in this field then no changes are to
2353  *                     be made to this parameter.
2354  *   spp_pathmtu     - When Path MTU discovery is disabled the value
2355  *                     specified here will be the "fixed" path mtu.
2356  *                     Note that if the spp_address field is empty
2357  *                     then all associations on this address will
2358  *                     have this fixed path mtu set upon them.
2359  *
2360  *   spp_sackdelay   - When delayed sack is enabled, this value specifies
2361  *                     the number of milliseconds that sacks will be delayed
2362  *                     for. This value will apply to all addresses of an
2363  *                     association if the spp_address field is empty. Note
2364  *                     also, that if delayed sack is enabled and this
2365  *                     value is set to 0, no change is made to the last
2366  *                     recorded delayed sack timer value.
2367  *
2368  *   spp_flags       - These flags are used to control various features
2369  *                     on an association. The flag field may contain
2370  *                     zero or more of the following options.
2371  *
2372  *                     SPP_HB_ENABLE  - Enable heartbeats on the
2373  *                     specified address. Note that if the address
2374  *                     field is empty all addresses for the association
2375  *                     have heartbeats enabled upon them.
2376  *
2377  *                     SPP_HB_DISABLE - Disable heartbeats on the
2378  *                     speicifed address. Note that if the address
2379  *                     field is empty all addresses for the association
2380  *                     will have their heartbeats disabled. Note also
2381  *                     that SPP_HB_ENABLE and SPP_HB_DISABLE are
2382  *                     mutually exclusive, only one of these two should
2383  *                     be specified. Enabling both fields will have
2384  *                     undetermined results.
2385  *
2386  *                     SPP_HB_DEMAND - Request a user initiated heartbeat
2387  *                     to be made immediately.
2388  *
2389  *                     SPP_HB_TIME_IS_ZERO - Specify's that the time for
2390  *                     heartbeat delayis to be set to the value of 0
2391  *                     milliseconds.
2392  *
2393  *                     SPP_PMTUD_ENABLE - This field will enable PMTU
2394  *                     discovery upon the specified address. Note that
2395  *                     if the address feild is empty then all addresses
2396  *                     on the association are effected.
2397  *
2398  *                     SPP_PMTUD_DISABLE - This field will disable PMTU
2399  *                     discovery upon the specified address. Note that
2400  *                     if the address feild is empty then all addresses
2401  *                     on the association are effected. Not also that
2402  *                     SPP_PMTUD_ENABLE and SPP_PMTUD_DISABLE are mutually
2403  *                     exclusive. Enabling both will have undetermined
2404  *                     results.
2405  *
2406  *                     SPP_SACKDELAY_ENABLE - Setting this flag turns
2407  *                     on delayed sack. The time specified in spp_sackdelay
2408  *                     is used to specify the sack delay for this address. Note
2409  *                     that if spp_address is empty then all addresses will
2410  *                     enable delayed sack and take on the sack delay
2411  *                     value specified in spp_sackdelay.
2412  *                     SPP_SACKDELAY_DISABLE - Setting this flag turns
2413  *                     off delayed sack. If the spp_address field is blank then
2414  *                     delayed sack is disabled for the entire association. Note
2415  *                     also that this field is mutually exclusive to
2416  *                     SPP_SACKDELAY_ENABLE, setting both will have undefined
2417  *                     results.
2418  */
2419 static int sctp_apply_peer_addr_params(struct sctp_paddrparams *params,
2420                                        struct sctp_transport   *trans,
2421                                        struct sctp_association *asoc,
2422                                        struct sctp_sock        *sp,
2423                                        int                      hb_change,
2424                                        int                      pmtud_change,
2425                                        int                      sackdelay_change)
2426 {
2427         int error;
2428 
2429         if (params->spp_flags & SPP_HB_DEMAND && trans) {
2430                 struct net *net = sock_net(trans->asoc->base.sk);
2431 
2432                 error = sctp_primitive_REQUESTHEARTBEAT(net, trans->asoc, trans);
2433                 if (error)
2434                         return error;
2435         }
2436 
2437         /* Note that unless the spp_flag is set to SPP_HB_ENABLE the value of
2438          * this field is ignored.  Note also that a value of zero indicates
2439          * the current setting should be left unchanged.
2440          */
2441         if (params->spp_flags & SPP_HB_ENABLE) {
2442 
2443                 /* Re-zero the interval if the SPP_HB_TIME_IS_ZERO is
2444                  * set.  This lets us use 0 value when this flag
2445                  * is set.
2446                  */
2447                 if (params->spp_flags & SPP_HB_TIME_IS_ZERO)
2448                         params->spp_hbinterval = 0;
2449 
2450                 if (params->spp_hbinterval ||
2451                     (params->spp_flags & SPP_HB_TIME_IS_ZERO)) {
2452                         if (trans) {
2453                                 trans->hbinterval =
2454                                     msecs_to_jiffies(params->spp_hbinterval);
2455                         } else if (asoc) {
2456                                 asoc->hbinterval =
2457                                     msecs_to_jiffies(params->spp_hbinterval);
2458                         } else {
2459                                 sp->hbinterval = params->spp_hbinterval;
2460                         }
2461                 }
2462         }
2463 
2464         if (hb_change) {
2465                 if (trans) {
2466                         trans->param_flags =
2467                                 (trans->param_flags & ~SPP_HB) | hb_change;
2468                 } else if (asoc) {
2469                         asoc->param_flags =
2470                                 (asoc->param_flags & ~SPP_HB) | hb_change;
2471                 } else {
2472                         sp->param_flags =
2473                                 (sp->param_flags & ~SPP_HB) | hb_change;
2474                 }
2475         }
2476 
2477         /* When Path MTU discovery is disabled the value specified here will
2478          * be the "fixed" path mtu (i.e. the value of the spp_flags field must
2479          * include the flag SPP_PMTUD_DISABLE for this field to have any
2480          * effect).
2481          */
2482         if ((params->spp_flags & SPP_PMTUD_DISABLE) && params->spp_pathmtu) {
2483                 if (trans) {
2484                         trans->pathmtu = params->spp_pathmtu;
2485                         sctp_assoc_sync_pmtu(asoc);
2486                 } else if (asoc) {
2487                         asoc->pathmtu = params->spp_pathmtu;
2488                 } else {
2489                         sp->pathmtu = params->spp_pathmtu;
2490                 }
2491         }
2492 
2493         if (pmtud_change) {
2494                 if (trans) {
2495                         int update = (trans->param_flags & SPP_PMTUD_DISABLE) &&
2496                                 (params->spp_flags & SPP_PMTUD_ENABLE);
2497                         trans->param_flags =
2498                                 (trans->param_flags & ~SPP_PMTUD) | pmtud_change;
2499                         if (update) {
2500                                 sctp_transport_pmtu(trans, sctp_opt2sk(sp));
2501                                 sctp_assoc_sync_pmtu(asoc);
2502                         }
2503                 } else if (asoc) {
2504                         asoc->param_flags =
2505                                 (asoc->param_flags & ~SPP_PMTUD) | pmtud_change;
2506                 } else {
2507                         sp->param_flags =
2508                                 (sp->param_flags & ~SPP_PMTUD) | pmtud_change;
2509                 }
2510         }
2511 
2512         /* Note that unless the spp_flag is set to SPP_SACKDELAY_ENABLE the
2513          * value of this field is ignored.  Note also that a value of zero
2514          * indicates the current setting should be left unchanged.
2515          */
2516         if ((params->spp_flags & SPP_SACKDELAY_ENABLE) && params->spp_sackdelay) {
2517                 if (trans) {
2518                         trans->sackdelay =
2519                                 msecs_to_jiffies(params->spp_sackdelay);
2520                 } else if (asoc) {
2521                         asoc->sackdelay =
2522                                 msecs_to_jiffies(params->spp_sackdelay);
2523                 } else {
2524                         sp->sackdelay = params->spp_sackdelay;
2525                 }
2526         }
2527 
2528         if (sackdelay_change) {
2529                 if (trans) {
2530                         trans->param_flags =
2531                                 (trans->param_flags & ~SPP_SACKDELAY) |
2532                                 sackdelay_change;
2533                 } else if (asoc) {
2534                         asoc->param_flags =
2535                                 (asoc->param_flags & ~SPP_SACKDELAY) |
2536                                 sackdelay_change;
2537                 } else {
2538                         sp->param_flags =
2539                                 (sp->param_flags & ~SPP_SACKDELAY) |
2540                                 sackdelay_change;
2541                 }
2542         }
2543 
2544         /* Note that a value of zero indicates the current setting should be
2545            left unchanged.
2546          */
2547         if (params->spp_pathmaxrxt) {
2548                 if (trans) {
2549                         trans->pathmaxrxt = params->spp_pathmaxrxt;
2550                 } else if (asoc) {
2551                         asoc->pathmaxrxt = params->spp_pathmaxrxt;
2552                 } else {
2553                         sp->pathmaxrxt = params->spp_pathmaxrxt;
2554                 }
2555         }
2556 
2557         return 0;
2558 }
2559 
2560 static int sctp_setsockopt_peer_addr_params(struct sock *sk,
2561                                             char __user *optval,
2562                                             unsigned int optlen)
2563 {
2564         struct sctp_paddrparams  params;
2565         struct sctp_transport   *trans = NULL;
2566         struct sctp_association *asoc = NULL;
2567         struct sctp_sock        *sp = sctp_sk(sk);
2568         int error;
2569         int hb_change, pmtud_change, sackdelay_change;
2570 
2571         if (optlen != sizeof(struct sctp_paddrparams))
2572                 return -EINVAL;
2573 
2574         if (copy_from_user(&params, optval, optlen))
2575                 return -EFAULT;
2576 
2577         /* Validate flags and value parameters. */
2578         hb_change        = params.spp_flags & SPP_HB;
2579         pmtud_change     = params.spp_flags & SPP_PMTUD;
2580         sackdelay_change = params.spp_flags & SPP_SACKDELAY;
2581 
2582         if (hb_change        == SPP_HB ||
2583             pmtud_change     == SPP_PMTUD ||
2584             sackdelay_change == SPP_SACKDELAY ||
2585             params.spp_sackdelay > 500 ||
2586             (params.spp_pathmtu &&
2587              params.spp_pathmtu < SCTP_DEFAULT_MINSEGMENT))
2588                 return -EINVAL;
2589 
2590         /* If an address other than INADDR_ANY is specified, and
2591          * no transport is found, then the request is invalid.
2592          */
2593         if (!sctp_is_any(sk, (union sctp_addr *)&params.spp_address)) {
2594                 trans = sctp_addr_id2transport(sk, &params.spp_address,
2595                                                params.spp_assoc_id);
2596                 if (!trans)
2597                         return -EINVAL;
2598         }
2599 
2600         /* Get association, if assoc_id != 0 and the socket is a one
2601          * to many style socket, and an association was not found, then
2602          * the id was invalid.
2603          */
2604         asoc = sctp_id2assoc(sk, params.spp_assoc_id);
2605         if (!asoc && params.spp_assoc_id && sctp_style(sk, UDP))
2606                 return -EINVAL;
2607 
2608         /* Heartbeat demand can only be sent on a transport or
2609          * association, but not a socket.
2610          */
2611         if (params.spp_flags & SPP_HB_DEMAND && !trans && !asoc)
2612                 return -EINVAL;
2613 
2614         /* Process parameters. */
2615         error = sctp_apply_peer_addr_params(&params, trans, asoc, sp,
2616                                             hb_change, pmtud_change,
2617                                             sackdelay_change);
2618 
2619         if (error)
2620                 return error;
2621 
2622         /* If changes are for association, also apply parameters to each
2623          * transport.
2624          */
2625         if (!trans && asoc) {
2626                 list_for_each_entry(trans, &asoc->peer.transport_addr_list,
2627                                 transports) {
2628                         sctp_apply_peer_addr_params(&params, trans, asoc, sp,
2629                                                     hb_change, pmtud_change,
2630                                                     sackdelay_change);
2631                 }
2632         }
2633 
2634         return 0;
2635 }
2636 
2637 static inline __u32 sctp_spp_sackdelay_enable(__u32 param_flags)
2638 {
2639         return (param_flags & ~SPP_SACKDELAY) | SPP_SACKDELAY_ENABLE;
2640 }
2641 
2642 static inline __u32 sctp_spp_sackdelay_disable(__u32 param_flags)
2643 {
2644         return (param_flags & ~SPP_SACKDELAY) | SPP_SACKDELAY_DISABLE;
2645 }
2646 
2647 /*
2648  * 7.1.23.  Get or set delayed ack timer (SCTP_DELAYED_SACK)
2649  *
2650  * This option will effect the way delayed acks are performed.  This
2651  * option allows you to get or set the delayed ack time, in
2652  * milliseconds.  It also allows changing the delayed ack frequency.
2653  * Changing the frequency to 1 disables the delayed sack algorithm.  If
2654  * the assoc_id is 0, then this sets or gets the endpoints default
2655  * values.  If the assoc_id field is non-zero, then the set or get
2656  * effects the specified association for the one to many model (the
2657  * assoc_id field is ignored by the one to one model).  Note that if
2658  * sack_delay or sack_freq are 0 when setting this option, then the
2659  * current values will remain unchanged.
2660  *
2661  * struct sctp_sack_info {
2662  *     sctp_assoc_t            sack_assoc_id;
2663  *     uint32_t                sack_delay;
2664  *     uint32_t                sack_freq;
2665  * };
2666  *
2667  * sack_assoc_id -  This parameter, indicates which association the user
2668  *    is performing an action upon.  Note that if this field's value is
2669  *    zero then the endpoints default value is changed (effecting future
2670  *    associations only).
2671  *
2672  * sack_delay -  This parameter contains the number of milliseconds that
2673  *    the user is requesting the delayed ACK timer be set to.  Note that
2674  *    this value is defined in the standard to be between 200 and 500
2675  *    milliseconds.
2676  *
2677  * sack_freq -  This parameter contains the number of packets that must
2678  *    be received before a sack is sent without waiting for the delay
2679  *    timer to expire.  The default value for this is 2, setting this
2680  *    value to 1 will disable the delayed sack algorithm.
2681  */
2682 
2683 static int sctp_setsockopt_delayed_ack(struct sock *sk,
2684                                        char __user *optval, unsigned int optlen)
2685 {
2686         struct sctp_sack_info    params;
2687         struct sctp_transport   *trans = NULL;
2688         struct sctp_association *asoc = NULL;
2689         struct sctp_sock        *sp = sctp_sk(sk);
2690 
2691         if (optlen == sizeof(struct sctp_sack_info)) {
2692                 if (copy_from_user(&params, optval, optlen))
2693                         return -EFAULT;
2694 
2695                 if (params.sack_delay == 0 && params.sack_freq == 0)
2696                         return 0;
2697         } else if (optlen == sizeof(struct sctp_assoc_value)) {
2698                 pr_warn_ratelimited(DEPRECATED
2699                                     "%s (pid %d) "
2700                                     "Use of struct sctp_assoc_value in delayed_ack socket option.\n"
2701                                     "Use struct sctp_sack_info instead\n",
2702                                     current->comm, task_pid_nr(current));
2703                 if (copy_from_user(&params, optval, optlen))
2704                         return -EFAULT;
2705 
2706                 if (params.sack_delay == 0)
2707                         params.sack_freq = 1;
2708                 else
2709                         params.sack_freq = 0;
2710         } else
2711                 return -EINVAL;
2712 
2713         /* Validate value parameter. */
2714         if (params.sack_delay > 500)
2715                 return -EINVAL;
2716 
2717         /* Get association, if sack_assoc_id != 0 and the socket is a one
2718          * to many style socket, and an association was not found, then
2719          * the id was invalid.
2720          */
2721         asoc = sctp_id2assoc(sk, params.sack_assoc_id);
2722         if (!asoc && params.sack_assoc_id && sctp_style(sk, UDP))
2723                 return -EINVAL;
2724 
2725         if (params.sack_delay) {
2726                 if (asoc) {
2727                         asoc->sackdelay =
2728                                 msecs_to_jiffies(params.sack_delay);
2729                         asoc->param_flags =
2730                                 sctp_spp_sackdelay_enable(asoc->param_flags);
2731                 } else {
2732                         sp->sackdelay = params.sack_delay;
2733                         sp->param_flags =
2734                                 sctp_spp_sackdelay_enable(sp->param_flags);
2735                 }
2736         }
2737 
2738         if (params.sack_freq == 1) {
2739                 if (asoc) {
2740                         asoc->param_flags =
2741                                 sctp_spp_sackdelay_disable(asoc->param_flags);
2742                 } else {
2743                         sp->param_flags =
2744                                 sctp_spp_sackdelay_disable(sp->param_flags);
2745                 }
2746         } else if (params.sack_freq > 1) {
2747                 if (asoc) {
2748                         asoc->sackfreq = params.sack_freq;
2749                         asoc->param_flags =
2750                                 sctp_spp_sackdelay_enable(asoc->param_flags);
2751                 } else {
2752                         sp->sackfreq = params.sack_freq;
2753                         sp->param_flags =
2754                                 sctp_spp_sackdelay_enable(sp->param_flags);
2755                 }
2756         }
2757 
2758         /* If change is for association, also apply to each transport. */
2759         if (asoc) {
2760                 list_for_each_entry(trans, &asoc->peer.transport_addr_list,
2761                                 transports) {
2762                         if (params.sack_delay) {
2763                                 trans->sackdelay =
2764                                         msecs_to_jiffies(params.sack_delay);
2765                                 trans->param_flags =
2766                                         sctp_spp_sackdelay_enable(trans->param_flags);
2767                         }
2768                         if (params.sack_freq == 1) {
2769                                 trans->param_flags =
2770                                         sctp_spp_sackdelay_disable(trans->param_flags);
2771                         } else if (params.sack_freq > 1) {
2772                                 trans->sackfreq = params.sack_freq;
2773                                 trans->param_flags =
2774                                         sctp_spp_sackdelay_enable(trans->param_flags);
2775                         }
2776                 }
2777         }
2778 
2779         return 0;
2780 }
2781 
2782 /* 7.1.3 Initialization Parameters (SCTP_INITMSG)
2783  *
2784  * Applications can specify protocol parameters for the default association
2785  * initialization.  The option name argument to setsockopt() and getsockopt()
2786  * is SCTP_INITMSG.
2787  *
2788  * Setting initialization parameters is effective only on an unconnected
2789  * socket (for UDP-style sockets only future associations are effected
2790  * by the change).  With TCP-style sockets, this option is inherited by
2791  * sockets derived from a listener socket.
2792  */
2793 static int sctp_setsockopt_initmsg(struct sock *sk, char __user *optval, unsigned int optlen)
2794 {
2795         struct sctp_initmsg sinit;
2796         struct sctp_sock *sp = sctp_sk(sk);
2797 
2798         if (optlen != sizeof(struct sctp_initmsg))
2799                 return -EINVAL;
2800         if (copy_from_user(&sinit, optval, optlen))
2801                 return -EFAULT;
2802 
2803         if (sinit.sinit_num_ostreams)
2804                 sp->initmsg.sinit_num_ostreams = sinit.sinit_num_ostreams;
2805         if (sinit.sinit_max_instreams)
2806                 sp->initmsg.sinit_max_instreams = sinit.sinit_max_instreams;
2807         if (sinit.sinit_max_attempts)
2808                 sp->initmsg.sinit_max_attempts = sinit.sinit_max_attempts;
2809         if (sinit.sinit_max_init_timeo)
2810                 sp->initmsg.sinit_max_init_timeo = sinit.sinit_max_init_timeo;
2811 
2812         return 0;
2813 }
2814 
2815 /*
2816  * 7.1.14 Set default send parameters (SCTP_DEFAULT_SEND_PARAM)
2817  *
2818  *   Applications that wish to use the sendto() system call may wish to
2819  *   specify a default set of parameters that would normally be supplied
2820  *   through the inclusion of ancillary data.  This socket option allows
2821  *   such an application to set the default sctp_sndrcvinfo structure.
2822  *   The application that wishes to use this socket option simply passes
2823  *   in to this call the sctp_sndrcvinfo structure defined in Section
2824  *   5.2.2) The input parameters accepted by this call include
2825  *   sinfo_stream, sinfo_flags, sinfo_ppid, sinfo_context,
2826  *   sinfo_timetolive.  The user must provide the sinfo_assoc_id field in
2827  *   to this call if the caller is using the UDP model.
2828  */
2829 static int sctp_setsockopt_default_send_param(struct sock *sk,
2830                                               char __user *optval,
2831                                               unsigned int optlen)
2832 {
2833         struct sctp_sock *sp = sctp_sk(sk);
2834         struct sctp_association *asoc;
2835         struct sctp_sndrcvinfo info;
2836 
2837         if (optlen != sizeof(info))
2838                 return -EINVAL;
2839         if (copy_from_user(&info, optval, optlen))
2840                 return -EFAULT;
2841         if (info.sinfo_flags &
2842             ~(SCTP_UNORDERED | SCTP_ADDR_OVER |
2843               SCTP_ABORT | SCTP_EOF))
2844                 return -EINVAL;
2845 
2846         asoc = sctp_id2assoc(sk, info.sinfo_assoc_id);
2847         if (!asoc && info.sinfo_assoc_id && sctp_style(sk, UDP))
2848                 return -EINVAL;
2849         if (asoc) {
2850                 asoc->default_stream = info.sinfo_stream;
2851                 asoc->default_flags = info.sinfo_flags;
2852                 asoc->default_ppid = info.sinfo_ppid;
2853                 asoc->default_context = info.sinfo_context;
2854                 asoc->default_timetolive = info.sinfo_timetolive;
2855         } else {
2856                 sp->default_stream = info.sinfo_stream;
2857                 sp->default_flags = info.sinfo_flags;
2858                 sp->default_ppid = info.sinfo_ppid;
2859                 sp->default_context = info.sinfo_context;
2860                 sp->default_timetolive = info.sinfo_timetolive;
2861         }
2862 
2863         return 0;
2864 }
2865 
2866 /* RFC6458, Section 8.1.31. Set/get Default Send Parameters
2867  * (SCTP_DEFAULT_SNDINFO)
2868  */
2869 static int sctp_setsockopt_default_sndinfo(struct sock *sk,
2870                                            char __user *optval,
2871                                            unsigned int optlen)
2872 {
2873         struct sctp_sock *sp = sctp_sk(sk);
2874         struct sctp_association *asoc;
2875         struct sctp_sndinfo info;
2876 
2877         if (optlen != sizeof(info))
2878                 return -EINVAL;
2879         if (copy_from_user(&info, optval, optlen))
2880                 return -EFAULT;
2881         if (info.snd_flags &
2882             ~(SCTP_UNORDERED | SCTP_ADDR_OVER |
2883               SCTP_ABORT | SCTP_EOF))
2884                 return -EINVAL;
2885 
2886         asoc = sctp_id2assoc(sk, info.snd_assoc_id);
2887         if (!asoc && info.snd_assoc_id && sctp_style(sk, UDP))
2888                 return -EINVAL;
2889         if (asoc) {
2890                 asoc->default_stream = info.snd_sid;
2891                 asoc->default_flags = info.snd_flags;
2892                 asoc->default_ppid = info.snd_ppid;
2893                 asoc->default_context = info.snd_context;
2894         } else {
2895                 sp->default_stream = info.snd_sid;
2896                 sp->default_flags = info.snd_flags;
2897                 sp->default_ppid = info.snd_ppid;
2898                 sp->default_context = info.snd_context;
2899         }
2900 
2901         return 0;
2902 }
2903 
2904 /* 7.1.10 Set Primary Address (SCTP_PRIMARY_ADDR)
2905  *
2906  * Requests that the local SCTP stack use the enclosed peer address as
2907  * the association primary.  The enclosed address must be one of the
2908  * association peer's addresses.
