aboutsummaryrefslogtreecommitdiffstats
path: root/net/netlabel
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2006-12-05 09:37:56 -0500
committerDavid Howells <dhowells@warthog.cambridge.redhat.com>2006-12-05 09:37:56 -0500
commit4c1ac1b49122b805adfa4efc620592f68dccf5db (patch)
tree87557f4bc2fd4fe65b7570489c2f610c45c0adcd /net/netlabel
parentc4028958b6ecad064b1a6303a6a5906d4fe48d73 (diff)
parentd916faace3efc0bf19fe9a615a1ab8fa1a24cd93 (diff)
Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6
Conflicts: drivers/infiniband/core/iwcm.c drivers/net/chelsio/cxgb2.c drivers/net/wireless/bcm43xx/bcm43xx_main.c drivers/net/wireless/prism54/islpci_eth.c drivers/usb/core/hub.h drivers/usb/input/hid-core.c net/core/netpoll.c Fix up merge failures with Linus's head and fix new compilation failures. Signed-Off-By: David Howells <dhowells@redhat.com>
Diffstat (limited to 'net/netlabel')
-rw-r--r--net/netlabel/netlabel_cipso_v4.c47
-rw-r--r--net/netlabel/netlabel_domainhash.c48
-rw-r--r--net/netlabel/netlabel_kapi.c212
-rw-r--r--net/netlabel/netlabel_mgmt.c42
-rw-r--r--net/netlabel/netlabel_unlabeled.c48
-rw-r--r--net/netlabel/netlabel_user.c7
-rw-r--r--net/netlabel/netlabel_user.h31
7 files changed, 303 insertions, 132 deletions
diff --git a/net/netlabel/netlabel_cipso_v4.c b/net/netlabel/netlabel_cipso_v4.c
index a6ce1d6d5c59..743b05734a49 100644
--- a/net/netlabel/netlabel_cipso_v4.c
+++ b/net/netlabel/netlabel_cipso_v4.c
@@ -407,12 +407,14 @@ static int netlbl_cipsov4_add(struct sk_buff *skb, struct genl_info *info)
407 407
408 audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_ADD, 408 audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_ADD,
409 &audit_info); 409 &audit_info);
410 audit_log_format(audit_buf, 410 if (audit_buf != NULL) {
411 " cipso_doi=%u cipso_type=%s res=%u", 411 audit_log_format(audit_buf,
412 doi, 412 " cipso_doi=%u cipso_type=%s res=%u",
413 type_str, 413 doi,
414 ret_val == 0 ? 1 : 0); 414 type_str,
415 audit_log_end(audit_buf); 415 ret_val == 0 ? 1 : 0);
416 audit_log_end(audit_buf);
417 }
416 418
417 return ret_val; 419 return ret_val;
418} 420}
@@ -452,17 +454,13 @@ static int netlbl_cipsov4_list(struct sk_buff *skb, struct genl_info *info)
452 } 454 }
453 455
454list_start: 456list_start:
455 ans_skb = nlmsg_new(NLMSG_GOODSIZE * nlsze_mult, GFP_KERNEL); 457 ans_skb = nlmsg_new(NLMSG_DEFAULT_SIZE * nlsze_mult, GFP_KERNEL);
456 if (ans_skb == NULL) { 458 if (ans_skb == NULL) {
457 ret_val = -ENOMEM; 459 ret_val = -ENOMEM;
458 goto list_failure; 460 goto list_failure;
459 } 461 }
460 data = netlbl_netlink_hdr_put(ans_skb, 462 data = genlmsg_put_reply(ans_skb, info, &netlbl_cipsov4_gnl_family,
461 info->snd_pid, 463 0, NLBL_CIPSOV4_C_LIST);
462 info->snd_seq,
463 netlbl_cipsov4_gnl_family.id,
464 0,
465 NLBL_CIPSOV4_C_LIST);
466 if (data == NULL) { 464 if (data == NULL) {
467 ret_val = -ENOMEM; 465 ret_val = -ENOMEM;
468 goto list_failure; 466 goto list_failure;
@@ -568,7 +566,7 @@ list_start:
568 566
569 genlmsg_end(ans_skb, data); 567 genlmsg_end(ans_skb, data);
570 568
571 ret_val = genlmsg_unicast(ans_skb, info->snd_pid); 569 ret_val = genlmsg_reply(ans_skb, info);
572 if (ret_val != 0) 570 if (ret_val != 0)
573 goto list_failure; 571 goto list_failure;
574 572
@@ -607,12 +605,9 @@ static int netlbl_cipsov4_listall_cb(struct cipso_v4_doi *doi_def, void *arg)
