Merge tag 'selinux-pr-20180403' of git://git.kernel.org/pub/scm/linux/kernel/git...
[muen/linux.git] / net / sctp / socket.c
index 73b34a6b5b09af53c592d9bbac9bd25366b1b37c..2a2e094560dedafa043b7374941e82559e47a739 100644 (file)
@@ -156,6 +156,9 @@ static inline void sctp_set_owner_w(struct sctp_chunk *chunk)
        /* The sndbuf space is tracked per association.  */
        sctp_association_hold(asoc);
 
        /* The sndbuf space is tracked per association.  */
        sctp_association_hold(asoc);
 
+       if (chunk->shkey)
+               sctp_auth_shkey_hold(chunk->shkey);
+
        skb_set_owner_w(chunk->skb, sk);
 
        chunk->skb->destructor = sctp_wfree;
        skb_set_owner_w(chunk->skb, sk);
 
        chunk->skb->destructor = sctp_wfree;
@@ -1622,415 +1625,319 @@ static int sctp_error(struct sock *sk, int flags, int err)
 static int sctp_msghdr_parse(const struct msghdr *msg,
                             struct sctp_cmsgs *cmsgs);
 
 static int sctp_msghdr_parse(const struct msghdr *msg,
                             struct sctp_cmsgs *cmsgs);
 
-static int sctp_sendmsg(struct sock *sk, struct msghdr *msg, size_t msg_len)
+static int sctp_sendmsg_parse(struct sock *sk, struct sctp_cmsgs *cmsgs,
+                             struct sctp_sndrcvinfo *srinfo,
+                             const struct msghdr *msg, size_t msg_len)
 {
 {
-       struct net *net = sock_net(sk);
-       struct sctp_sock *sp;
-       struct sctp_endpoint *ep;
-       struct sctp_association *new_asoc = NULL, *asoc = NULL;
-       struct sctp_transport *transport, *chunk_tp;
-       struct sctp_chunk *chunk;
-       union sctp_addr to;
-       struct sctp_af *af;
-       struct sockaddr *msg_name = NULL;
-       struct sctp_sndrcvinfo default_sinfo;
-       struct sctp_sndrcvinfo *sinfo;
-       struct sctp_initmsg *sinit;
-       sctp_assoc_t associd = 0;
-       struct sctp_cmsgs cmsgs = { NULL };
-       enum sctp_scope scope;
-       bool fill_sinfo_ttl = false, wait_connect = false;
-       struct sctp_datamsg *datamsg;
-       int msg_flags = msg->msg_flags;
-       __u16 sinfo_flags = 0;
-       long timeo;
+       __u16 sflags;
        int err;
 
        int err;
 
-       err = 0;
-       sp = sctp_sk(sk);
-       ep = sp->ep;
+       if (sctp_sstate(sk, LISTENING) && sctp_style(sk, TCP))
+               return -EPIPE;
 
 
-       pr_debug("%s: sk:%p, msg:%p, msg_len:%zu ep:%p\n", __func__, sk,
-                msg, msg_len, ep);
-
-       /* We cannot send a message over a TCP-style listening socket. */
-       if (sctp_style(sk, TCP) && sctp_sstate(sk, LISTENING)) {
-               err = -EPIPE;
-               goto out_nounlock;
-       }
+       if (msg_len > sk->sk_sndbuf)
+               return -EMSGSIZE;
 
 
-       /* Parse out the SCTP CMSGs.  */
-       err = sctp_msghdr_parse(msg, &cmsgs);
+       memset(cmsgs, 0, sizeof(*cmsgs));
+       err = sctp_msghdr_parse(msg, cmsgs);
        if (err) {
                pr_debug("%s: msghdr parse err:%x\n", __func__, err);
        if (err) {
                pr_debug("%s: msghdr parse err:%x\n", __func__, err);
-               goto out_nounlock;
+               return err;
        }
 
        }
 
-       /* Fetch the destination address for this packet.  This
-        * address only selects the association--it is not necessarily
-        * the address we will send to.
-        * For a peeled-off socket, msg_name is ignored.
-        */
-       if (!sctp_style(sk, UDP_HIGH_BANDWIDTH) && msg->msg_name) {
-               int msg_namelen = msg->msg_namelen;
+       memset(srinfo, 0, sizeof(*srinfo));
+       if (cmsgs->srinfo) {
+               srinfo->sinfo_stream = cmsgs->srinfo->sinfo_stream;
+               srinfo->sinfo_flags = cmsgs->srinfo->sinfo_flags;
+               srinfo->sinfo_ppid = cmsgs->srinfo->sinfo_ppid;
+               srinfo->sinfo_context = cmsgs->srinfo->sinfo_context;
+               srinfo->sinfo_assoc_id = cmsgs->srinfo->sinfo_assoc_id;
+               srinfo->sinfo_timetolive = cmsgs->srinfo->sinfo_timetolive;
+       }
 
 
-               err = sctp_verify_addr(sk, (union sctp_addr *)msg->msg_name,
-                                      msg_namelen);
-               if (err)
-                       return err;
+       if (cmsgs->sinfo) {
+               srinfo->sinfo_stream = cmsgs->sinfo->snd_sid;
+               srinfo->sinfo_flags = cmsgs->sinfo->snd_flags;
+               srinfo->sinfo_ppid = cmsgs->sinfo->snd_ppid;
+               srinfo->sinfo_context = cmsgs->sinfo->snd_context;
+               srinfo->sinfo_assoc_id = cmsgs->sinfo->snd_assoc_id;
+       }
 
 
-               if (msg_namelen > sizeof(to))
-                       msg_namelen = sizeof(to);
-               memcpy(&to, msg->msg_name, msg_namelen);
-               msg_name = msg->msg_name;
+       if (cmsgs->prinfo) {
+               srinfo->sinfo_timetolive = cmsgs->prinfo->pr_value;
+               SCTP_PR_SET_POLICY(srinfo->sinfo_flags,
+                                  cmsgs->prinfo->pr_policy);
        }
 