2909  */
2910 static int sctp_setsockopt_primary_addr(struct sock *sk, char __user *optval,
2911                                         unsigned int optlen)
2912 {
2913         struct sctp_prim prim;
2914         struct sctp_transport *trans;
2915 
2916         if (optlen != sizeof(struct sctp_prim))
2917                 return -EINVAL;
2918 
2919         if (copy_from_user(&prim, optval, sizeof(struct sctp_prim)))
2920                 return -EFAULT;
2921 
2922         trans = sctp_addr_id2transport(sk, &prim.ssp_addr, prim.ssp_assoc_id);
2923         if (!trans)
2924                 return -EINVAL;
2925 
2926         sctp_assoc_set_primary(trans->asoc, trans);
2927 
2928         return 0;
2929 }
2930 
2931 /*
2932  * 7.1.5 SCTP_NODELAY
2933  *
2934  * Turn on/off any Nagle-like algorithm.  This means that packets are
2935  * generally sent as soon as possible and no unnecessary delays are
2936  * introduced, at the cost of more packets in the network.  Expects an
2937  *  integer boolean flag.
2938  */
2939 static int sctp_setsockopt_nodelay(struct sock *sk, char __user *optval,
2940                                    unsigned int optlen)
2941 {
2942         int val;
2943 
2944         if (optlen < sizeof(int))
2945                 return -EINVAL;
2946         if (get_user(val, (int __user *)optval))
2947                 return -EFAULT;
2948 
2949         sctp_sk(sk)->nodelay = (val == 0) ? 0 : 1;
2950         return 0;
2951 }
2952 
2953 /*
2954  *
2955  * 7.1.1 SCTP_RTOINFO
2956  *
2957  * The protocol parameters used to initialize and bound retransmission
2958  * timeout (RTO) are tunable. sctp_rtoinfo structure is used to access
2959  * and modify these parameters.
2960  * All parameters are time values, in milliseconds.  A value of 0, when
2961  * modifying the parameters, indicates that the current value should not
2962  * be changed.
2963  *
2964  */
2965 static int sctp_setsockopt_rtoinfo(struct sock *sk, char __user *optval, unsigned int optlen)
2966 {
2967         struct sctp_rtoinfo rtoinfo;
2968         struct sctp_association *asoc;
2969         unsigned long rto_min, rto_max;
2970         struct sctp_sock *sp = sctp_sk(sk);
2971 
2972         if (optlen != sizeof (struct sctp_rtoinfo))
2973                 return -EINVAL;
2974 
2975         if (copy_from_user(&rtoinfo, optval, optlen))
2976                 return -EFAULT;
2977 
2978         asoc = sctp_id2assoc(sk, rtoinfo.srto_assoc_id);
2979 
2980         /* Set the values to the specific association */
2981         if (!asoc && rtoinfo.srto_assoc_id && sctp_style(sk, UDP))
2982                 return -EINVAL;
2983 
2984         rto_max = rtoinfo.srto_max;
2985         rto_min = rtoinfo.srto_min;
2986 
2987         if (rto_max)
2988                 rto_max = asoc ? msecs_to_jiffies(rto_max) : rto_max;
2989         else
2990                 rto_max = asoc ? asoc->rto_max : sp->rtoinfo.srto_max;
2991 
2992         if (rto_min)
2993                 rto_min = asoc ? msecs_to_jiffies(rto_min) : rto_min;
2994         else
2995                 rto_min = asoc ? asoc->rto_min : sp->rtoinfo.srto_min;
2996 
2997         if (rto_min > rto_max)
2998                 return -EINVAL;
2999 
3000         if (asoc) {
3001                 if (rtoinfo.srto_initial != 0)
3002                         asoc->rto_initial =
3003                                 msecs_to_jiffies(rtoinfo.srto_initial);
3004                 asoc->rto_max = rto_max;
3005                 asoc->rto_min = rto_min;
3006         } else {
3007                 /* If there is no association or the association-id = 0
3008                  * set the values to the endpoint.
3009                  */
3010                 if (rtoinfo.srto_initial != 0)
3011                         sp->rtoinfo.srto_initial = rtoinfo.srto_initial;
3012                 sp->rtoinfo.srto_max = rto_max;
3013                 sp->rtoinfo.srto_min = rto_min;
3014         }
3015 
3016         return 0;
3017 }
3018 
3019 /*
3020  *
3021  * 7.1.2 SCTP_ASSOCINFO
3022  *
3023  * This option is used to tune the maximum retransmission attempts
3024  * of the association.
3025  * Returns an error if the new association retransmission value is
3026  * greater than the sum of the retransmission value  of the peer.
3027  * See [SCTP] for more information.
3028  *
3029  */
3030 static int sctp_setsockopt_associnfo(struct sock *sk, char __user *optval, unsigned int optlen)
3031 {
3032 
3033         struct sctp_assocparams assocparams;
3034         struct sctp_association *asoc;
3035 
3036         if (optlen != sizeof(struct sctp_assocparams))
3037                 return -EINVAL;
3038         if (copy_from_user(&assocparams, optval, optlen))
3039                 return -EFAULT;
3040 
3041         asoc = sctp_id2assoc(sk, assocparams.sasoc_assoc_id);
3042 
3043         if (!asoc && assocparams.sasoc_assoc_id && sctp_style(sk, UDP))
3044                 return -EINVAL;
3045 
3046         /* Set the values to the specific association */
3047         if (asoc) {
3048                 if (assocparams.sasoc_asocmaxrxt != 0) {
3049                         __u32 path_sum = 0;
3050                         int   paths = 0;
3051                         struct sctp_transport *peer_addr;
3052 
3053                         list_for_each_entry(peer_addr, &asoc->peer.transport_addr_list,
3054                                         transports) {
3055                                 path_sum += peer_addr->pathmaxrxt;
3056                                 paths++;
3057                         }
3058 
3059                         /* Only validate asocmaxrxt if we have more than
3060                          * one path/transport.  We do this because path
3061                          * retransmissions are only counted when we have more
3062                          * then one path.
3063                          */
3064                         if (paths > 1 &&
3065                             assocparams.sasoc_asocmaxrxt > path_sum)
3066                                 return -EINVAL;
3067 
3068                         asoc->max_retrans = assocparams.sasoc_asocmaxrxt;
3069                 }
3070 
3071                 if (assocparams.sasoc_cookie_life != 0)
3072                         asoc->cookie_life = ms_to_ktime(assocparams.sasoc_cookie_life);
3073         } else {
3074                 /* Set the values to the endpoint */
3075                 struct sctp_sock *sp = sctp_sk(sk);
3076 
3077                 if (assocparams.sasoc_asocmaxrxt != 0)
3078                         sp->assocparams.sasoc_asocmaxrxt =
3079                                                 assocparams.sasoc_asocmaxrxt;
3080                 if (assocparams.sasoc_cookie_life != 0)
3081                         sp->assocparams.sasoc_cookie_life =
3082                                                 assocparams.sasoc_cookie_life;
3083         }
3084         return 0;
3085 }
3086 
3087 /*
3088  * 7.1.16 Set/clear IPv4 mapped addresses (SCTP_I_WANT_MAPPED_V4_ADDR)
3089  *
3090  * This socket option is a boolean flag which turns on or off mapped V4
3091  * addresses.  If this option is turned on and the socket is type
3092  * PF_INET6, then IPv4 addresses will be mapped to V6 representation.
3093  * If this option is turned off, then no mapping will be done of V4
3094  * addresses and a user will receive both PF_INET6 and PF_INET type
3095  * addresses on the socket.
3096  */
3097 static int sctp_setsockopt_mappedv4(struct sock *sk, char __user *optval, unsigned int optlen)
3098 {
3099         int val;
3100         struct sctp_sock *sp = sctp_sk(sk);
3101 
3102         if (optlen < sizeof(int))
3103                 return -EINVAL;
3104         if (get_user(val, (int __user *)optval))
3105                 return -EFAULT;
3106         if (val)
3107                 sp->v4mapped = 1;
3108         else
3109                 sp->v4mapped = 0;
3110 
3111         return 0;
3112 }
3113 
3114 /*
3115  * 8.1.16.  Get or Set the Maximum Fragmentation Size (SCTP_MAXSEG)
3116  * This option will get or set the maximum size to put in any outgoing
3117  * SCTP DATA chunk.  If a message is larger than this size it will be
3118  * fragmented by SCTP into the specified size.  Note that the underlying
3119  * SCTP implementation may fragment into smaller sized chunks when the
3120  * PMTU of the underlying association is smaller than the value set by
3121  * the user.  The default value for this option is '' which indicates
3122  * the user is NOT limiting fragmentation and only the PMTU will effect
3123  * SCTP's choice of DATA chunk size.  Note also that values set larger
3124  * than the maximum size of an IP datagram will effectively let SCTP
3125  * control fragmentation (i.e. the same as setting this option to 0).
3126  *
3127  * The following structure is used to access and modify this parameter:
3128  *
3129  * struct sctp_assoc_value {
3130  *   sctp_assoc_t assoc_id;
3131  *   uint32_t assoc_value;
3132  * };
3133  *
3134  * assoc_id:  This parameter is ignored for one-to-one style sockets.
3135  *    For one-to-many style sockets this parameter indicates which
3136  *    association the user is performing an action upon.  Note that if
3137  *    this field's value is zero then the endpoints default value is
3138  *    changed (effecting future associations only).
3139  * assoc_value:  This parameter specifies the maximum size in bytes.
3140  */
3141 static int sctp_setsockopt_maxseg(struct sock *sk, char __user *optval, unsigned int optlen)
3142 {
3143         struct sctp_sock *sp = sctp_sk(sk);
3144         struct sctp_assoc_value params;
3145         struct sctp_association *asoc;
3146         int val;
3147 
3148         if (optlen == sizeof(int)) {
3149                 pr_warn_ratelimited(DEPRECATED
3150                                     "%s (pid %d) "
3151                                     "Use of int in maxseg socket option.\n"
3152                                     "Use struct sctp_assoc_value instead\n",
3153                                     current->comm, task_pid_nr(current));
3154                 if (copy_from_user(&val, optval, optlen))
3155                         return -EFAULT;
3156                 params.assoc_id = 0;
3157         } else if (optlen == sizeof(struct sctp_assoc_value)) {
3158                 if (copy_from_user(&params, optval, optlen))
3159                         return -EFAULT;
3160                 val = params.assoc_value;
3161         } else {
3162                 return -EINVAL;
3163         }
3164 
3165         if (val) {
3166                 int min_len, max_len;
3167 
3168                 min_len = SCTP_DEFAULT_MINSEGMENT - sp->pf->af->net_header_len;
3169                 min_len -= sizeof(struct sctphdr) +
3170                            sizeof(struct sctp_data_chunk);
3171 
3172                 max_len = SCTP_MAX_CHUNK_LEN - sizeof(struct sctp_data_chunk);
3173 
3174                 if (val < min_len || val > max_len)
3175                         return -EINVAL;
3176         }
3177 
3178         asoc = sctp_id2assoc(sk, params.assoc_id);
3179         if (asoc) {
3180                 if (val == 0) {
3181                         val = asoc->pathmtu - sp->pf->af->net_header_len;
3182                         val -= sizeof(struct sctphdr) +
3183                                sctp_datachk_len(&asoc->stream);
3184                 }
3185                 asoc->user_frag = val;
3186                 asoc->frag_point = sctp_frag_point(asoc, asoc->pathmtu);
3187         } else {
3188                 if (params.assoc_id && sctp_style(sk, UDP))
3189                         return -EINVAL;
3190                 sp->user_frag = val;
3191         }
3192 
3193         return 0;
3194 }
3195 
3196 
3197 /*
3198  *  7.1.9 Set Peer Primary Address (SCTP_SET_PEER_PRIMARY_ADDR)
3199  *
3200  *   Requests that the peer mark the enclosed address as the association
3201  *   primary. The enclosed address must be one of the association's
3202  *   locally bound addresses. The following structure is used to make a
3203  *   set primary request:
3204  */
3205 static int sctp_setsockopt_peer_primary_addr(struct sock *sk, char __user *optval,
3206                                              unsigned int optlen)
3207 {
3208         struct net *net = sock_net(sk);
3209         struct sctp_sock        *sp;
3210         struct sctp_association *asoc = NULL;
3211         struct sctp_setpeerprim prim;
3212         struct sctp_chunk       *chunk;
3213         struct sctp_af          *af;
3214         int                     err;
3215 
3216         sp = sctp_sk(sk);
3217 
3218         if (!net->sctp.addip_enable)
3219                 return -EPERM;
3220 
3221         if (optlen != sizeof(struct sctp_setpeerprim))
3222                 return -EINVAL;
3223 
3224         if (copy_from_user(&prim, optval, optlen))
3225                 return -EFAULT;
3226 
3227         asoc = sctp_id2assoc(sk, prim.sspp_assoc_id);
3228         if (!asoc)
3229                 return -EINVAL;
3230 
3231         if (!asoc->peer.asconf_capable)
3232                 return -EPERM;
3233 
3234         if (asoc->peer.addip_disabled_mask & SCTP_PARAM_SET_PRIMARY)
3235                 return -EPERM;
3236 
3237         if (!sctp_state(asoc, ESTABLISHED))
3238                 return -ENOTCONN;
3239 
3240         af = sctp_get_af_specific(prim.sspp_addr.ss_family);
3241         if (!af)
3242                 return -EINVAL;
3243 
3244         if (!af->addr_valid((union sctp_addr *)&prim.sspp_addr, sp, NULL))
3245                 return -EADDRNOTAVAIL;
3246 
3247         if (!sctp_assoc_lookup_laddr(asoc, (union sctp_addr *)&prim.sspp_addr))
3248                 return -EADDRNOTAVAIL;
3249 
3250         /* Create an ASCONF chunk with SET_PRIMARY parameter    */
3251         chunk = sctp_make_asconf_set_prim(asoc,
3252                                           (union sctp_addr *)&prim.sspp_addr);
3253         if (!chunk)
3254                 return -ENOMEM;
3255 
3256         err = sctp_send_asconf(asoc, chunk);
3257 
3258         pr_debug("%s: we set peer primary addr primitively\n", __func__);
3259 
3260         return err;
3261 }
3262 
3263 static int sctp_setsockopt_adaptation_layer(struct sock *sk, char __user *optval,
3264                                             unsigned int optlen)
3265 {
3266         struct sctp_setadaptation adaptation;
3267 
3268         if (optlen != sizeof(struct sctp_setadaptation))
3269                 return -EINVAL;
3270         if (copy_from_user(&adaptation, optval, optlen))
3271                 return -EFAULT;
3272 
3273         sctp_sk(sk)->adaptation_ind = adaptation.ssb_adaptation_ind;
3274 
3275         return 0;
3276 }
3277 
3278 /*
3279  * 7.1.29.  Set or Get the default context (SCTP_CONTEXT)
3280  *
3281  * The context field in the sctp_sndrcvinfo structure is normally only
3282  * used when a failed message is retrieved holding the value that was
3283  * sent down on the actual send call.  This option allows the setting of
3284  * a default context on an association basis that will be received on
3285  * reading messages from the peer.  This is especially helpful in the
3286  * one-2-many model for an application to keep some reference to an
3287  * internal state machine that is processing messages on the
3288  * association.  Note that the setting of this value only effects
3289  * received messages from the peer and does not effect the value that is
3290  * saved with outbound messages.
3291  */
3292 static int sctp_setsockopt_context(struct sock *sk, char __user *optval,
3293                                    unsigned int optlen)
3294 {
3295         struct sctp_assoc_value params;
3296         struct sctp_sock *sp;
3297         struct sctp_association *asoc;
3298 
3299         if (optlen != sizeof(struct sctp_assoc_value))
3300                 return -EINVAL;
3301         if (copy_from_user(&params, optval, optlen))
3302                 return -EFAULT;
3303 
3304         sp = sctp_sk(sk);
3305 
3306         if (params.assoc_id != 0) {
3307                 asoc = sctp_id2assoc(sk, params.assoc_id);
3308                 if (!asoc)
3309                         return -EINVAL;
3310                 asoc->default_rcv_context = params.assoc_value;
3311         } else {
3312                 sp->default_rcv_context = params.assoc_value;
3313         }
3314 
3315         return 0;
3316 }
3317 
3318 /*
3319  * 7.1.24.  Get or set fragmented interleave (SCTP_FRAGMENT_INTERLEAVE)
3320  *
3321  * This options will at a minimum specify if the implementation is doing
3322  * fragmented interleave.  Fragmented interleave, for a one to many
3323  * socket, is when subsequent calls to receive a message may return
3324  * parts of messages from different associations.  Some implementations
3325  * may allow you to turn this value on or off.  If so, when turned off,
3326  * no fragment interleave will occur (which will cause a head of line
3327  * blocking amongst multiple associations sharing the same one to many
3328  * socket).  When this option is turned on, then each receive call may
3329  * come from a different association (thus the user must receive data
3330  * with the extended calls (e.g. sctp_recvmsg) to keep track of which
3331  * association each receive belongs to.
3332  *
3333  * This option takes a boolean value.  A non-zero value indicates that
3334  * fragmented interleave is on.  A value of zero indicates that
3335  * fragmented interleave is off.
3336  *
3337  * Note that it is important that an implementation that allows this
3338  * option to be turned on, have it off by default.  Otherwise an unaware
3339  * application using the one to many model may become confused and act
3340  * incorrectly.
3341  */
3342 static int sctp_setsockopt_fragment_interleave(struct sock *sk,
3343                                                char __user *optval,
3344                                                unsigned int optlen)
3345 {
3346         int val;
3347 
3348         if (optlen != sizeof(int))
3349                 return -EINVAL;
3350         if (get_user(val, (int __user *)optval))
3351                 return -EFAULT;
3352 
3353         sctp_sk(sk)->frag_interleave = !!val;
3354 
3355         if (!sctp_sk(sk)->frag_interleave)
3356                 sctp_sk(sk)->strm_interleave = 0;
3357 
3358         return 0;
3359 }
3360 
3361 /*
3362  * 8.1.21.  Set or Get the SCTP Partial Delivery Point
3363  *       (SCTP_PARTIAL_DELIVERY_POINT)
3364  *
3365  * This option will set or get the SCTP partial delivery point.  This
3366  * point is the size of a message where the partial delivery API will be
3367  * invoked to help free up rwnd space for the peer.  Setting this to a
3368  * lower value will cause partial deliveries to happen more often.  The
3369  * calls argument is an integer that sets or gets the partial delivery
3370  * point.  Note also that the call will fail if the user attempts to set
3371  * this value larger than the socket receive buffer size.
3372  *
3373  * Note that any single message having a length smaller than or equal to
3374  * the SCTP partial delivery point will be delivered in one single read
3375  * call as long as the user provided buffer is large enough to hold the
3376  * message.
3377  */
3378 static int sctp_setsockopt_partial_delivery_point(struct sock *sk,
3379                                                   char __user *optval,
3380                                                   unsigned int optlen)
3381 {
3382         u32 val;
3383 
3384         if (optlen != sizeof(u32))
3385                 return -EINVAL;
3386         if (get_user(val, (int __user *)optval))
3387                 return -EFAULT;
3388 
3389         /* Note: We double the receive buffer from what the user sets
3390          * it to be, also initial rwnd is based on rcvbuf/2.
3391          */
3392         if (val > (sk->sk_rcvbuf >> 1))
3393                 return -EINVAL;
3394 
3395         sctp_sk(sk)->pd_point = val;
3396 
3397         return 0; /* is this the right error code? */
3398 }
3399 
3400 /*
3401  * 7.1.28.  Set or Get the maximum burst (SCTP_MAX_BURST)
3402  *
3403  * This option will allow a user to change the maximum burst of packets
3404  * that can be emitted by this association.  Note that the default value
3405  * is 4, and some implementations may restrict this setting so that it
3406  * can only be lowered.
3407  *
3408  * NOTE: This text doesn't seem right.  Do this on a socket basis with
3409  * future associations inheriting the socket value.
3410  */
3411 static int sctp_setsockopt_maxburst(struct sock *sk,
3412                                     char __user *optval,
3413                                     unsigned int optlen)
3414 {
3415         struct sctp_assoc_value params;
3416         struct sctp_sock *sp;
3417         struct sctp_association *asoc;
3418         int val;
3419         int assoc_id = 0;
3420 
3421         if (optlen == sizeof(int)) {
3422                 pr_warn_ratelimited(DEPRECATED
3423                                     "%s (pid %d) "
3424                                     "Use of int in max_burst socket option deprecated.\n"
3425                                     "Use struct sctp_assoc_value instead\n",
3426                                     current->comm, task_pid_nr(current));
3427                 if (copy_from_user(&val, optval, optlen))
3428                         return -EFAULT;
3429         } else if (optlen == sizeof(struct sctp_assoc_value)) {
3430                 if (copy_from_user(&params, optval, optlen))
3431                         return -EFAULT;
3432                 val = params.assoc_value;
3433                 assoc_id = params.assoc_id;
3434         } else
3435                 return -EINVAL;
3436 
3437         sp = sctp_sk(sk);
3438 
3439         if (assoc_id != 0) {
3440                 asoc = sctp_id2assoc(sk, assoc_id);
3441                 if (!asoc)
3442                         return -EINVAL;
3443                 asoc->max_burst = val;
3444         } else
3445                 sp->max_burst = val;
3446 
3447         return 0;
3448 }
3449 
3450 /*
3451  * 7.1.18.  Add a chunk that must be authenticated (SCTP_AUTH_CHUNK)
3452  *
3453  * This set option adds a chunk type that the user is requesting to be
3454  * received only in an authenticated way.  Changes to the list of chunks
3455  * will only effect future associations on the socket.
