aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
authorEric W. Biederman <ebiederm@xmission.com>2007-10-09 02:24:22 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2007-10-10 19:49:07 -0400
commit1b8d7ae42d02e483ad94035cca851e4f7fbecb40 (patch)
tree81f8cc0ee49ef99cc67dfed3dc7b7ecb510abf8b /net
parent457c4cbc5a3dde259d2a1f15d5f9785290397267 (diff)
[NET]: Make socket creation namespace safe.
This patch passes in the namespace a new socket should be created in and has the socket code do the appropriate reference counting. By virtue of this all socket create methods are touched. In addition the socket create methods are modified so that they will fail if you attempt to create a socket in a non-default network namespace. Failing if we attempt to create a socket outside of the default network namespace ensures that as we incrementally make the network stack network namespace aware we will not export functionality that someone has not audited and made certain is network namespace safe. Allowing us to partially enable network namespaces before all of the exotic protocols are supported. Any protocol layers I have missed will fail to compile because I now pass an extra parameter into the socket creation code. [ Integrated AF_IUCV build fixes from Andrew Morton... -DaveM ] Signed-off-by: Eric W. Biederman <ebiederm@xmission.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net')
-rw-r--r--net/appletalk/ddp.c7
-rw-r--r--net/atm/common.c4
-rw-r--r--net/atm/common.h2
-rw-r--r--net/atm/pvc.c7
-rw-r--r--net/atm/svc.c11
-rw-r--r--net/ax25/af_ax25.c9
-rw-r--r--net/bluetooth/af_bluetooth.c7
-rw-r--r--net/bluetooth/bnep/sock.c4
-rw-r--r--net/bluetooth/cmtp/sock.c4
-rw-r--r--net/bluetooth/hci_sock.c4
-rw-r--r--net/bluetooth/hidp/sock.c4
-rw-r--r--net/bluetooth/l2cap.c10
-rw-r--r--net/bluetooth/rfcomm/sock.c10
-rw-r--r--net/bluetooth/sco.c10
-rw-r--r--net/core/sock.c6
-rw-r--r--net/decnet/af_decnet.c13
-rw-r--r--net/econet/af_econet.c7
-rw-r--r--net/ipv4/af_inet.c7
-rw-r--r--net/ipv6/af_inet6.c7
-rw-r--r--net/ipx/af_ipx.c7
-rw-r--r--net/irda/af_irda.c11
-rw-r--r--net/iucv/af_iucv.c4
-rw-r--r--net/key/af_key.c7
-rw-r--r--net/llc/af_llc.c7
-rw-r--r--net/llc/llc_conn.c6
-rw-r--r--net/netlink/af_netlink.c15
-rw-r--r--net/netrom/af_netrom.c9
-rw-r--r--net/packet/af_packet.c7
-rw-r--r--net/rose/af_rose.c9
-rw-r--r--net/rxrpc/af_rxrpc.c7
-rw-r--r--net/sctp/ipv6.c2
-rw-r--r--net/sctp/protocol.c2
-rw-r--r--net/socket.c9
-rw-r--r--net/tipc/socket.c9
-rw-r--r--net/unix/af_unix.c13
-rw-r--r--net/x25/af_x25.c13
36 files changed, 168 insertions, 102 deletions
diff --git a/net/appletalk/ddp.c b/net/appletalk/ddp.c
index 594b59739546..fd1d52f09707 100644
--- a/net/appletalk/ddp.c
+++ b/net/appletalk/ddp.c
@@ -1026,11 +1026,14 @@ static struct proto ddp_proto = {
1026 * Create a socket. Initialise the socket, blank the addresses 1026 * Create a socket. Initialise the socket, blank the addresses
1027 * set the state. 1027 * set the state.