        }
 
-       sinit = cmsgs.init;
-       if (cmsgs.sinfo != NULL) {
-               memset(&default_sinfo, 0, sizeof(default_sinfo));
-               default_sinfo.sinfo_stream = cmsgs.sinfo->snd_sid;
-               default_sinfo.sinfo_flags = cmsgs.sinfo->snd_flags;
-               default_sinfo.sinfo_ppid = cmsgs.sinfo->snd_ppid;
-               default_sinfo.sinfo_context = cmsgs.sinfo->snd_context;
-               default_sinfo.sinfo_assoc_id = cmsgs.sinfo->snd_assoc_id;
+       sflags = srinfo->sinfo_flags;
+       if (!sflags && msg_len)
+               return 0;
 
 
-               sinfo = &default_sinfo;
-               fill_sinfo_ttl = true;
-       } else {
-               sinfo = cmsgs.srinfo;
-       }
-       /* Did the user specify SNDINFO/SNDRCVINFO? */
-       if (sinfo) {
-               sinfo_flags = sinfo->sinfo_flags;
-               associd = sinfo->sinfo_assoc_id;
-       }
+       if (sctp_style(sk, TCP) && (sflags & (SCTP_EOF | SCTP_ABORT)))
+               return -EINVAL;
 
 
-       pr_debug("%s: msg_len:%zu, sinfo_flags:0x%x\n", __func__,
-                msg_len, sinfo_flags);
+       if (((sflags & SCTP_EOF) && msg_len > 0) ||
+           (!(sflags & (SCTP_EOF | SCTP_ABORT)) && msg_len == 0))
+               return -EINVAL;
 
 
-       /* SCTP_EOF or SCTP_ABORT cannot be set on a TCP-style socket. */
-       if (sctp_style(sk, TCP) && (sinfo_flags & (SCTP_EOF | SCTP_ABORT))) {
-               err = -EINVAL;
-               goto out_nounlock;
-       }
+       if ((sflags & SCTP_ADDR_OVER) && !msg->msg_name)
+               return -EINVAL;
 
 
-       /* If SCTP_EOF is set, no data can be sent. Disallow sending zero
-        * length messages when SCTP_EOF|SCTP_ABORT is not set.
-        * If SCTP_ABORT is set, the message length could be non zero with
-        * the msg_iov set to the user abort reason.
-        */
-       if (((sinfo_flags & SCTP_EOF) && (msg_len > 0)) ||
-           (!(sinfo_flags & (SCTP_EOF|SCTP_ABORT)) && (msg_len == 0))) {
-               err = -EINVAL;
-               goto out_nounlock;
-       }
+       return 0;
+}
 
 
-       /* If SCTP_ADDR_OVER is set, there must be an address
-        * specified in msg_name.
-        */
-       if ((sinfo_flags & SCTP_ADDR_OVER) && (!msg->msg_name)) {
-               err = -EINVAL;
-               goto out_nounlock;
-       }
+static int sctp_sendmsg_new_asoc(struct sock *sk, __u16 sflags,
+                                struct sctp_cmsgs *cmsgs,
+                                union sctp_addr *daddr,
+                                struct sctp_transport **tp)
+{
+       struct sctp_endpoint *ep = sctp_sk(sk)->ep;
+       struct net *net = sock_net(sk);
+       struct sctp_association *asoc;
+       enum sctp_scope scope;
+       struct cmsghdr *cmsg;
+       struct sctp_af *af;
+       int err;
 
 
-       transport = NULL;
+       *tp = NULL;
 
 
-       pr_debug("%s: about to look up association\n", __func__);
+       if (sflags & (SCTP_EOF | SCTP_ABORT))
+               return -EINVAL;
 
 
-       lock_sock(sk);
+       if (sctp_style(sk, TCP) && (sctp_sstate(sk, ESTABLISHED) ||
+                                   sctp_sstate(sk, CLOSING)))
+               return -EADDRNOTAVAIL;
 
 
-       /* If a msg_name has been specified, assume this is to be used.  */
-       if (msg_name) {
-               /* Look for a matching association on the endpoint. */
-               asoc = sctp_endpoint_lookup_assoc(ep, &to, &transport);
+       if (sctp_endpoint_is_peeled_off(ep, daddr))
+               return -EADDRNOTAVAIL;
 
 
-               /* If we could not find a matching association on the
-                * endpoint, make sure that it is not a TCP-style
-                * socket that already has an association or there is
-                * no peeled-off association on another socket.
-                */
-               if (!asoc &&
-                   ((sctp_style(sk, TCP) &&
-                     (sctp_sstate(sk, ESTABLISHED) ||
-                      sctp_sstate(sk, CLOSING))) ||
-                    sctp_endpoint_is_peeled_off(ep, &to))) {
-                       err = -EADDRNOTAVAIL;
-                       goto out_unlock;
-               }
+       if (!ep->base.bind_addr.port) {
+               if (sctp_autobind(sk))
+                       return -EAGAIN;
        } else {
        } else {
-               asoc = sctp_id2assoc(sk, associd);
-               if (!asoc) {
-                       err = -EPIPE;
-                       goto out_unlock;
-               }
+               if (ep->base.bind_addr.port < inet_prot_sock(net) &&
+                   !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE))
+                       return -EACCES;
        }
 
        }
 
-       if (asoc) {
-               pr_debug("%s: just looked up association:%p\n", __func__, asoc);
+       scope = sctp_scope(daddr);
 
