diff options
| author | Pablo Neira Ayuso <pablo@netfilter.org> | 2012-09-07 22:53:53 -0400 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2012-09-08 18:45:27 -0400 |
| commit | 9785e10aedfa0fad5c1aac709dce5ada1b123783 (patch) | |
| tree | ca523e084318b6e908b18c6f3e9e53ea7e9a1c49 | |
| parent | 16fa9e1d104e6f2c18005a4ac7ea60e4c7fc1286 (diff) | |
netlink: kill netlink_set_nonroot
Replace netlink_set_nonroot by one new field `flags' in
struct netlink_kernel_cfg that is passed to netlink_kernel_create.
This patch also renames NL_NONROOT_* to NL_CFG_F_NONROOT_* since
now the flags field in nl_table is generic (so we can add more
flags if needed in the future).
Also adjust all callers in the net-next tree to use these flags
instead of netlink_set_nonroot.
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: David S. Miller <davem@davemloft.net>
| -rw-r--r-- | include/linux/netlink.h | 9 | ||||
| -rw-r--r-- | lib/kobject_uevent.c | 2 | ||||
| -rw-r--r-- | net/core/rtnetlink.c | 2 | ||||
| -rw-r--r-- | net/netlink/af_netlink.c | 28 | ||||
| -rw-r--r-- | net/netlink/genetlink.c | 3 | ||||
| -rw-r--r-- | security/selinux/netlink.c | 2 |
6 files changed, 21 insertions, 25 deletions
diff --git a/include/linux/netlink.h b/include/linux/netlink.h index df73cf4b0290..8719a4e235a5 100644 --- a/include/linux/netlink.h +++ b/include/linux/netlink.h | |||
| @@ -176,12 +176,16 @@ struct netlink_skb_parms { | |||
| 176 | extern void netlink_table_grab(void); | 176 | extern void netlink_table_grab(void); |
| 177 | extern void netlink_table_ungrab(void); | 177 | extern void netlink_table_ungrab(void); |
| 178 | 178 | ||
| 179 | #define NL_CFG_F_NONROOT_RECV (1 << 0) | ||
| 180 | #define NL_CFG_F_NONROOT_SEND (1 << 1) | ||
| 181 | |||
| 179 | /* optional Netlink kernel configuration parameters */ | 182 | /* optional Netlink kernel configuration parameters */ |
| 180 | struct netlink_kernel_cfg { | 183 | struct netlink_kernel_cfg { |
| 181 | unsigned int groups; | 184 | unsigned int groups; |
| 182 | void (*input)(struct sk_buff *skb); | 185 | void (*input)(struct sk_buff *skb); |
| 183 | struct mutex *cb_mutex; | 186 | struct mutex *cb_mutex; |
| 184 | void (*bind)(int group); | 187 | void (*bind)(int group); |
| 188 | unsigned int flags; | ||
| 185 | }; | 189 | }; |
| 186 | 190 | ||
| 187 | extern struct sock *netlink_kernel_create(struct net *net, int unit, | 191 | extern struct sock *netlink_kernel_create(struct net *net, int unit, |
| @@ -260,11 +264,6 @@ extern int netlink_dump_start(struct sock *ssk, struct sk_buff *skb, | |||
| 260 | const struct nlmsghdr *nlh, | 264 | const struct nlmsghdr *nlh, |
| 261 | struct netlink_dump_control *control); | 265 | struct netlink_dump_control *control); |
| 262 | 266 | ||
| 263 | |||
| 264 | #define NL_NONROOT_RECV 0x1 | ||
| 265 | #define NL_NONROOT_SEND 0x2 | ||
| 266 | extern void netlink_set_nonroot(int protocol, unsigned flag); | ||
| 267 | |||
| 268 | #endif /* __KERNEL__ */ | 267 | #endif /* __KERNEL__ */ |
| 269 | 268 | ||
| 270 | #endif /* __LINUX_NETLINK_H */ | 269 | #endif /* __LINUX_NETLINK_H */ |
diff --git a/lib/kobject_uevent.c b/lib/kobject_uevent.c index 0401d2916d9f..c2e97787d01e 100644 --- a/lib/kobject_uevent.c +++ b/lib/kobject_uevent.c | |||
| @@ -375,6 +375,7 @@ static int uevent_net_init(struct net *net) | |||
| 375 | struct uevent_sock *ue_sk; | 375 | struct uevent_sock *ue_sk; |
| 376 | struct netlink_kernel_cfg cfg = { | 376 | struct netlink_kernel_cfg cfg = { |
| 377 | .groups = 1, | 377 | .groups = 1, |