3456  */
3457 static int sctp_setsockopt_auth_chunk(struct sock *sk,
3458                                       char __user *optval,
3459                                       unsigned int optlen)
3460 {
3461         struct sctp_endpoint *ep = sctp_sk(sk)->ep;
3462         struct sctp_authchunk val;
3463 
3464         if (!ep->auth_enable)
3465                 return -EACCES;
3466 
3467         if (optlen != sizeof(struct sctp_authchunk))
3468                 return -EINVAL;
3469         if (copy_from_user(&val, optval, optlen))
3470                 return -EFAULT;
3471 
3472         switch (val.sauth_chunk) {
3473         case SCTP_CID_INIT:
3474         case SCTP_CID_INIT_ACK:
3475         case SCTP_CID_SHUTDOWN_COMPLETE:
3476         case SCTP_CID_AUTH:
3477                 return -EINVAL;
3478         }
3479 
3480         /* add this chunk id to the endpoint */
3481         return sctp_auth_ep_add_chunkid(ep, val.sauth_chunk);
3482 }
3483 
3484 /*
3485  * 7.1.19.  Get or set the list of supported HMAC Identifiers (SCTP_HMAC_IDENT)
3486  *
3487  * This option gets or sets the list of HMAC algorithms that the local
3488  * endpoint requires the peer to use.
3489  */
3490 static int sctp_setsockopt_hmac_ident(struct sock *sk,
3491                                       char __user *optval,
3492                                       unsigned int optlen)
3493 {
3494         struct sctp_endpoint *ep = sctp_sk(sk)->ep;
3495         struct sctp_hmacalgo *hmacs;
3496         u32 idents;
3497         int err;
3498 
3499         if (!ep->auth_enable)
3500                 return -EACCES;
3501 
3502         if (optlen < sizeof(struct sctp_hmacalgo))
3503                 return -EINVAL;
3504         optlen = min_t(unsigned int, optlen, sizeof(struct sctp_hmacalgo) +
3505                                              SCTP_AUTH_NUM_HMACS * sizeof(u16));
3506 
3507         hmacs = memdup_user(optval, optlen);
3508         if (IS_ERR(hmacs))
3509                 return PTR_ERR(hmacs);
3510 
3511         idents = hmacs->shmac_num_idents;
3512         if (idents == 0 || idents > SCTP_AUTH_NUM_HMACS ||
3513             (idents * sizeof(u16)) > (optlen - sizeof(struct sctp_hmacalgo))) {
3514                 err = -EINVAL;
3515                 goto out;
3516         }
3517 
3518         err = sctp_auth_ep_set_hmacs(ep, hmacs);
3519 out:
3520         kfree(hmacs);
3521         return err;
3522 }
3523 
3524 /*
3525  * 7.1.20.  Set a shared key (SCTP_AUTH_KEY)
3526  *
3527  * This option will set a shared secret key which is used to build an
3528  * association shared key.
3529  */
3530 static int sctp_setsockopt_auth_key(struct sock *sk,
3531                                     char __user *optval,
3532                                     unsigned int optlen)
3533 {
3534         struct sctp_endpoint *ep = sctp_sk(sk)->ep;
3535         struct sctp_authkey *authkey;
3536         struct sctp_association *asoc;
3537         int ret;
3538 
3539         if (!ep->auth_enable)
3540                 return -EACCES;
3541 
3542         if (optlen <= sizeof(struct sctp_authkey))
3543                 return -EINVAL;
3544         /* authkey->sca_keylength is u16, so optlen can't be bigger than
3545          * this.
3546          */
3547         optlen = min_t(unsigned int, optlen, USHRT_MAX +
3548                                              sizeof(struct sctp_authkey));
3549 
3550         authkey = memdup_user(optval, optlen);
3551         if (IS_ERR(authkey))
3552                 return PTR_ERR(authkey);
3553 
3554         if (authkey->sca_keylength > optlen - sizeof(struct sctp_authkey)) {
3555                 ret = -EINVAL;
3556                 goto out;
3557         }
3558 
3559         asoc = sctp_id2assoc(sk, authkey->sca_assoc_id);
3560         if (!asoc && authkey->sca_assoc_id && sctp_style(sk, UDP)) {
3561                 ret = -EINVAL;
3562                 goto out;
3563         }
3564 
3565         ret = sctp_auth_set_key(ep, asoc, authkey);
3566 out:
3567         kzfree(authkey);
3568         return ret;
3569 }
3570 
3571 /*
3572  * 7.1.21.  Get or set the active shared key (SCTP_AUTH_ACTIVE_KEY)
3573  *
3574  * This option will get or set the active shared key to be used to build
3575  * the association shared key.
3576  */
3577 static int sctp_setsockopt_active_key(struct sock *sk,
3578                                       char __user *optval,
3579                                       unsigned int optlen)
3580 {
3581         struct sctp_endpoint *ep = sctp_sk(sk)->ep;
3582         struct sctp_authkeyid val;
3583         struct sctp_association *asoc;
3584 
3585         if (!ep->auth_enable)
3586                 return -EACCES;
3587 
3588         if (optlen != sizeof(struct sctp_authkeyid))
3589                 return -EINVAL;
3590         if (copy_from_user(&val, optval, optlen))
3591                 return -EFAULT;
3592 
3593         asoc = sctp_id2assoc(sk, val.scact_assoc_id);
3594         if (!asoc && val.scact_assoc_id && sctp_style(sk, UDP))
3595                 return -EINVAL;
3596 
3597         return sctp_auth_set_active_key(ep, asoc, val.scact_keynumber);
3598 }
3599 
3600 /*
3601  * 7.1.22.  Delete a shared key (SCTP_AUTH_DELETE_KEY)
3602  *
3603  * This set option will delete a shared secret key from use.
3604  */
3605 static int sctp_setsockopt_del_key(struct sock *sk,
3606                                    char __user *optval,
3607                                    unsigned int optlen)
3608 {
3609         struct sctp_endpoint *ep = sctp_sk(sk)->ep;
3610         struct sctp_authkeyid val;
3611         struct sctp_association *asoc;
3612 
3613         if (!ep->auth_enable)
3614                 return -EACCES;
3615 
3616         if (optlen != sizeof(struct sctp_authkeyid))
3617                 return -EINVAL;
3618         if (copy_from_user(&val, optval, optlen))
3619                 return -EFAULT;
3620 
3621         asoc = sctp_id2assoc(sk, val.scact_assoc_id);
3622         if (!asoc && val.scact_assoc_id && sctp_style(sk, UDP))
3623                 return -EINVAL;
3624 
3625         return sctp_auth_del_key_id(ep, asoc, val.scact_keynumber);
3626 
3627 }
3628 
3629 /*
3630  * 8.1.23 SCTP_AUTO_ASCONF
3631  *
3632  * This option will enable or disable the use of the automatic generation of
3633  * ASCONF chunks to add and delete addresses to an existing association.  Note
3634  * that this option has two caveats namely: a) it only affects sockets that
3635  * are bound to all addresses available to the SCTP stack, and b) the system
3636  * administrator may have an overriding control that turns the ASCONF feature
3637  * off no matter what setting the socket option may have.
3638  * This option expects an integer boolean flag, where a non-zero value turns on
3639  * the option, and a zero value turns off the option.
3640  * Note. In this implementation, socket operation overrides default parameter
3641  * being set by sysctl as well as FreeBSD implementation
3642  */
3643 static int sctp_setsockopt_auto_asconf(struct sock *sk, char __user *optval,
3644                                         unsigned int optlen)
3645 {
3646         int val;
3647         struct sctp_sock *sp = sctp_sk(sk);
3648 
3649         if (optlen < sizeof(int))
3650                 return -EINVAL;
3651         if (get_user(val, (int __user *)optval))
3652                 return -EFAULT;
3653         if (!sctp_is_ep_boundall(sk) && val)
3654                 return -EINVAL;
3655         if ((val && sp->do_auto_asconf) || (!val && !sp->do_auto_asconf))
3656                 return 0;
3657 
3658         spin_lock_bh(&sock_net(sk)->sctp.addr_wq_lock);
3659         if (val == 0 && sp->do_auto_asconf) {
3660                 list_del(&sp->auto_asconf_list);
3661                 sp->do_auto_asconf = 0;
3662         } else if (val && !sp->do_auto_asconf) {
3663                 list_add_tail(&sp->auto_asconf_list,
3664                     &sock_net(sk)->sctp.auto_asconf_splist);
3665                 sp->do_auto_asconf = 1;
3666         }
3667         spin_unlock_bh(&sock_net(sk)->sctp.addr_wq_lock);
3668         return 0;
3669 }
3670 
3671 /*
3672  * SCTP_PEER_ADDR_THLDS
3673  *
3674  * This option allows us to alter the partially failed threshold for one or all
3675  * transports in an association.  See Section 6.1 of:
3676  * http://www.ietf.org/id/draft-nishida-tsvwg-sctp-failover-05.txt
3677  */
3678 static int sctp_setsockopt_paddr_thresholds(struct sock *sk,
3679                                             char __user *optval,
3680                                             unsigned int optlen)
3681 {
3682         struct sctp_paddrthlds val;
3683         struct sctp_transport *trans;
3684         struct sctp_association *asoc;
3685 
3686         if (optlen < sizeof(struct sctp_paddrthlds))
3687                 return -EINVAL;
3688         if (copy_from_user(&val, (struct sctp_paddrthlds __user *)optval,
3689                            sizeof(struct sctp_paddrthlds)))
3690                 return -EFAULT;
3691 
3692 
3693         if (sctp_is_any(sk, (const union sctp_addr *)&val.spt_address)) {
3694                 asoc = sctp_id2assoc(sk, val.spt_assoc_id);
3695                 if (!asoc)
3696                         return -ENOENT;
3697                 list_for_each_entry(trans, &asoc->peer.transport_addr_list,
3698                                     transports) {
3699                         if (val.spt_pathmaxrxt)
3700                                 trans->pathmaxrxt = val.spt_pathmaxrxt;
3701                         trans->pf_retrans = val.spt_pathpfthld;
3702                 }
3703 
3704                 if (val.spt_pathmaxrxt)
3705                         asoc->pathmaxrxt = val.spt_pathmaxrxt;
3706                 asoc->pf_retrans = val.spt_pathpfthld;
3707         } else {
3708                 trans = sctp_addr_id2transport(sk, &val.spt_address,
3709                                                val.spt_assoc_id);
3710                 if (!trans)
3711                         return -ENOENT;
3712 
3713                 if (val.spt_pathmaxrxt)
3714                         trans->pathmaxrxt = val.spt_pathmaxrxt;
3715                 trans->pf_retrans = val.spt_pathpfthld;
3716         }
3717 
3718         return 0;
3719 }
3720 
3721 static int sctp_setsockopt_recvrcvinfo(struct sock *sk,
3722                                        char __user *optval,
3723                                        unsigned int optlen)
3724 {
3725         int val;
3726 
3727         if (optlen < sizeof(int))
3728                 return -EINVAL;
3729         if (get_user(val, (int __user *) optval))
3730                 return -EFAULT;
3731 
3732         sctp_sk(sk)->recvrcvinfo = (val == 0) ? 0 : 1;
3733 
3734         return 0;
3735 }
3736 
3737 static int sctp_setsockopt_recvnxtinfo(struct sock *sk,
3738                                        char __user *optval,
3739                                        unsigned int optlen)
3740 {
3741         int val;
3742 
3743         if (optlen < sizeof(int))
3744                 return -EINVAL;
3745         if (get_user(val, (int __user *) optval))
3746                 return -EFAULT;
3747 
3748         sctp_sk(sk)->recvnxtinfo = (val == 0) ? 0 : 1;
3749 
3750         return 0;
3751 }
3752 
3753 static int sctp_setsockopt_pr_supported(struct sock *sk,
3754                                         char __user *optval,
3755                                         unsigned int optlen)
3756 {
3757         struct sctp_assoc_value params;
3758         struct sctp_association *asoc;
3759         int retval = -EINVAL;
3760 
3761         if (optlen != sizeof(params))
3762                 goto out;
3763 
3764         if (copy_from_user(&params, optval, optlen)) {
3765                 retval = -EFAULT;
3766                 goto out;
3767         }
3768 
3769         asoc = sctp_id2assoc(sk, params.assoc_id);
3770         if (asoc) {
3771                 asoc->prsctp_enable = !!params.assoc_value;
3772         } else if (!params.assoc_id) {
3773                 struct sctp_sock *sp = sctp_sk(sk);
3774 
3775                 sp->ep->prsctp_enable = !!params.assoc_value;
3776         } else {
3777                 goto out;
3778         }
3779 
3780         retval = 0;
3781 
3782 out:
3783         return retval;
3784 }
3785 
3786 static int sctp_setsockopt_default_prinfo(struct sock *sk,
3787                                           char __user *optval,
3788                                           unsigned int optlen)
3789 {
3790         struct sctp_default_prinfo info;
3791         struct sctp_association *asoc;
3792         int retval = -EINVAL;
3793 
3794         if (optlen != sizeof(info))
3795                 goto out;
3796 
3797         if (copy_from_user(&info, optval, sizeof(info))) {
3798                 retval = -EFAULT;
3799                 goto out;
3800         }
3801 
3802         if (info.pr_policy & ~SCTP_PR_SCTP_MASK)
3803                 goto out;
3804 
3805         if (info.pr_policy == SCTP_PR_SCTP_NONE)
3806                 info.pr_value = 0;
3807 
3808         asoc = sctp_id2assoc(sk, info.pr_assoc_id);
3809         if (asoc) {
3810                 SCTP_PR_SET_POLICY(asoc->default_flags, info.pr_policy);
3811                 asoc->default_timetolive = info.pr_value;
3812         } else if (!info.pr_assoc_id) {
3813                 struct sctp_sock *sp = sctp_sk(sk);
3814 
3815                 SCTP_PR_SET_POLICY(sp->default_flags, info.pr_policy);
3816                 sp->default_timetolive = info.pr_value;
3817         } else {
3818                 goto out;
3819         }
3820 
3821         retval = 0;
3822 
3823 out:
3824         return retval;
3825 }
3826 
3827 static int sctp_setsockopt_reconfig_supported(struct sock *sk,
3828                                               char __user *optval,
3829                                               unsigned int optlen)
3830 {
3831         struct sctp_assoc_value params;
3832         struct sctp_association *asoc;
3833         int retval = -EINVAL;
3834 
3835         if (optlen != sizeof(params))
3836                 goto out;
3837 
3838         if (copy_from_user(&params, optval, optlen)) {
3839                 retval = -EFAULT;
3840                 goto out;
3841         }
3842 
3843         asoc = sctp_id2assoc(sk, params.assoc_id);
3844         if (asoc) {
3845                 asoc->reconf_enable = !!params.assoc_value;
3846         } else if (!params.assoc_id) {
3847                 struct sctp_sock *sp = sctp_sk(sk);
3848 
3849                 sp->ep->reconf_enable = !!params.assoc_value;
3850         } else {
3851                 goto out;
3852         }
3853 
3854         retval = 0;
3855 
3856 out:
3857         return retval;
3858 }
3859 
3860 static int sctp_setsockopt_enable_strreset(struct sock *sk,
3861                                            char __user *optval,
3862                                            unsigned int optlen)
3863 {
3864         struct sctp_assoc_value params;
3865         struct sctp_association *asoc;
3866         int retval = -EINVAL;
3867 
3868         if (optlen != sizeof(params))
3869                 goto out;
3870 
3871         if (copy_from_user(&params, optval, optlen)) {
3872                 retval = -EFAULT;
3873                 goto out;
3874         }
3875 
3876         if (params.assoc_value & (~SCTP_ENABLE_STRRESET_MASK))
3877                 goto out;
3878 
3879         asoc = sctp_id2assoc(sk, params.assoc_id);
3880         if (asoc) {
3881                 asoc->strreset_enable = params.assoc_value;
3882         } else if (!params.assoc_id) {
3883                 struct sctp_sock *sp = sctp_sk(sk);
3884 
3885                 sp->ep->strreset_enable = params.assoc_value;
3886         } else {
3887                 goto out;
3888         }
3889 
3890         retval = 0;
3891 
3892 out:
3893         return retval;
3894 }
3895 
3896 static int sctp_setsockopt_reset_streams(struct sock *sk,
3897                                          char __user *optval,
3898                                          unsigned int optlen)
3899 {
3900         struct sctp_reset_streams *params;
3901         struct sctp_association *asoc;
3902         int retval = -EINVAL;
3903 
3904         if (optlen < sizeof(*params))
3905                 return -EINVAL;
3906         /* srs_number_streams is u16, so optlen can't be bigger than this. */
3907         optlen = min_t(unsigned int, optlen, USHRT_MAX +
3908                                              sizeof(__u16) * sizeof(*params));
3909 
3910         params = memdup_user(optval, optlen);
3911         if (IS_ERR(params))
3912                 return PTR_ERR(params);
3913 
3914         if (params->srs_number_streams * sizeof(__u16) >
3915             optlen - sizeof(*params))
3916                 goto out;
3917 
3918         asoc = sctp_id2assoc(sk, params->srs_assoc_id);
3919         if (!asoc)
3920                 goto out;
3921 
3922         retval = sctp_send_reset_streams(asoc, params);
3923 
3924 out:
3925         kfree(params);
3926         return retval;
3927 }
3928 
3929 static int sctp_setsockopt_reset_assoc(struct sock *sk,
3930                                        char __user *optval,
3931                                        unsigned int optlen)
3932 {
3933         struct sctp_association *asoc;
3934         sctp_assoc_t associd;
3935         int retval = -EINVAL;
3936 
3937         if (optlen != sizeof(associd))
3938                 goto out;
3939 
3940         if (copy_from_user(&associd, optval, optlen)) {
3941                 retval = -EFAULT;
3942                 goto out;
3943         }
3944 
3945         asoc = sctp_id2assoc(sk, associd);
3946         if (!asoc)
3947                 goto out;
3948 
3949         retval = sctp_send_reset_assoc(asoc);
3950 
3951 out:
3952         return retval;
3953 }
3954 
3955 static int sctp_setsockopt_add_streams(struct sock *sk,
3956                                        char __user *optval,
3957                                        unsigned int optlen)
3958 {
3959         struct sctp_association *asoc;
3960         struct sctp_add_streams params;
3961         int retval = -EINVAL;
3962 
3963         if (optlen != sizeof(params))
3964                 goto out;
3965 
3966         if (copy_from_user(&params, optval, optlen)) {
3967                 retval = -EFAULT;
3968                 goto out;
3969         }
3970 
3971         asoc = sctp_id2assoc(sk, params.sas_assoc_id);
3972         if (!asoc)
3973                 goto out;
3974 
3975         retval = sctp_send_add_streams(asoc, &params);
3976 
3977 out:
3978         return retval;
3979 }
3980 
3981 static int sctp_setsockopt_scheduler(struct sock *sk,
3982                                      char __user *optval,
3983                                      unsigned int optlen)
3984 {
3985         struct sctp_association *asoc;
3986         struct sctp_assoc_value params;
3987         int retval = -EINVAL;
3988 
3989         if (optlen < sizeof(params))
3990                 goto out;
3991 
3992         optlen = sizeof(params);
3993         if (copy_from_user(&params, optval, optlen)) {
3994                 retval = -EFAULT;
3995                 goto out;
3996         }
3997 
3998         if (params.assoc_value > SCTP_SS_MAX)
3999                 goto out;
4000 
4001         asoc = sctp_id2assoc(sk, params.assoc_id);
4002         if (!asoc)
4003                 goto out;
4004 
4005         retval = sctp_sched_set_sched(asoc, params.assoc_value);
4006 
4007 out:
4008         return retval;
4009 }
4010 
4011 static int sctp_setsockopt_scheduler_value(struct sock *sk,
4012                                            char __user *optval,
4013                                            unsigned int optlen)
4014 {
4015         struct sctp_association *asoc;
4016         struct sctp_stream_value params;
4017         int retval = -EINVAL;
4018 
4019         if (optlen < sizeof(params))
4020                 goto out;
4021 
4022         optlen = sizeof(params);
4023         if (copy_from_user(&params, optval, optlen)) {
4024                 retval = -EFAULT;
4025                 goto out;
4026         }
4027 
4028         asoc = sctp_id2assoc(sk, params.assoc_id);
4029         if (!asoc)
4030                 goto out;
4031 
4032         retval = sctp_sched_set_value(asoc, params.stream_id,
4033                                       params.stream_value, GFP_KERNEL);
4034 
4035 out:
4036         return retval;
4037 }
4038 
4039 static int sctp_setsockopt_interleaving_supported(struct sock *sk,
4040                                                   char __user *optval,
4041                                                   unsigned int optlen)
4042 {
4043         struct sctp_sock *sp = sctp_sk(sk);
4044         struct net *net = sock_net(sk);
4045         struct sctp_assoc_value params;
4046         int retval = -EINVAL;
4047 
4048         if (optlen < sizeof(params))
4049                 goto out;
4050 
4051         optlen = sizeof(params);
4052         if (copy_from_user(&params, optval, optlen)) {
4053                 retval = -EFAULT;
4054                 goto out;
4055         }
4056 
4057         if (params.assoc_id)
4058                 goto out;
4059 
4060         if (!net->sctp.intl_enable || !sp->frag_interleave) {
4061                 retval = -EPERM;
4062                 goto out;
4063         }
4064 
4065         sp->strm_interleave = !!params.assoc_value;
4066 
4067         retval = 0;
4068 
4069 out:
4070         return retval;
4071 }
4072 
4073 /* API 6.2 setsockopt(), getsockopt()
4074  *
4075  * Applications use setsockopt() and getsockopt() to set or retrieve
4076  * socket options.  Socket options are used to change the default
4077  * behavior of sockets calls.  They are described in Section 7.