 
-               /* We cannot send a message on a TCP-style SCTP_SS_ESTABLISHED
-                * socket that has an association in CLOSED state. This can
-                * happen when an accepted socket has an association that is
-                * already CLOSED.
-                */
-               if (sctp_state(asoc, CLOSED) && sctp_style(sk, TCP)) {
-                       err = -EPIPE;
-                       goto out_unlock;
-               }
+       /* Label connection socket for first association 1-to-many
+        * style for client sequence socket()->sendmsg(). This
+        * needs to be done before sctp_assoc_add_peer() as that will
+        * set up the initial packet that needs to account for any
+        * security ip options (CIPSO/CALIPSO) added to the packet.
+        */
+       af = sctp_get_af_specific(daddr->sa.sa_family);
+       if (!af)
+               return -EINVAL;
+       err = security_sctp_bind_connect(sk, SCTP_SENDMSG_CONNECT,
+                                        (struct sockaddr *)daddr,
+                                        af->sockaddr_len);
+       if (err < 0)
+               return err;
 
 
-               if (sinfo_flags & SCTP_EOF) {
-                       pr_debug("%s: shutting down association:%p\n",
-                                __func__, asoc);
+       asoc = sctp_association_new(ep, sk, scope, GFP_KERNEL);
+       if (!asoc)
+               return -ENOMEM;
 
 
-                       sctp_primitive_SHUTDOWN(net, asoc, NULL);
-                       err = 0;
-                       goto out_unlock;
-               }
-               if (sinfo_flags & SCTP_ABORT) {
+       if (sctp_assoc_set_bind_addr_from_ep(asoc, scope, GFP_KERNEL) < 0) {
+               err = -ENOMEM;
+               goto free;
+       }
 
 
-                       chunk = sctp_make_abort_user(asoc, msg, msg_len);
-                       if (!chunk) {
-                               err = -ENOMEM;
-                               goto out_unlock;
-                       }
+       if (cmsgs->init) {
+               struct sctp_initmsg *init = cmsgs->init;
 
 
-                       pr_debug("%s: aborting association:%p\n",
-                                __func__, asoc);
+               if (init->sinit_num_ostreams) {
+                       __u16 outcnt = init->sinit_num_ostreams;
 
 
-                       sctp_primitive_ABORT(net, asoc, chunk);
-                       err = 0;
-                       goto out_unlock;
+                       asoc->c.sinit_num_ostreams = outcnt;
+                       /* outcnt has been changed, need to re-init stream */
+                       err = sctp_stream_init(&asoc->stream, outcnt, 0,
+                                              GFP_KERNEL);
+                       if (err)
+                               goto free;
                }
                }
+
+               if (init->sinit_max_instreams)
+                       asoc->c.sinit_max_instreams = init->sinit_max_instreams;
+
+               if (init->sinit_max_attempts)
+                       asoc->max_init_attempts = init->sinit_max_attempts;
+
+               if (init->sinit_max_init_timeo)
+                       asoc->max_init_timeo =
+                               msecs_to_jiffies(init->sinit_max_init_timeo);
        }
 
        }
 
-       /* Do we need to create the association?  */
-       if (!asoc) {
-               pr_debug("%s: there is no association yet\n", __func__);
+       *tp = sctp_assoc_add_peer(asoc, daddr, GFP_KERNEL, SCTP_UNKNOWN);
+       if (!*tp) {
+               err = -ENOMEM;
+               goto free;
+       }
 
 
-               if (sinfo_flags & (SCTP_EOF | SCTP_ABORT)) {
-                       err = -EINVAL;
-                       goto out_unlock;
-               }
+       if (!cmsgs->addrs_msg)
+               return 0;
 
 
-               /* Check for invalid stream against the stream counts,
-                * either the default or the user specified stream counts.
-                */
-               if (sinfo) {
-                       if (!sinit || !sinit->sinit_num_ostreams) {
-                               /* Check against the defaults. */
-                               if (sinfo->sinfo_stream >=
-                                   sp->initmsg.sinit_num_ostreams) {
-                                       err = -EINVAL;
-                                       goto out_unlock;
-                               }
-                       } else {
-                               /* Check against the requested.  */
-                               if (sinfo->sinfo_stream >=
-                                   sinit->sinit_num_ostreams) {
-                                       err = -EINVAL;
-                                       goto out_unlock;
-                               }
-                       }
-               }
+       /* sendv addr list parse */
+       for_each_cmsghdr(cmsg, cmsgs->addrs_msg) {
+               struct sctp_transport *transport;
+               struct sctp_association *old;
+               union sctp_addr _daddr;
+               int dlen;
 
 
-               /*
-                * API 3.1.2 bind() - UDP Style Syntax
-                * If a bind() or sctp_bindx() is not called prior to a
-                * sendmsg() call that initiates a new association, the
-                * system picks an ephemeral port and will choose an address
-                * set equivalent to binding with a wildcard address.
-                */
-               if (!ep->base.bind_addr.port) {
-                       if (sctp_autobind(sk)) {
-                               err = -EAGAIN;
-                               goto out_unlock;
+               if (cmsg->cmsg_level != IPPROTO_SCTP ||
+                   (cmsg->cmsg_type != SCTP_DSTADDRV4 &&
+                    cmsg->cmsg_type != SCTP_DSTADDRV6))
+                       continue;
+
+               daddr = &_daddr;
+               memset(daddr, 0, sizeof(*daddr));
+               dlen = cmsg->cmsg_len - sizeof(struct cmsghdr);
+               if (cmsg->cmsg_type == SCTP_DSTADDRV4) {
+                       if (dlen < sizeof(struct in_addr)) {
+                               err = -EINVAL;
+                               goto free;
                        }
                        }
+
+                       dlen = sizeof(struct in_addr);
+                       daddr->v4.sin_family = AF_INET;
+                       daddr->v4.sin_port = htons(asoc->peer.port);
+                       memcpy(&daddr->v4.sin_addr, CMSG_DATA(cmsg), dlen);
                } else {
                } else {
-                       /*
-                        * If an unprivileged user inherits a one-to-many
-                        * style socket with open associations on a privileged
-                        * port, it MAY be permitted to accept new associations,
-                        * but it SHOULD NOT be permitted to open new
-                        * associations.
-                        */
-                       if (ep->base.bind_addr.port < inet_prot_sock(net) &&
-                           !ns_capable(net->user_ns, CAP_NET_BIND_SERVICE)) {
-                               err = -EACCES;
-                               goto out_unlock;
+                       if (dlen < sizeof(struct in6_addr)) {
+                               err = -EINVAL;
+                               goto free;
                        }
                        }
-               }
 
