aboutsummaryrefslogtreecommitdiffstats
path: root/net/core
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2007-10-09 02:24:22 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2007-10-10 19:49:07 -0400
commit1b8d7ae42d02e483ad94035cca851e4f7fbecb40 (patch)
tree81f8cc0ee49ef99cc67dfed3dc7b7ecb510abf8b /net/core
parent457c4cbc5a3dde259d2a1f15d5f9785290397267 (diff)
[NET]: Make socket creation namespace safe.
This patch passes in the namespace a new socket should be created in and has the socket code do the appropriate reference counting. By virtue of this all socket create methods are touched. In addition the socket create methods are modified so that they will fail if you attempt to create a socket in a non-default network namespace. Failing if we attempt to create a socket outside of the default network namespace ensures that as we incrementally make the network stack network namespace aware we will not export functionality that someone has not audited and made certain is network namespace safe. Allowing us to partially enable network namespaces before all of the exotic protocols are supported. Any protocol layers I have missed will fail to compile because I now pass an extra parameter into the socket creation code. [ Integrated AF_IUCV build fixes from Andrew Morton... -DaveM ] Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/core')
-rw-r--r--net/core/sock.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/net/core/sock.c b/net/core/sock.c
index bbc726a49d87..a31455dc7024 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -873,7 +873,7 @@ static inline void sock_lock_init(struct sock *sk)
873 * @prot: struct proto associated with this new sock instance 873 * @prot: struct proto associated with this new sock instance
874 * @zero_it: if we should zero the newly allocated sock 874 * @zero_it: if we should zero the newly allocated sock
875 */ 875 */
876struct sock *sk_alloc(int family, gfp_t priority, 876struct sock *sk_alloc(struct net *net, int family, gfp_t priority,
877 struct proto *prot, int zero_it) 877 struct proto *prot, int zero_it)
878{ 878{
879 struct sock *sk = NULL; 879 struct sock *sk = NULL;
@@ -894,6 +894,7 @@ struct sock *sk_alloc(int family, gfp_t priority,
894 */ 894 */
895 sk->sk_prot = sk->sk_prot_creator = prot; 895 sk->sk_prot = sk->sk_prot_creator = prot;
896 sock_lock_init(sk); 896 sock_lock_init(sk);
897 sk->sk_net = get_net(net);
897 } 898 }
898 899
899 if (security_sk_alloc(sk, family, priority)) 900 if (security_sk_alloc(sk, family, priority))
@@ -933,6 +934,7 @@ void sk_free(struct sock *sk)
933 __FUNCTION__, atomic_read(&sk->sk_omem_alloc)); 934 __FUNCTION__, atomic_read(&sk->sk_omem_alloc));
934 935
935 security_sk_free(sk); 936 security_sk_free(sk);
937 put_net(sk->sk_net);
936 if (sk->sk_prot_creator->slab != NULL) 938 if (sk->sk_prot_creator->slab != NULL)
937 kmem_cache_free(sk->sk_prot_creator->slab, sk); 939 kmem_cache_free(sk->sk_prot_creator->slab, sk);
938 else 940 else
@@ -942,7 +944,7 @@ void sk_free(struct sock *sk)
942 944
943struct sock *sk_clone(const struct sock *sk, const gfp_t priority) 945struct sock *sk_clone(const struct sock *sk, const gfp_t priority)
944{ 946{
945 struct sock *newsk = sk_alloc(sk->sk_family, priority, sk->sk_prot, 0); 947 struct sock *newsk = sk_alloc(sk->sk_net, sk->sk_family, priority, sk->sk_prot, 0);
946 948
947 if (newsk != NULL) { 949 if (newsk != NULL) {
948 struct sk_filter *filter; 950 struct sk_filter *filter;