4078  *
4079  * The syntax is:
4080  *
4081  *   ret = getsockopt(int sd, int level, int optname, void __user *optval,
4082  *                    int __user *optlen);
4083  *   ret = setsockopt(int sd, int level, int optname, const void __user *optval,
4084  *                    int optlen);
4085  *
4086  *   sd      - the socket descript.
4087  *   level   - set to IPPROTO_SCTP for all SCTP options.
4088  *   optname - the option name.
4089  *   optval  - the buffer to store the value of the option.
4090  *   optlen  - the size of the buffer.
4091  */
4092 static int sctp_setsockopt(struct sock *sk, int level, int optname,
4093                            char __user *optval, unsigned int optlen)
4094 {
4095         int retval = 0;
4096 
4097         pr_debug("%s: sk:%p, optname:%d\n", __func__, sk, optname);
4098 
4099         /* I can hardly begin to describe how wrong this is.  This is
4100          * so broken as to be worse than useless.  The API draft
4101          * REALLY is NOT helpful here...  I am not convinced that the
4102          * semantics of setsockopt() with a level OTHER THAN SOL_SCTP
4103          * are at all well-founded.
4104          */
4105         if (level != SOL_SCTP) {
4106                 struct sctp_af *af = sctp_sk(sk)->pf->af;
4107                 retval = af->setsockopt(sk, level, optname, optval, optlen);
4108                 goto out_nounlock;
4109         }
4110 
4111         lock_sock(sk);
4112 
4113         switch (optname) {
4114         case SCTP_SOCKOPT_BINDX_ADD:
4115                 /* 'optlen' is the size of the addresses buffer. */
4116                 retval = sctp_setsockopt_bindx(sk, (struct sockaddr __user *)optval,
4117                                                optlen, SCTP_BINDX_ADD_ADDR);
4118                 break;
4119 
4120         case SCTP_SOCKOPT_BINDX_REM:
4121                 /* 'optlen' is the size of the addresses buffer. */
4122                 retval = sctp_setsockopt_bindx(sk, (struct sockaddr __user *)optval,
4123                                                optlen, SCTP_BINDX_REM_ADDR);
4124                 break;
4125 
4126         case SCTP_SOCKOPT_CONNECTX_OLD:
4127                 /* 'optlen' is the size of the addresses buffer. */
4128                 retval = sctp_setsockopt_connectx_old(sk,
4129                                             (struct sockaddr __user *)optval,
4130                                             optlen);
4131                 break;
4132 
4133         case SCTP_SOCKOPT_CONNECTX:
4134                 /* 'optlen' is the size of the addresses buffer. */
4135                 retval = sctp_setsockopt_connectx(sk,
4136                                             (struct sockaddr __user *)optval,
4137                                             optlen);
4138                 break;
4139 
4140         case SCTP_DISABLE_FRAGMENTS:
4141                 retval = sctp_setsockopt_disable_fragments(sk, optval, optlen);
4142                 break;
4143 
4144         case SCTP_EVENTS:
4145                 retval = sctp_setsockopt_events(sk, optval, optlen);
4146                 break;
4147 
4148         case SCTP_AUTOCLOSE:
4149                 retval = sctp_setsockopt_autoclose(sk, optval, optlen);
4150                 break;
4151 
4152         case SCTP_PEER_ADDR_PARAMS:
4153                 retval = sctp_setsockopt_peer_addr_params(sk, optval, optlen);
4154                 break;
4155 
4156         case SCTP_DELAYED_SACK:
4157                 retval = sctp_setsockopt_delayed_ack(sk, optval, optlen);
4158                 break;
4159         case SCTP_PARTIAL_DELIVERY_POINT:
4160                 retval = sctp_setsockopt_partial_delivery_point(sk, optval, optlen);
4161                 break;
4162 
4163         case SCTP_INITMSG:
4164                 retval = sctp_setsockopt_initmsg(sk, optval, optlen);
4165                 break;
4166         case SCTP_DEFAULT_SEND_PARAM:
4167                 retval = sctp_setsockopt_default_send_param(sk, optval,
4168                                                             optlen);
4169                 break;
4170         case SCTP_DEFAULT_SNDINFO:
4171                 retval = sctp_setsockopt_default_sndinfo(sk, optval, optlen);
4172                 break;
4173         case SCTP_PRIMARY_ADDR:
4174                 retval = sctp_setsockopt_primary_addr(sk, optval, optlen);
4175                 break;
4176         case SCTP_SET_PEER_PRIMARY_ADDR:
4177                 retval = sctp_setsockopt_peer_primary_addr(sk, optval, optlen);
4178                 break;
4179         case SCTP_NODELAY:
4180                 retval = sctp_setsockopt_nodelay(sk, optval, optlen);
4181                 break;
4182         case SCTP_RTOINFO:
4183                 retval = sctp_setsockopt_rtoinfo(sk, optval, optlen);
4184                 break;
4185         case SCTP_ASSOCINFO:
4186                 retval = sctp_setsockopt_associnfo(sk, optval, optlen);
4187                 break;
4188         case SCTP_I_WANT_MAPPED_V4_ADDR:
4189                 retval = sctp_setsockopt_mappedv4(sk, optval, optlen);
4190                 break;
4191         case SCTP_MAXSEG:
4192                 retval = sctp_setsockopt_maxseg(sk, optval, optlen);
4193                 break;
4194         case SCTP_ADAPTATION_LAYER:
4195                 retval = sctp_setsockopt_adaptation_layer(sk, optval, optlen);
4196                 break;
4197         case SCTP_CONTEXT:
4198                 retval = sctp_setsockopt_context(sk, optval, optlen);
4199                 break;
4200         case SCTP_FRAGMENT_INTERLEAVE:
4201                 retval = sctp_setsockopt_fragment_interleave(sk, optval, optlen);
4202                 break;
4203         case SCTP_MAX_BURST:
4204                 retval = sctp_setsockopt_maxburst(sk, optval, optlen);
4205                 break;
4206         case SCTP_AUTH_CHUNK:
4207                 retval = sctp_setsockopt_auth_chunk(sk, optval, optlen);
4208                 break;
4209         case SCTP_HMAC_IDENT:
4210                 retval = sctp_setsockopt_hmac_ident(sk, optval, optlen);
4211                 break;
4212         case SCTP_AUTH_KEY:
4213                 retval = sctp_setsockopt_auth_key(sk, optval, optlen);
4214                 break;
4215         case SCTP_AUTH_ACTIVE_KEY:
4216                 retval = sctp_setsockopt_active_key(sk, optval, optlen);
4217                 break;
4218         case SCTP_AUTH_DELETE_KEY:
4219                 retval = sctp_setsockopt_del_key(sk, optval, optlen);
4220                 break;
4221         case SCTP_AUTO_ASCONF:
4222                 retval = sctp_setsockopt_auto_asconf(sk, optval, optlen);
4223                 break;
4224         case SCTP_PEER_ADDR_THLDS:
4225                 retval = sctp_setsockopt_paddr_thresholds(sk, optval, optlen);
4226                 break;
4227         case SCTP_RECVRCVINFO:
4228                 retval = sctp_setsockopt_recvrcvinfo(sk, optval, optlen);
4229                 break;
4230         case SCTP_RECVNXTINFO:
4231                 retval = sctp_setsockopt_recvnxtinfo(sk, optval, optlen);
4232                 break;
4233         case SCTP_PR_SUPPORTED:
4234                 retval = sctp_setsockopt_pr_supported(sk, optval, optlen);
4235                 break;
4236         case SCTP_DEFAULT_PRINFO:
4237                 retval = sctp_setsockopt_default_prinfo(sk, optval, optlen);
4238                 break;
4239         case SCTP_RECONFIG_SUPPORTED:
4240                 retval = sctp_setsockopt_reconfig_supported(sk, optval, optlen);
4241                 break;
4242         case SCTP_ENABLE_STREAM_RESET:
4243                 retval = sctp_setsockopt_enable_strreset(sk, optval, optlen);
4244                 break;
4245         case SCTP_RESET_STREAMS:
4246                 retval = sctp_setsockopt_reset_streams(sk, optval, optlen);
4247                 break;
4248         case SCTP_RESET_ASSOC:
4249                 retval = sctp_setsockopt_reset_assoc(sk, optval, optlen);
4250                 break;
4251         case SCTP_ADD_STREAMS:
4252                 retval = sctp_setsockopt_add_streams(sk, optval, optlen);
4253                 break;
4254         case SCTP_STREAM_SCHEDULER:
4255                 retval = sctp_setsockopt_scheduler(sk, optval, optlen);
4256                 break;
4257         case SCTP_STREAM_SCHEDULER_VALUE:
4258                 retval = sctp_setsockopt_scheduler_value(sk, optval, optlen);
4259                 break;
4260         case SCTP_INTERLEAVING_SUPPORTED:
4261                 retval = sctp_setsockopt_interleaving_supported(sk, optval,
4262                                                                 optlen);
4263                 break;
4264         default:
4265                 retval = -ENOPROTOOPT;
4266                 break;
4267         }
4268 
4269         release_sock(sk);
4270 
4271 out_nounlock:
4272         return retval;
4273 }
4274 
4275 /* API 3.1.6 connect() - UDP Style Syntax
4276  *
4277  * An application may use the connect() call in the UDP model to initiate an
4278  * association without sending data.
4279  *
4280  * The syntax is:
4281  *
4282  * ret = connect(int sd, const struct sockaddr *nam, socklen_t len);
4283  *
4284  * sd: the socket descriptor to have a new association added to.
4285  *
4286  * nam: the address structure (either struct sockaddr_in or struct
4287  *    sockaddr_in6 defined in RFC2553 [7]).
4288  *
4289  * len: the size of the address.
4290  */
4291 static int sctp_connect(struct sock *sk, struct sockaddr *addr,
4292                         int addr_len)
4293 {
4294         int err = 0;
4295         struct sctp_af *af;
4296 
4297         lock_sock(sk);
4298 
4299         pr_debug("%s: sk:%p, sockaddr:%p, addr_len:%d\n", __func__, sk,
4300                  addr, addr_len);
4301 
4302         /* Validate addr_len before calling common connect/connectx routine. */
4303         af = sctp_get_af_specific(addr->sa_family);
4304         if (!af || addr_len < af->sockaddr_len) {
4305                 err = -EINVAL;
4306         } else {
4307                 /* Pass correct addr len to common routine (so it knows there
4308                  * is only one address being passed.
4309                  */
4310                 err = __sctp_connect(sk, addr, af->sockaddr_len, NULL);
4311         }
4312 
4313         release_sock(sk);
4314         return err;
4315 }
4316 
4317 /* FIXME: Write comments. */
4318 static int sctp_disconnect(struct sock *sk, int flags)
4319 {
4320         return -EOPNOTSUPP; /* STUB */
4321 }
4322 
4323 /* 4.1.4 accept() - TCP Style Syntax
4324  *
4325  * Applications use accept() call to remove an established SCTP
4326  * association from the accept queue of the endpoint.  A new socket
4327  * descriptor will be returned from accept() to represent the newly
4328  * formed association.
4329  */
4330 static struct sock *sctp_accept(struct sock *sk, int flags, int *err, bool kern)
4331 {
4332         struct sctp_sock *sp;
4333         struct sctp_endpoint *ep;
4334         struct sock *newsk = NULL;
4335         struct sctp_association *asoc;
4336         long timeo;
4337         int error = 0;
4338 
4339         lock_sock(sk);
4340 
4341         sp = sctp_sk(sk);
4342         ep = sp->ep;
4343 
4344         if (!sctp_style(sk, TCP)) {
4345                 error = -EOPNOTSUPP;
4346                 goto out;
4347         }
4348 
4349         if (!sctp_sstate(sk, LISTENING)) {
4350                 error = -EINVAL;
4351                 goto out;
4352         }
4353 
4354         timeo = sock_rcvtimeo(sk, flags & O_NONBLOCK);
4355 
4356         error = sctp_wait_for_accept(sk, timeo);
4357         if (error)
4358                 goto out;
4359 
4360         /* We treat the list of associations on the endpoint as the accept
4361          * queue and pick the first association on the list.
4362          */
4363         asoc = list_entry(ep->asocs.next, struct sctp_association, asocs);
4364 
4365         newsk = sp->pf->create_accept_sk(sk, asoc, kern);
4366         if (!newsk) {
4367                 error = -ENOMEM;
4368                 goto out;
4369         }
4370 
4371         /* Populate the fields of the newsk from the oldsk and migrate the
4372          * asoc to the newsk.
4373          */
4374         sctp_sock_migrate(sk, newsk, asoc, SCTP_SOCKET_TCP);
4375 
4376 out:
4377         release_sock(sk);
4378         *err = error;
4379         return newsk;
4380 }
4381 
4382 /* The SCTP ioctl handler. */
4383 static int sctp_ioctl(struct sock *sk, int cmd, unsigned long arg)
4384 {
4385         int rc = -ENOTCONN;
4386 
4387         lock_sock(sk);
4388 
4389         /*
4390          * SEQPACKET-style sockets in LISTENING state are valid, for
4391          * SCTP, so only discard TCP-style sockets in LISTENING state.
4392          */
4393         if (sctp_style(sk, TCP) && sctp_sstate(sk, LISTENING))
4394                 goto out;
4395 
4396         switch (cmd) {
4397         case SIOCINQ: {
4398                 struct sk_buff *skb;
4399                 unsigned int amount = 0;
4400 
4401                 skb = skb_peek(&sk->sk_receive_queue);
4402                 if (skb != NULL) {
4403                         /*
4404                          * We will only return the amount of this packet since
4405                          * that is all that will be read.
4406                          */
4407                         amount = skb->len;
4408                 }
4409                 rc = put_user(amount, (int __user *)arg);
4410                 break;
4411         }
4412         default:
4413                 rc = -ENOIOCTLCMD;
4414                 break;
4415         }
4416 out:
4417         release_sock(sk);
4418         return rc;
4419 }
4420 
4421 /* This is the function which gets called during socket creation to
4422  * initialized the SCTP-specific portion of the sock.
4423  * The sock structure should already be zero-filled memory.
4424  */
4425 static int sctp_init_sock(struct sock *sk)
4426 {
4427         struct net *net = sock_net(sk);
4428         struct sctp_sock *sp;
4429 
4430         pr_debug("%s: sk:%p\n", __func__, sk);
4431 
4432         sp = sctp_sk(sk);
4433 
4434         /* Initialize the SCTP per socket area.  */
4435         switch (sk->sk_type) {
4436         case SOCK_SEQPACKET:
4437                 sp->type = SCTP_SOCKET_UDP;
4438                 break;
4439         case SOCK_STREAM:
4440                 sp->type = SCTP_SOCKET_TCP;
4441                 break;
4442         default:
4443                 return -ESOCKTNOSUPPORT;
4444         }
4445 
4446         sk->sk_gso_type = SKB_GSO_SCTP;
4447 
4448         /* Initialize default send parameters. These parameters can be
4449          * modified with the SCTP_DEFAULT_SEND_PARAM socket option.
4450          */
4451         sp->default_stream = 0;
4452         sp->default_ppid = 0;
4453         sp->default_flags = 0;
4454         sp->default_context = 0;
4455         sp->default_timetolive = 0;
4456 
4457         sp->default_rcv_context = 0;
4458         sp->max_burst = net->sctp.max_burst;
4459 
4460         sp->sctp_hmac_alg = net->sctp.sctp_hmac_alg;
4461 
4462         /* Initialize default setup parameters. These parameters
4463          * can be modified with the SCTP_INITMSG socket option or
4464          * overridden by the SCTP_INIT CMSG.
4465          */
4466         sp->initmsg.sinit_num_ostreams   = sctp_max_outstreams;
4467         sp->initmsg.sinit_max_instreams  = sctp_max_instreams;
4468         sp->initmsg.sinit_max_attempts   = net->sctp.max_retrans_init;
4469         sp->initmsg.sinit_max_init_timeo = net->sctp.rto_max;
4470 
4471         /* Initialize default RTO related parameters.  These parameters can
4472          * be modified for with the SCTP_RTOINFO socket option.
4473          */
4474         sp->rtoinfo.srto_initial = net->sctp.rto_initial;
4475         sp->rtoinfo.srto_max     = net->sctp.rto_max;
4476         sp->rtoinfo.srto_min     = net->sctp.rto_min;
4477 
4478         /* Initialize default association related parameters. These parameters
4479          * can be modified with the SCTP_ASSOCINFO socket option.
4480          */
4481         sp->assocparams.sasoc_asocmaxrxt = net->sctp.max_retrans_association;
4482         sp->assocparams.sasoc_number_peer_destinations = 0;
4483         sp->assocparams.sasoc_peer_rwnd = 0;
4484         sp->assocparams.sasoc_local_rwnd = 0;
4485         sp->assocparams.sasoc_cookie_life = net->sctp.valid_cookie_life;
4486 
4487         /* Initialize default event subscriptions. By default, all the
4488          * options are off.
4489          */
4490         memset(&sp->subscribe, 0, sizeof(struct sctp_event_subscribe));
4491 
4492         /* Default Peer Address Parameters.  These defaults can
4493          * be modified via SCTP_PEER_ADDR_PARAMS
4494          */
4495         sp->hbinterval  = net->sctp.hb_interval;
4496         sp->pathmaxrxt  = net->sctp.max_retrans_path;
4497         sp->pathmtu     = 0; /* allow default discovery */
4498         sp->sackdelay   = net->sctp.sack_timeout;
4499         sp->sackfreq    = 2;
4500         sp->param_flags = SPP_HB_ENABLE |
4501                           SPP_PMTUD_ENABLE |
4502                           SPP_SACKDELAY_ENABLE;
4503 
4504         /* If enabled no SCTP message fragmentation will be performed.
4505          * Configure through SCTP_DISABLE_FRAGMENTS socket option.
4506          */
4507         sp->disable_fragments = 0;
4508 
4509         /* Enable Nagle algorithm by default.  */
4510         sp->nodelay           = 0;
4511 
4512         sp->recvrcvinfo = 0;
4513         sp->recvnxtinfo = 0;
4514 
4515         /* Enable by default. */
4516         sp->v4mapped          = 1;
4517 
4518         /* Auto-close idle associations after the configured
4519          * number of seconds.  A value of 0 disables this
4520          * feature.  Configure through the SCTP_AUTOCLOSE socket option,
4521          * for UDP-style sockets only.
4522          */
4523         sp->autoclose         = 0;
4524 
4525         /* User specified fragmentation limit. */
4526         sp->user_frag         = 0;
4527 
4528         sp->adaptation_ind = 0;
4529 
4530         sp->pf = sctp_get_pf_specific(sk->sk_family);
4531 
4532         /* Control variables for partial data delivery. */
4533         atomic_set(&sp->pd_mode, 0);
4534         skb_queue_head_init(&sp->pd_lobby);
4535         sp->frag_interleave = 0;
4536 
4537         /* Create a per socket endpoint structure.  Even if we
4538          * change the data structure relationships, this may still
4539          * be useful for storing pre-connect address information.
4540          */
4541         sp->ep = sctp_endpoint_new(sk, GFP_KERNEL);
4542         if (!sp->ep)
4543                 return -ENOMEM;
4544 
4545         sp->hmac = NULL;
4546 
4547         sk->sk_destruct = sctp_destruct_sock;
4548 
4549         SCTP_DBG_OBJCNT_INC(sock);
4550 
4551         local_bh_disable();
4552         sk_sockets_allocated_inc(sk);
4553         sock_prot_inuse_add(net, sk->sk_prot, 1);
4554 
4555         /* Nothing can fail after this block, otherwise
4556          * sctp_destroy_sock() will be called without addr_wq_lock held
4557          */
4558         if (net->sctp.default_auto_asconf) {
4559                 spin_lock(&sock_net(sk)->sctp.addr_wq_lock);
4560                 list_add_tail(&sp->auto_asconf_list,
4561                     &net->sctp.auto_asconf_splist);
4562                 sp->do_auto_asconf = 1;
4563                 spin_unlock(&sock_net(sk)->sctp.addr_wq_lock);
4564         } else {
4565                 sp->do_auto_asconf = 0;
4566         }
4567 
4568         local_bh_enable();
4569 
4570         return 0;
4571 }
4572 
4573 /* Cleanup any SCTP per socket resources. Must be called with
4574  * sock_net(sk)->sctp.addr_wq_lock held if sp->do_auto_asconf is true
4575  */
4576 static void sctp_destroy_sock(struct sock *sk)
4577 {
4578         struct sctp_sock *sp;
4579 
4580         pr_debug("%s: sk:%p\n", __func__, sk);
4581 
4582         /* Release our hold on the endpoint. */
4583         sp = sctp_sk(sk);
4584         /* This could happen during socket init, thus we bail out
4585          * early, since the rest of the below is not setup either.
4586          */
4587         if (sp->ep == NULL)
4588                 return;
4589 
4590         if (sp->do_auto_asconf) {
4591                 sp->do_auto_asconf = 0;
4592                 list_del(&sp->auto_asconf_list);
4593         }
4594         sctp_endpoint_free(sp->ep);
4595         local_bh_disable();
4596         sk_sockets_allocated_dec(sk);
4597         sock_prot_inuse_add(sock_net(sk), sk->sk_prot, -1);
4598         local_bh_enable();
4599 }
4600 
4601 /* Triggered when there are no references on the socket anymore */
4602 static void sctp_destruct_sock(struct sock *sk)
4603 {
4604         struct sctp_sock *sp = sctp_sk(sk);
4605 
4606         /* Free up the HMAC transform. */
4607         crypto_free_shash(sp->hmac);
4608 
4609         inet_sock_destruct(sk);
4610 }
4611 
4612 /* API 4.1.7 shutdown() - TCP Style Syntax
4613  *     int shutdown(int socket, int how);
4614  *
4615  *     sd      - the socket descriptor of the association to be closed.
4616  *     how     - Specifies the type of shutdown.  The  values  are
4617  *               as follows:
4618  *               SHUT_RD
4619  *                     Disables further receive operations. No SCTP
4620  *                     protocol action is taken.
4621  *               SHUT_WR
4622  *                     Disables further send operations, and initiates
4623  *                     the SCTP shutdown sequence.
