aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPatrick McHardy <kaber@trash.net>2011-03-03 16:32:07 -0500
committerDavid S. Miller <davem@davemloft.net>2011-03-03 16:32:07 -0500
commit01a16b21d6adf992aa863186c3c4e561a57c1714 (patch)
treea3b1c81e5a5e6a0e9069e4d3a15576741ed34776
parent63f97425166a1a16279c1a5720e9dfcb2c12ad1b (diff)
netlink: kill eff_cap from struct netlink_skb_parms
Netlink message processing in the kernel is synchronous these days, capabilities can be checked directly in security_netlink_recv() from the current process. Signed-off-by: Patrick McHardy <kaber@trash.net> Reviewed-by: James Morris <jmorris@namei.org> [chrisw: update to include pohmelfs and uvesafb] Signed-off-by: Chris Wright <chrisw@sous-sol.org> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat
-rw-r--r--drivers/block/drbd/drbd_nl.c2
-rw-r--r--drivers/md/dm-log-userspace-transfer.c2
-rw-r--r--drivers/staging/pohmelfs/config.c2
-rw-r--r--drivers/video/uvesafb.c2
-rw-r--r--include/linux/netlink.h1
-rw-r--r--net/netlink/af_netlink.c6
-rw-r--r--security/commoncap.c3
7 files changed, 5 insertions, 13 deletions
diff --git a/drivers/block/drbd/drbd_nl.c b/drivers/block/drbd/drbd_nl.c
index 8cbfaa687d7..fe81c851ca8 100644
--- a/drivers/block/drbd/drbd_nl.c
+++ b/drivers/block/drbd/drbd_nl.c
@@ -2177,7 +2177,7 @@ static void drbd_connector_callback(struct cn_msg *req, struct netlink_skb_parms
2177 return; 2177 return;
2178 } 2178 }
2179 2179
2180 if (!cap_raised(nsp->eff_cap, CAP_SYS_ADMIN)) { 2180 if (!cap_raised(current_cap(), CAP_SYS_ADMIN)) {
2181 retcode = ERR_PERM; 2181 retcode = ERR_PERM;
2182 goto fail; 2182 goto fail;
2183 } 2183 }
diff --git a/drivers/md/dm-log-userspace-transfer.c b/drivers/md/dm-log-userspace-transfer.c
index 049eaf12aaa..1f23e048f07 100644
--- a/drivers/md/dm-log-userspace-transfer.c
+++ b/drivers/md/dm-log-userspace-transfer.c
@@ -134,7 +134,7 @@ static void cn_ulog_callback(struct cn_msg *msg, struct netlink_skb_parms *nsp)
134{ 134{
135 struct dm_ulog_request *tfr = (struct dm_ulog_request *)(msg + 1); 135 struct dm_ulog_request *tfr = (struct dm_ulog_request *)(msg + 1);
136 136
137 if (!cap_raised(nsp->eff_cap, CAP_SYS_ADMIN)) 137 if (!cap_raised(current_cap(), CAP_SYS_ADMIN))
138 return; 138 return;
139 139
140 spin_lock(&receiving_list_lock); 140 spin_lock(&receiving_list_lock);
diff --git a/drivers/staging/pohmelfs/config.c b/drivers/staging/pohmelfs/config.c
index 89279ba1b73..39413b7d387 100644
--- a/drivers/staging/pohmelfs/config.c
+++ b/drivers/staging/pohmelfs/config.c
@@ -525,7 +525,7 @@ static void pohmelfs_cn_callback(struct cn_msg *msg, struct netlink_skb_parms *n
525{ 525{
526 int err; 526 int err;
527 527
528 if (!cap_raised(nsp->eff_cap, CAP_SYS_ADMIN)) 528 if (!cap_raised(current_cap(), CAP_SYS_ADMIN))
529 return; 529 return;
530 530
531 switch (msg->flags) { 531 switch (msg->flags) {
diff --git a/drivers/video/uvesafb.c b/drivers/video/uvesafb.c
index 52ec0959d46..5180a215d78 100644
--- a/drivers/video/uvesafb.c
+++ b/drivers/video/uvesafb.c
@@ -73,7 +73,7 @@ static void uvesafb_cn_callback(struct cn_msg *msg, struct netlink_skb_parms *ns
73 struct uvesafb_task *utask; 73 struct uvesafb_task *utask;
74 struct uvesafb_ktask *task; 74 struct uvesafb_ktask *task;
75 75
76 if (!cap_raised(nsp->eff_cap, CAP_SYS_ADMIN)) 76 if (!cap_raised(current_cap(), CAP_SYS_ADMIN))
77 return; 77 return;
78 78
79 if (msg->seq >= UVESAFB_TASKS_MAX) 79 if (msg->seq >= UVESAFB_TASKS_MAX)
diff --git a/include/linux/netlink.h b/include/linux/netlink.h
index 66823b86202..4c4ac3f3ce5 100644
--- a/include/linux/netlink.h
+++ b/include/linux/netlink.h
@@ -160,7 +160,6 @@ struct netlink_skb_parms {
160 struct ucred creds; /* Skb credentials */ 160 struct ucred creds; /* Skb credentials */
161 __u32 pid; 161 __u32 pid;
162 __u32 dst_group; 162 __u32 dst_group;
163 kernel_cap_t eff_cap;
164}; 163};
165 164
166#define NETLINK_CB(skb) (*(struct netlink_skb_parms*)&((skb)->cb)) 165#define NETLINK_CB(skb) (*(struct netlink_skb_parms*)&((skb)->cb))
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 97ecd923d7e..a808fb1e877 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -1364,12 +1364,6 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock,
1364 NETLINK_CB(skb).dst_group = dst_group; 1364 NETLINK_CB(skb).dst_group = dst_group;
1365 memcpy(NETLINK_CREDS(skb), &siocb->scm->creds, sizeof(struct ucred)); 1365 memcpy(NETLINK_CREDS(skb), &siocb->scm->creds, sizeof(struct ucred));
1366 1366
1367 /* What can I do? Netlink is asynchronous, so that
1368 we will have to save current capabilities to
1369 check them, when this message will be delivered
1370 to corresponding kernel module. --ANK (980802)
1371 */
1372
1373 err = -EFAULT; 1367 err = -EFAULT;
1374 if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) { 1368 if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
1375 kfree_skb(skb); 1369 kfree_skb(skb);
diff --git a/security/commoncap.c b/security/commoncap.c
index 64c2ed9c901..a83e607d91c 100644
--- a/security/commoncap.c
+++ b/security/commoncap.c
@@ -52,13 +52,12 @@ static void warn_setuid_and_fcaps_mixed(const char *fname)
52 52
53int cap_netlink_send(struct sock *sk, struct sk_buff *skb) 53int cap_netlink_send(struct sock *sk, struct sk_buff *skb)
54{ 54{
55 NETLINK_CB(skb).eff_cap = current_cap();
56 return 0; 55 return 0;
57} 56}
58 57
59int cap_netlink_recv(struct sk_buff *skb, int cap) 58int cap_netlink_recv(struct sk_buff *skb, int cap)
60{ 59{
61 if (!cap_raised(NETLINK_CB(skb).eff_cap, cap)) 60 if (!cap_raised(current_cap(), cap))
62 return -EPERM; 61 return -EPERM;
63 return 0; 62 return 0;
64} 63}
generated by cgit v1.2.2 (git 2.25.0) at 2024-10-17 05:28:25 -0400