[NET]: Fix compat layer setsockopt overzealous conversions.

compat_sys_setsockopt() is a little overzealous about converting 32-bit
stuff into 64-bit. It should match on level _and_ optname, not just
optname. Currently it eats the IPV6_V6ONLY sockopt because its value
(26) happens to match SO_ATTACH_FILTER.

This makes it at least check 'level' for everything but
IPT_SO_SET_REPLACE == IPT6_SO_SET_REPLACE, because that does seem to be
the same in different levels. But do_netfilter_replace() is another can
of worms entirely -- it doesn't actually work either, because some
netfilter modules (like ipt_limit) include kernel-only bits which change
size in the structure they share with userspace.
Signed-off-by: David S. Miller <davem@davemloft.net>

net/compat.c

@@ -455,13 +455,15 @@ static int do_set_sock_timeout(int fd, int level, int optname, char __user *optv
 asmlinkage long compat_sys_setsockopt(int fd, int level, int optname,
 				char __user *optval, int optlen)
 {
+	/* SO_SET_REPLACE seems to be the same in all levels */
 	if (optname == IPT_SO_SET_REPLACE)
 		return do_netfilter_replace(fd, level, optname,
 					    optval, optlen);
-	if (optname == SO_ATTACH_FILTER)
+	if (level == SOL_SOCKET && optname == SO_ATTACH_FILTER)
 		return do_set_attach_filter(fd, level, optname,
 					    optval, optlen);
-	if (optname == SO_RCVTIMEO || optname == SO_SNDTIMEO)
+	if (level == SOL_SOCKET &&
+	    (optname == SO_RCVTIMEO || optname == SO_SNDTIMEO))
 		return do_set_sock_timeout(fd, level, optname, optval, optlen);
 
 	return sys_setsockopt(fd, level, optname, optval, optlen);