aboutsummaryrefslogtreecommitdiffstats
path: root/net/netlink
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2007-10-09 02:24:22 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2007-10-10 19:49:07 -0400
commit1b8d7ae42d02e483ad94035cca851e4f7fbecb40 (patch)
tree81f8cc0ee49ef99cc67dfed3dc7b7ecb510abf8b /net/netlink
parent457c4cbc5a3dde259d2a1f15d5f9785290397267 (diff)
[NET]: Make socket creation namespace safe.
This patch passes in the namespace a new socket should be created in and has the socket code do the appropriate reference counting. By virtue of this all socket create methods are touched. In addition the socket create methods are modified so that they will fail if you attempt to create a socket in a non-default network namespace. Failing if we attempt to create a socket outside of the default network namespace ensures that as we incrementally make the network stack network namespace aware we will not export functionality that someone has not audited and made certain is network namespace safe. Allowing us to partially enable network namespaces before all of the exotic protocols are supported. Any protocol layers I have missed will fail to compile because I now pass an extra parameter into the socket creation code. [ Integrated AF_IUCV build fixes from Andrew Morton... -DaveM ] Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/netlink')
-rw-r--r--net/netlink/af_netlink.c15
1 files changed, 9 insertions, 6 deletions
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 3982f13dab17..406a493300d8 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -384,15 +384,15 @@ static struct proto netlink_proto = {
384 .obj_size = sizeof(struct netlink_sock), 384 .obj_size = sizeof(struct netlink_sock),
385}; 385};
386 386
387static int __netlink_create(struct socket *sock, struct mutex *cb_mutex, 387static int __netlink_create(struct net *net, struct socket *sock,
388 int protocol) 388 struct mutex *cb_mutex, int protocol)
389{ 389{
390 struct sock *sk; 390 struct sock *sk;
391 struct netlink_sock *nlk; 391 struct netlink_sock *nlk;
392 392
393 sock->ops = &netlink_ops; 393 sock->ops = &netlink_ops;
394 394
395 sk = sk_alloc(PF_NETLINK, GFP_KERNEL, &netlink_proto, 1); 395 sk = sk_alloc(net, PF_NETLINK, GFP_KERNEL, &netlink_proto, 1);
396 if (!sk) 396 if (!sk)
397 return -ENOMEM; 397 return -ENOMEM;
398 398
@@ -412,13 +412,16 @@ static int __netlink_create(struct socket *sock, struct mutex *cb_mutex,
412 return 0; 412 return 0;
413} 413}
414 414
415static int netlink_create(struct socket *sock, int protocol) 415static int netlink_create(struct net *net, struct socket *sock, int protocol)
416{ 416{
417 struct module *module = NULL; 417 struct module *module = NULL;
418 struct mutex *cb_mutex; 418 struct mutex *cb_mutex;
419 struct netlink_sock *nlk; 419 struct netlink_sock *nlk;
420 int err = 0; 420 int err = 0;
421 421
422 if (net != &init_net)
423 return -EAFNOSUPPORT;
424
422 sock->state = SS_UNCONNECTED; 425 sock->state = SS_UNCONNECTED;
423 426
424 if (sock->type != SOCK_RAW && sock->type != SOCK_DGRAM) 427 if (sock->type != SOCK_RAW && sock->type != SOCK_DGRAM)
@@ -441,7 +444,7 @@ static int netlink_create(struct socket *sock, int protocol)
441 cb_mutex = nl_table[protocol].cb_mutex; 444 cb_mutex = nl_table[protocol].cb_mutex;
442 netlink_unlock_table(); 445 netlink_unlock_table();
443 446
444 if ((err = __netlink_create(sock, cb_mutex, protocol)) < 0) 447 if ((err = __netlink_create(net, sock, cb_mutex, protocol)) < 0)
445 goto out_module; 448 goto out_module;
446 449
447 nlk = nlk_sk(sock->sk); 450 nlk = nlk_sk(sock->sk);
@@ -1318,7 +1321,7 @@ netlink_kernel_create(int unit, unsigned int groups,
1318 if (sock_create_lite(PF_NETLINK, SOCK_DGRAM, unit, &sock)) 1321 if (sock_create_lite(PF_NETLINK, SOCK_DGRAM, unit, &sock))
1319 return NULL; 1322 return NULL;
1320 1323
1321 if (__netlink_create(sock, cb_mutex, unit) < 0) 1324 if (__netlink_create(&init_net, sock, cb_mutex, unit) < 0)
1322 goto out_sock_release; 1325 goto out_sock_release;
1323 1326
1324 if (groups < 32) 1327 if (groups < 32)