4624  *               SHUT_RDWR
4625  *                     Disables further send  and  receive  operations
4626  *                     and initiates the SCTP shutdown sequence.
4627  */
4628 static void sctp_shutdown(struct sock *sk, int how)
4629 {
4630         struct net *net = sock_net(sk);
4631         struct sctp_endpoint *ep;
4632 
4633         if (!sctp_style(sk, TCP))
4634                 return;
4635 
4636         ep = sctp_sk(sk)->ep;
4637         if (how & SEND_SHUTDOWN && !list_empty(&ep->asocs)) {
4638                 struct sctp_association *asoc;
4639 
4640                 inet_sk_set_state(sk, SCTP_SS_CLOSING);
4641                 asoc = list_entry(ep->asocs.next,
4642                                   struct sctp_association, asocs);
4643                 sctp_primitive_SHUTDOWN(net, asoc, NULL);
4644         }
4645 }
4646 
4647 int sctp_get_sctp_info(struct sock *sk, struct sctp_association *asoc,
4648                        struct sctp_info *info)
4649 {
4650         struct sctp_transport *prim;
4651         struct list_head *pos;
4652         int mask;
4653 
4654         memset(info, 0, sizeof(*info));
4655         if (!asoc) {
4656                 struct sctp_sock *sp = sctp_sk(sk);
4657 
4658                 info->sctpi_s_autoclose = sp->autoclose;
4659                 info->sctpi_s_adaptation_ind = sp->adaptation_ind;
4660                 info->sctpi_s_pd_point = sp->pd_point;
4661                 info->sctpi_s_nodelay = sp->nodelay;
4662                 info->sctpi_s_disable_fragments = sp->disable_fragments;
4663                 info->sctpi_s_v4mapped = sp->v4mapped;
4664                 info->sctpi_s_frag_interleave = sp->frag_interleave;
4665                 info->sctpi_s_type = sp->type;
4666 
4667                 return 0;
4668         }
4669 
4670         info->sctpi_tag = asoc->c.my_vtag;
4671         info->sctpi_state = asoc->state;
4672         info->sctpi_rwnd = asoc->a_rwnd;
4673         info->sctpi_unackdata = asoc->unack_data;
4674         info->sctpi_penddata = sctp_tsnmap_pending(&asoc->peer.tsn_map);
4675         info->sctpi_instrms = asoc->stream.incnt;
4676         info->sctpi_outstrms = asoc->stream.outcnt;
4677         list_for_each(pos, &asoc->base.inqueue.in_chunk_list)
4678                 info->sctpi_inqueue++;
4679         list_for_each(pos, &asoc->outqueue.out_chunk_list)
4680                 info->sctpi_outqueue++;
4681         info->sctpi_overall_error = asoc->overall_error_count;
4682         info->sctpi_max_burst = asoc->max_burst;
4683         info->sctpi_maxseg = asoc->frag_point;
4684         info->sctpi_peer_rwnd = asoc->peer.rwnd;
4685         info->sctpi_peer_tag = asoc->c.peer_vtag;
4686 
4687         mask = asoc->peer.ecn_capable << 1;
4688         mask = (mask | asoc->peer.ipv4_address) << 1;
4689         mask = (mask | asoc->peer.ipv6_address) << 1;
4690         mask = (mask | asoc->peer.hostname_address) << 1;
4691         mask = (mask | asoc->peer.asconf_capable) << 1;
4692         mask = (mask | asoc->peer.prsctp_capable) << 1;
4693         mask = (mask | asoc->peer.auth_capable);
4694         info->sctpi_peer_capable = mask;
4695         mask = asoc->peer.sack_needed << 1;
4696         mask = (mask | asoc->peer.sack_generation) << 1;
4697         mask = (mask | asoc->peer.zero_window_announced);
4698         info->sctpi_peer_sack = mask;
4699 
4700         info->sctpi_isacks = asoc->stats.isacks;
4701         info->sctpi_osacks = asoc->stats.osacks;
4702         info->sctpi_opackets = asoc->stats.opackets;
4703         info->sctpi_ipackets = asoc->stats.ipackets;
4704         info->sctpi_rtxchunks = asoc->stats.rtxchunks;
4705         info->sctpi_outofseqtsns = asoc->stats.outofseqtsns;
4706         info->sctpi_idupchunks = asoc->stats.idupchunks;
4707         info->sctpi_gapcnt = asoc->stats.gapcnt;
4708         info->sctpi_ouodchunks = asoc->stats.ouodchunks;
4709         info->sctpi_iuodchunks = asoc->stats.iuodchunks;
4710         info->sctpi_oodchunks = asoc->stats.oodchunks;
4711         info->sctpi_iodchunks = asoc->stats.iodchunks;
4712         info->sctpi_octrlchunks = asoc->stats.octrlchunks;
4713         info->sctpi_ictrlchunks = asoc->stats.ictrlchunks;
4714 
4715         prim = asoc->peer.primary_path;
4716         memcpy(&info->sctpi_p_address, &prim->ipaddr, sizeof(prim->ipaddr));
4717         info->sctpi_p_state = prim->state;
4718         info->sctpi_p_cwnd = prim->cwnd;
4719         info->sctpi_p_srtt = prim->srtt;
4720         info->sctpi_p_rto = jiffies_to_msecs(prim->rto);
4721         info->sctpi_p_hbinterval = prim->hbinterval;
4722         info->sctpi_p_pathmaxrxt = prim->pathmaxrxt;
4723         info->sctpi_p_sackdelay = jiffies_to_msecs(prim->sackdelay);
4724         info->sctpi_p_ssthresh = prim->ssthresh;
4725         info->sctpi_p_partial_bytes_acked = prim->partial_bytes_acked;
4726         info->sctpi_p_flight_size = prim->flight_size;
4727         info->sctpi_p_error = prim->error_count;
4728 
4729         return 0;
4730 }
4731 EXPORT_SYMBOL_GPL(sctp_get_sctp_info);
4732 
4733 /* use callback to avoid exporting the core structure */
4734 void sctp_transport_walk_start(struct rhashtable_iter *iter)
4735 {
4736         rhltable_walk_enter(&sctp_transport_hashtable, iter);
4737 
4738         rhashtable_walk_start(iter);
4739 }
4740 
4741 void sctp_transport_walk_stop(struct rhashtable_iter *iter)
4742 {
4743         rhashtable_walk_stop(iter);
4744         rhashtable_walk_exit(iter);
4745 }
4746 
4747 struct sctp_transport *sctp_transport_get_next(struct net *net,
4748                                                struct rhashtable_iter *iter)
4749 {
4750         struct sctp_transport *t;
4751 
4752         t = rhashtable_walk_next(iter);
4753         for (; t; t = rhashtable_walk_next(iter)) {
4754                 if (IS_ERR(t)) {
4755                         if (PTR_ERR(t) == -EAGAIN)
4756                                 continue;
4757                         break;
4758                 }
4759 
4760                 if (net_eq(sock_net(t->asoc->base.sk), net) &&
4761                     t->asoc->peer.primary_path == t)
4762                         break;
4763         }
4764 
4765         return t;
4766 }
4767 
4768 struct sctp_transport *sctp_transport_get_idx(struct net *net,
4769                                               struct rhashtable_iter *iter,
4770                                               int pos)
4771 {
4772         void *obj = SEQ_START_TOKEN;
4773 
4774         while (pos && (obj = sctp_transport_get_next(net, iter)) &&
4775                !IS_ERR(obj))
4776                 pos--;
4777 
4778         return obj;
4779 }
4780 
4781 int sctp_for_each_endpoint(int (*cb)(struct sctp_endpoint *, void *),
4782                            void *p) {
4783         int err = 0;
4784         int hash = 0;
4785         struct sctp_ep_common *epb;
4786         struct sctp_hashbucket *head;
4787 
4788         for (head = sctp_ep_hashtable; hash < sctp_ep_hashsize;
4789              hash++, head++) {
4790                 read_lock_bh(&head->lock);
4791                 sctp_for_each_hentry(epb, &head->chain) {
4792                         err = cb(sctp_ep(epb), p);
4793                         if (err)
4794                                 break;
4795                 }
4796                 read_unlock_bh(&head->lock);
4797         }
4798 
4799         return err;
4800 }
4801 EXPORT_SYMBOL_GPL(sctp_for_each_endpoint);
4802 
4803 int sctp_transport_lookup_process(int (*cb)(struct sctp_transport *, void *),
4804                                   struct net *net,
4805                                   const union sctp_addr *laddr,
4806                                   const union sctp_addr *paddr, void *p)
4807 {
4808         struct sctp_transport *transport;
4809         int err;
4810 
4811         rcu_read_lock();
4812         transport = sctp_addrs_lookup_transport(net, laddr, paddr);
4813         rcu_read_unlock();
4814         if (!transport)
4815                 return -ENOENT;
4816 
4817         err = cb(transport, p);
4818         sctp_transport_put(transport);
4819 
4820         return err;
4821 }
4822 EXPORT_SYMBOL_GPL(sctp_transport_lookup_process);
4823 
4824 int sctp_for_each_transport(int (*cb)(struct sctp_transport *, void *),
4825                             int (*cb_done)(struct sctp_transport *, void *),
4826                             struct net *net, int *pos, void *p) {
4827         struct rhashtable_iter hti;
4828         struct sctp_transport *tsp;
4829         int ret;
4830 
4831 again:
4832         ret = 0;
4833         sctp_transport_walk_start(&hti);
4834 
4835         tsp = sctp_transport_get_idx(net, &hti, *pos + 1);
4836         for (; !IS_ERR_OR_NULL(tsp); tsp = sctp_transport_get_next(net, &hti)) {
4837                 if (!sctp_transport_hold(tsp))
4838                         continue;
4839                 ret = cb(tsp, p);
4840                 if (ret)
4841                         break;
4842                 (*pos)++;
4843                 sctp_transport_put(tsp);
4844         }
4845         sctp_transport_walk_stop(&hti);
4846 
4847         if (ret) {
4848                 if (cb_done && !cb_done(tsp, p)) {
4849                         (*pos)++;
4850                         sctp_transport_put(tsp);
4851                         goto again;
4852                 }
4853                 sctp_transport_put(tsp);
4854         }
4855 
4856         return ret;
4857 }
4858 EXPORT_SYMBOL_GPL(sctp_for_each_transport);
4859 
4860 /* 7.2.1 Association Status (SCTP_STATUS)
4861 
4862  * Applications can retrieve current status information about an
4863  * association, including association state, peer receiver window size,
4864  * number of unacked data chunks, and number of data chunks pending
4865  * receipt.  This information is read-only.
4866  */
4867 static int sctp_getsockopt_sctp_status(struct sock *sk, int len,
4868                                        char __user *optval,
4869                                        int __user *optlen)
4870 {
4871         struct sctp_status status;
4872         struct sctp_association *asoc = NULL;
4873         struct sctp_transport *transport;
4874         sctp_assoc_t associd;
4875         int retval = 0;
4876 
4877         if (len < sizeof(status)) {
4878                 retval = -EINVAL;
4879                 goto out;
4880         }
4881 
4882         len = sizeof(status);
4883         if (copy_from_user(&status, optval, len)) {
4884                 retval = -EFAULT;
4885                 goto out;
4886         }
4887 
4888         associd = status.sstat_assoc_id;
4889         asoc = sctp_id2assoc(sk, associd);
4890         if (!asoc) {
4891                 retval = -EINVAL;
4892                 goto out;
4893         }
4894 
4895         transport = asoc->peer.primary_path;
4896 
4897         status.sstat_assoc_id = sctp_assoc2id(asoc);
4898         status.sstat_state = sctp_assoc_to_state(asoc);
4899         status.sstat_rwnd =  asoc->peer.rwnd;
4900         status.sstat_unackdata = asoc->unack_data;
4901 
4902         status.sstat_penddata = sctp_tsnmap_pending(&asoc->peer.tsn_map);
4903         status.sstat_instrms = asoc->stream.incnt;
4904         status.sstat_outstrms = asoc->stream.outcnt;
4905         status.sstat_fragmentation_point = asoc->frag_point;
4906         status.sstat_primary.spinfo_assoc_id = sctp_assoc2id(transport->asoc);
4907         memcpy(&status.sstat_primary.spinfo_address, &transport->ipaddr,
4908                         transport->af_specific->sockaddr_len);
4909         /* Map ipv4 address into v4-mapped-on-v6 address.  */
4910         sctp_get_pf_specific(sk->sk_family)->addr_to_user(sctp_sk(sk),
4911                 (union sctp_addr *)&status.sstat_primary.spinfo_address);
4912         status.sstat_primary.spinfo_state = transport->state;
4913         status.sstat_primary.spinfo_cwnd = transport->cwnd;
4914         status.sstat_primary.spinfo_srtt = transport->srtt;
4915         status.sstat_primary.spinfo_rto = jiffies_to_msecs(transport->rto);
4916         status.sstat_primary.spinfo_mtu = transport->pathmtu;
4917 
4918         if (status.sstat_primary.spinfo_state == SCTP_UNKNOWN)
4919                 status.sstat_primary.spinfo_state = SCTP_ACTIVE;
4920 
4921         if (put_user(len, optlen)) {
4922                 retval = -EFAULT;
4923                 goto out;
4924         }
4925 
4926         pr_debug("%s: len:%d, state:%d, rwnd:%d, assoc_id:%d\n",
4927                  __func__, len, status.sstat_state, status.sstat_rwnd,
4928                  status.sstat_assoc_id);
4929 
4930         if (copy_to_user(optval, &status, len)) {
4931                 retval = -EFAULT;
4932                 goto out;
4933         }
4934 
4935 out:
4936         return retval;
4937 }
4938 
4939 
4940 /* 7.2.2 Peer Address Information (SCTP_GET_PEER_ADDR_INFO)
4941  *
4942  * Applications can retrieve information about a specific peer address
4943  * of an association, including its reachability state, congestion
4944  * window, and retransmission timer values.  This information is
4945  * read-only.
4946  */
4947 static int sctp_getsockopt_peer_addr_info(struct sock *sk, int len,
4948                                           char __user *optval,
4949                                           int __user *optlen)
4950 {
4951         struct sctp_paddrinfo pinfo;
4952         struct sctp_transport *transport;
4953         int retval = 0;
4954 
4955         if (len < sizeof(pinfo)) {
4956                 retval = -EINVAL;
4957                 goto out;
4958         }
4959 
4960         len = sizeof(pinfo);
4961         if (copy_from_user(&pinfo, optval, len)) {
4962                 retval = -EFAULT;
4963                 goto out;
4964         }
4965 
4966         transport = sctp_addr_id2transport(sk, &pinfo.spinfo_address,
4967                                            pinfo.spinfo_assoc_id);
4968         if (!transport)
4969                 return -EINVAL;
4970 
4971         pinfo.spinfo_assoc_id = sctp_assoc2id(transport->asoc);
4972         pinfo.spinfo_state = transport->state;
4973         pinfo.spinfo_cwnd = transport->cwnd;
4974         pinfo.spinfo_srtt = transport->srtt;
4975         pinfo.spinfo_rto = jiffies_to_msecs(transport->rto);
4976         pinfo.spinfo_mtu = transport->pathmtu;
4977 
4978         if (pinfo.spinfo_state == SCTP_UNKNOWN)
4979                 pinfo.spinfo_state = SCTP_ACTIVE;
4980 
4981         if (put_user(len, optlen)) {
4982                 retval = -EFAULT;
4983                 goto out;
4984         }
4985 
4986         if (copy_to_user(optval, &pinfo, len)) {
4987                 retval = -EFAULT;
4988                 goto out;
4989         }
4990 
4991 out:
4992         return retval;
4993 }
4994 
4995 /* 7.1.12 Enable/Disable message fragmentation (SCTP_DISABLE_FRAGMENTS)
4996  *
4997  * This option is a on/off flag.  If enabled no SCTP message
4998  * fragmentation will be performed.  Instead if a message being sent
4999  * exceeds the current PMTU size, the message will NOT be sent and
5000  * instead a error will be indicated to the user.
5001  */
5002 static int sctp_getsockopt_disable_fragments(struct sock *sk, int len,
5003                                         char __user *optval, int __user *optlen)
5004 {
5005         int val;
5006 
5007         if (len < sizeof(int))
5008                 return -EINVAL;
5009 
5010         len = sizeof(int);
5011         val = (sctp_sk(sk)->disable_fragments == 1);
5012         if (put_user(len, optlen))
5013                 return -EFAULT;
5014         if (copy_to_user(optval, &val, len))
5015                 return -EFAULT;
5016         return 0;
5017 }
5018 
5019 /* 7.1.15 Set notification and ancillary events (SCTP_EVENTS)
5020  *
5021  * This socket option is used to specify various notifications and
5022  * ancillary data the user wishes to receive.
5023  */
5024 static int sctp_getsockopt_events(struct sock *sk, int len, char __user *optval,
5025                                   int __user *optlen)
5026 {
5027         if (len == 0)
5028                 return -EINVAL;
5029         if (len > sizeof(struct sctp_event_subscribe))
5030                 len = sizeof(struct sctp_event_subscribe);
5031         if (put_user(len, optlen))
5032                 return -EFAULT;
5033         if (copy_to_user(optval, &sctp_sk(sk)->subscribe, len))
5034                 return -EFAULT;
5035         return 0;
5036 }
5037 
5038 /* 7.1.8 Automatic Close of associations (SCTP_AUTOCLOSE)
5039  *
5040  * This socket option is applicable to the UDP-style socket only.  When
5041  * set it will cause associations that are idle for more than the
5042  * specified number of seconds to automatically close.  An association
5043  * being idle is defined an association that has NOT sent or received
5044  * user data.  The special value of '' indicates that no automatic
5045  * close of any associations should be performed.  The option expects an
5046  * integer defining the number of seconds of idle time before an
5047  * association is closed.
5048  */
5049 static int sctp_getsockopt_autoclose(struct sock *sk, int len, char __user *optval, int __user *optlen)
5050 {
5051         /* Applicable to UDP-style socket only */
5052         if (sctp_style(sk, TCP))
5053                 return -EOPNOTSUPP;
5054         if (len < sizeof(int))
5055                 return -EINVAL;
5056         len = sizeof(int);
5057         if (put_user(len, optlen))
5058                 return -EFAULT;
5059         if (put_user(sctp_sk(sk)->autoclose, (int __user *)optval))
5060                 return -EFAULT;
5061         return 0;
5062 }
5063 
5064 /* Helper routine to branch off an association to a new socket.  */
5065 int sctp_do_peeloff(struct sock *sk, sctp_assoc_t id, struct socket **sockp)
5066 {
5067         struct sctp_association *asoc = sctp_id2assoc(sk, id);
5068         struct sctp_sock *sp = sctp_sk(sk);
5069         struct socket *sock;
5070         int err = 0;
5071 
5072         /* Do not peel off from one netns to another one. */
5073         if (!net_eq(current->nsproxy->net_ns, sock_net(sk)))
5074                 return -EINVAL;
5075 
5076         if (!asoc)
5077                 return -EINVAL;
5078 
5079         /* An association cannot be branched off from an already peeled-off
5080          * socket, nor is this supported for tcp style sockets.
5081          */
5082         if (!sctp_style(sk, UDP))
5083                 return -EINVAL;
5084 
5085         /* Create a new socket.  */
5086         err = sock_create(sk->sk_family, SOCK_SEQPACKET, IPPROTO_SCTP, &sock);
5087         if (err < 0)
5088                 return err;
5089 
5090         sctp_copy_sock(sock->sk, sk, asoc);
5091 
5092         /* Make peeled-off sockets more like 1-1 accepted sockets.
5093          * Set the daddr and initialize id to something more random
5094          */
5095         sp->pf->to_sk_daddr(&asoc->peer.primary_addr, sk);
5096 
5097         /* Populate the fields of the newsk from the oldsk and migrate the
5098          * asoc to the newsk.
5099          */
5100         sctp_sock_migrate(sk, sock->sk, asoc, SCTP_SOCKET_UDP_HIGH_BANDWIDTH);
5101 
5102         *sockp = sock;
5103 
5104         return err;
5105 }
5106 EXPORT_SYMBOL(sctp_do_peeloff);
5107 
5108 static int sctp_getsockopt_peeloff_common(struct sock *sk, sctp_peeloff_arg_t *peeloff,
5109                                           struct file **newfile, unsigned flags)
5110 {
5111         struct socket *newsock;
5112         int retval;
5113 
5114         retval = sctp_do_peeloff(sk, peeloff->associd, &newsock);
5115         if (retval < 0)
5116                 goto out;
5117 
5118         /* Map the socket to an unused fd that can be returned to the user.  */
5119         retval = get_unused_fd_flags(flags & SOCK_CLOEXEC);
5120         if (retval < 0) {
5121                 sock_release(newsock);
5122                 goto out;
5123         }
5124 
5125         *newfile = sock_alloc_file(newsock, 0, NULL);
5126         if (IS_ERR(*newfile)) {
5127                 put_unused_fd(retval);
5128                 retval = PTR_ERR(*newfile);
5129                 *newfile = NULL;
5130                 return retval;
5131         }
5132 
5133         pr_debug("%s: sk:%p, newsk:%p, sd:%d\n", __func__, sk, newsock->sk,
5134                  retval);
5135 
5136         peeloff->sd = retval;
5137 
5138         if (flags & SOCK_NONBLOCK)
5139                 (*newfile)->f_flags |= O_NONBLOCK;
5140 out:
5141         return retval;
5142 }
5143 
5144 static int sctp_getsockopt_peeloff(struct sock *sk, int len, char __user *optval, int __user *optlen)
5145 {
5146         sctp_peeloff_arg_t peeloff;
5147         struct file *newfile = NULL;
5148         int retval = 0;
5149 
5150         if (len < sizeof(sctp_peeloff_arg_t))
5151                 return -EINVAL;
5152         len = sizeof(sctp_peeloff_arg_t);
5153         if (copy_from_user(&peeloff, optval, len))
5154                 return -EFAULT;
5155 
5156         retval = sctp_getsockopt_peeloff_common(sk, &peeloff, &newfile, 0);
5157         if (retval < 0)
5158                 goto out;
5159 
5160         /* Return the fd mapped to the new socket.  */
5161         if (put_user(len, optlen)) {
5162                 fput(newfile);
5163                 put_unused_fd(retval);
5164                 return -EFAULT;
5165         }
5166 
5167         if (copy_to_user(optval, &peeloff, len)) {
5168                 fput(newfile);
5169                 put_unused_fd(retval);
5170                 return -EFAULT;
5171         }
5172         fd_install(retval, newfile);
5173 out:
5174         return retval;
5175 }
5176 
5177 static int sctp_getsockopt_peeloff_flags(struct sock *sk, int len,
5178                                          char __user *optval, int __user *optlen)
5179 {
5180         sctp_peeloff_flags_arg_t peeloff;
5181         struct file *newfile = NULL;
5182         int retval = 0;
5183 
5184         if (len < sizeof(sctp_peeloff_flags_arg_t))
5185                 return -EINVAL;
5186         len = sizeof(sctp_peeloff_flags_arg_t);
5187         if (copy_from_user(&peeloff, optval, len))
5188                 return -EFAULT;
5189 
5190         retval = sctp_getsockopt_peeloff_common(sk, &peeloff.p_arg,
5191                                                 &newfile, peeloff.flags);
5192         if (retval < 0)
5193                 goto out;
5194 
5195         /* Return the fd mapped to the new socket.  */
5196         if (put_user(len, optlen)) {
5197                 fput(newfile);
5198                 put_unused_fd(retval);
5199                 return -EFAULT;
5200         }
5201 
5202         if (copy_to_user(optval, &peeloff, len)) {
5203                 fput(newfile);
5204                 put_unused_fd(retval);
5205                 return -EFAULT;
5206         }
5207         fd_install(retval, newfile);
5208 out:
5209         return retval;
5210 }
5211 
5212 /* 7.1.13 Peer Address Parameters (SCTP_PEER_ADDR_PARAMS)
5213  *
5214  * Applications can enable or disable heartbeats for any peer address of
5215  * an association, modify an address's heartbeat interval, force a
5216  * heartbeat to be sent immediately, and adjust the address's maximum
5217  * number of retransmissions sent before an address is considered
5218  * unreachable.  The following structure is used to access and modify an
5219  * address's parameters:
5220  *
5221  *  struct sctp_paddrparams {
5222  *     sctp_assoc_t            spp_assoc_id;
5223  *     struct sockaddr_storage spp_address;
5224  *     uint32_t                spp_hbinterval;
5225  *     uint16_t                spp_pathmaxrxt;
5226  *     uint32_t                spp_pathmtu;
5227  *     uint32_t                spp_sackdelay;
5228  *     uint32_t                spp_flags;
5229  * };
5230  *
5231  *   spp_assoc_id    - (one-to-many style socket) This is filled in the
5232  *                     application, and identifies the association for
5233  *                     this query.