| 378 | .flags = NL_CFG_F_NONROOT_RECV, | ||
| 378 | }; | 379 | }; |
| 379 | 380 | ||
| 380 | ue_sk = kzalloc(sizeof(*ue_sk), GFP_KERNEL); | 381 | ue_sk = kzalloc(sizeof(*ue_sk), GFP_KERNEL); |
| @@ -422,7 +423,6 @@ static struct pernet_operations uevent_net_ops = { | |||
| 422 | 423 | ||
| 423 | static int __init kobject_uevent_init(void) | 424 | static int __init kobject_uevent_init(void) |
| 424 | { | 425 | { |
| 425 | netlink_set_nonroot(NETLINK_KOBJECT_UEVENT, NL_NONROOT_RECV); | ||
| 426 | return register_pernet_subsys(&uevent_net_ops); | 426 | return register_pernet_subsys(&uevent_net_ops); |
| 427 | } | 427 | } |
| 428 | 428 | ||
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index c64efcff8078..a71806eb9cc6 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c | |||
| @@ -2381,6 +2381,7 @@ static int __net_init rtnetlink_net_init(struct net *net) | |||
| 2381 | .groups = RTNLGRP_MAX, | 2381 | .groups = RTNLGRP_MAX, |
| 2382 | .input = rtnetlink_rcv, | 2382 | .input = rtnetlink_rcv, |
| 2383 | .cb_mutex = &rtnl_mutex, | 2383 | .cb_mutex = &rtnl_mutex, |
| 2384 | .flags = NL_CFG_F_NONROOT_RECV, | ||
| 2384 | }; | 2385 | }; |
| 2385 | 2386 | ||
| 2386 | sk = netlink_kernel_create(net, NETLINK_ROUTE, THIS_MODULE, &cfg); | 2387 | sk = netlink_kernel_create(net, NETLINK_ROUTE, THIS_MODULE, &cfg); |
| @@ -2416,7 +2417,6 @@ void __init rtnetlink_init(void) | |||
| 2416 | if (register_pernet_subsys(&rtnetlink_net_ops)) | 2417 | if (register_pernet_subsys(&rtnetlink_net_ops)) |
| 2417 | panic("rtnetlink_init: cannot initialize rtnetlink\n"); | 2418 | panic("rtnetlink_init: cannot initialize rtnetlink\n"); |
| 2418 | 2419 | ||
| 2419 | netlink_set_nonroot(NETLINK_ROUTE, NL_NONROOT_RECV); | ||
| 2420 | register_netdevice_notifier(&rtnetlink_dev_notifier); | 2420 | register_netdevice_notifier(&rtnetlink_dev_notifier); |
| 2421 | 2421 | ||
| 2422 | rtnl_register(PF_UNSPEC, RTM_GETLINK, rtnl_getlink, | 2422 | rtnl_register(PF_UNSPEC, RTM_GETLINK, rtnl_getlink, |
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c index f530b1ca1773..b74540ce3c14 100644 --- a/net/netlink/af_netlink.c +++ b/net/netlink/af_netlink.c | |||
| @@ -121,7 +121,7 @@ struct netlink_table { | |||
| 121 | struct nl_pid_hash hash; | 121 | struct nl_pid_hash hash; |
| 122 | struct hlist_head mc_list; | 122 | struct hlist_head mc_list; |
| 123 | struct listeners __rcu *listeners; | 123 | struct listeners __rcu *listeners; |
| 124 | unsigned int nl_nonroot; | 124 | unsigned int flags; |
| 125 | unsigned int groups; | 125 | unsigned int groups; |
| 126 | struct mutex *cb_mutex; | 126 | struct mutex *cb_mutex; |
| 127 | struct module *module; | 127 | struct module *module; |
| @@ -536,6 +536,8 @@ static int netlink_release(struct socket *sock) | |||
| 536 | if (--nl_table[sk->sk_protocol].registered == 0) { | 536 | if (--nl_table[sk->sk_protocol].registered == 0) { |
| 537 | kfree(nl_table[sk->sk_protocol].listeners); | 537 | kfree(nl_table[sk->sk_protocol].listeners); |
| 538 | nl_table[sk->sk_protocol].module = NULL; | 538 | nl_table[sk->sk_protocol].module = NULL; |
| 539 | nl_table[sk->sk_protocol].bind = NULL; | ||
| 540 | nl_table[sk->sk_protocol].flags = 0; | ||
| 539 | nl_table[sk->sk_protocol].registered = 0; | 541 | nl_table[sk->sk_protocol].registered = 0; |
| 540 | } | 542 | } |
| 541 | } else if (nlk->subscriptions) { | 543 | } else if (nlk->subscriptions) { |
| @@ -596,7 +598,7 @@ retry: | |||
| 596 | 598 | ||