1028 */ 1028 */
1029static int atalk_create(struct socket *sock, int protocol) 1029static int atalk_create(struct net *net, struct socket *sock, int protocol)
1030{ 1030{
1031 struct sock *sk; 1031 struct sock *sk;
1032 int rc = -ESOCKTNOSUPPORT; 1032 int rc = -ESOCKTNOSUPPORT;
1033 1033
1034 if (net != &init_net)
1035 return -EAFNOSUPPORT;
1036
1034 /* 1037 /*
1035 * We permit SOCK_DGRAM and RAW is an extension. It is trivial to do 1038 * We permit SOCK_DGRAM and RAW is an extension. It is trivial to do
1036 * and gives you the full ELAP frame. Should be handy for CAP 8) 1039 * and gives you the full ELAP frame. Should be handy for CAP 8)
@@ -1038,7 +1041,7 @@ static int atalk_create(struct socket *sock, int protocol)
1038 if (sock->type != SOCK_RAW && sock->type != SOCK_DGRAM) 1041 if (sock->type != SOCK_RAW && sock->type != SOCK_DGRAM)
1039 goto out; 1042 goto out;
1040 rc = -ENOMEM; 1043 rc = -ENOMEM;
1041 sk = sk_alloc(PF_APPLETALK, GFP_KERNEL, &ddp_proto, 1); 1044 sk = sk_alloc(net, PF_APPLETALK, GFP_KERNEL, &ddp_proto, 1);
1042 if (!sk) 1045 if (!sk)
1043 goto out; 1046 goto out;
1044 rc = 0; 1047 rc = 0;
diff --git a/net/atm/common.c b/net/atm/common.c
index 299ec1eb872a..e166d9e0ffd9 100644
--- a/net/atm/common.c
+++ b/net/atm/common.c
@@ -125,7 +125,7 @@ static struct proto vcc_proto = {
125 .obj_size = sizeof(struct atm_vcc), 125 .obj_size = sizeof(struct atm_vcc),
126}; 126};
127 127
128int vcc_create(struct socket *sock, int protocol, int family) 128int vcc_create(struct net *net, struct socket *sock, int protocol, int family)
129{ 129{
130 struct sock *sk; 130 struct sock *sk;
131 struct atm_vcc *vcc; 131 struct atm_vcc *vcc;
@@ -133,7 +133,7 @@ int vcc_create(struct socket *sock, int protocol, int family)
133 sock->sk = NULL; 133 sock->sk = NULL;
134 if (sock->type == SOCK_STREAM) 134 if (sock->type == SOCK_STREAM)
135 return -EINVAL; 135 return -EINVAL;
136 sk = sk_alloc(family, GFP_KERNEL, &vcc_proto, 1); 136 sk = sk_alloc(net, family, GFP_KERNEL, &vcc_proto, 1);
137 if (!sk) 137 if (!sk)
138 return -ENOMEM; 138 return -ENOMEM;
139 sock_init_data(sock, sk); 139 sock_init_data(sock, sk);
diff --git a/net/atm/common.h b/net/atm/common.h
index ad78c9e1117d..16f32c1fa1c9 100644
--- a/net/atm/common.h
+++ b/net/atm/common.h
@@ -10,7 +10,7 @@
10#include <linux/poll.h> /* for poll_table */ 10#include <linux/poll.h> /* for poll_table */
11 11
12 12
13int vcc_create(struct socket *sock, int protocol, int family); 13int vcc_create(struct net *net, struct socket *sock, int protocol, int family);
14int vcc_release(struct socket *sock); 14int vcc_release(struct socket *sock);
15int vcc_connect(struct socket *sock, int itf, short vpi, int vci); 15int vcc_connect(struct socket *sock, int itf, short vpi, int vci);
16int vcc_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg, 16int vcc_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg,
diff --git a/net/atm/pvc.c b/net/atm/pvc.c
index 848e6e191cc7..43e8bf5ed001 100644
--- a/net/atm/pvc.c
+++ b/net/atm/pvc.c
@@ -124,10 +124,13 @@ static const struct proto_ops pvc_proto_ops = {
124}; 124};
125 125
126 126
127static int pvc_create(struct socket *sock,int protocol) 127static int pvc_create(struct net *net, struct socket *sock,int protocol)
128{ 128{
129 if (net != &init_net)
130 return -EAFNOSUPPORT;
131
129 sock->ops = &pvc_proto_ops; 132 sock->ops = &pvc_proto_ops;
130 return vcc_create(sock, protocol, PF_ATMPVC); 133 return vcc_create(net, sock, protocol, PF_ATMPVC);
131} 134}
132 135
133 136
diff --git a/net/atm/svc.c b/net/atm/svc.c
