diff options
| author | Eric W. Biederman <ebiederm@xmission.com> | 2007-10-09 02:24:22 -0400 |
|---|---|---|
| committer | David S. Miller <davem@sunset.davemloft.net> | 2007-10-10 19:49:07 -0400 |
| commit | 1b8d7ae42d02e483ad94035cca851e4f7fbecb40 (patch) | |
| tree | 81f8cc0ee49ef99cc67dfed3dc7b7ecb510abf8b /net/decnet | |
| parent | 457c4cbc5a3dde259d2a1f15d5f9785290397267 (diff) | |
[NET]: Make socket creation namespace safe.
This patch passes in the namespace a new socket should be created in
and has the socket code do the appropriate reference counting. By
virtue of this all socket create methods are touched. In addition
the socket create methods are modified so that they will fail if
you attempt to create a socket in a non-default network namespace.
Failing if we attempt to create a socket outside of the default
network namespace ensures that as we incrementally make the network stack
network namespace aware we will not export functionality that someone
has not audited and made certain is network namespace safe.
Allowing us to partially enable network namespaces before all of the
exotic protocols are supported.
Any protocol layers I have missed will fail to compile because I now
pass an extra parameter into the socket creation code.
[ Integrated AF_IUCV build fixes from Andrew Morton... -DaveM ]
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/decnet')
| -rw-r--r-- | net/decnet/af_decnet.c | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/net/decnet/af_decnet.c b/net/decnet/af_decnet.c index 625d5955b8e2..aca4c4930eb6 100644 --- a/net/decnet/af_decnet.c +++ b/net/decnet/af_decnet.c | |||
| @@ -471,10 +471,10 @@ static struct proto dn_proto = { | |||
| 471 | .obj_size = sizeof(struct dn_sock), | 471 | .obj_size = sizeof(struct dn_sock), |
| 472 | }; | 472 | }; |
| 473 | 473 | ||
| 474 | static struct sock *dn_alloc_sock(struct socket *sock, gfp_t gfp) | 474 | static struct sock *dn_alloc_sock(struct net *net, struct socket *sock, gfp_t gfp) |
| 475 | { | 475 | { |
| 476 | struct dn_scp *scp; | 476 | struct dn_scp *scp; |
| 477 | struct sock *sk = sk_alloc(PF_DECnet, gfp, &dn_proto, 1); | 477 | struct sock *sk = sk_alloc(net, PF_DECnet, gfp, &dn_proto, 1); |
| 478 | 478 | ||
| 479 | if (!sk) | 479 | if (!sk) |
| 480 | goto out; | 480 | goto out; |
| @@ -675,10 +675,13 @@ char *dn_addr2asc(__u16 addr, char *buf) | |||
| 675 | 675 | ||
| 676 | 676 | ||
| 677 | 677 | ||
| 678 | static int dn_create(struct socket *sock, int protocol) | 678 | static int dn_create(struct net *net, struct socket *sock, int protocol) |
| 679 | { | 679 | { |
| 680 | struct sock *sk; | 680 | struct sock *sk; |
| 681 | 681 | ||
| 682 | if (net != &init_net) | ||
| 683 | return -EAFNOSUPPORT; | ||
| 684 | |||
| 682 | switch(sock->type) { | 685 | switch(sock->type) { |
| 683 | case SOCK_SEQPACKET: | 686 | case SOCK_SEQPACKET: |
| 684 | if (protocol != DNPROTO_NSP) | 687 | if (protocol != DNPROTO_NSP) |
| @@ -691,7 +694,7 @@ static int dn_create(struct socket *sock, int protocol) | |||
| 691 | } | 694 | } |
| 692 | 695 | ||
| 693 | 696 | ||
| 694 | if ((sk = dn_alloc_sock(sock, GFP_KERNEL)) == NULL) | 697 | if ((sk = dn_alloc_sock(net, sock, GFP_KERNEL)) == NULL) |
| 695 | return -ENOBUFS; | 698 | return -ENOBUFS; |
| 696 | 699 | ||
| 697 | sk->sk_protocol = protocol; | 700 | sk->sk_protocol = protocol; |
| @@ -1091,7 +1094,7 @@ static int dn_accept(struct socket *sock, struct socket *newsock, int flags) | |||
| 1091 | 1094 | ||
| 1092 | cb = DN_SKB_CB(skb); | 1095 | cb = DN_SKB_CB(skb); |
| 1093 | sk->sk_ack_backlog--; | 1096 | sk->sk_ack_backlog--; |
| 1094 | newsk = dn_alloc_sock(newsock, sk->sk_allocation); | 1097 | newsk = dn_alloc_sock(sk->sk_net, newsock, sk->sk_allocation); |
| 1095 | if (newsk == NULL) { | 1098 | if (newsk == NULL) { |
| 1096 | release_sock(sk); | 1099 | release_sock(sk); |
| 1097 | kfree_skb(skb); | 1100 | kfree_skb(skb); |