 
-               scope = sctp_scope(&to);
-
-               /* Label connection socket for first association 1-to-many
-                * style for client sequence socket()->sendmsg(). This
-                * needs to be done before sctp_assoc_add_peer() as that will
-                * set up the initial packet that needs to account for any
-                * security ip options (CIPSO/CALIPSO) added to the packet.
-                */
-               af = sctp_get_af_specific(to.sa.sa_family);
-               if (!af) {
-                       err = -EINVAL;
-                       goto out_unlock;
+                       dlen = sizeof(struct in6_addr);
+                       daddr->v6.sin6_family = AF_INET6;
+                       daddr->v6.sin6_port = htons(asoc->peer.port);
+                       memcpy(&daddr->v6.sin6_addr, CMSG_DATA(cmsg), dlen);
                }
                }
-               err = security_sctp_bind_connect(sk, SCTP_SENDMSG_CONNECT,
-                                                (struct sockaddr *)&to,
-                                                af->sockaddr_len);
-               if (err < 0)
-                       goto out_unlock;
+               err = sctp_verify_addr(sk, daddr, sizeof(*daddr));
+               if (err)
+                       goto free;
 
 
-               new_asoc = sctp_association_new(ep, sk, scope, GFP_KERNEL);
-               if (!new_asoc) {
-                       err = -ENOMEM;
-                       goto out_unlock;
-               }
-               asoc = new_asoc;
-               err = sctp_assoc_set_bind_addr_from_ep(asoc, scope, GFP_KERNEL);
-               if (err < 0) {
-                       err = -ENOMEM;
-                       goto out_free;
+               old = sctp_endpoint_lookup_assoc(ep, daddr, &transport);
+               if (old && old != asoc) {
+                       if (old->state >= SCTP_STATE_ESTABLISHED)
+                               err = -EISCONN;
+                       else
+                               err = -EALREADY;
+                       goto free;
                }
 
                }
 
-               /* If the SCTP_INIT ancillary data is specified, set all
-                * the association init values accordingly.
-                */
-               if (sinit) {
-                       if (sinit->sinit_num_ostreams) {
-                               __u16 outcnt = sinit->sinit_num_ostreams;
-
-                               asoc->c.sinit_num_ostreams = outcnt;
-                               /* outcnt has been changed, so re-init stream */
-                               err = sctp_stream_init(&asoc->stream, outcnt, 0,
-                                                      GFP_KERNEL);
-                               if (err)
-                                       goto out_free;
-                       }
-                       if (sinit->sinit_max_instreams) {
-                               asoc->c.sinit_max_instreams =
-                                       sinit->sinit_max_instreams;
-                       }
-                       if (sinit->sinit_max_attempts) {
-                               asoc->max_init_attempts
-                                       = sinit->sinit_max_attempts;
-                       }
-                       if (sinit->sinit_max_init_timeo) {
-                               asoc->max_init_timeo =
-                                msecs_to_jiffies(sinit->sinit_max_init_timeo);
-                       }
+               if (sctp_endpoint_is_peeled_off(ep, daddr)) {
+                       err = -EADDRNOTAVAIL;
+                       goto free;
                }
 
                }
 
-               /* Prime the peer's transport structures.  */
-               transport = sctp_assoc_add_peer(asoc, &to, GFP_KERNEL, SCTP_UNKNOWN);
+               transport = sctp_assoc_add_peer(asoc, daddr, GFP_KERNEL,
+                                               SCTP_UNKNOWN);
                if (!transport) {
                        err = -ENOMEM;
                if (!transport) {
                        err = -ENOMEM;
-                       goto out_free;
+                       goto free;
                }
        }
 
                }
        }
 
-       /* ASSERT: we have a valid association at this point.  */
-       pr_debug("%s: we have a valid association\n", __func__);
+       return 0;
 
 
-       if (!sinfo) {
-               /* If the user didn't specify SNDINFO/SNDRCVINFO, make up
-                * one with some defaults.
-                */
-               memset(&default_sinfo, 0, sizeof(default_sinfo));
-               default_sinfo.sinfo_stream = asoc->default_stream;
-               default_sinfo.sinfo_flags = asoc->default_flags;
-               default_sinfo.sinfo_ppid = asoc->default_ppid;
-               default_sinfo.sinfo_context = asoc->default_context;
-               default_sinfo.sinfo_timetolive = asoc->default_timetolive;
-               default_sinfo.sinfo_assoc_id = sctp_assoc2id(asoc);
-
-               sinfo = &default_sinfo;
-       } else if (fill_sinfo_ttl) {
-               /* In case SNDINFO was specified, we still need to fill
-                * it with a default ttl from the assoc here.
-                */
-               sinfo->sinfo_timetolive = asoc->default_timetolive;
-       }
+free:
+       sctp_association_free(asoc);
+       return err;
+}
 