607 struct netlbl_cipsov4_doiwalk_arg *cb_arg = arg; 605 struct netlbl_cipsov4_doiwalk_arg *cb_arg = arg;
608 void *data; 606 void *data;
609 607
610 data = netlbl_netlink_hdr_put(cb_arg->skb, 608 data = genlmsg_put(cb_arg->skb, NETLINK_CB(cb_arg->nl_cb->skb).pid,
611 NETLINK_CB(cb_arg->nl_cb->skb).pid, 609 cb_arg->seq, &netlbl_cipsov4_gnl_family,
612 cb_arg->seq, 610 NLM_F_MULTI, NLBL_CIPSOV4_C_LISTALL);
613 netlbl_cipsov4_gnl_family.id,
614 NLM_F_MULTI,
615 NLBL_CIPSOV4_C_LISTALL);
616 if (data == NULL) 611 if (data == NULL)
617 goto listall_cb_failure; 612 goto listall_cb_failure;
618 613
@@ -687,11 +682,13 @@ static int netlbl_cipsov4_remove(struct sk_buff *skb, struct genl_info *info)
687 682
688 audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_DEL, 683 audit_buf = netlbl_audit_start_common(AUDIT_MAC_CIPSOV4_DEL,
689 &audit_info); 684 &audit_info);
690 audit_log_format(audit_buf, 685 if (audit_buf != NULL) {
691 " cipso_doi=%u res=%u", 686 audit_log_format(audit_buf,
692 doi, 687 " cipso_doi=%u res=%u",
693 ret_val == 0 ? 1 : 0); 688 doi,
694 audit_log_end(audit_buf); 689 ret_val == 0 ? 1 : 0);
690 audit_log_end(audit_buf);
691 }
695 692
696 return ret_val; 693 return ret_val;
697} 694}
diff --git a/net/netlabel/netlabel_domainhash.c b/net/netlabel/netlabel_domainhash.c
index af4371d3b459..f46a0aeec44f 100644
--- a/net/netlabel/netlabel_domainhash.c
+++ b/net/netlabel/netlabel_domainhash.c
@@ -202,7 +202,6 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry,
202 int ret_val; 202 int ret_val;
203 u32 bkt; 203 u32 bkt;
204 struct audit_buffer *audit_buf; 204 struct audit_buffer *audit_buf;
205 char *audit_domain;
206 205
207 switch (entry->type) { 206 switch (entry->type) {
208 case NETLBL_NLTYPE_UNLABELED: 207 case NETLBL_NLTYPE_UNLABELED:
@@ -243,24 +242,24 @@ int netlbl_domhsh_add(struct netlbl_dom_map *entry,
243 } else 242 } else
244 ret_val = -EINVAL; 243 ret_val = -EINVAL;
245 244
246 if (entry->domain != NULL)
247 audit_domain = entry->domain;
248 else
249 audit_domain = "(default)";
250 audit_buf = netlbl_audit_start_common(AUDIT_MAC_MAP_ADD, audit_info); 245 audit_buf = netlbl_audit_start_common(AUDIT_MAC_MAP_ADD, audit_info);
251 audit_log_format(audit_buf, " nlbl_domain=%s", audit_domain); 246 if (audit_buf != NULL) {
252 switch (entry->type) {
253 case NETLBL_NLTYPE_UNLABELED:
254 audit_log_format(audit_buf, " nlbl_protocol=unlbl");
255 break;
256 case NETLBL_NLTYPE_CIPSOV4:
257 audit_log_format(audit_buf, 247 audit_log_format(audit_buf,
258 " nlbl_protocol=cipsov4 cipso_doi=%u", 248 " nlbl_domain=%s",
259 entry->type_def.cipsov4->doi); 249 entry->domain ? entry->domain : "(default)");
260 break; 250 switch (entry->type) {
251 case NETLBL_NLTYPE_UNLABELED:
252 audit_log_format(audit_buf, " nlbl_protocol=unlbl");
253 break;
254 case NETLBL_NLTYPE_CIPSOV4:
255 audit_log_format(audit_buf,
256 " nlbl_protocol=cipsov4 cipso_doi=%u",
257 entry->type_def.cipsov4->doi);
258 break;
259 }
260 audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0);
261 audit_log_end(audit_buf);
261 } 262 }
262 audit_log_format(audit_buf, " res=%u", ret_val == 0 ? 1 : 0);
263 audit_log_end(audit_buf);
264 263
265 rcu_read_unlock(); 264 rcu_read_unlock();
266 265
@@ -310,7 +309,6 @@ int netlbl_domhsh_remove(const char *domain, struct netlbl_audit *audit_info)
310 int ret_val = -ENOENT; 309 int ret_val = -ENOENT;