index 53d04c7992cf..daf9a48a7db0 100644
--- a/net/atm/svc.c
+++ b/net/atm/svc.c
@@ -25,7 +25,7 @@
25#include "signaling.h" 25#include "signaling.h"
26#include "addr.h" 26#include "addr.h"
27 27
28static int svc_create(struct socket *sock,int protocol); 28static int svc_create(struct net *net, struct socket *sock,int protocol);
29 29
30/* 30/*
31 * Note: since all this is still nicely synchronized with the signaling demon, 31 * Note: since all this is still nicely synchronized with the signaling demon,
@@ -326,7 +326,7 @@ static int svc_accept(struct socket *sock,struct socket *newsock,int flags)
326 326
327 lock_sock(sk); 327 lock_sock(sk);
328 328
329 error = svc_create(newsock,0); 329 error = svc_create(sk->sk_net, newsock,0);
330 if (error) 330 if (error)
331 goto out; 331 goto out;
332 332
@@ -627,12 +627,15 @@ static const struct proto_ops svc_proto_ops = {
627}; 627};
628 628
629 629
630static int svc_create(struct socket *sock,int protocol) 630static int svc_create(struct net *net, struct socket *sock,int protocol)
631{ 631{
632 int error; 632 int error;
633 633
634 if (net != &init_net)
635 return -EAFNOSUPPORT;
636
634 sock->ops = &svc_proto_ops; 637 sock->ops = &svc_proto_ops;
635 error = vcc_create(sock, protocol, AF_ATMSVC); 638 error = vcc_create(net, sock, protocol, AF_ATMSVC);
636 if (error) return error; 639 if (error) return error;
637 ATM_SD(sock)->local.sas_family = AF_ATMSVC; 640 ATM_SD(sock)->local.sas_family = AF_ATMSVC;
638 ATM_SD(sock)->remote.sas_family = AF_ATMSVC; 641 ATM_SD(sock)->remote.sas_family = AF_ATMSVC;
diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c
index 1d71f85680b8..def6c42ad165 100644
--- a/net/ax25/af_ax25.c
+++ b/net/ax25/af_ax25.c
@@ -780,11 +780,14 @@ static struct proto ax25_proto = {
780 .obj_size = sizeof(struct sock), 780 .obj_size = sizeof(struct sock),
781}; 781};
782 782
783static int ax25_create(struct socket *sock, int protocol) 783static int ax25_create(struct net *net, struct socket *sock, int protocol)
784{ 784{
785 struct sock *sk; 785 struct sock *sk;
786 ax25_cb *ax25; 786 ax25_cb *ax25;
787 787
788 if (net != &init_net)
789 return -EAFNOSUPPORT;
790
788 switch (sock->type) { 791 switch (sock->type) {
789 case SOCK_DGRAM: 792 case SOCK_DGRAM:
790 if (protocol == 0 || protocol == PF_AX25) 793 if (protocol == 0 || protocol == PF_AX25)
@@ -830,7 +833,7 @@ static int ax25_create(struct socket *sock, int protocol)
830 return -ESOCKTNOSUPPORT; 833 return -ESOCKTNOSUPPORT;
831 } 834 }
832 835
833 if ((sk = sk_alloc(PF_AX25, GFP_ATOMIC, &ax25_proto, 1)) == NULL) 836 if ((sk = sk_alloc(net, PF_AX25, GFP_ATOMIC, &ax25_proto, 1)) == NULL)
834 return -ENOMEM; 837 return -ENOMEM;
835 838
836 ax25 = sk->sk_protinfo = ax25_create_cb(); 839 ax25 = sk->sk_protinfo = ax25_create_cb();
@@ -855,7 +858,7 @@ struct sock *ax25_make_new(struct sock *osk, struct ax25_dev *ax25_dev)
855 struct sock *sk; 858 struct sock *sk;
856 ax25_cb *ax25, *oax25; 859 ax25_cb *ax25, *oax25;
857 860
858 if ((sk = sk_alloc(PF_AX25, GFP_ATOMIC, osk->sk_prot, 1)) == NULL) 861 if ((sk = sk_alloc(osk->sk_net, PF_AX25, GFP_ATOMIC, osk->sk_prot, 1)) == NULL)
859 return NULL; 862 return NULL;
860 863
861 if ((ax25 = ax25_create_cb()) == NULL) { 864 if ((ax25 = ax25_create_cb()) == NULL) {
diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c
index d942b946ba07..1220d8a41eb5 100644
--- a/net/bluetooth/af_bluetooth.c
+++ b/net/bluetooth/af_bluetooth.c
@@ -95,10 +95,13 @@ int bt_sock_unregister(int proto)
95} 95}
96EXPORT_SYMBOL(bt_sock_unregister); 96EXPORT_SYMBOL(bt_sock_unregister);
97 97