 
-       /* API 7.1.7, the sndbuf size per association bounds the
-        * maximum size of data that can be sent in a single send call.
-        */
-       if (msg_len > sk->sk_sndbuf) {
-               err = -EMSGSIZE;
-               goto out_free;
+static int sctp_sendmsg_check_sflags(struct sctp_association *asoc,
+                                    __u16 sflags, struct msghdr *msg,
+                                    size_t msg_len)
+{
+       struct sock *sk = asoc->base.sk;
+       struct net *net = sock_net(sk);
+
+       if (sctp_state(asoc, CLOSED) && sctp_style(sk, TCP))
+               return -EPIPE;
+
+       if ((sflags & SCTP_SENDALL) && sctp_style(sk, UDP) &&
+           !sctp_state(asoc, ESTABLISHED))
+               return 0;
+
+       if (sflags & SCTP_EOF) {
+               pr_debug("%s: shutting down association:%p\n", __func__, asoc);
+               sctp_primitive_SHUTDOWN(net, asoc, NULL);
+
+               return 0;
        }
 
        }
 
-       if (asoc->pmtu_pending)
-               sctp_assoc_pending_pmtu(asoc);
+       if (sflags & SCTP_ABORT) {
+               struct sctp_chunk *chunk;
 
 
-       /* If fragmentation is disabled and the message length exceeds the
-        * association fragmentation point, return EMSGSIZE.  The I-D
-        * does not specify what this error is, but this looks like
-        * a great fit.
-        */
-       if (sctp_sk(sk)->disable_fragments && (msg_len > asoc->frag_point)) {
-               err = -EMSGSIZE;
-               goto out_free;
+               chunk = sctp_make_abort_user(asoc, msg, msg_len);
+               if (!chunk)
+                       return -ENOMEM;
+
+               pr_debug("%s: aborting association:%p\n", __func__, asoc);
+               sctp_primitive_ABORT(net, asoc, chunk);
+
+               return 0;
        }
 
        }
 
-       /* Check for invalid stream. */
+       return 1;
+}
+
+static int sctp_sendmsg_to_asoc(struct sctp_association *asoc,
+                               struct msghdr *msg, size_t msg_len,
+                               struct sctp_transport *transport,
+                               struct sctp_sndrcvinfo *sinfo)
+{
+       struct sock *sk = asoc->base.sk;
+       struct net *net = sock_net(sk);
+       struct sctp_datamsg *datamsg;
+       bool wait_connect = false;
+       struct sctp_chunk *chunk;
+       long timeo;
+       int err;
+
        if (sinfo->sinfo_stream >= asoc->stream.outcnt) {
                err = -EINVAL;
        if (sinfo->sinfo_stream >= asoc->stream.outcnt) {
                err = -EINVAL;
-               goto out_free;
+               goto err;
        }
 
        }
 
-       /* Allocate sctp_stream_out_ext if not already done */
        if (unlikely(!asoc->stream.out[sinfo->sinfo_stream].ext)) {
                err = sctp_stream_init_ext(&asoc->stream, sinfo->sinfo_stream);
                if (err)
        if (unlikely(!asoc->stream.out[sinfo->sinfo_stream].ext)) {
                err = sctp_stream_init_ext(&asoc->stream, sinfo->sinfo_stream);
                if (err)
-                       goto out_free;
+                       goto err;
+       }
+
+       if (sctp_sk(sk)->disable_fragments && msg_len > asoc->frag_point) {
+               err = -EMSGSIZE;
+               goto err;
        }
 
        }
 
+       if (asoc->pmtu_pending)
+               sctp_assoc_pending_pmtu(asoc);
+
        if (sctp_wspace(asoc) < msg_len)
                sctp_prsctp_prune(asoc, sinfo, msg_len - sctp_wspace(asoc));
 
        if (sctp_wspace(asoc) < msg_len)
                sctp_prsctp_prune(asoc, sinfo, msg_len - sctp_wspace(asoc));
 
-       timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
        if (!sctp_wspace(asoc)) {
        if (!sctp_wspace(asoc)) {
-               /* sk can be changed by peel off when waiting for buf. */
+               timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
                err = sctp_wait_for_sndbuf(asoc, &timeo, msg_len);
                err = sctp_wait_for_sndbuf(asoc, &timeo, msg_len);
-               if (err) {
-                       if (err == -ESRCH) {
-                               /* asoc is already dead. */
-                               new_asoc = NULL;
-                               err = -EPIPE;
-                       }
-                       goto out_free;
-               }
+               if (err)
+                       goto err;
        }
 
        }
 
-       /* If an address is passed with the sendto/sendmsg call, it is used
-        * to override the primary destination address in the TCP model, or
-        * when SCTP_ADDR_OVER flag is set in the UDP model.
-        */
-       if ((sctp_style(sk, TCP) && msg_name) ||
-           (sinfo_flags & SCTP_ADDR_OVER)) {
-               chunk_tp = sctp_assoc_lookup_paddr(asoc, &to);
-               if (!chunk_tp) {
-                       err = -EINVAL;
-                       goto out_free;
-               }
-       } else
-               chunk_tp = NULL;
-
-       /* Auto-connect, if we aren't connected already. */
        if (sctp_state(asoc, CLOSED)) {
                err = sctp_primitive_ASSOCIATE(net, asoc, NULL);
        if (sctp_state(asoc, CLOSED)) {
                err = sctp_primitive_ASSOCIATE(net, asoc, NULL);
-               if (err < 0)
-                       goto out_free;
+               if (err)
+                       goto err;
 