311 struct netlbl_dom_map *entry; 310 struct netlbl_dom_map *entry;
312 struct audit_buffer *audit_buf; 311 struct audit_buffer *audit_buf;
313 char *audit_domain;
314 312
315 rcu_read_lock(); 313 rcu_read_lock();
316 if (domain != NULL) 314 if (domain != NULL)
@@ -348,16 +346,14 @@ int netlbl_domhsh_remove(const char *domain, struct netlbl_audit *audit_info)
348 spin_unlock(&netlbl_domhsh_def_lock); 346 spin_unlock(&netlbl_domhsh_def_lock);
349 } 347 }
350 348
351 if (entry->domain != NULL)
352 audit_domain = entry->domain;
353 else
354 audit_domain = "(default)";
355 audit_buf = netlbl_audit_start_common(AUDIT_MAC_MAP_DEL, audit_info); 349 audit_buf = netlbl_audit_start_common(AUDIT_MAC_MAP_DEL, audit_info);
356 audit_log_format(audit_buf, 350 if (audit_buf != NULL) {
357 " nlbl_domain=%s res=%u", 351 audit_log_format(audit_buf,
358 audit_domain, 352 " nlbl_domain=%s res=%u",
359 ret_val == 0 ? 1 : 0); 353 entry->domain ? entry->domain : "(default)",
360 audit_log_end(audit_buf); 354 ret_val == 0 ? 1 : 0);
355 audit_log_end(audit_buf);
356 }
361 357
362 if (ret_val == 0) 358 if (ret_val == 0)
363 call_rcu(&entry->rcu, netlbl_domhsh_free_entry); 359 call_rcu(&entry->rcu, netlbl_domhsh_free_entry);
diff --git a/net/netlabel/netlabel_kapi.c b/net/netlabel/netlabel_kapi.c
index ff971103fd0c..e03a3282c551 100644
--- a/net/netlabel/netlabel_kapi.c
+++ b/net/netlabel/netlabel_kapi.c
@@ -40,6 +40,207 @@
40#include "netlabel_user.h" 40#include "netlabel_user.h"
41 41
42/* 42/*
43 * Security Attribute Functions
44 */
45
46/**
47 * netlbl_secattr_catmap_walk - Walk a LSM secattr catmap looking for a bit
48 * @catmap: the category bitmap
49 * @offset: the offset to start searching at, in bits
50 *
51 * Description:
52 * This function walks a LSM secattr category bitmap starting at @offset and
53 * returns the spot of the first set bit or -ENOENT if no bits are set.
54 *
55 */
56int netlbl_secattr_catmap_walk(struct netlbl_lsm_secattr_catmap *catmap,
57 u32 offset)
58{
59 struct netlbl_lsm_secattr_catmap *iter = catmap;
60 u32 node_idx;
61 u32 node_bit;
62 NETLBL_CATMAP_MAPTYPE bitmap;
63
64 if (offset > iter->startbit) {
65 while (offset >= (iter->startbit + NETLBL_CATMAP_SIZE)) {
66 iter = iter->next;
67 if (iter == NULL)
68 return -ENOENT;
69 }
70 node_idx = (offset - iter->startbit) / NETLBL_CATMAP_MAPSIZE;
71 node_bit = offset - iter->startbit -
72 (NETLBL_CATMAP_MAPSIZE * node_idx);
73 } else {
74 node_idx = 0;
75 node_bit = 0;
76 }
77 bitmap = iter->bitmap[node_idx] >> node_bit;
78
79 for (;;) {
80 if (bitmap != 0) {
81 while ((bitmap & NETLBL_CATMAP_BIT) == 0) {
82 bitmap >>= 1;
83 node_bit++;
84 }
85 return iter->startbit +
86 (NETLBL_CATMAP_MAPSIZE * node_idx) + node_bit;
87 }
88 if (++node_idx >= NETLBL_CATMAP_MAPCNT) {
89 if (iter->next != NULL) {
90 iter = iter->next;
91 node_idx = 0;
92 } else
93 return -ENOENT;
94 }
95 bitmap = iter->bitmap[node_idx];
96 node_bit = 0;
97 }
98
99 return -ENOENT;
100}
101
102/**
103 * netlbl_secattr_catmap_walk_rng - Find the end of a string of set bits
104 * @catmap: the category bitmap
105 * @offset: the offset to start searching at, in bits
106 *
107 * Description:
108 * This function walks a LSM secattr category bitmap starting at @offset and
109 * returns the spot of the first cleared bit or -ENOENT if the offset is past
110 * the end of the bitmap.