98static int bt_sock_create(struct socket *sock, int proto) 98static int bt_sock_create(struct net *net, struct socket *sock, int proto)
99{ 99{
100 int err; 100 int err;
101 101
102 if (net != &init_net)
103 return -EAFNOSUPPORT;
104
102 if (proto < 0 || proto >= BT_MAX_PROTO) 105 if (proto < 0 || proto >= BT_MAX_PROTO)
103 return -EINVAL; 106 return -EINVAL;
104 107
@@ -113,7 +116,7 @@ static int bt_sock_create(struct socket *sock, int proto)
113 read_lock(&bt_proto_lock); 116 read_lock(&bt_proto_lock);
114 117
115 if (bt_proto[proto] && try_module_get(bt_proto[proto]->owner)) { 118 if (bt_proto[proto] && try_module_get(bt_proto[proto]->owner)) {
116 err = bt_proto[proto]->create(sock, proto); 119 err = bt_proto[proto]->create(net, sock, proto);
117 module_put(bt_proto[proto]->owner); 120 module_put(bt_proto[proto]->owner);
118 } 121 }
119 122
diff --git a/net/bluetooth/bnep/sock.c b/net/bluetooth/bnep/sock.c
index 10292e776046..f718965f296c 100644
--- a/net/bluetooth/bnep/sock.c
+++ b/net/bluetooth/bnep/sock.c
@@ -204,7 +204,7 @@ static struct proto bnep_proto = {
204 .obj_size = sizeof(struct bt_sock) 204 .obj_size = sizeof(struct bt_sock)
205}; 205};
206 206
207static int bnep_sock_create(struct socket *sock, int protocol) 207static int bnep_sock_create(struct net *net, struct socket *sock, int protocol)
208{ 208{
209 struct sock *sk; 209 struct sock *sk;
210 210
@@ -213,7 +213,7 @@ static int bnep_sock_create(struct socket *sock, int protocol)
213 if (sock->type != SOCK_RAW) 213 if (sock->type != SOCK_RAW)
214 return -ESOCKTNOSUPPORT; 214 return -ESOCKTNOSUPPORT;
215 215
216 sk = sk_alloc(PF_BLUETOOTH, GFP_ATOMIC, &bnep_proto, 1); 216 sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &bnep_proto, 1);
217 if (!sk) 217 if (!sk)
218 return -ENOMEM; 218 return -ENOMEM;
219 219
diff --git a/net/bluetooth/cmtp/sock.c b/net/bluetooth/cmtp/sock.c
index 19be7861e51e..cf700c20d11e 100644
--- a/net/bluetooth/cmtp/sock.c
+++ b/net/bluetooth/cmtp/sock.c
@@ -195,7 +195,7 @@ static struct proto cmtp_proto = {
195 .obj_size = sizeof(struct bt_sock) 195 .obj_size = sizeof(struct bt_sock)
196}; 196};
197 197
198static int cmtp_sock_create(struct socket *sock, int protocol) 198static int cmtp_sock_create(struct net *net, struct socket *sock, int protocol)
199{ 199{
200 struct sock *sk; 200 struct sock *sk;
201 201
@@ -204,7 +204,7 @@ static int cmtp_sock_create(struct socket *sock, int protocol)
204 if (sock->type != SOCK_RAW) 204 if (sock->type != SOCK_RAW)
205 return -ESOCKTNOSUPPORT; 205 return -ESOCKTNOSUPPORT;
206 206
207 sk = sk_alloc(PF_BLUETOOTH, GFP_ATOMIC, &cmtp_proto, 1); 207 sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &cmtp_proto, 1);
208 if (!sk) 208 if (!sk)
209 return -ENOMEM; 209 return -ENOMEM;
210 210
diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c
index 5ccea5fbd236..43dd6373bff9 100644
--- a/net/bluetooth/hci_sock.c
+++ b/net/bluetooth/hci_sock.c
@@ -634,7 +634,7 @@ static struct proto hci_sk_proto = {
634 .obj_size = sizeof(struct hci_pinfo) 634 .obj_size = sizeof(struct hci_pinfo)
635}; 635};
636 636
637static int hci_sock_create(struct socket *sock, int protocol) 637static int hci_sock_create(struct net *net, struct socket *sock, int protocol)
638{ 638{
639 struct sock *sk; 639 struct sock *sk;
640 640
@@ -645,7 +645,7 @@ static int hci_sock_create(struct socket *sock, int protocol)
645 645
646 sock->ops = &hci_sock_ops; 646 sock->ops = &hci_sock_ops;
647 647
648 sk = sk_alloc(PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto, 1); 648 sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto, 1);