 
-               /* If stream interleave is enabled, wait_connect has to be
-                * done earlier than data enqueue, as it needs to make data
-                * or idata according to asoc->intl_enable which is set
-                * after connection is done.
-                */
-               if (sctp_sk(asoc->base.sk)->strm_interleave) {
+               if (sctp_sk(sk)->strm_interleave) {
                        timeo = sock_sndtimeo(sk, 0);
                        err = sctp_wait_for_connect(asoc, &timeo);
                        if (err)
                        timeo = sock_sndtimeo(sk, 0);
                        err = sctp_wait_for_connect(asoc, &timeo);
                        if (err)
-                               goto out_unlock;
+                               goto err;
                } else {
                        wait_connect = true;
                }
                } else {
                        wait_connect = true;
                }
@@ -2038,73 +1945,186 @@ static int sctp_sendmsg(struct sock *sk, struct msghdr *msg, size_t msg_len)
                pr_debug("%s: we associated primitively\n", __func__);
        }
 
                pr_debug("%s: we associated primitively\n", __func__);
        }
 
-       /* Break the message into multiple chunks of maximum size. */
        datamsg = sctp_datamsg_from_user(asoc, sinfo, &msg->msg_iter);
        if (IS_ERR(datamsg)) {
                err = PTR_ERR(datamsg);
        datamsg = sctp_datamsg_from_user(asoc, sinfo, &msg->msg_iter);
        if (IS_ERR(datamsg)) {
                err = PTR_ERR(datamsg);
-               goto out_free;
+               goto err;
        }
        }
+
        asoc->force_delay = !!(msg->msg_flags & MSG_MORE);
 
        asoc->force_delay = !!(msg->msg_flags & MSG_MORE);
 
-       /* Now send the (possibly) fragmented message. */
        list_for_each_entry(chunk, &datamsg->chunks, frag_list) {
                sctp_chunk_hold(chunk);
        list_for_each_entry(chunk, &datamsg->chunks, frag_list) {
                sctp_chunk_hold(chunk);
-
-               /* Do accounting for the write space.  */
                sctp_set_owner_w(chunk);
                sctp_set_owner_w(chunk);
-
-               chunk->transport = chunk_tp;
+               chunk->transport = transport;
        }
 
        }
 
-       /* Send it to the lower layers.  Note:  all chunks
-        * must either fail or succeed.   The lower layer
-        * works that way today.  Keep it that way or this
-        * breaks.
-        */
        err = sctp_primitive_SEND(net, asoc, datamsg);
        err = sctp_primitive_SEND(net, asoc, datamsg);
-       /* Did the lower layer accept the chunk? */
        if (err) {
                sctp_datamsg_free(datamsg);
        if (err) {
                sctp_datamsg_free(datamsg);
-               goto out_free;
+               goto err;
        }
 
        pr_debug("%s: we sent primitively\n", __func__);
 
        sctp_datamsg_put(datamsg);
        }
 
        pr_debug("%s: we sent primitively\n", __func__);
 
        sctp_datamsg_put(datamsg);
-       err = msg_len;
 
        if (unlikely(wait_connect)) {
 
        if (unlikely(wait_connect)) {
-               timeo = sock_sndtimeo(sk, msg_flags & MSG_DONTWAIT);
+               timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
                sctp_wait_for_connect(asoc, &timeo);
        }
 
                sctp_wait_for_connect(asoc, &timeo);
        }
 
-       /* If we are already past ASSOCIATE, the lower
-        * layers are responsible for association cleanup.
-        */
-       goto out_unlock;
+       err = msg_len;
 
 
-out_free:
-       if (new_asoc)
-               sctp_association_free(asoc);
-out_unlock:
-       release_sock(sk);
+err:
+       return err;
+}
 
 
-out_nounlock:
-       return sctp_error(sk, msg_flags, err);
+static union sctp_addr *sctp_sendmsg_get_daddr(struct sock *sk,
+                                              const struct msghdr *msg,
+                                              struct sctp_cmsgs *cmsgs)
+{
+       union sctp_addr *daddr = NULL;
+       int err;
 
 
-#if 0
-do_sock_err:
-       if (msg_len)
-               err = msg_len;
-       else
-               err = sock_error(sk);
-       goto out;
+       if (!sctp_style(sk, UDP_HIGH_BANDWIDTH) && msg->msg_name) {
+               int len = msg->msg_namelen;
 