111 *
112 */
113int netlbl_secattr_catmap_walk_rng(struct netlbl_lsm_secattr_catmap *catmap,
114 u32 offset)
115{
116 struct netlbl_lsm_secattr_catmap *iter = catmap;
117 u32 node_idx;
118 u32 node_bit;
119 NETLBL_CATMAP_MAPTYPE bitmask;
120 NETLBL_CATMAP_MAPTYPE bitmap;
121
122 if (offset > iter->startbit) {
123 while (offset >= (iter->startbit + NETLBL_CATMAP_SIZE)) {
124 iter = iter->next;
125 if (iter == NULL)
126 return -ENOENT;
127 }
128 node_idx = (offset - iter->startbit) / NETLBL_CATMAP_MAPSIZE;
129 node_bit = offset - iter->startbit -
130 (NETLBL_CATMAP_MAPSIZE * node_idx);
131 } else {
132 node_idx = 0;
133 node_bit = 0;
134 }
135 bitmask = NETLBL_CATMAP_BIT << node_bit;
136
137 for (;;) {
138 bitmap = iter->bitmap[node_idx];
139 while (bitmask != 0 && (bitmap & bitmask) != 0) {
140 bitmask <<= 1;
141 node_bit++;
142 }
143
144 if (bitmask != 0)
145 return iter->startbit +
146 (NETLBL_CATMAP_MAPSIZE * node_idx) +
147 node_bit - 1;
148 else if (++node_idx >= NETLBL_CATMAP_MAPCNT) {
149 if (iter->next == NULL)
150 return iter->startbit + NETLBL_CATMAP_SIZE - 1;
151 iter = iter->next;
152 node_idx = 0;
153 }
154 bitmask = NETLBL_CATMAP_BIT;
155 node_bit = 0;
156 }
157
158 return -ENOENT;
159}
160
161/**
162 * netlbl_secattr_catmap_setbit - Set a bit in a LSM secattr catmap
163 * @catmap: the category bitmap
164 * @bit: the bit to set
165 * @flags: memory allocation flags
166 *
167 * Description:
168 * Set the bit specified by @bit in @catmap. Returns zero on success,
169 * negative values on failure.
170 *
171 */
172int netlbl_secattr_catmap_setbit(struct netlbl_lsm_secattr_catmap *catmap,
173 u32 bit,
174 gfp_t flags)
175{
176 struct netlbl_lsm_secattr_catmap *iter = catmap;
177 u32 node_bit;
178 u32 node_idx;
179
180 while (iter->next != NULL &&
181 bit >= (iter->startbit + NETLBL_CATMAP_SIZE))
182 iter = iter->next;
183 if (bit >= (iter->startbit + NETLBL_CATMAP_SIZE)) {
184 iter->next = netlbl_secattr_catmap_alloc(flags);
185 if (iter->next == NULL)
186 return -ENOMEM;
187 iter = iter->next;
188 iter->startbit = bit & ~(NETLBL_CATMAP_SIZE - 1);
189 }
190
191 /* gcc always rounds to zero when doing integer division */
192 node_idx = (bit - iter->startbit) / NETLBL_CATMAP_MAPSIZE;
193 node_bit = bit - iter->startbit - (NETLBL_CATMAP_MAPSIZE * node_idx);
194 iter->bitmap[node_idx] |= NETLBL_CATMAP_BIT << node_bit;
195
196 return 0;
197}
198
199/**
200 * netlbl_secattr_catmap_setrng - Set a range of bits in a LSM secattr catmap
201 * @catmap: the category bitmap
202 * @start: the starting bit
203 * @end: the last bit in the string
204 * @flags: memory allocation flags
205 *
206 * Description:
207 * Set a range of bits, starting at @start and ending with @end. Returns zero
208 * on success, negative values on failure.