5234  *   spp_address     - This specifies which address is of interest.
5235  *   spp_hbinterval  - This contains the value of the heartbeat interval,
5236  *                     in milliseconds.  If a  value of zero
5237  *                     is present in this field then no changes are to
5238  *                     be made to this parameter.
5239  *   spp_pathmaxrxt  - This contains the maximum number of
5240  *                     retransmissions before this address shall be
5241  *                     considered unreachable. If a  value of zero
5242  *                     is present in this field then no changes are to
5243  *                     be made to this parameter.
5244  *   spp_pathmtu     - When Path MTU discovery is disabled the value
5245  *                     specified here will be the "fixed" path mtu.
5246  *                     Note that if the spp_address field is empty
5247  *                     then all associations on this address will
5248  *                     have this fixed path mtu set upon them.
5249  *
5250  *   spp_sackdelay   - When delayed sack is enabled, this value specifies
5251  *                     the number of milliseconds that sacks will be delayed
5252  *                     for. This value will apply to all addresses of an
5253  *                     association if the spp_address field is empty. Note
5254  *                     also, that if delayed sack is enabled and this
5255  *                     value is set to 0, no change is made to the last
5256  *                     recorded delayed sack timer value.
5257  *
5258  *   spp_flags       - These flags are used to control various features
5259  *                     on an association. The flag field may contain
5260  *                     zero or more of the following options.
5261  *
5262  *                     SPP_HB_ENABLE  - Enable heartbeats on the
5263  *                     specified address. Note that if the address
5264  *                     field is empty all addresses for the association
5265  *                     have heartbeats enabled upon them.
5266  *
5267  *                     SPP_HB_DISABLE - Disable heartbeats on the
5268  *                     speicifed address. Note that if the address
5269  *                     field is empty all addresses for the association
5270  *                     will have their heartbeats disabled. Note also
5271  *                     that SPP_HB_ENABLE and SPP_HB_DISABLE are
5272  *                     mutually exclusive, only one of these two should
5273  *                     be specified. Enabling both fields will have
5274  *                     undetermined results.
5275  *
5276  *                     SPP_HB_DEMAND - Request a user initiated heartbeat
5277  *                     to be made immediately.
5278  *
5279  *                     SPP_PMTUD_ENABLE - This field will enable PMTU
5280  *                     discovery upon the specified address. Note that
5281  *                     if the address feild is empty then all addresses
5282  *                     on the association are effected.
5283  *
5284  *                     SPP_PMTUD_DISABLE - This field will disable PMTU
5285  *                     discovery upon the specified address. Note that
5286  *                     if the address feild is empty then all addresses
5287  *                     on the association are effected. Not also that
5288  *                     SPP_PMTUD_ENABLE and SPP_PMTUD_DISABLE are mutually
5289  *                     exclusive. Enabling both will have undetermined
5290  *                     results.
5291  *
5292  *                     SPP_SACKDELAY_ENABLE - Setting this flag turns
5293  *                     on delayed sack. The time specified in spp_sackdelay
5294  *                     is used to specify the sack delay for this address. Note
5295  *                     that if spp_address is empty then all addresses will
5296  *                     enable delayed sack and take on the sack delay
5297  *                     value specified in spp_sackdelay.
5298  *                     SPP_SACKDELAY_DISABLE - Setting this flag turns
5299  *                     off delayed sack. If the spp_address field is blank then
5300  *                     delayed sack is disabled for the entire association. Note
5301  *                     also that this field is mutually exclusive to
5302  *                     SPP_SACKDELAY_ENABLE, setting both will have undefined
5303  *                     results.
5304  */
5305 static int sctp_getsockopt_peer_addr_params(struct sock *sk, int len,
5306                                             char __user *optval, int __user *optlen)
5307 {
5308         struct sctp_paddrparams  params;
5309         struct sctp_transport   *trans = NULL;
5310         struct sctp_association *asoc = NULL;
5311         struct sctp_sock        *sp = sctp_sk(sk);
5312 
5313         if (len < sizeof(struct sctp_paddrparams))
5314                 return -EINVAL;
5315         len = sizeof(struct sctp_paddrparams);
5316         if (copy_from_user(&params, optval, len))
5317                 return -EFAULT;
5318 
5319         /* If an address other than INADDR_ANY is specified, and
5320          * no transport is found, then the request is invalid.
5321          */
5322         if (!sctp_is_any(sk, (union sctp_addr *)&params.spp_address)) {
5323                 trans = sctp_addr_id2transport(sk, &params.spp_address,
5324                                                params.spp_assoc_id);
5325                 if (!trans) {
5326                         pr_debug("%s: failed no transport\n", __func__);
5327                         return -EINVAL;
5328                 }
5329         }
5330 
5331         /* Get association, if assoc_id != 0 and the socket is a one
5332          * to many style socket, and an association was not found, then
5333          * the id was invalid.
5334          */
5335         asoc = sctp_id2assoc(sk, params.spp_assoc_id);
5336         if (!asoc && params.spp_assoc_id && sctp_style(sk, UDP)) {
5337                 pr_debug("%s: failed no association\n", __func__);
5338                 return -EINVAL;
5339         }
5340 
5341         if (trans) {
5342                 /* Fetch transport values. */
5343                 params.spp_hbinterval = jiffies_to_msecs(trans->hbinterval);
5344                 params.spp_pathmtu    = trans->pathmtu;
5345                 params.spp_pathmaxrxt = trans->pathmaxrxt;
5346                 params.spp_sackdelay  = jiffies_to_msecs(trans->sackdelay);
5347 
5348                 /*draft-11 doesn't say what to return in spp_flags*/
5349                 params.spp_flags      = trans->param_flags;
5350         } else if (asoc) {
5351                 /* Fetch association values. */
5352                 params.spp_hbinterval = jiffies_to_msecs(asoc->hbinterval);
5353                 params.spp_pathmtu    = asoc->pathmtu;
5354                 params.spp_pathmaxrxt = asoc->pathmaxrxt;
5355                 params.spp_sackdelay  = jiffies_to_msecs(asoc->sackdelay);
5356 
5357                 /*draft-11 doesn't say what to return in spp_flags*/
5358                 params.spp_flags      = asoc->param_flags;
5359         } else {
5360                 /* Fetch socket values. */
5361                 params.spp_hbinterval = sp->hbinterval;
5362                 params.spp_pathmtu    = sp->pathmtu;
5363                 params.spp_sackdelay  = sp->sackdelay;
5364                 params.spp_pathmaxrxt = sp->pathmaxrxt;
5365 
5366                 /*draft-11 doesn't say what to return in spp_flags*/
5367                 params.spp_flags      = sp->param_flags;
5368         }
5369 
5370         if (copy_to_user(optval, &params, len))
5371                 return -EFAULT;
5372 
5373         if (put_user(len, optlen))
5374                 return -EFAULT;
5375 
5376         return 0;
5377 }
5378 
5379 /*
5380  * 7.1.23.  Get or set delayed ack timer (SCTP_DELAYED_SACK)
5381  *
5382  * This option will effect the way delayed acks are performed.  This
5383  * option allows you to get or set the delayed ack time, in
5384  * milliseconds.  It also allows changing the delayed ack frequency.
5385  * Changing the frequency to 1 disables the delayed sack algorithm.  If
5386  * the assoc_id is 0, then this sets or gets the endpoints default
5387  * values.  If the assoc_id field is non-zero, then the set or get
5388  * effects the specified association for the one to many model (the
5389  * assoc_id field is ignored by the one to one model).  Note that if
5390  * sack_delay or sack_freq are 0 when setting this option, then the
5391  * current values will remain unchanged.
5392  *
5393  * struct sctp_sack_info {
5394  *     sctp_assoc_t            sack_assoc_id;
5395  *     uint32_t                sack_delay;
5396  *     uint32_t                sack_freq;
5397  * };
5398  *
5399  * sack_assoc_id -  This parameter, indicates which association the user
5400  *    is performing an action upon.  Note that if this field's value is
5401  *    zero then the endpoints default value is changed (effecting future
5402  *    associations only).
5403  *
5404  * sack_delay -  This parameter contains the number of milliseconds that
5405  *    the user is requesting the delayed ACK timer be set to.  Note that
5406  *    this value is defined in the standard to be between 200 and 500
5407  *    milliseconds.
5408  *
5409  * sack_freq -  This parameter contains the number of packets that must
5410  *    be received before a sack is sent without waiting for the delay
5411  *    timer to expire.  The default value for this is 2, setting this
5412  *    value to 1 will disable the delayed sack algorithm.
5413  */
5414 static int sctp_getsockopt_delayed_ack(struct sock *sk, int len,
5415                                             char __user *optval,
5416                                             int __user *optlen)
5417 {
5418         struct sctp_sack_info    params;
5419         struct sctp_association *asoc = NULL;
5420         struct sctp_sock        *sp = sctp_sk(sk);
5421 
5422         if (len >= sizeof(struct sctp_sack_info)) {
5423                 len = sizeof(struct sctp_sack_info);
5424 
5425                 if (copy_from_user(&params, optval, len))
5426                         return -EFAULT;
5427         } else if (len == sizeof(struct sctp_assoc_value)) {
5428                 pr_warn_ratelimited(DEPRECATED
5429                                     "%s (pid %d) "
5430                                     "Use of struct sctp_assoc_value in delayed_ack socket option.\n"
5431                                     "Use struct sctp_sack_info instead\n",
5432                                     current->comm, task_pid_nr(current));
5433                 if (copy_from_user(&params, optval, len))
5434                         return -EFAULT;
5435         } else
5436                 return -EINVAL;
5437 
5438         /* Get association, if sack_assoc_id != 0 and the socket is a one
5439          * to many style socket, and an association was not found, then
5440          * the id was invalid.
5441          */
5442         asoc = sctp_id2assoc(sk, params.sack_assoc_id);
5443         if (!asoc && params.sack_assoc_id && sctp_style(sk, UDP))
5444                 return -EINVAL;
5445 
5446         if (asoc) {
5447                 /* Fetch association values. */
5448                 if (asoc->param_flags & SPP_SACKDELAY_ENABLE) {
5449                         params.sack_delay = jiffies_to_msecs(
5450                                 asoc->sackdelay);
5451                         params.sack_freq = asoc->sackfreq;
5452 
5453                 } else {
5454                         params.sack_delay = 0;
5455                         params.sack_freq = 1;
5456                 }
5457         } else {
5458                 /* Fetch socket values. */
5459                 if (sp->param_flags & SPP_SACKDELAY_ENABLE) {
5460                         params.sack_delay  = sp->sackdelay;
5461                         params.sack_freq = sp->sackfreq;
5462                 } else {
5463                         params.sack_delay  = 0;
5464                         params.sack_freq = 1;
5465                 }
5466         }
5467 
5468         if (copy_to_user(optval, &params, len))
5469                 return -EFAULT;
5470 
5471         if (put_user(len, optlen))
5472                 return -EFAULT;
5473 
5474         return 0;
5475 }
5476 
5477 /* 7.1.3 Initialization Parameters (SCTP_INITMSG)
5478  *
5479  * Applications can specify protocol parameters for the default association
5480  * initialization.  The option name argument to setsockopt() and getsockopt()
5481  * is SCTP_INITMSG.
5482  *
5483  * Setting initialization parameters is effective only on an unconnected
5484  * socket (for UDP-style sockets only future associations are effected
5485  * by the change).  With TCP-style sockets, this option is inherited by
5486  * sockets derived from a listener socket.
5487  */
5488 static int sctp_getsockopt_initmsg(struct sock *sk, int len, char __user *optval, int __user *optlen)
5489 {
5490         if (len < sizeof(struct sctp_initmsg))
5491                 return -EINVAL;
5492         len = sizeof(struct sctp_initmsg);
5493         if (put_user(len, optlen))
5494                 return -EFAULT;
5495         if (copy_to_user(optval, &sctp_sk(sk)->initmsg, len))
5496                 return -EFAULT;
5497         return 0;
5498 }
5499 
5500 
5501 static int sctp_getsockopt_peer_addrs(struct sock *sk, int len,
5502                                       char __user *optval, int __user *optlen)
5503 {
5504         struct sctp_association *asoc;
5505         int cnt = 0;
5506         struct sctp_getaddrs getaddrs;
5507         struct sctp_transport *from;
5508         void __user *to;
5509         union sctp_addr temp;
5510         struct sctp_sock *sp = sctp_sk(sk);
5511         int addrlen;
5512         size_t space_left;
5513         int bytes_copied;
5514 
5515         if (len < sizeof(struct sctp_getaddrs))
5516                 return -EINVAL;
5517 
5518         if (copy_from_user(&getaddrs, optval, sizeof(struct sctp_getaddrs)))
5519                 return -EFAULT;
5520 
5521         /* For UDP-style sockets, id specifies the association to query.  */
5522         asoc = sctp_id2assoc(sk, getaddrs.assoc_id);
5523         if (!asoc)
5524                 return -EINVAL;
5525 
5526         to = optval + offsetof(struct sctp_getaddrs, addrs);
5527         space_left = len - offsetof(struct sctp_getaddrs, addrs);
5528 
5529         list_for_each_entry(from, &asoc->peer.transport_addr_list,
5530                                 transports) {
5531                 memcpy(&temp, &from->ipaddr, sizeof(temp));
5532                 addrlen = sctp_get_pf_specific(sk->sk_family)
5533                               ->addr_to_user(sp, &temp);
5534                 if (space_left < addrlen)
5535                         return -ENOMEM;
5536                 if (copy_to_user(to, &temp, addrlen))
5537                         return -EFAULT;
5538                 to += addrlen;
5539                 cnt++;
5540                 space_left -= addrlen;
5541         }
5542 
5543         if (put_user(cnt, &((struct sctp_getaddrs __user *)optval)->addr_num))
5544                 return -EFAULT;
5545         bytes_copied = ((char __user *)to) - optval;
5546         if (put_user(bytes_copied, optlen))
5547                 return -EFAULT;
5548 
5549         return 0;
5550 }
5551 
5552 static int sctp_copy_laddrs(struct sock *sk, __u16 port, void *to,
5553                             size_t space_left, int *bytes_copied)
5554 {
5555         struct sctp_sockaddr_entry *addr;
5556         union sctp_addr temp;
5557         int cnt = 0;
5558         int addrlen;
5559         struct net *net = sock_net(sk);
5560 
5561         rcu_read_lock();
5562         list_for_each_entry_rcu(addr, &net->sctp.local_addr_list, list) {
5563                 if (!addr->valid)
5564                         continue;
5565 
5566                 if ((PF_INET == sk->sk_family) &&
5567                     (AF_INET6 == addr->a.sa.sa_family))
5568                         continue;
5569                 if ((PF_INET6 == sk->sk_family) &&
5570                     inet_v6_ipv6only(sk) &&
5571                     (AF_INET == addr->a.sa.sa_family))
5572                         continue;
5573                 memcpy(&temp, &addr->a, sizeof(temp));
5574                 if (!temp.v4.sin_port)
5575                         temp.v4.sin_port = htons(port);
5576 
5577                 addrlen = sctp_get_pf_specific(sk->sk_family)
5578                               ->addr_to_user(sctp_sk(sk), &temp);
5579 
5580                 if (space_left < addrlen) {
5581                         cnt =  -ENOMEM;
5582                         break;
5583                 }
5584                 memcpy(to, &temp, addrlen);
5585 
5586                 to += addrlen;
5587                 cnt++;
5588                 space_left -= addrlen;
5589                 *bytes_copied += addrlen;
5590         }
5591         rcu_read_unlock();
5592 
5593         return cnt;
5594 }
5595 
5596 
5597 static int sctp_getsockopt_local_addrs(struct sock *sk, int len,
5598                                        char __user *optval, int __user *optlen)
5599 {
5600         struct sctp_bind_addr *bp;
5601         struct sctp_association *asoc;
5602         int cnt = 0;
5603         struct sctp_getaddrs getaddrs;
5604         struct sctp_sockaddr_entry *addr;
5605         void __user *to;
5606         union sctp_addr temp;
5607         struct sctp_sock *sp = sctp_sk(sk);
5608         int addrlen;
5609         int err = 0;
5610         size_t space_left;
5611         int bytes_copied = 0;
5612         void *addrs;
5613         void *buf;
5614 
5615         if (len < sizeof(struct sctp_getaddrs))
5616                 return -EINVAL;
5617 
5618         if (copy_from_user(&getaddrs, optval, sizeof(struct sctp_getaddrs)))
5619                 return -EFAULT;
5620 
5621         /*
5622          *  For UDP-style sockets, id specifies the association to query.
5623          *  If the id field is set to the value '' then the locally bound
5624          *  addresses are returned without regard to any particular
5625          *  association.
5626          */
5627         if (0 == getaddrs.assoc_id) {
5628                 bp = &sctp_sk(sk)->ep->base.bind_addr;
5629         } else {
5630                 asoc = sctp_id2assoc(sk, getaddrs.assoc_id);
5631                 if (!asoc)
5632                         return -EINVAL;
5633                 bp = &asoc->base.bind_addr;
5634         }
5635 
5636         to = optval + offsetof(struct sctp_getaddrs, addrs);
5637         space_left = len - offsetof(struct sctp_getaddrs, addrs);
5638 
5639         addrs = kmalloc(space_left, GFP_USER | __GFP_NOWARN);
5640         if (!addrs)
5641                 return -ENOMEM;
5642 
5643         /* If the endpoint is bound to 0.0.0.0 or ::0, get the valid
5644          * addresses from the global local address list.
5645          */
5646         if (sctp_list_single_entry(&bp->address_list)) {
5647                 addr = list_entry(bp->address_list.next,
5648                                   struct sctp_sockaddr_entry, list);
5649                 if (sctp_is_any(sk, &addr->a)) {
5650                         cnt = sctp_copy_laddrs(sk, bp->port, addrs,
5651                                                 space_left, &bytes_copied);
5652                         if (cnt < 0) {
5653                                 err = cnt;
5654                                 goto out;
5655                         }
5656                         goto copy_getaddrs;
5657                 }
5658         }
5659 
5660         buf = addrs;
5661         /* Protection on the bound address list is not needed since
5662          * in the socket option context we hold a socket lock and
5663          * thus the bound address list can't change.
5664          */
5665         list_for_each_entry(addr, &bp->address_list, list) {
5666                 memcpy(&temp, &addr->a, sizeof(temp));
5667                 addrlen = sctp_get_pf_specific(sk->sk_family)
5668                               ->addr_to_user(sp, &temp);
5669                 if (space_left < addrlen) {
5670                         err =  -ENOMEM; /*fixme: right error?*/
5671                         goto out;
5672                 }
5673                 memcpy(buf, &temp, addrlen);
5674                 buf += addrlen;
5675                 bytes_copied += addrlen;
5676                 cnt++;
5677                 space_left -= addrlen;
5678         }
5679 
5680 copy_getaddrs:
5681         if (copy_to_user(to, addrs, bytes_copied)) {
5682                 err = -EFAULT;
5683                 goto out;
5684         }
5685         if (put_user(cnt, &((struct sctp_getaddrs __user *)optval)->addr_num)) {
5686                 err = -EFAULT;
5687                 goto out;
5688         }
5689         /* XXX: We should have accounted for sizeof(struct sctp_getaddrs) too,
5690          * but we can't change it anymore.
5691          */
5692         if (put_user(bytes_copied, optlen))
5693                 err = -EFAULT;
5694 out:
5695         kfree(addrs);
5696         return err;
5697 }
5698 
5699 /* 7.1.10 Set Primary Address (SCTP_PRIMARY_ADDR)
5700  *
5701  * Requests that the local SCTP stack use the enclosed peer address as
5702  * the association primary.  The enclosed address must be one of the
5703  * association peer's addresses.