| 597 | static inline int netlink_capable(const struct socket *sock, unsigned int flag) | 599 | static inline int netlink_capable(const struct socket *sock, unsigned int flag) |
| 598 | { | 600 | { |
| 599 | return (nl_table[sock->sk->sk_protocol].nl_nonroot & flag) || | 601 | return (nl_table[sock->sk->sk_protocol].flags & flag) || |
| 600 | capable(CAP_NET_ADMIN); | 602 | capable(CAP_NET_ADMIN); |
| 601 | } | 603 | } |
| 602 | 604 | ||
| @@ -659,7 +661,7 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr, | |||
| 659 | 661 | ||
| 660 | /* Only superuser is allowed to listen multicasts */ | 662 | /* Only superuser is allowed to listen multicasts */ |
| 661 | if (nladdr->nl_groups) { | 663 | if (nladdr->nl_groups) { |
| 662 | if (!netlink_capable(sock, NL_NONROOT_RECV)) | 664 | if (!netlink_capable(sock, NL_CFG_F_NONROOT_RECV)) |
| 663 | return -EPERM; | 665 | return -EPERM; |
| 664 | err = netlink_realloc_groups(sk); | 666 | err = netlink_realloc_groups(sk); |
| 665 | if (err) | 667 | if (err) |
| @@ -721,7 +723,7 @@ static int netlink_connect(struct socket *sock, struct sockaddr *addr, | |||
| 721 | return -EINVAL; | 723 | return -EINVAL; |
| 722 | 724 | ||
| 723 | /* Only superuser is allowed to send multicasts */ | 725 | /* Only superuser is allowed to send multicasts */ |
| 724 | if (nladdr->nl_groups && !netlink_capable(sock, NL_NONROOT_SEND)) | 726 | if (nladdr->nl_groups && !netlink_capable(sock, NL_CFG_F_NONROOT_SEND)) |
| 725 | return -EPERM; | 727 | return -EPERM; |
| 726 | 728 | ||
| 727 | if (!nlk->pid) | 729 | if (!nlk->pid) |
| @@ -1244,7 +1246,7 @@ static int netlink_setsockopt(struct socket *sock, int level, int optname, | |||
| 1244 | break; | 1246 | break; |
| 1245 | case NETLINK_ADD_MEMBERSHIP: | 1247 | case NETLINK_ADD_MEMBERSHIP: |
| 1246 | case NETLINK_DROP_MEMBERSHIP: { | 1248 | case NETLINK_DROP_MEMBERSHIP: { |
| 1247 | if (!netlink_capable(sock, NL_NONROOT_RECV)) | 1249 | if (!netlink_capable(sock, NL_CFG_F_NONROOT_RECV)) |
| 1248 | return -EPERM; | 1250 | return -EPERM; |
| 1249 | err = netlink_realloc_groups(sk); | 1251 | err = netlink_realloc_groups(sk); |
| 1250 | if (err) | 1252 | if (err) |
| @@ -1376,7 +1378,7 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock, | |||
| 1376 | dst_group = ffs(addr->nl_groups); | 1378 | dst_group = ffs(addr->nl_groups); |
| 1377 | err = -EPERM; | 1379 | err = -EPERM; |
| 1378 | if ((dst_group || dst_pid) && | 1380 | if ((dst_group || dst_pid) && |
| 1379 | !netlink_capable(sock, NL_NONROOT_SEND)) | 1381 | !netlink_capable(sock, NL_CFG_F_NONROOT_SEND)) |
| 1380 | goto out; | 1382 | goto out; |
| 1381 | } else { | 1383 | } else { |
| 1382 | dst_pid = nlk->dst_pid; | 1384 | dst_pid = nlk->dst_pid; |
| @@ -1580,7 +1582,10 @@ netlink_kernel_create(struct net *net, int unit, | |||
| 1580 | rcu_assign_pointer(nl_table[unit].listeners, listeners); | 1582 | rcu_assign_pointer(nl_table[unit].listeners, listeners); |
| 1581 | nl_table[unit].cb_mutex = cb_mutex; | 1583 | nl_table[unit].cb_mutex = cb_mutex; |
| 1582 | nl_table[unit].module = module; | 1584 | nl_table[unit].module = module; |
| 1583 | nl_table[unit].bind = cfg ? cfg->bind : NULL; | 1585 | if (cfg) { |
| 1586 | nl_table[unit].bind = cfg->bind; | ||
| 1587 | nl_table[unit].flags = cfg->flags; | ||
| 1588 | } | ||
| 1584 | nl_table[unit].registered = 1; | 1589 | nl_table[unit].registered = 1; |
| 1585 | } else { | 1590 | } else { |
| 1586 | kfree(listeners); | 1591 | kfree(listeners); |
| @@ -1679,13 +1684,6 @@ void netlink_clear_multicast_users(struct sock *ksk, unsigned int group) | |||