209 *
210 */
211int netlbl_secattr_catmap_setrng(struct netlbl_lsm_secattr_catmap *catmap,
212 u32 start,
213 u32 end,
214 gfp_t flags)
215{
216 int ret_val = 0;
217 struct netlbl_lsm_secattr_catmap *iter = catmap;
218 u32 iter_max_spot;
219 u32 spot;
220
221 /* XXX - This could probably be made a bit faster by combining writes
222 * to the catmap instead of setting a single bit each time, but for
223 * right now skipping to the start of the range in the catmap should
224 * be a nice improvement over calling the individual setbit function
225 * repeatedly from a loop. */
226
227 while (iter->next != NULL &&
228 start >= (iter->startbit + NETLBL_CATMAP_SIZE))
229 iter = iter->next;
230 iter_max_spot = iter->startbit + NETLBL_CATMAP_SIZE;
231
232 for (spot = start; spot <= end && ret_val == 0; spot++) {
233 if (spot >= iter_max_spot && iter->next != NULL) {
234 iter = iter->next;
235 iter_max_spot = iter->startbit + NETLBL_CATMAP_SIZE;
236 }
237 ret_val = netlbl_secattr_catmap_setbit(iter, spot, GFP_ATOMIC);
238 }
239
240 return ret_val;
241}
242
243/*
43 * LSM Functions 244 * LSM Functions
44 */ 245 */
45 246
@@ -62,6 +263,9 @@ int netlbl_socket_setattr(const struct socket *sock,
62 int ret_val = -ENOENT; 263 int ret_val = -ENOENT;
63 struct netlbl_dom_map *dom_entry; 264 struct netlbl_dom_map *dom_entry;
64 265
266 if ((secattr->flags & NETLBL_SECATTR_DOMAIN) == 0)
267 return -ENOENT;
268
65 rcu_read_lock(); 269 rcu_read_lock();
66 dom_entry = netlbl_domhsh_getentry(secattr->domain); 270 dom_entry = netlbl_domhsh_getentry(secattr->domain);
67 if (dom_entry == NULL) 271 if (dom_entry == NULL)
@@ -146,10 +350,8 @@ int netlbl_socket_getattr(const struct socket *sock,
146int netlbl_skbuff_getattr(const struct sk_buff *skb, 350int netlbl_skbuff_getattr(const struct sk_buff *skb,
147 struct netlbl_lsm_secattr *secattr) 351 struct netlbl_lsm_secattr *secattr)
148{ 352{
149 int ret_val; 353 if (CIPSO_V4_OPTEXIST(skb) &&
150 354 cipso_v4_skbuff_getattr(skb, secattr) == 0)
151 ret_val = cipso_v4_skbuff_getattr(skb, secattr);
152 if (ret_val == 0)
153 return 0; 355 return 0;
154 356
155 return netlbl_unlabel_getattr(secattr); 357 return netlbl_unlabel_getattr(secattr);
@@ -200,7 +402,7 @@ void netlbl_cache_invalidate(void)
200int netlbl_cache_add(const struct sk_buff *skb, 402int netlbl_cache_add(const struct sk_buff *skb,
201 const struct netlbl_lsm_secattr *secattr) 403 const struct netlbl_lsm_secattr *secattr)
202{ 404{
203 if (secattr->cache == NULL) 405 if ((secattr->flags & NETLBL_SECATTR_CACHE) == 0)
204 return -ENOMSG; 406 return -ENOMSG;
205 407
206 if (CIPSO_V4_OPTEXIST(skb)) 408 if (CIPSO_V4_OPTEXIST(skb))
diff --git a/net/netlabel/netlabel_mgmt.c b/net/netlabel/netlabel_mgmt.c
index 53c9079ad2c3..e8c80f33f3d7 100644
--- a/net/netlabel/netlabel_mgmt.c
+++ b/net/netlabel/netlabel_mgmt.c
@@ -188,12 +188,9 @@ static int netlbl_mgmt_listall_cb(struct netlbl_dom_map *entry, void *arg)
188 struct netlbl_domhsh_walk_arg *cb_arg = arg; 188 struct netlbl_domhsh_walk_arg *cb_arg = arg;
189 void *data; 189 void *data;
190 190
191 data = netlbl_netlink_hdr_put(cb_arg->skb, 191 data = genlmsg_put(cb_arg->skb, NETLINK_CB(cb_arg->nl_cb->skb).pid,