649 if (!sk) 649 if (!sk)
650 return -ENOMEM; 650 return -ENOMEM;
651 651
diff --git a/net/bluetooth/hidp/sock.c b/net/bluetooth/hidp/sock.c
index 0c185257e55b..1de2b6fbcac0 100644
--- a/net/bluetooth/hidp/sock.c
+++ b/net/bluetooth/hidp/sock.c
@@ -246,7 +246,7 @@ static struct proto hidp_proto = {
246 .obj_size = sizeof(struct bt_sock) 246 .obj_size = sizeof(struct bt_sock)
247}; 247};
248 248
249static int hidp_sock_create(struct socket *sock, int protocol) 249static int hidp_sock_create(struct net *net, struct socket *sock, int protocol)
250{ 250{
251 struct sock *sk; 251 struct sock *sk;
252 252
@@ -255,7 +255,7 @@ static int hidp_sock_create(struct socket *sock, int protocol)
255 if (sock->type != SOCK_RAW) 255 if (sock->type != SOCK_RAW)
256 return -ESOCKTNOSUPPORT; 256 return -ESOCKTNOSUPPORT;
257 257
258 sk = sk_alloc(PF_BLUETOOTH, GFP_ATOMIC, &hidp_proto, 1); 258 sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hidp_proto, 1);
259 if (!sk) 259 if (!sk)
260 return -ENOMEM; 260 return -ENOMEM;
261 261
diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c
index c4e4ce4ebb2b..36ef27b625db 100644
--- a/net/bluetooth/l2cap.c
+++ b/net/bluetooth/l2cap.c
@@ -518,11 +518,11 @@ static struct proto l2cap_proto = {
518 .obj_size = sizeof(struct l2cap_pinfo) 518 .obj_size = sizeof(struct l2cap_pinfo)
519}; 519};
520 520
521static struct sock *l2cap_sock_alloc(struct socket *sock, int proto, gfp_t prio) 521static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
522{ 522{
523 struct sock *sk; 523 struct sock *sk;
524 524
525 sk = sk_alloc(PF_BLUETOOTH, prio, &l2cap_proto, 1); 525 sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto, 1);
526 if (!sk) 526 if (!sk)
527 return NULL; 527 return NULL;
528 528
@@ -543,7 +543,7 @@ static struct sock *l2cap_sock_alloc(struct socket *sock, int proto, gfp_t prio)
543 return sk; 543 return sk;
544} 544}
545 545
546static int l2cap_sock_create(struct socket *sock, int protocol) 546static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol)
547{ 547{
548 struct sock *sk; 548 struct sock *sk;
549 549
@@ -560,7 +560,7 @@ static int l2cap_sock_create(struct socket *sock, int protocol)
560 560
561 sock->ops = &l2cap_sock_ops; 561 sock->ops = &l2cap_sock_ops;
562 562
563 sk = l2cap_sock_alloc(sock, protocol, GFP_ATOMIC); 563 sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC);
564 if (!sk) 564 if (!sk)
565 return -ENOMEM; 565 return -ENOMEM;
566 566
@@ -1425,7 +1425,7 @@ static inline int l2cap_connect_req(struct l2cap_conn *conn, struct l2cap_cmd_hd
1425 goto response; 1425 goto response;
1426 } 1426 }
1427 1427
1428 sk = l2cap_sock_alloc(NULL, BTPROTO_L2CAP, GFP_ATOMIC); 1428 sk = l2cap_sock_alloc(parent->sk_net, NULL, BTPROTO_L2CAP, GFP_ATOMIC);
1429 if (!sk) 1429 if (!sk)
1430 goto response; 1430 goto response;
1431 1431
diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c
index 30586ab9e878..266b6972667d 100644
--- a/net/bluetooth/rfcomm/sock.c
+++ b/net/bluetooth/rfcomm/sock.c
@@ -282,12 +282,12 @@ static struct proto rfcomm_proto = {
282 .obj_size = sizeof(struct rfcomm_pinfo) 282 .obj_size = sizeof(struct rfcomm_pinfo)
283}; 283};
284 284
285static struct sock *rfcomm_sock_alloc(struct socket *sock, int proto, gfp_t prio) 285static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
286{ 286{
287 struct rfcomm_dlc *d; 287 struct rfcomm_dlc *d;
288 struct sock *sk; 288 struct sock *sk;
289 289
290 sk = sk_alloc(PF_BLUETOOTH, prio, &rfcomm_proto, 1); 290 sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto, 1);
291 if (!sk) 291 if (!sk)