| 1679 | netlink_table_ungrab(); | 1684 | netlink_table_ungrab(); |
| 1680 | } | 1685 | } |
| 1681 | 1686 | ||
| 1682 | void netlink_set_nonroot(int protocol, unsigned int flags) | ||
| 1683 | { | ||
| 1684 | if ((unsigned int)protocol < MAX_LINKS) | ||
| 1685 | nl_table[protocol].nl_nonroot = flags; | ||
| 1686 | } | ||
| 1687 | EXPORT_SYMBOL(netlink_set_nonroot); | ||
| 1688 | |||
| 1689 | struct nlmsghdr * | 1687 | struct nlmsghdr * |
| 1690 | __nlmsg_put(struct sk_buff *skb, u32 pid, u32 seq, int type, int len, int flags) | 1688 | __nlmsg_put(struct sk_buff *skb, u32 pid, u32 seq, int type, int len, int flags) |
| 1691 | { | 1689 | { |
| @@ -2150,7 +2148,7 @@ static void __init netlink_add_usersock_entry(void) | |||
| 2150 | rcu_assign_pointer(nl_table[NETLINK_USERSOCK].listeners, listeners); | 2148 | rcu_assign_pointer(nl_table[NETLINK_USERSOCK].listeners, listeners); |
| 2151 | nl_table[NETLINK_USERSOCK].module = THIS_MODULE; | 2149 | nl_table[NETLINK_USERSOCK].module = THIS_MODULE; |
| 2152 | nl_table[NETLINK_USERSOCK].registered = 1; | 2150 | nl_table[NETLINK_USERSOCK].registered = 1; |
| 2153 | nl_table[NETLINK_USERSOCK].nl_nonroot = NL_NONROOT_SEND; | 2151 | nl_table[NETLINK_USERSOCK].flags = NL_CFG_F_NONROOT_SEND; |
| 2154 | 2152 | ||
| 2155 | netlink_table_ungrab(); | 2153 | netlink_table_ungrab(); |
| 2156 | } | 2154 | } |
diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c index fda497412fc3..c1b71aef9f71 100644 --- a/net/netlink/genetlink.c +++ b/net/netlink/genetlink.c | |||
| @@ -918,6 +918,7 @@ static int __net_init genl_pernet_init(struct net *net) | |||
| 918 | struct netlink_kernel_cfg cfg = { | 918 | struct netlink_kernel_cfg cfg = { |
| 919 | .input = genl_rcv, | 919 | .input = genl_rcv, |
| 920 | .cb_mutex = &genl_mutex, | 920 | .cb_mutex = &genl_mutex, |
| 921 | .flags = NL_CFG_F_NONROOT_RECV, | ||
| 921 | }; | 922 | }; |
| 922 | 923 | ||
| 923 | /* we'll bump the group number right afterwards */ | 924 | /* we'll bump the group number right afterwards */ |
| @@ -955,8 +956,6 @@ static int __init genl_init(void) | |||
| 955 | if (err < 0) | 956 | if (err < 0) |
| 956 | goto problem; | 957 | goto problem; |
| 957 | 958 | ||
| 958 | netlink_set_nonroot(NETLINK_GENERIC, NL_NONROOT_RECV); | ||
| 959 | |||
| 960 | err = register_pernet_subsys(&genl_pernet_ops); | 959 | err = register_pernet_subsys(&genl_pernet_ops); |
| 961 | if (err) | 960 | if (err) |
| 962 | goto problem; | 961 | goto problem; |
diff --git a/security/selinux/netlink.c b/security/selinux/netlink.c index 8a77725423e0..0d2cd11f3c22 100644 --- a/security/selinux/netlink.c +++ b/security/selinux/netlink.c | |||
| @@ -113,13 +113,13 @@ static int __init selnl_init(void) | |||
| 113 | { | 113 | { |
| 114 | struct netlink_kernel_cfg cfg = { | 114 | struct netlink_kernel_cfg cfg = { |
| 115 | .groups = SELNLGRP_MAX, | 115 | .groups = SELNLGRP_MAX, |
| 116 | .flags = NL_CFG_F_NONROOT_RECV, | ||
| 116 | }; | 117 | }; |
| 117 | 118 | ||
| 118 | selnl = netlink_kernel_create(&init_net, NETLINK_SELINUX, | 119 | selnl = netlink_kernel_create(&init_net, NETLINK_SELINUX, |
| 119 | THIS_MODULE, &cfg); | 120 | THIS_MODULE, &cfg); |
| 120 | if (selnl == NULL) | 121 | if (selnl == NULL) |
| 121 | panic("SELinux: Cannot create netlink socket."); | 122 | panic("SELinux: Cannot create netlink socket."); |
| 122 | netlink_set_nonroot(NETLINK_SELINUX, NL_NONROOT_RECV); | ||
| 123 | return 0; | 123 | return 0; |
| 124 | } | 124 | } |
| 125 | 125 | ||