192 NETLINK_CB(cb_arg->nl_cb->skb).pid, 192 cb_arg->seq, &netlbl_mgmt_gnl_family,
193 cb_arg->seq, 193 NLM_F_MULTI, NLBL_MGMT_C_LISTALL);
194 netlbl_mgmt_gnl_family.id,
195 NLM_F_MULTI,
196 NLBL_MGMT_C_LISTALL);
197 if (data == NULL) 194 if (data == NULL)
198 goto listall_cb_failure; 195 goto listall_cb_failure;
199 196
@@ -356,15 +353,11 @@ static int netlbl_mgmt_listdef(struct sk_buff *skb, struct genl_info *info)
356 void *data; 353 void *data;
357 struct netlbl_dom_map *entry; 354 struct netlbl_dom_map *entry;
358 355
359 ans_skb = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL); 356 ans_skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
360 if (ans_skb == NULL) 357 if (ans_skb == NULL)
361 return -ENOMEM; 358 return -ENOMEM;
362 data = netlbl_netlink_hdr_put(ans_skb, 359 data = genlmsg_put_reply(ans_skb, info, &netlbl_mgmt_gnl_family,
363 info->snd_pid, 360 0, NLBL_MGMT_C_LISTDEF);
364 info->snd_seq,
365 netlbl_mgmt_gnl_family.id,
366 0,
367 NLBL_MGMT_C_LISTDEF);
368 if (data == NULL) 361 if (data == NULL)
369 goto listdef_failure; 362 goto listdef_failure;
370 363
@@ -390,7 +383,7 @@ static int netlbl_mgmt_listdef(struct sk_buff *skb, struct genl_info *info)
390 383
391 genlmsg_end(ans_skb, data); 384 genlmsg_end(ans_skb, data);
392 385
393 ret_val = genlmsg_unicast(ans_skb, info->snd_pid); 386 ret_val = genlmsg_reply(ans_skb, info);
394 if (ret_val != 0) 387 if (ret_val != 0)
395 goto listdef_failure; 388 goto listdef_failure;
396 return 0; 389 return 0;
@@ -422,12 +415,9 @@ static int netlbl_mgmt_protocols_cb(struct sk_buff *skb,
422 int ret_val = -ENOMEM; 415 int ret_val = -ENOMEM;
423 void *data; 416 void *data;
424 417
425 data = netlbl_netlink_hdr_put(skb, 418 data = genlmsg_put(skb, NETLINK_CB(cb->skb).pid, cb->nlh->nlmsg_seq,
426 NETLINK_CB(cb->skb).pid, 419 &netlbl_mgmt_gnl_family, NLM_F_MULTI,
427 cb->nlh->nlmsg_seq, 420 NLBL_MGMT_C_PROTOCOLS);
428 netlbl_mgmt_gnl_family.id,
429 NLM_F_MULTI,
430 NLBL_MGMT_C_PROTOCOLS);
431 if (data == NULL) 421 if (data == NULL)
432 goto protocols_cb_failure; 422 goto protocols_cb_failure;
433 423
@@ -492,15 +482,11 @@ static int netlbl_mgmt_version(struct sk_buff *skb, struct genl_info *info)
492 struct sk_buff *ans_skb = NULL; 482 struct sk_buff *ans_skb = NULL;
493 void *data; 483 void *data;
494 484
495 ans_skb = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL); 485 ans_skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
496 if (ans_skb == NULL) 486 if (ans_skb == NULL)
497 return -ENOMEM; 487 return -ENOMEM;
498 data = netlbl_netlink_hdr_put(ans_skb, 488 data = genlmsg_put_reply(ans_skb, info, &netlbl_mgmt_gnl_family,
499 info->snd_pid, 489 0, NLBL_MGMT_C_VERSION);
500 info->snd_seq,
501 netlbl_mgmt_gnl_family.id,
502 0,
503 NLBL_MGMT_C_VERSION);
504 if (data == NULL) 490 if (data == NULL)
505 goto version_failure; 491 goto version_failure;
506 492
@@ -512,7 +498,7 @@ static int netlbl_mgmt_version(struct sk_buff *skb, struct genl_info *info)
512 498
513 genlmsg_end(ans_skb, data); 499 genlmsg_end(ans_skb, data);
514 500
515 ret_val = genlmsg_unicast(ans_skb, info->snd_pid); 501 ret_val = genlmsg_reply(ans_skb, info);
516 if (ret_val != 0) 502 if (ret_val != 0)
517 goto version_failure; 503 goto version_failure;