292 return NULL; 292 return NULL;
293 293
@@ -323,7 +323,7 @@ static struct sock *rfcomm_sock_alloc(struct socket *sock, int proto, gfp_t prio
323 return sk; 323 return sk;
324} 324}
325 325
326static int rfcomm_sock_create(struct socket *sock, int protocol) 326static int rfcomm_sock_create(struct net *net, struct socket *sock, int protocol)
327{ 327{
328 struct sock *sk; 328 struct sock *sk;
329 329
@@ -336,7 +336,7 @@ static int rfcomm_sock_create(struct socket *sock, int protocol)
336 336
337 sock->ops = &rfcomm_sock_ops; 337 sock->ops = &rfcomm_sock_ops;
338 338
339 sk = rfcomm_sock_alloc(sock, protocol, GFP_ATOMIC); 339 sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC);
340 if (!sk) 340 if (!sk)
341 return -ENOMEM; 341 return -ENOMEM;
342 342
@@ -868,7 +868,7 @@ int rfcomm_connect_ind(struct rfcomm_session *s, u8 channel, struct rfcomm_dlc *
868 goto done; 868 goto done;
869 } 869 }
870 870
871 sk = rfcomm_sock_alloc(NULL, BTPROTO_RFCOMM, GFP_ATOMIC); 871 sk = rfcomm_sock_alloc(parent->sk_net, NULL, BTPROTO_RFCOMM, GFP_ATOMIC);
872 if (!sk) 872 if (!sk)
873 goto done; 873 goto done;
874 874
diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c
index 3f5163e725ed..65b6fb1c4154 100644
--- a/net/bluetooth/sco.c
+++ b/net/bluetooth/sco.c
@@ -414,11 +414,11 @@ static struct proto sco_proto = {
414 .obj_size = sizeof(struct sco_pinfo) 414 .obj_size = sizeof(struct sco_pinfo)
415}; 415};
416 416
417static struct sock *sco_sock_alloc(struct socket *sock, int proto, gfp_t prio) 417static struct sock *sco_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio)
418{ 418{
419 struct sock *sk; 419 struct sock *sk;
420 420
421 sk = sk_alloc(PF_BLUETOOTH, prio, &sco_proto, 1); 421 sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto, 1);
422 if (!sk) 422 if (!sk)
423 return NULL; 423 return NULL;
424 424
@@ -439,7 +439,7 @@ static struct sock *sco_sock_alloc(struct socket *sock, int proto, gfp_t prio)
439 return sk; 439 return sk;
440} 440}
441 441
442static int sco_sock_create(struct socket *sock, int protocol) 442static int sco_sock_create(struct net *net, struct socket *sock, int protocol)
443{ 443{
444 struct sock *sk; 444 struct sock *sk;
445 445
@@ -452,7 +452,7 @@ static int sco_sock_create(struct socket *sock, int protocol)
452 452
453 sock->ops = &sco_sock_ops; 453 sock->ops = &sco_sock_ops;
454 454
455 sk = sco_sock_alloc(sock, protocol, GFP_ATOMIC); 455 sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC);
456 if (!sk) 456 if (!sk)
457 return -ENOMEM; 457 return -ENOMEM;
458 458
@@ -807,7 +807,7 @@ static void sco_conn_ready(struct sco_conn *conn)
807 807
808 bh_lock_sock(parent); 808 bh_lock_sock(parent);
809 809
810 sk = sco_sock_alloc(NULL, BTPROTO_SCO, GFP_ATOMIC); 810 sk = sco_sock_alloc(parent->sk_net, NULL, BTPROTO_SCO, GFP_ATOMIC);
811 if (!sk) { 811 if (!sk) {
812 bh_unlock_sock(parent); 812 bh_unlock_sock(parent);
813 goto done; 813 goto done;
diff --git a/net/core/sock.c b/net/core/sock.c
index bbc726a49d87..a31455dc7024 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -873,7 +873,7 @@ static inline void sock_lock_init(struct sock *sk)
873 * @prot: struct proto associated with this new sock instance 873 * @prot: struct proto associated with this new sock instance
874 * @zero_it: if we should zero the newly allocated sock 874 * @zero_it: if we should zero the newly allocated sock
875 */ 875 */
876struct sock *sk_alloc(int family, gfp_t priority, 876struct sock *sk_alloc(struct net *net, int family, gfp_t priority,
877 struct proto *prot, int zero_it) 877 struct proto *prot, int zero_it)