5704  */
5705 static int sctp_getsockopt_primary_addr(struct sock *sk, int len,
5706                                         char __user *optval, int __user *optlen)
5707 {
5708         struct sctp_prim prim;
5709         struct sctp_association *asoc;
5710         struct sctp_sock *sp = sctp_sk(sk);
5711 
5712         if (len < sizeof(struct sctp_prim))
5713                 return -EINVAL;
5714 
5715         len = sizeof(struct sctp_prim);
5716 
5717         if (copy_from_user(&prim, optval, len))
5718                 return -EFAULT;
5719 
5720         asoc = sctp_id2assoc(sk, prim.ssp_assoc_id);
5721         if (!asoc)
5722                 return -EINVAL;
5723 
5724         if (!asoc->peer.primary_path)
5725                 return -ENOTCONN;
5726 
5727         memcpy(&prim.ssp_addr, &asoc->peer.primary_path->ipaddr,
5728                 asoc->peer.primary_path->af_specific->sockaddr_len);
5729 
5730         sctp_get_pf_specific(sk->sk_family)->addr_to_user(sp,
5731                         (union sctp_addr *)&prim.ssp_addr);
5732 
5733         if (put_user(len, optlen))
5734                 return -EFAULT;
5735         if (copy_to_user(optval, &prim, len))
5736                 return -EFAULT;
5737 
5738         return 0;
5739 }
5740 
5741 /*
5742  * 7.1.11  Set Adaptation Layer Indicator (SCTP_ADAPTATION_LAYER)
5743  *
5744  * Requests that the local endpoint set the specified Adaptation Layer
5745  * Indication parameter for all future INIT and INIT-ACK exchanges.
5746  */
5747 static int sctp_getsockopt_adaptation_layer(struct sock *sk, int len,
5748                                   char __user *optval, int __user *optlen)
5749 {
5750         struct sctp_setadaptation adaptation;
5751 
5752         if (len < sizeof(struct sctp_setadaptation))
5753                 return -EINVAL;
5754 
5755         len = sizeof(struct sctp_setadaptation);
5756 
5757         adaptation.ssb_adaptation_ind = sctp_sk(sk)->adaptation_ind;
5758 
5759         if (put_user(len, optlen))
5760                 return -EFAULT;
5761         if (copy_to_user(optval, &adaptation, len))
5762                 return -EFAULT;
5763 
5764         return 0;
5765 }
5766 
5767 /*
5768  *
5769  * 7.1.14 Set default send parameters (SCTP_DEFAULT_SEND_PARAM)
5770  *
5771  *   Applications that wish to use the sendto() system call may wish to
5772  *   specify a default set of parameters that would normally be supplied
5773  *   through the inclusion of ancillary data.  This socket option allows
5774  *   such an application to set the default sctp_sndrcvinfo structure.
5775 
5776 
5777  *   The application that wishes to use this socket option simply passes
5778  *   in to this call the sctp_sndrcvinfo structure defined in Section
5779  *   5.2.2) The input parameters accepted by this call include
5780  *   sinfo_stream, sinfo_flags, sinfo_ppid, sinfo_context,
5781  *   sinfo_timetolive.  The user must provide the sinfo_assoc_id field in
5782  *   to this call if the caller is using the UDP model.
5783  *
5784  *   For getsockopt, it get the default sctp_sndrcvinfo structure.
5785  */
5786 static int sctp_getsockopt_default_send_param(struct sock *sk,
5787                                         int len, char __user *optval,
5788                                         int __user *optlen)
5789 {
5790         struct sctp_sock *sp = sctp_sk(sk);
5791         struct sctp_association *asoc;
5792         struct sctp_sndrcvinfo info;
5793 
5794         if (len < sizeof(info))
5795                 return -EINVAL;
5796 
5797         len = sizeof(info);
5798 
5799         if (copy_from_user(&info, optval, len))
5800                 return -EFAULT;
5801 
5802         asoc = sctp_id2assoc(sk, info.sinfo_assoc_id);
5803         if (!asoc && info.sinfo_assoc_id && sctp_style(sk, UDP))
5804                 return -EINVAL;
5805         if (asoc) {
5806                 info.sinfo_stream = asoc->default_stream;
5807                 info.sinfo_flags = asoc->default_flags;
5808                 info.sinfo_ppid = asoc->default_ppid;
5809                 info.sinfo_context = asoc->default_context;
5810                 info.sinfo_timetolive = asoc->default_timetolive;
5811         } else {
5812                 info.sinfo_stream = sp->default_stream;
5813                 info.sinfo_flags = sp->default_flags;
5814                 info.sinfo_ppid = sp->default_ppid;
5815                 info.sinfo_context = sp->default_context;
5816                 info.sinfo_timetolive = sp->default_timetolive;
5817         }
5818 
5819         if (put_user(len, optlen))
5820                 return -EFAULT;
5821         if (copy_to_user(optval, &info, len))
5822                 return -EFAULT;
5823 
5824         return 0;
5825 }
5826 
5827 /* RFC6458, Section 8.1.31. Set/get Default Send Parameters
5828  * (SCTP_DEFAULT_SNDINFO)
5829  */
5830 static int sctp_getsockopt_default_sndinfo(struct sock *sk, int len,
5831                                            char __user *optval,
5832                                            int __user *optlen)
5833 {
5834         struct sctp_sock *sp = sctp_sk(sk);
5835         struct sctp_association *asoc;
5836         struct sctp_sndinfo info;
5837 
5838         if (len < sizeof(info))
5839                 return -EINVAL;
5840 
5841         len = sizeof(info);
5842 
5843         if (copy_from_user(&info, optval, len))
5844                 return -EFAULT;
5845 
5846         asoc = sctp_id2assoc(sk, info.snd_assoc_id);
5847         if (!asoc && info.snd_assoc_id && sctp_style(sk, UDP))
5848                 return -EINVAL;
5849         if (asoc) {
5850                 info.snd_sid = asoc->default_stream;
5851                 info.snd_flags = asoc->default_flags;
5852                 info.snd_ppid = asoc->default_ppid;
5853                 info.snd_context = asoc->default_context;
5854         } else {
5855                 info.snd_sid = sp->default_stream;
5856                 info.snd_flags = sp->default_flags;
5857                 info.snd_ppid = sp->default_ppid;
5858                 info.snd_context = sp->default_context;
5859         }
5860 
5861         if (put_user(len, optlen))
5862                 return -EFAULT;
5863         if (copy_to_user(optval, &info, len))
5864                 return -EFAULT;
5865 
5866         return 0;
5867 }
5868 
5869 /*
5870  *
5871  * 7.1.5 SCTP_NODELAY
5872  *
5873  * Turn on/off any Nagle-like algorithm.  This means that packets are
5874  * generally sent as soon as possible and no unnecessary delays are
5875  * introduced, at the cost of more packets in the network.  Expects an
5876  * integer boolean flag.
5877  */
5878 
5879 static int sctp_getsockopt_nodelay(struct sock *sk, int len,
5880                                    char __user *optval, int __user *optlen)
5881 {
5882         int val;
5883 
5884         if (len < sizeof(int))
5885                 return -EINVAL;
5886 
5887         len = sizeof(int);
5888         val = (sctp_sk(sk)->nodelay == 1);
5889         if (put_user(len, optlen))
5890                 return -EFAULT;
5891         if (copy_to_user(optval, &val, len))
5892                 return -EFAULT;
5893         return 0;
5894 }
5895 
5896 /*
5897  *
5898  * 7.1.1 SCTP_RTOINFO
5899  *
5900  * The protocol parameters used to initialize and bound retransmission
5901  * timeout (RTO) are tunable. sctp_rtoinfo structure is used to access
5902  * and modify these parameters.
5903  * All parameters are time values, in milliseconds.  A value of 0, when
5904  * modifying the parameters, indicates that the current value should not
5905  * be changed.
5906  *
5907  */
5908 static int sctp_getsockopt_rtoinfo(struct sock *sk, int len,
5909                                 char __user *optval,
5910                                 int __user *optlen) {
5911         struct sctp_rtoinfo rtoinfo;
5912         struct sctp_association *asoc;
5913 
5914         if (len < sizeof (struct sctp_rtoinfo))
5915                 return -EINVAL;
5916 
5917         len = sizeof(struct sctp_rtoinfo);
5918 
5919         if (copy_from_user(&rtoinfo, optval, len))
5920                 return -EFAULT;
5921 
5922         asoc = sctp_id2assoc(sk, rtoinfo.srto_assoc_id);
5923 
5924         if (!asoc && rtoinfo.srto_assoc_id && sctp_style(sk, UDP))
5925                 return -EINVAL;
5926 
5927         /* Values corresponding to the specific association. */
5928         if (asoc) {
5929                 rtoinfo.srto_initial = jiffies_to_msecs(asoc->rto_initial);
5930                 rtoinfo.srto_max = jiffies_to_msecs(asoc->rto_max);
5931                 rtoinfo.srto_min = jiffies_to_msecs(asoc->rto_min);
5932         } else {
5933                 /* Values corresponding to the endpoint. */
5934                 struct sctp_sock *sp = sctp_sk(sk);
5935 
5936                 rtoinfo.srto_initial = sp->rtoinfo.srto_initial;
5937                 rtoinfo.srto_max = sp->rtoinfo.srto_max;
5938                 rtoinfo.srto_min = sp->rtoinfo.srto_min;
5939         }
5940 
5941         if (put_user(len, optlen))
5942                 return -EFAULT;
5943 
5944         if (copy_to_user(optval, &rtoinfo, len))
5945                 return -EFAULT;
5946 
5947         return 0;
5948 }
5949 
5950 /*
5951  *
5952  * 7.1.2 SCTP_ASSOCINFO
5953  *
5954  * This option is used to tune the maximum retransmission attempts
5955  * of the association.
5956  * Returns an error if the new association retransmission value is
5957  * greater than the sum of the retransmission value  of the peer.
5958  * See [SCTP] for more information.
5959  *
5960  */
5961 static int sctp_getsockopt_associnfo(struct sock *sk, int len,
5962                                      char __user *optval,
5963                                      int __user *optlen)
5964 {
5965 
5966         struct sctp_assocparams assocparams;
5967         struct sctp_association *asoc;
5968         struct list_head *pos;
5969         int cnt = 0;
5970 
5971         if (len < sizeof (struct sctp_assocparams))
5972                 return -EINVAL;
5973 
5974         len = sizeof(struct sctp_assocparams);
5975 
5976         if (copy_from_user(&assocparams, optval, len))
5977                 return -EFAULT;
5978 
5979         asoc = sctp_id2assoc(sk, assocparams.sasoc_assoc_id);
5980 
5981         if (!asoc && assocparams.sasoc_assoc_id && sctp_style(sk, UDP))
5982                 return -EINVAL;
5983 
5984         /* Values correspoinding to the specific association */
5985         if (asoc) {
5986                 assocparams.sasoc_asocmaxrxt = asoc->max_retrans;
5987                 assocparams.sasoc_peer_rwnd = asoc->peer.rwnd;
5988                 assocparams.sasoc_local_rwnd = asoc->a_rwnd;
5989                 assocparams.sasoc_cookie_life = ktime_to_ms(asoc->cookie_life);
5990 
5991                 list_for_each(pos, &asoc->peer.transport_addr_list) {
5992                         cnt++;
5993                 }
5994 
5995                 assocparams.sasoc_number_peer_destinations = cnt;
5996         } else {
5997                 /* Values corresponding to the endpoint */
5998                 struct sctp_sock *sp = sctp_sk(sk);
5999 
6000                 assocparams.sasoc_asocmaxrxt = sp->assocparams.sasoc_asocmaxrxt;
6001                 assocparams.sasoc_peer_rwnd = sp->assocparams.sasoc_peer_rwnd;
6002                 assocparams.sasoc_local_rwnd = sp->assocparams.sasoc_local_rwnd;
6003                 assocparams.sasoc_cookie_life =
6004                                         sp->assocparams.sasoc_cookie_life;
6005                 assocparams.sasoc_number_peer_destinations =
6006                                         sp->assocparams.
6007                                         sasoc_number_peer_destinations;
6008         }
6009 
6010         if (put_user(len, optlen))
6011                 return -EFAULT;
6012 
6013         if (copy_to_user(optval, &assocparams, len))
6014                 return -EFAULT;
6015 
6016         return 0;
6017 }
6018 
6019 /*
6020  * 7.1.16 Set/clear IPv4 mapped addresses (SCTP_I_WANT_MAPPED_V4_ADDR)
6021  *
6022  * This socket option is a boolean flag which turns on or off mapped V4
6023  * addresses.  If this option is turned on and the socket is type
6024  * PF_INET6, then IPv4 addresses will be mapped to V6 representation.
6025  * If this option is turned off, then no mapping will be done of V4
6026  * addresses and a user will receive both PF_INET6 and PF_INET type
6027  * addresses on the socket.
6028  */
6029 static int sctp_getsockopt_mappedv4(struct sock *sk, int len,
6030                                     char __user *optval, int __user *optlen)
6031 {
6032         int val;
6033         struct sctp_sock *sp = sctp_sk(sk);
6034 
6035         if (len < sizeof(int))
6036                 return -EINVAL;
6037 
6038         len = sizeof(int);
6039         val = sp->v4mapped;
6040         if (put_user(len, optlen))
6041                 return -EFAULT;
6042         if (copy_to_user(optval, &val, len))
6043                 return -EFAULT;
6044 
6045         return 0;
6046 }
6047 
6048 /*
6049  * 7.1.29.  Set or Get the default context (SCTP_CONTEXT)
6050  * (chapter and verse is quoted at sctp_setsockopt_context())
6051  */
6052 static int sctp_getsockopt_context(struct sock *sk, int len,
6053                                    char __user *optval, int __user *optlen)
6054 {
6055         struct sctp_assoc_value params;
6056         struct sctp_sock *sp;
6057         struct sctp_association *asoc;
6058 
6059         if (len < sizeof(struct sctp_assoc_value))
6060                 return -EINVAL;
6061 
6062         len = sizeof(struct sctp_assoc_value);
6063 
6064         if (copy_from_user(&params, optval, len))
6065                 return -EFAULT;
6066 
6067         sp = sctp_sk(sk);
6068 
6069         if (params.assoc_id != 0) {
6070                 asoc = sctp_id2assoc(sk, params.assoc_id);
6071                 if (!asoc)
6072                         return -EINVAL;
6073                 params.assoc_value = asoc->default_rcv_context;
6074         } else {
6075                 params.assoc_value = sp->default_rcv_context;
6076         }
6077 
6078         if (put_user(len, optlen))
6079                 return -EFAULT;
6080         if (copy_to_user(optval, &params, len))
6081                 return -EFAULT;
6082 
6083         return 0;
6084 }
6085 
6086 /*
6087  * 8.1.16.  Get or Set the Maximum Fragmentation Size (SCTP_MAXSEG)
6088  * This option will get or set the maximum size to put in any outgoing
6089  * SCTP DATA chunk.  If a message is larger than this size it will be
6090  * fragmented by SCTP into the specified size.  Note that the underlying
6091  * SCTP implementation may fragment into smaller sized chunks when the
6092  * PMTU of the underlying association is smaller than the value set by
6093  * the user.  The default value for this option is '' which indicates
6094  * the user is NOT limiting fragmentation and only the PMTU will effect
6095  * SCTP's choice of DATA chunk size.  Note also that values set larger
6096  * than the maximum size of an IP datagram will effectively let SCTP
6097  * control fragmentation (i.e. the same as setting this option to 0).
6098  *
6099  * The following structure is used to access and modify this parameter:
6100  *
6101  * struct sctp_assoc_value {
6102  *   sctp_assoc_t assoc_id;
6103  *   uint32_t assoc_value;
6104  * };
6105  *
6106  * assoc_id:  This parameter is ignored for one-to-one style sockets.
6107  *    For one-to-many style sockets this parameter indicates which
6108  *    association the user is performing an action upon.  Note that if
6109  *    this field's value is zero then the endpoints default value is
6110  *    changed (effecting future associations only).
6111  * assoc_value:  This parameter specifies the maximum size in bytes.
6112  */
6113 static int sctp_getsockopt_maxseg(struct sock *sk, int len,
6114                                   char __user *optval, int __user *optlen)
6115 {
6116         struct sctp_assoc_value params;
6117         struct sctp_association *asoc;
6118 
6119         if (len == sizeof(int)) {
6120                 pr_warn_ratelimited(DEPRECATED
6121                                     "%s (pid %d) "
6122                                     "Use of int in maxseg socket option.\n"
6123                                     "Use struct sctp_assoc_value instead\n",
6124                                     current->comm, task_pid_nr(current));
6125                 params.assoc_id = 0;
6126         } else if (len >= sizeof(struct sctp_assoc_value)) {
6127                 len = sizeof(struct sctp_assoc_value);
6128                 if (copy_from_user(&params, optval, len))
6129                         return -EFAULT;
6130         } else
6131                 return -EINVAL;
6132 
6133         asoc = sctp_id2assoc(sk, params.assoc_id);
6134         if (!asoc && params.assoc_id && sctp_style(sk, UDP))
6135                 return -EINVAL;
6136 
6137         if (asoc)
6138                 params.assoc_value = asoc->frag_point;
6139         else
6140                 params.assoc_value = sctp_sk(sk)->user_frag;
6141 
6142         if (put_user(len, optlen))
6143                 return -EFAULT;
6144         if (len == sizeof(int)) {
6145                 if (copy_to_user(optval, &params.assoc_value, len))
6146                         return -EFAULT;
6147         } else {
6148                 if (copy_to_user(optval, &params, len))
6149                         return -EFAULT;
6150         }
6151 
6152         return 0;
6153 }
6154 
6155 /*
6156  * 7.1.24.  Get or set fragmented interleave (SCTP_FRAGMENT_INTERLEAVE)
6157  * (chapter and verse is quoted at sctp_setsockopt_fragment_interleave())
6158  */
6159 static int sctp_getsockopt_fragment_interleave(struct sock *sk, int len,
6160                                                char __user *optval, int __user *optlen)
6161 {
6162         int val;
6163 
6164         if (len < sizeof(int))
6165                 return -EINVAL;
6166 
6167         len = sizeof(int);
6168 
6169         val = sctp_sk(sk)->frag_interleave;
6170         if (put_user(len, optlen))
6171                 return -EFAULT;
6172         if (copy_to_user(optval, &val, len))
6173                 return -EFAULT;
6174 
6175         return 0;
6176 }
6177 
6178 /*
6179  * 7.1.25.  Set or Get the sctp partial delivery point
6180  * (chapter and verse is quoted at sctp_setsockopt_partial_delivery_point())
6181  */
6182 static int sctp_getsockopt_partial_delivery_point(struct sock *sk, int len,
6183                                                   char __user *optval,
6184                                                   int __user *optlen)
6185 {
6186         u32 val;
6187 
6188         if (len < sizeof(u32))
6189                 return -EINVAL;
6190 
6191         len = sizeof(u32);
6192 
6193         val = sctp_sk(sk)->pd_point;
6194         if (put_user(len, optlen))
6195                 return -EFAULT;
6196         if (copy_to_user(optval, &val, len))
6197                 return -EFAULT;
6198 
6199         return 0;
6200 }
6201 
6202 /*
6203  * 7.1.28.  Set or Get the maximum burst (SCTP_MAX_BURST)
6204  * (chapter and verse is quoted at sctp_setsockopt_maxburst())
6205  */
6206 static int sctp_getsockopt_maxburst(struct sock *sk, int len,
6207                                     char __user *optval,
6208                                     int __user *optlen)
6209 {
6210         struct sctp_assoc_value params;
6211         struct sctp_sock *sp;
6212         struct sctp_association *asoc;
6213 
6214         if (len == sizeof(int)) {
6215                 pr_warn_ratelimited(DEPRECATED
6216                                     "%s (pid %d) "
6217                                     "Use of int in max_burst socket option.\n"
6218                                     "Use struct sctp_assoc_value instead\n",
6219                                     current->comm, task_pid_nr(current));
6220                 params.assoc_id = 0;
6221         } else if (len >= sizeof(struct sctp_assoc_value)) {
6222                 len = sizeof(struct sctp_assoc_value);
6223                 if (copy_from_user(&params, optval, len))
6224                         return -EFAULT;
6225         } else
6226                 return -EINVAL;
6227 
6228         sp = sctp_sk(sk);
6229 
6230         if (params.assoc_id != 0) {
6231                 asoc = sctp_id2assoc(sk, params.assoc_id);
6232                 if (!asoc)
6233                         return -EINVAL;
6234                 params.assoc_value = asoc->max_burst;
6235         } else
6236                 params.assoc_value = sp->max_burst;
6237 
6238         if (len == sizeof(int)) {
6239                 if (copy_to_user(optval, &params.assoc_value, len))
6240                         return -EFAULT;
6241         } else {
6242                 if (copy_to_user(optval, &params, len))
6243                         return -EFAULT;
6244         }
6245 
6246         return 0;
6247 
6248 }
6249 
6250 static int sctp_getsockopt_hmac_ident(struct sock *sk, int len,
6251                                     char __user *optval, int __user *optlen)
6252 {
6253         struct sctp_endpoint *ep = sctp_sk(sk)->ep;
6254         struct sctp_hmacalgo  __user *p = (void __user *)optval;
6255         struct sctp_hmac_algo_param *hmacs;
6256         __u16 data_len = 0;
6257         u32 num_idents;
6258         int i;
6259 
6260         if (!ep->auth_enable)
6261                 return -EACCES;
6262 
6263         hmacs = ep->auth_hmacs_list;
6264         data_len = ntohs(hmacs->param_hdr.length) -
6265                    sizeof(struct sctp_paramhdr);
6266 
6267         if (len < sizeof(struct sctp_hmacalgo) + data_len)
6268                 return -EINVAL;
6269 
6270         len = sizeof(struct sctp_hmacalgo) + data_len;
6271         num_idents = data_len / sizeof(u16);
6272 
6273         if (put_user(len, optlen))
6274                 return -EFAULT;
6275         if (put_user(num_idents, &p->shmac_num_idents))
6276                 return -EFAULT;
6277         for (i = 0; i < num_idents; i++) {
6278                 __u16 hmacid = ntohs(hmacs->hmac_ids[i]);
6279 
6280                 if (copy_to_user(&p->shmac_idents[i], &hmacid, sizeof(__u16)))
6281                         return -EFAULT;
6282         }
6283         return 0;
6284 }
6285 
6286 static int sctp_getsockopt_active_key(struct sock *sk, int len,
6287                                     char __user *optval, int __user *optlen)
6288 {
6289         struct sctp_endpoint *ep = sctp_sk(sk)->ep;
6290         struct sctp_authkeyid val;
6291         struct sctp_association *asoc;
6292 
6293         if (!ep->auth_enable)
6294                 return -EACCES;
6295 
6296         if (len < sizeof(struct sctp_authkeyid))
6297                 return -EINVAL;
6298 
6299         len = sizeof(struct sctp_authkeyid);
6300         if (copy_from_user(&val, optval, len))
6301                 return -EFAULT;
6302 
6303         asoc = sctp_id2assoc(sk, val.scact_assoc_id);
6304         if (!asoc && val.scact_assoc_id && sctp_style(sk, UDP))
6305                 return -EINVAL;
6306 
6307         if (asoc)
6308                 val.scact_keynumber = asoc->active_key_id;
6309         else
6310                 val.scact_keynumber = ep->active_key_id;
6311 
6312         if (put_user(len, optlen))
6313                 return -EFAULT;
6314         if (copy_to_user(optval, &val, len))
6315                 return -EFAULT;
6316 
6317         return 0;
6318 }
6319 
6320 static int sctp_getsockopt_peer_auth_chunks(struct sock *sk, int len,
6321                                     char __user *optval, int __user *optlen)
6322 {
6323         struct sctp_endpoint *ep = sctp_sk(sk)->ep;
6324         struct sctp_authchunks __user *p = (void __user *)optval;
6325         struct sctp_authchunks val;
6326         struct sctp_association *asoc;
6327         struct sctp_chunks_param *ch;
6328         u32    num_chunks = 0;
6329         char __user *to;
6330 
6331         if (!ep->auth_enable)
6332                 return -EACCES;
6333 
6334         if (len < sizeof(struct sctp_authchunks))
6335                 return -EINVAL;
6336 
6337         if (copy_from_user(&val, optval, sizeof(val)))
6338                 return -EFAULT;
6339 
6340         to = p->gauth_chunks;
6341         asoc = sctp_id2assoc(sk, val.gauth_assoc_id);
6342         if (!asoc)
6343                 return -EINVAL;
6344 
6345         ch = asoc->peer.peer_chunks;
6346         if (!ch)
6347                 goto num;
6348 
6349         /* See if the user provided enough room for all the data */
6350         num_chunks = ntohs(ch->param_hdr.length) - sizeof(struct sctp_paramhdr);
6351         if (len < num_chunks)
6352                 return -EINVAL;
6353 
6354         if (copy_to_user(to, ch->chunks, num_chunks))
6355                 return -EFAULT;
6356 num:
6357         len = sizeof(struct sctp_authchunks) + num_chunks;
6358         if (put_user(len, optlen))
6359                 return -EFAULT;
6360         if (put_user(num_chunks, &p->gauth_number_of_chunks))
6361                 return -EFAULT;
6362         return 0;
6363 }
6364 
6365 static int sctp_getsockopt_local_auth_chunks(struct sock *sk, int len,
6366                                     char __user *optval, int __user *optlen)
6367 {
6368         struct sctp_endpoint *ep = sctp_sk(sk)->ep;
6369         struct sctp_authchunks __user *p = (void __user *)optval;
6370         struct sctp_authchunks val;
6371         struct sctp_association *asoc;
6372         struct sctp_chunks_param *ch;
6373         u32    num_chunks = 0;
6374         char __user *to;
6375 
6376         if (!ep->auth_enable)
6377                 return -EACCES;
6378 
6379         if (len < sizeof(struct sctp_authchunks))
6380                 return -EINVAL;
6381 
6382         if (copy_from_user(&val, optval, sizeof(val)))
6383                 return -EFAULT;
6384 
6385         to = p->gauth_chunks;
6386         asoc = sctp_id2assoc(sk, val.gauth_assoc_id);
6387         if (!asoc && val.gauth_assoc_id && sctp_style(sk, UDP))
6388                 return -EINVAL;
6389 
6390         if (asoc)
6391                 ch = (struct sctp_chunks_param *)asoc->c.auth_chunks;
6392         else
6393                 ch = ep->auth_chunk_list;
6394 
6395         if (!ch)
6396                 goto num;
6397 
6398         num_chunks = ntohs(ch->param_hdr.length) - sizeof(struct sctp_paramhdr);
6399         if (len < sizeof(struct sctp_authchunks) + num_chunks)
6400                 return -EINVAL;
6401 
6402         if (copy_to_user(to, ch->chunks, num_chunks))
6403                 return -EFAULT;
6404 num:
6405         len = sizeof(struct sctp_authchunks) + num_chunks;
6406         if (put_user(len, optlen))
6407                 return -EFAULT;
6408         if (put_user(num_chunks, &p->gauth_number_of_chunks))
6409                 return -EFAULT;
6410 
6411         return 0;
6412 }
6413 
6414 /*
6415  * 8.2.5.  Get the Current Number of Associations (SCTP_GET_ASSOC_NUMBER)
6416  * This option gets the current number of associations that are attached
6417  * to a one-to-many style socket.  The option value is an uint32_t.