518 return 0; 504 return 0;
diff --git a/net/netlabel/netlabel_unlabeled.c b/net/netlabel/netlabel_unlabeled.c
index 1833ad233b39..5bc37181662e 100644
--- a/net/netlabel/netlabel_unlabeled.c
+++ b/net/netlabel/netlabel_unlabeled.c
@@ -35,6 +35,7 @@
35#include <linux/socket.h> 35#include <linux/socket.h>
36#include <linux/string.h> 36#include <linux/string.h>
37#include <linux/skbuff.h> 37#include <linux/skbuff.h>
38#include <linux/audit.h>
38#include <net/sock.h> 39#include <net/sock.h>
39#include <net/netlink.h> 40#include <net/netlink.h>
40#include <net/genetlink.h> 41#include <net/genetlink.h>
@@ -47,7 +48,8 @@
47#include "netlabel_unlabeled.h" 48#include "netlabel_unlabeled.h"
48 49
49/* Accept unlabeled packets flag */ 50/* Accept unlabeled packets flag */
50static atomic_t netlabel_unlabel_accept_flg = ATOMIC_INIT(0); 51static DEFINE_SPINLOCK(netlabel_unlabel_acceptflg_lock);
52static u8 netlabel_unlabel_acceptflg = 0;
51 53
52/* NetLabel Generic NETLINK CIPSOv4 family */ 54/* NetLabel Generic NETLINK CIPSOv4 family */
53static struct genl_family netlbl_unlabel_gnl_family = { 55static struct genl_family netlbl_unlabel_gnl_family = {
@@ -82,13 +84,20 @@ static void netlbl_unlabel_acceptflg_set(u8 value,
82 struct audit_buffer *audit_buf; 84 struct audit_buffer *audit_buf;
83 u8 old_val; 85 u8 old_val;
84 86
85 old_val = atomic_read(&netlabel_unlabel_accept_flg); 87 rcu_read_lock();
86 atomic_set(&netlabel_unlabel_accept_flg, value); 88 old_val = netlabel_unlabel_acceptflg;
89 spin_lock(&netlabel_unlabel_acceptflg_lock);
90 netlabel_unlabel_acceptflg = value;
91 spin_unlock(&netlabel_unlabel_acceptflg_lock);
92 rcu_read_unlock();
87 93
88 audit_buf = netlbl_audit_start_common(AUDIT_MAC_UNLBL_ALLOW, 94 audit_buf = netlbl_audit_start_common(AUDIT_MAC_UNLBL_ALLOW,
89 audit_info); 95 audit_info);
90 audit_log_format(audit_buf, " unlbl_accept=%u old=%u", value, old_val); 96 if (audit_buf != NULL) {
91 audit_log_end(audit_buf); 97 audit_log_format(audit_buf,
98 " unlbl_accept=%u old=%u", value, old_val);
99 audit_log_end(audit_buf);
100 }
92} 101}
93 102
94/* 103/*
@@ -138,29 +147,27 @@ static int netlbl_unlabel_list(struct sk_buff *skb, struct genl_info *info)
138 struct sk_buff *ans_skb; 147 struct sk_buff *ans_skb;
139 void *data; 148 void *data;
140 149
141 ans_skb = nlmsg_new(NLMSG_GOODSIZE, GFP_KERNEL); 150 ans_skb = nlmsg_new(NLMSG_DEFAULT_SIZE, GFP_KERNEL);
142 if (ans_skb == NULL) 151 if (ans_skb == NULL)
143 goto list_failure; 152 goto list_failure;
144 data = netlbl_netlink_hdr_put(ans_skb, 153 data = genlmsg_put_reply(ans_skb, info, &netlbl_unlabel_gnl_family,
145 info->snd_pid, 154 0, NLBL_UNLABEL_C_LIST);
146 info->snd_seq,
147 netlbl_unlabel_gnl_family.id,
148 0,
149 NLBL_UNLABEL_C_LIST);
150 if (data == NULL) { 155 if (data == NULL) {
151 ret_val = -ENOMEM; 156 ret_val = -ENOMEM;
152 goto list_failure; 157 goto list_failure;
153 } 158 }
154 159
160 rcu_read_lock();
155 ret_val = nla_put_u8(ans_skb, 161 ret_val = nla_put_u8(ans_skb,
156 NLBL_UNLABEL_A_ACPTFLG, 162 NLBL_UNLABEL_A_ACPTFLG,
157 atomic_read(&netlabel_unlabel_accept_flg)); 163 netlabel_unlabel_acceptflg);
164 rcu_read_unlock();
158 if (ret_val != 0) 165 if (ret_val != 0)
159 goto list_failure; 166 goto list_failure;