 
-do_interrupted:
-       if (msg_len)
-               err = msg_len;
-       goto out;
-#endif /* 0 */
+               if (len > sizeof(*daddr))
+                       len = sizeof(*daddr);
+
+               daddr = (union sctp_addr *)msg->msg_name;
+
+               err = sctp_verify_addr(sk, daddr, len);
+               if (err)
+                       return ERR_PTR(err);
+       }
+
+       return daddr;
+}
+
+static void sctp_sendmsg_update_sinfo(struct sctp_association *asoc,
+                                     struct sctp_sndrcvinfo *sinfo,
+                                     struct sctp_cmsgs *cmsgs)
+{
+       if (!cmsgs->srinfo && !cmsgs->sinfo) {
+               sinfo->sinfo_stream = asoc->default_stream;
+               sinfo->sinfo_ppid = asoc->default_ppid;
+               sinfo->sinfo_context = asoc->default_context;
+               sinfo->sinfo_assoc_id = sctp_assoc2id(asoc);
+
+               if (!cmsgs->prinfo)
+                       sinfo->sinfo_flags = asoc->default_flags;
+       }
+
+       if (!cmsgs->srinfo && !cmsgs->prinfo)
+               sinfo->sinfo_timetolive = asoc->default_timetolive;
+
+       if (cmsgs->authinfo) {
+               /* Reuse sinfo_tsn to indicate that authinfo was set and
+                * sinfo_ssn to save the keyid on tx path.
+                */
+               sinfo->sinfo_tsn = 1;
+               sinfo->sinfo_ssn = cmsgs->authinfo->auth_keynumber;
+       }
+}
+
+static int sctp_sendmsg(struct sock *sk, struct msghdr *msg, size_t msg_len)
+{
+       struct sctp_endpoint *ep = sctp_sk(sk)->ep;
+       struct sctp_transport *transport = NULL;
+       struct sctp_sndrcvinfo _sinfo, *sinfo;
+       struct sctp_association *asoc;
+       struct sctp_cmsgs cmsgs;
+       union sctp_addr *daddr;
+       bool new = false;
+       __u16 sflags;
+       int err;
+
+       /* Parse and get snd_info */
+       err = sctp_sendmsg_parse(sk, &cmsgs, &_sinfo, msg, msg_len);
+       if (err)
+               goto out;
+
+       sinfo  = &_sinfo;
+       sflags = sinfo->sinfo_flags;
+
+       /* Get daddr from msg */
+       daddr = sctp_sendmsg_get_daddr(sk, msg, &cmsgs);
+       if (IS_ERR(daddr)) {
+               err = PTR_ERR(daddr);
+               goto out;
+       }
+
+       lock_sock(sk);
+
+       /* SCTP_SENDALL process */
+       if ((sflags & SCTP_SENDALL) && sctp_style(sk, UDP)) {
+               list_for_each_entry(asoc, &ep->asocs, asocs) {
+                       err = sctp_sendmsg_check_sflags(asoc, sflags, msg,
+                                                       msg_len);
+                       if (err == 0)
+                               continue;
+                       if (err < 0)
+                               goto out_unlock;
+
+                       sctp_sendmsg_update_sinfo(asoc, sinfo, &cmsgs);
+
+                       err = sctp_sendmsg_to_asoc(asoc, msg, msg_len,
+                                                  NULL, sinfo);
+                       if (err < 0)
+                               goto out_unlock;
+
+                       iov_iter_revert(&msg->msg_iter, err);
+               }
+
+               goto out_unlock;
+       }
+
+       /* Get and check or create asoc */
+       if (daddr) {
+               asoc = sctp_endpoint_lookup_assoc(ep, daddr, &transport);
+               if (asoc) {
+                       err = sctp_sendmsg_check_sflags(asoc, sflags, msg,
+                                                       msg_len);
+                       if (err <= 0)
+                               goto out_unlock;
+               } else {
+                       err = sctp_sendmsg_new_asoc(sk, sflags, &cmsgs, daddr,
+                                                   &transport);
+                       if (err)
+                               goto out_unlock;
+
+                       asoc = transport->asoc;
+                       new = true;
+               }
+
+               if (!sctp_style(sk, TCP) && !(sflags & SCTP_ADDR_OVER))
+                       transport = NULL;
+       } else {
+               asoc = sctp_id2assoc(sk, sinfo->sinfo_assoc_id);
+               if (!asoc) {
+                       err = -EPIPE;
+                       goto out_unlock;
+               }
+
+               err = sctp_sendmsg_check_sflags(asoc, sflags, msg, msg_len);
+               if (err <= 0)
+                       goto out_unlock;
+       }
+
+       /* Update snd_info with the asoc */
+       sctp_sendmsg_update_sinfo(asoc, sinfo, &cmsgs);
+
+       /* Send msg to the asoc */
+       err = sctp_sendmsg_to_asoc(asoc, msg, msg_len, transport, sinfo);
+       if (err < 0 && err != -ESRCH && new)
+               sctp_association_free(asoc);
+
+out_unlock:
+       release_sock(sk);
+out:
+       return sctp_error(sk, msg->msg_flags, err);
 }
 
 /* This is an extended version of skb_pull() that removes the data from the
 }
 
 /* This is an extended version of skb_pull() that removes the data from the
@@ -3681,6 +3701,33 @@ static int sctp_setsockopt_del_key(struct sock *sk,
 
 }
 
 
 }
 
+/*
+ * 8.3.4  Deactivate a Shared Key (SCTP_AUTH_DEACTIVATE_KEY)
+ *
+ * This set option will deactivate a shared secret key.
+ */
+static int sctp_setsockopt_deactivate_key(struct sock *sk, char __user *optval,
+                                         unsigned int optlen)
+{
+       struct sctp_endpoint *ep = sctp_sk(sk)->ep;
+       struct sctp_authkeyid val;
+       struct sctp_association *asoc;
+
+       if (!ep->auth_enable)
+               return -EACCES;
+
+       if (optlen != sizeof(struct sctp_authkeyid))
+               return -EINVAL;
+       if (copy_from_user(&val, optval, optlen))
+               return -EFAULT;
+
+       asoc = sctp_id2assoc(sk, val.scact_assoc_id);
+       if (!asoc && val.scact_assoc_id && sctp_style(sk, UDP))
+               return -EINVAL;
+
+       return sctp_auth_deact_key_id(ep, asoc, val.scact_keynumber);
+}
+
 /*
  * 8.1.23 SCTP_AUTO_ASCONF
  *
 /*
  * 8.1.23 SCTP_AUTO_ASCONF
  *
@@ -4273,6 +4320,9 @@ static int sctp_setsockopt(struct sock *sk, int level, int optname,
        case SCTP_AUTH_DELETE_KEY:
                retval = sctp_setsockopt_del_key(sk, optval, optlen);
                break;
        case SCTP_AUTH_DELETE_KEY:
                retval = sctp_setsockopt_del_key(sk, optval, optlen);
                break;
+       case SCTP_AUTH_DEACTIVATE_KEY:
+               retval = sctp_setsockopt_deactivate_key(sk, optval, optlen);
+               break;
        case SCTP_AUTO_ASCONF:
                retval = sctp_setsockopt_auto_asconf(sk, optval, optlen);
                break;
        case SCTP_AUTO_ASCONF:
                retval = sctp_setsockopt_auto_asconf(sk, optval, optlen);
                break;
@@ -7249,6 +7299,7 @@ static int sctp_getsockopt(struct sock *sk, int level, int optname,
        case SCTP_AUTH_KEY:
        case SCTP_AUTH_CHUNK:
        case SCTP_AUTH_DELETE_KEY:
        case SCTP_AUTH_KEY:
        case SCTP_AUTH_CHUNK:
        case SCTP_AUTH_DELETE_KEY:
+       case SCTP_AUTH_DEACTIVATE_KEY:
                retval = -EOPNOTSUPP;
                break;
        case SCTP_HMAC_IDENT:
                retval = -EOPNOTSUPP;
                break;
        case SCTP_HMAC_IDENT:
@@ -7871,8 +7922,8 @@ static int sctp_msghdr_parse(const struct msghdr *msg, struct sctp_cmsgs *cmsgs)
 