6418  */
6419 static int sctp_getsockopt_assoc_number(struct sock *sk, int len,
6420                                     char __user *optval, int __user *optlen)
6421 {
6422         struct sctp_sock *sp = sctp_sk(sk);
6423         struct sctp_association *asoc;
6424         u32 val = 0;
6425 
6426         if (sctp_style(sk, TCP))
6427                 return -EOPNOTSUPP;
6428 
6429         if (len < sizeof(u32))
6430                 return -EINVAL;
6431 
6432         len = sizeof(u32);
6433 
6434         list_for_each_entry(asoc, &(sp->ep->asocs), asocs) {
6435                 val++;
6436         }
6437 
6438         if (put_user(len, optlen))
6439                 return -EFAULT;
6440         if (copy_to_user(optval, &val, len))
6441                 return -EFAULT;
6442 
6443         return 0;
6444 }
6445 
6446 /*
6447  * 8.1.23 SCTP_AUTO_ASCONF
6448  * See the corresponding setsockopt entry as description
6449  */
6450 static int sctp_getsockopt_auto_asconf(struct sock *sk, int len,
6451                                    char __user *optval, int __user *optlen)
6452 {
6453         int val = 0;
6454 
6455         if (len < sizeof(int))
6456                 return -EINVAL;
6457 
6458         len = sizeof(int);
6459         if (sctp_sk(sk)->do_auto_asconf && sctp_is_ep_boundall(sk))
6460                 val = 1;
6461         if (put_user(len, optlen))
6462                 return -EFAULT;
6463         if (copy_to_user(optval, &val, len))
6464                 return -EFAULT;
6465         return 0;
6466 }
6467 
6468 /*
6469  * 8.2.6. Get the Current Identifiers of Associations
6470  *        (SCTP_GET_ASSOC_ID_LIST)
6471  *
6472  * This option gets the current list of SCTP association identifiers of
6473  * the SCTP associations handled by a one-to-many style socket.
6474  */
6475 static int sctp_getsockopt_assoc_ids(struct sock *sk, int len,
6476                                     char __user *optval, int __user *optlen)
6477 {
6478         struct sctp_sock *sp = sctp_sk(sk);
6479         struct sctp_association *asoc;
6480         struct sctp_assoc_ids *ids;
6481         u32 num = 0;
6482 
6483         if (sctp_style(sk, TCP))
6484                 return -EOPNOTSUPP;
6485 
6486         if (len < sizeof(struct sctp_assoc_ids))
6487                 return -EINVAL;
6488 
6489         list_for_each_entry(asoc, &(sp->ep->asocs), asocs) {
6490                 num++;
6491         }
6492 
6493         if (len < sizeof(struct sctp_assoc_ids) + sizeof(sctp_assoc_t) * num)
6494                 return -EINVAL;
6495 
6496         len = sizeof(struct sctp_assoc_ids) + sizeof(sctp_assoc_t) * num;
6497 
6498         ids = kmalloc(len, GFP_USER | __GFP_NOWARN);
6499         if (unlikely(!ids))
6500                 return -ENOMEM;
6501 
6502         ids->gaids_number_of_ids = num;
6503         num = 0;
6504         list_for_each_entry(asoc, &(sp->ep->asocs), asocs) {
6505                 ids->gaids_assoc_id[num++] = asoc->assoc_id;
6506         }
6507 
6508         if (put_user(len, optlen) || copy_to_user(optval, ids, len)) {
6509                 kfree(ids);
6510                 return -EFAULT;
6511         }
6512 
6513         kfree(ids);
6514         return 0;
6515 }
6516 
6517 /*
6518  * SCTP_PEER_ADDR_THLDS
6519  *
6520  * This option allows us to fetch the partially failed threshold for one or all
6521  * transports in an association.  See Section 6.1 of:
6522  * http://www.ietf.org/id/draft-nishida-tsvwg-sctp-failover-05.txt
6523  */
6524 static int sctp_getsockopt_paddr_thresholds(struct sock *sk,
6525                                             char __user *optval,
6526                                             int len,
6527                                             int __user *optlen)
6528 {
6529         struct sctp_paddrthlds val;
6530         struct sctp_transport *trans;
6531         struct sctp_association *asoc;
6532 
6533         if (len < sizeof(struct sctp_paddrthlds))
6534                 return -EINVAL;
6535         len = sizeof(struct sctp_paddrthlds);
6536         if (copy_from_user(&val, (struct sctp_paddrthlds __user *)optval, len))
6537                 return -EFAULT;
6538 
6539         if (sctp_is_any(sk, (const union sctp_addr *)&val.spt_address)) {
6540                 asoc = sctp_id2assoc(sk, val.spt_assoc_id);
6541                 if (!asoc)
6542                         return -ENOENT;
6543 
6544                 val.spt_pathpfthld = asoc->pf_retrans;
6545                 val.spt_pathmaxrxt = asoc->pathmaxrxt;
6546         } else {
6547                 trans = sctp_addr_id2transport(sk, &val.spt_address,
6548                                                val.spt_assoc_id);
6549                 if (!trans)
6550                         return -ENOENT;
6551 
6552                 val.spt_pathmaxrxt = trans->pathmaxrxt;
6553                 val.spt_pathpfthld = trans->pf_retrans;
6554         }
6555 
6556         if (put_user(len, optlen) || copy_to_user(optval, &val, len))
6557                 return -EFAULT;
6558 
6559         return 0;
6560 }
6561 
6562 /*
6563  * SCTP_GET_ASSOC_STATS
6564  *
6565  * This option retrieves local per endpoint statistics. It is modeled
6566  * after OpenSolaris' implementation
6567  */
6568 static int sctp_getsockopt_assoc_stats(struct sock *sk, int len,
6569                                        char __user *optval,
6570                                        int __user *optlen)
6571 {
6572         struct sctp_assoc_stats sas;
6573         struct sctp_association *asoc = NULL;
6574 
6575         /* User must provide at least the assoc id */
6576         if (len < sizeof(sctp_assoc_t))
6577                 return -EINVAL;
6578 
6579         /* Allow the struct to grow and fill in as much as possible */
6580         len = min_t(size_t, len, sizeof(sas));
6581 
6582         if (copy_from_user(&sas, optval, len))
6583                 return -EFAULT;
6584 
6585         asoc = sctp_id2assoc(sk, sas.sas_assoc_id);
6586         if (!asoc)
6587                 return -EINVAL;
6588 
6589         sas.sas_rtxchunks = asoc->stats.rtxchunks;
6590         sas.sas_gapcnt = asoc->stats.gapcnt;
6591         sas.sas_outofseqtsns = asoc->stats.outofseqtsns;
6592         sas.sas_osacks = asoc->stats.osacks;
6593         sas.sas_isacks = asoc->stats.isacks;
6594         sas.sas_octrlchunks = asoc->stats.octrlchunks;
6595         sas.sas_ictrlchunks = asoc->stats.ictrlchunks;
6596         sas.sas_oodchunks = asoc->stats.oodchunks;
6597         sas.sas_iodchunks = asoc->stats.iodchunks;
6598         sas.sas_ouodchunks = asoc->stats.ouodchunks;
6599         sas.sas_iuodchunks = asoc->stats.iuodchunks;
6600         sas.sas_idupchunks = asoc->stats.idupchunks;
6601         sas.sas_opackets = asoc->stats.opackets;
6602         sas.sas_ipackets = asoc->stats.ipackets;
6603 
6604         /* New high max rto observed, will return 0 if not a single
6605          * RTO update took place. obs_rto_ipaddr will be bogus
6606          * in such a case
6607          */
6608         sas.sas_maxrto = asoc->stats.max_obs_rto;
6609         memcpy(&sas.sas_obs_rto_ipaddr, &asoc->stats.obs_rto_ipaddr,
6610                 sizeof(struct sockaddr_storage));
6611 
6612         /* Mark beginning of a new observation period */
6613         asoc->stats.max_obs_rto = asoc->rto_min;
6614 
6615         if (put_user(len, optlen))
6616                 return -EFAULT;
6617 
6618         pr_debug("%s: len:%d, assoc_id:%d\n", __func__, len, sas.sas_assoc_id);
6619 
6620         if (copy_to_user(optval, &sas, len))
6621                 return -EFAULT;
6622 
6623         return 0;
6624 }
6625 
6626 static int sctp_getsockopt_recvrcvinfo(struct sock *sk, int len,
6627                                        char __user *optval,
6628                                        int __user *optlen)
6629 {
6630         int val = 0;
6631 
6632         if (len < sizeof(int))
6633                 return -EINVAL;
6634 
6635         len = sizeof(int);
6636         if (sctp_sk(sk)->recvrcvinfo)
6637                 val = 1;
6638         if (put_user(len, optlen))
6639                 return -EFAULT;
6640         if (copy_to_user(optval, &val, len))
6641                 return -EFAULT;
6642 
6643         return 0;
6644 }
6645 
6646 static int sctp_getsockopt_recvnxtinfo(struct sock *sk, int len,
6647                                        char __user *optval,
6648                                        int __user *optlen)
6649 {
6650         int val = 0;
6651 
6652         if (len < sizeof(int))
6653                 return -EINVAL;
6654 
6655         len = sizeof(int);
6656         if (sctp_sk(sk)->recvnxtinfo)
6657                 val = 1;
6658         if (put_user(len, optlen))
6659                 return -EFAULT;
6660         if (copy_to_user(optval, &val, len))
6661                 return -EFAULT;
6662 
6663         return 0;
6664 }
6665 
6666 static int sctp_getsockopt_pr_supported(struct sock *sk, int len,
6667                                         char __user *optval,
6668                                         int __user *optlen)
6669 {
6670         struct sctp_assoc_value params;
6671         struct sctp_association *asoc;
6672         int retval = -EFAULT;
6673 
6674         if (len < sizeof(params)) {
6675                 retval = -EINVAL;
6676                 goto out;
6677         }
6678 
6679         len = sizeof(params);
6680         if (copy_from_user(&params, optval, len))
6681                 goto out;
6682 
6683         asoc = sctp_id2assoc(sk, params.assoc_id);
6684         if (asoc) {
6685                 params.assoc_value = asoc->prsctp_enable;
6686         } else if (!params.assoc_id) {
6687                 struct sctp_sock *sp = sctp_sk(sk);
6688 
6689                 params.assoc_value = sp->ep->prsctp_enable;
6690         } else {
6691                 retval = -EINVAL;
6692                 goto out;
6693         }
6694 
6695         if (put_user(len, optlen))
6696                 goto out;
6697 
6698         if (copy_to_user(optval, &params, len))
6699                 goto out;
6700 
6701         retval = 0;
6702 
6703 out:
6704         return retval;
6705 }
6706 
6707 static int sctp_getsockopt_default_prinfo(struct sock *sk, int len,
6708                                           char __user *optval,
6709                                           int __user *optlen)
6710 {
6711         struct sctp_default_prinfo info;
6712         struct sctp_association *asoc;
6713         int retval = -EFAULT;
6714 
6715         if (len < sizeof(info)) {
6716                 retval = -EINVAL;
6717                 goto out;
6718         }
6719 
6720         len = sizeof(info);
6721         if (copy_from_user(&info, optval, len))
6722                 goto out;
6723 
6724         asoc = sctp_id2assoc(sk, info.pr_assoc_id);
6725         if (asoc) {
6726                 info.pr_policy = SCTP_PR_POLICY(asoc->default_flags);
6727                 info.pr_value = asoc->default_timetolive;
6728         } else if (!info.pr_assoc_id) {
6729                 struct sctp_sock *sp = sctp_sk(sk);
6730 
6731                 info.pr_policy = SCTP_PR_POLICY(sp->default_flags);
6732                 info.pr_value = sp->default_timetolive;
6733         } else {
6734                 retval = -EINVAL;
6735                 goto out;
6736         }
6737 
6738         if (put_user(len, optlen))
6739                 goto out;
6740 
6741         if (copy_to_user(optval, &info, len))
6742                 goto out;
6743 
6744         retval = 0;
6745 
6746 out:
6747         return retval;
6748 }
6749 
6750 static int sctp_getsockopt_pr_assocstatus(struct sock *sk, int len,
6751                                           char __user *optval,
6752                                           int __user *optlen)
6753 {
6754         struct sctp_prstatus params;
6755         struct sctp_association *asoc;
6756         int policy;
6757         int retval = -EINVAL;
6758 
6759         if (len < sizeof(params))
6760                 goto out;
6761 
6762         len = sizeof(params);
6763         if (copy_from_user(&params, optval, len)) {
6764                 retval = -EFAULT;
6765                 goto out;
6766         }
6767 
6768         policy = params.sprstat_policy;
6769         if (policy & ~SCTP_PR_SCTP_MASK)
6770                 goto out;
6771 
6772         asoc = sctp_id2assoc(sk, params.sprstat_assoc_id);
6773         if (!asoc)
6774                 goto out;
6775 
6776         if (policy == SCTP_PR_SCTP_NONE) {
6777                 params.sprstat_abandoned_unsent = 0;
6778                 params.sprstat_abandoned_sent = 0;
6779                 for (policy = 0; policy <= SCTP_PR_INDEX(MAX); policy++) {
6780                         params.sprstat_abandoned_unsent +=
6781                                 asoc->abandoned_unsent[policy];
6782                         params.sprstat_abandoned_sent +=
6783                                 asoc->abandoned_sent[policy];
6784                 }
6785         } else {
6786                 params.sprstat_abandoned_unsent =
6787                         asoc->abandoned_unsent[__SCTP_PR_INDEX(policy)];
6788                 params.sprstat_abandoned_sent =
6789                         asoc->abandoned_sent[__SCTP_PR_INDEX(policy)];
6790         }
6791 
6792         if (put_user(len, optlen)) {
6793                 retval = -EFAULT;
6794                 goto out;
6795         }
6796 
6797         if (copy_to_user(optval, &params, len)) {
6798                 retval = -EFAULT;
6799                 goto out;
6800         }
6801 
6802         retval = 0;
6803 
6804 out:
6805         return retval;
6806 }
6807 
6808 static int sctp_getsockopt_pr_streamstatus(struct sock *sk, int len,
6809                                            char __user *optval,
6810                                            int __user *optlen)
6811 {
6812         struct sctp_stream_out_ext *streamoute;
6813         struct sctp_association *asoc;
6814         struct sctp_prstatus params;
6815         int retval = -EINVAL;
6816         int policy;
6817 
6818         if (len < sizeof(params))
6819                 goto out;
6820 
6821         len = sizeof(params);
6822         if (copy_from_user(&params, optval, len)) {
6823                 retval = -EFAULT;
6824                 goto out;
6825         }
6826 
6827         policy = params.sprstat_policy;
6828         if (policy & ~SCTP_PR_SCTP_MASK)
6829                 goto out;
6830 
6831         asoc = sctp_id2assoc(sk, params.sprstat_assoc_id);
6832         if (!asoc || params.sprstat_sid >= asoc->stream.outcnt)
6833                 goto out;
6834 
6835         streamoute = asoc->stream.out[params.sprstat_sid].ext;
6836         if (!streamoute) {
6837                 /* Not allocated yet, means all stats are 0 */
6838                 params.sprstat_abandoned_unsent = 0;
6839                 params.sprstat_abandoned_sent = 0;
6840                 retval = 0;
6841                 goto out;
6842         }
6843 
6844         if (policy == SCTP_PR_SCTP_NONE) {
6845                 params.sprstat_abandoned_unsent = 0;
6846                 params.sprstat_abandoned_sent = 0;
6847                 for (policy = 0; policy <= SCTP_PR_INDEX(MAX); policy++) {
6848                         params.sprstat_abandoned_unsent +=
6849                                 streamoute->abandoned_unsent[policy];
6850                         params.sprstat_abandoned_sent +=
6851                                 streamoute->abandoned_sent[policy];
6852                 }
6853         } else {
6854                 params.sprstat_abandoned_unsent =
6855                         streamoute->abandoned_unsent[__SCTP_PR_INDEX(policy)];
6856                 params.sprstat_abandoned_sent =
6857                         streamoute->abandoned_sent[__SCTP_PR_INDEX(policy)];
6858         }
6859 
6860         if (put_user(len, optlen) || copy_to_user(optval, &params, len)) {
6861                 retval = -EFAULT;
6862                 goto out;
6863         }
6864 
6865         retval = 0;
6866 
6867 out:
6868         return retval;
6869 }
6870 
6871 static int sctp_getsockopt_reconfig_supported(struct sock *sk, int len,
6872                                               char __user *optval,
6873                                               int __user *optlen)
6874 {
6875         struct sctp_assoc_value params;
6876         struct sctp_association *asoc;
6877         int retval = -EFAULT;
6878 
6879         if (len < sizeof(params)) {
6880                 retval = -EINVAL;
6881                 goto out;
6882         }
6883 
6884         len = sizeof(params);
6885         if (copy_from_user(&params, optval, len))
6886                 goto out;
6887 
6888         asoc = sctp_id2assoc(sk, params.assoc_id);
6889         if (asoc) {
6890                 params.assoc_value = asoc->reconf_enable;
6891         } else if (!params.assoc_id) {
6892                 struct sctp_sock *sp = sctp_sk(sk);
6893 
6894                 params.assoc_value = sp->ep->reconf_enable;
6895         } else {
6896                 retval = -EINVAL;
6897                 goto out;
6898         }
6899 
6900         if (put_user(len, optlen))
6901                 goto out;
6902 
6903         if (copy_to_user(optval, &params, len))
6904                 goto out;
6905 
6906