878{ 878{
879 struct sock *sk = NULL; 879 struct sock *sk = NULL;
@@ -894,6 +894,7 @@ struct sock *sk_alloc(int family, gfp_t priority,
894 */ 894 */
895 sk->sk_prot = sk->sk_prot_creator = prot; 895 sk->sk_prot = sk->sk_prot_creator = prot;
896 sock_lock_init(sk); 896 sock_lock_init(sk);
897 sk->sk_net = get_net(net);
897 } 898 }
898 899
899 if (security_sk_alloc(sk, family, priority)) 900 if (security_sk_alloc(sk, family, priority))
@@ -933,6 +934,7 @@ void sk_free(struct sock *sk)
933 __FUNCTION__, atomic_read(&sk->sk_omem_alloc)); 934 __FUNCTION__, atomic_read(&sk->sk_omem_alloc));
934 935
935 security_sk_free(sk); 936 security_sk_free(sk);
937 put_net(sk->sk_net);
936 if (sk->sk_prot_creator->slab != NULL) 938 if (sk->sk_prot_creator->slab != NULL)
937 kmem_cache_free(sk->sk_prot_creator->slab, sk); 939 kmem_cache_free(sk->sk_prot_creator->slab, sk);
938 else 940 else
@@ -942,7 +944,7 @@ void sk_free(struct sock *sk)
942 944
943struct sock *sk_clone(const struct sock *sk, const gfp_t priority) 945struct sock *sk_clone(const struct sock *sk, const gfp_t priority)
944{ 946{
945 struct sock *newsk = sk_alloc(sk->sk_family, priority, sk->sk_prot, 0); 947 struct sock *newsk = sk_alloc(sk->sk_net, sk->sk_family, priority, sk->sk_prot, 0);
946 948
947 if (newsk != NULL) { 949 if (newsk != NULL) {
948 struct sk_filter *filter; 950 struct sk_filter *filter;
diff --git a/net/decnet/af_decnet.c b/net/decnet/af_decnet.c
index 625d5955b8e2..aca4c4930eb6 100644
--- a/net/decnet/af_decnet.c
+++ b/net/decnet/af_decnet.c
@@ -471,10 +471,10 @@ static struct proto dn_proto = {
471 .obj_size = sizeof(struct dn_sock), 471 .obj_size = sizeof(struct dn_sock),
472}; 472};
473 473
474static struct sock *dn_alloc_sock(struct socket *sock, gfp_t gfp) 474static struct sock *dn_alloc_sock(struct net *net, struct socket *sock, gfp_t gfp)
475{ 475{
476 struct dn_scp *scp; 476 struct dn_scp *scp;
477 struct sock *sk = sk_alloc(PF_DECnet, gfp, &dn_proto, 1); 477 struct sock *sk = sk_alloc(net, PF_DECnet, gfp, &dn_proto, 1);
478 478
479 if (!sk) 479 if (!sk)
480 goto out; 480 goto out;
@@ -675,10 +675,13 @@ char *dn_addr2asc(__u16 addr, char *buf)
675 675
676 676
677 677
678static int dn_create(struct socket *sock, int protocol) 678static int dn_create(struct net *net, struct socket *sock, int protocol)
679{ 679{
680 struct sock *sk; 680 struct sock *sk;
681 681
682 if (net != &init_net)
683 return -EAFNOSUPPORT;
684
682 switch(sock->type) { 685 switch(sock->type) {
683 case SOCK_SEQPACKET: 686 case SOCK_SEQPACKET:
684 if (protocol != DNPROTO_NSP) 687 if (protocol != DNPROTO_NSP)
@@ -691,7 +694,7 @@ static int dn_create(struct socket *sock, int protocol)
691 } 694 }
692 695
693 696
694 if ((sk = dn_alloc_sock(sock, GFP_KERNEL)) == NULL) 697 if ((sk = dn_alloc_sock(net, sock, GFP_KERNEL)) == NULL)
695 return -ENOBUFS; 698 return -ENOBUFS;
696 699
697 sk->sk_protocol = protocol; 700 sk->sk_protocol = protocol;
@@ -1091,7 +1094,7 @@ static int dn_accept(struct socket *sock, struct socket *newsock, int flags)
1091 1094
1092 cb = DN_SKB_CB(skb); 1095 cb = DN_SKB_CB(skb);
1093 sk->sk_ack_backlog--; 1096 sk->sk_ack_backlog--;
1094 newsk = dn_alloc_sock(newsock, sk->sk_allocation); 1097 newsk = dn_alloc_sock(sk->sk_net, newsock, sk->sk_allocation);
1095 if (newsk == NULL) { 1098 if (newsk == NULL) {
1096 release_sock(sk); 1099 release_sock(sk);
1097 kfree_skb(skb); 1100 kfree_skb(skb);
diff --git a/net/econet/af_econet.c b/net/econet/af_econet.c
index 35c96bcc0f32..a2429dbcb86e 100644
--- a/net/econet/af_econet.c
+++ b/net/econet/af_econet.c