                        if (cmsgs->srinfo->sinfo_flags &
                            ~(SCTP_UNORDERED | SCTP_ADDR_OVER |
 
                        if (cmsgs->srinfo->sinfo_flags &
                            ~(SCTP_UNORDERED | SCTP_ADDR_OVER |
-                             SCTP_SACK_IMMEDIATELY | SCTP_PR_SCTP_MASK |
-                             SCTP_ABORT | SCTP_EOF))
+                             SCTP_SACK_IMMEDIATELY | SCTP_SENDALL |
+                             SCTP_PR_SCTP_MASK | SCTP_ABORT | SCTP_EOF))
                                return -EINVAL;
                        break;
 
                                return -EINVAL;
                        break;
 
@@ -7895,10 +7946,60 @@ static int sctp_msghdr_parse(const struct msghdr *msg, struct sctp_cmsgs *cmsgs)
 
                        if (cmsgs->sinfo->snd_flags &
                            ~(SCTP_UNORDERED | SCTP_ADDR_OVER |
 
                        if (cmsgs->sinfo->snd_flags &
                            ~(SCTP_UNORDERED | SCTP_ADDR_OVER |
-                             SCTP_SACK_IMMEDIATELY | SCTP_PR_SCTP_MASK |
-                             SCTP_ABORT | SCTP_EOF))
+                             SCTP_SACK_IMMEDIATELY | SCTP_SENDALL |
+                             SCTP_PR_SCTP_MASK | SCTP_ABORT | SCTP_EOF))
                                return -EINVAL;
                        break;
                                return -EINVAL;
                        break;
+               case SCTP_PRINFO:
+                       /* SCTP Socket API Extension
+                        * 5.3.7 SCTP PR-SCTP Information Structure (SCTP_PRINFO)
+                        *
+                        * This cmsghdr structure specifies SCTP options for sendmsg().
+                        *
+                        * cmsg_level    cmsg_type      cmsg_data[]
+                        * ------------  ------------   ---------------------
+                        * IPPROTO_SCTP  SCTP_PRINFO    struct sctp_prinfo
+                        */
+                       if (cmsg->cmsg_len != CMSG_LEN(sizeof(struct sctp_prinfo)))
+                               return -EINVAL;
+
+                       cmsgs->prinfo = CMSG_DATA(cmsg);
+                       if (cmsgs->prinfo->pr_policy & ~SCTP_PR_SCTP_MASK)
+                               return -EINVAL;
+
+                       if (cmsgs->prinfo->pr_policy == SCTP_PR_SCTP_NONE)
+                               cmsgs->prinfo->pr_value = 0;
+                       break;
+               case SCTP_AUTHINFO:
+                       /* SCTP Socket API Extension
+                        * 5.3.8 SCTP AUTH Information Structure (SCTP_AUTHINFO)
+                        *
+                        * This cmsghdr structure specifies SCTP options for sendmsg().
+                        *
+                        * cmsg_level    cmsg_type      cmsg_data[]
+                        * ------------  ------------   ---------------------
+                        * IPPROTO_SCTP  SCTP_AUTHINFO  struct sctp_authinfo
+                        */
+                       if (cmsg->cmsg_len != CMSG_LEN(sizeof(struct sctp_authinfo)))
+                               return -EINVAL;
+
+                       cmsgs->authinfo = CMSG_DATA(cmsg);
+                       break;
+               case SCTP_DSTADDRV4:
+               case SCTP_DSTADDRV6:
+                       /* SCTP Socket API Extension
+                        * 5.3.9/10 SCTP Destination IPv4/6 Address Structure (SCTP_DSTADDRV4/6)
+                        *
+                        * This cmsghdr structure specifies SCTP options for sendmsg().
+                        *
+                        * cmsg_level    cmsg_type         cmsg_data[]
+                        * ------------  ------------   ---------------------
+                        * IPPROTO_SCTP  SCTP_DSTADDRV4 struct in_addr
+                        * ------------  ------------   ---------------------
+                        * IPPROTO_SCTP  SCTP_DSTADDRV6 struct in6_addr
+                        */
+                       cmsgs->addrs_msg = my_msg;
+                       break;
                default:
                        return -EINVAL;
                }
                default:
                        return -EINVAL;
                }
@@ -8122,6 +8223,26 @@ static void sctp_wfree(struct sk_buff *skb)
        sk->sk_wmem_queued   -= skb->truesize;
        sk_mem_uncharge(sk, skb->truesize);
 
        sk->sk_wmem_queued   -= skb->truesize;
        sk_mem_uncharge(sk, skb->truesize);
 
+       if (chunk->shkey) {
+               struct sctp_shared_key *shkey = chunk->shkey;
+
+               /* refcnt == 2 and !list_empty mean after this release, it's
+                * not being used anywhere, and it's time to notify userland
+                * that this shkey can be freed if it's been deactivated.
+                */
+               if (shkey->deactivated && !list_empty(&shkey->key_list) &&
+                   refcount_read(&shkey->refcnt) == 2) {
+                       struct sctp_ulpevent *ev;
+
+                       ev = sctp_ulpevent_make_authkey(asoc, shkey->key_id,
+                                                       SCTP_AUTH_FREE_KEY,
+                                                       GFP_KERNEL);
+                       if (ev)
+                               asoc->stream.si->enqueue_event(&asoc->ulpq, ev);
+               }
+               sctp_auth_shkey_release(chunk->shkey);
+       }
+
        sock_wfree(skb);
        sctp_wake_up_waiters(sk, asoc);
 
        sock_wfree(skb);
        sctp_wake_up_waiters(sk, asoc);