160 167
161 genlmsg_end(ans_skb, data); 168 genlmsg_end(ans_skb, data);
162 169
163 ret_val = genlmsg_unicast(ans_skb, info->snd_pid); 170 ret_val = genlmsg_reply(ans_skb, info);
164 if (ret_val != 0) 171 if (ret_val != 0)
165 goto list_failure; 172 goto list_failure;
166 return 0; 173 return 0;
@@ -240,10 +247,17 @@ int netlbl_unlabel_genl_init(void)
240 */ 247 */
241int netlbl_unlabel_getattr(struct netlbl_lsm_secattr *secattr) 248int netlbl_unlabel_getattr(struct netlbl_lsm_secattr *secattr)
242{ 249{
243 if (atomic_read(&netlabel_unlabel_accept_flg) == 1) 250 int ret_val;
244 return netlbl_secattr_init(secattr);
245 251
246 return -ENOMSG; 252 rcu_read_lock();
253 if (netlabel_unlabel_acceptflg == 1) {
254 netlbl_secattr_init(secattr);
255 ret_val = 0;
256 } else
257 ret_val = -ENOMSG;
258 rcu_read_unlock();
259
260 return ret_val;
247} 261}
248 262
249/** 263/**
diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c
index 98a416381e61..42f12bd65964 100644
--- a/net/netlabel/netlabel_user.c
+++ b/net/netlabel/netlabel_user.c
@@ -46,6 +46,10 @@
46#include "netlabel_cipso_v4.h" 46#include "netlabel_cipso_v4.h"
47#include "netlabel_user.h" 47#include "netlabel_user.h"
48 48
49/* do not do any auditing if audit_enabled == 0, see kernel/audit.c for
50 * details */
51extern int audit_enabled;
52
49/* 53/*
50 * NetLabel NETLINK Setup Functions 54 * NetLabel NETLINK Setup Functions
51 */ 55 */
@@ -101,6 +105,9 @@ struct audit_buffer *netlbl_audit_start_common(int type,
101 char *secctx; 105 char *secctx;
102 u32 secctx_len; 106 u32 secctx_len;
103 107
108 if (audit_enabled == 0)
109 return NULL;
110
104 audit_buf = audit_log_start(audit_ctx, GFP_ATOMIC, type); 111 audit_buf = audit_log_start(audit_ctx, GFP_ATOMIC, type);
105 if (audit_buf == NULL) 112 if (audit_buf == NULL)
106 return NULL; 113 return NULL;
diff --git a/net/netlabel/netlabel_user.h b/net/netlabel/netlabel_user.h
index 47967ef32964..6d7f4ab46c2b 100644
--- a/net/netlabel/netlabel_user.h
+++ b/net/netlabel/netlabel_user.h
@@ -42,37 +42,6 @@
42/* NetLabel NETLINK helper functions */ 42/* NetLabel NETLINK helper functions */
43 43
44/** 44/**
45 * netlbl_netlink_hdr_put - Write the NETLINK buffers into a sk_buff
46 * @skb: the packet
47 * @pid: the PID of the receipient
48 * @seq: the sequence number
49 * @type: the generic NETLINK message family type
50 * @cmd: command
51 *
52 * Description:
53 * Write both a NETLINK nlmsghdr structure and a Generic NETLINK genlmsghdr
54 * struct to the packet. Returns a pointer to the start of the payload buffer
55 * on success or NULL on failure.
56 *
57 */
58static inline void *netlbl_netlink_hdr_put(struct sk_buff *skb,
59 u32 pid,
60 u32 seq,
61 int type,
62 int flags,
63 u8 cmd)
64{
65 return genlmsg_put(skb,
66 pid,
67 seq,
68 type,
69 0,
70 flags,
71 cmd,
72 NETLBL_PROTO_VERSION);
73}
74
75/**
76 * netlbl_netlink_auditinfo - Fetch the audit information from a NETLINK msg 45 * netlbl_netlink_auditinfo - Fetch the audit information from a NETLINK msg
77 * @skb: the packet 46 * @skb: the packet
78 * @audit_info: NetLabel audit information 47 * @audit_info: NetLabel audit information
generated by cgit v1.2.2 (git 2.25.0) at 2025-08-29 14:03:52 -0400