@@ -608,12 +608,15 @@ static struct proto econet_proto = {
608 * Create an Econet socket 608 * Create an Econet socket
609 */ 609 */
610 610
611static int econet_create(struct socket *sock, int protocol) 611static int econet_create(struct net *net, struct socket *sock, int protocol)
612{ 612{
613 struct sock *sk; 613 struct sock *sk;
614 struct econet_sock *eo; 614 struct econet_sock *eo;
615 int err; 615 int err;
616 616
617 if (net != &init_net)
618 return -EAFNOSUPPORT;
619
617 /* Econet only provides datagram services. */ 620 /* Econet only provides datagram services. */
618 if (sock->type != SOCK_DGRAM) 621 if (sock->type != SOCK_DGRAM)
619 return -ESOCKTNOSUPPORT; 622 return -ESOCKTNOSUPPORT;
@@ -621,7 +624,7 @@ static int econet_create(struct socket *sock, int protocol)
621 sock->state = SS_UNCONNECTED; 624 sock->state = SS_UNCONNECTED;
622 625
623 err = -ENOBUFS; 626 err = -ENOBUFS;
624 sk = sk_alloc(PF_ECONET, GFP_KERNEL, &econet_proto, 1); 627 sk = sk_alloc(net, PF_ECONET, GFP_KERNEL, &econet_proto, 1);
625 if (sk == NULL) 628 if (sk == NULL)
626 goto out; 629 goto out;
627 630
diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index e68103475cca..110a19edacc8 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -241,7 +241,7 @@ EXPORT_SYMBOL(build_ehash_secret);
241 * Create an inet socket. 241 * Create an inet socket.
242 */ 242 */
243 243
244static int inet_create(struct socket *sock, int protocol) 244static int inet_create(struct net *net, struct socket *sock, int protocol)
245{ 245{
246 struct sock *sk; 246 struct sock *sk;
247 struct list_head *p; 247 struct list_head *p;
@@ -253,6 +253,9 @@ static int inet_create(struct socket *sock, int protocol)
253 int try_loading_module = 0; 253 int try_loading_module = 0;
254 int err; 254 int err;
255 255
256 if (net != &init_net)
257 return -EAFNOSUPPORT;
258
256 if (sock->type != SOCK_RAW && 259 if (sock->type != SOCK_RAW &&
257 sock->type != SOCK_DGRAM && 260 sock->type != SOCK_DGRAM &&
258 !inet_ehash_secret) 261 !inet_ehash_secret)
@@ -320,7 +323,7 @@ lookup_protocol:
320 BUG_TRAP(answer_prot->slab != NULL); 323 BUG_TRAP(answer_prot->slab != NULL);
321 324
322 err = -ENOBUFS; 325 err = -ENOBUFS;
323 sk = sk_alloc(PF_INET, GFP_KERNEL, answer_prot, 1); 326 sk = sk_alloc(net, PF_INET, GFP_KERNEL, answer_prot, 1);
324 if (sk == NULL) 327 if (sk == NULL)
325 goto out; 328 goto out;
326 329
diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c
index b5f96372ad73..21931c86e95b 100644
--- a/net/ipv6/af_inet6.c
+++ b/net/ipv6/af_inet6.c
@@ -81,7 +81,7 @@ static __inline__ struct ipv6_pinfo *inet6_sk_generic(struct sock *sk)
81 return (struct ipv6_pinfo *)(((u8 *)sk) + offset); 81 return (struct ipv6_pinfo *)(((u8 *)sk) + offset);
82} 82}
83 83
84static int inet6_create(struct socket *sock, int protocol) 84static int inet6_create(struct net *net, struct socket *sock, int protocol)
85{ 85{
86 struct inet_sock *inet; 86 struct inet_sock *inet;
87 struct ipv6_pinfo *np; 87 struct ipv6_pinfo *np;
@@ -94,6 +94,9 @@ static int inet6_create(struct socket *sock, int protocol)
94 int try_loading_module = 0; 94 int try_loading_module = 0;
95 int err; 95 int err;
96 96
97 if (net != &init_net)
98 return -EAFNOSUPPORT;
99
97 if (sock->type != SOCK_RAW && 100 if (sock->type != SOCK_RAW &&
98 sock->type != SOCK_DGRAM && 101 sock->type != SOCK_DGRAM &&
99 !inet_ehash_secret) 102 !inet_ehash_secret)
@@ -159,7 +162,7 @@ lookup_protocol:
159 BUG_TRAP(answer_prot->slab != NULL); 162 BUG_TRAP(answer_prot->slab != NULL);
160 163
161 err = -ENOBUFS; 164 err = -ENOBUFS;
162 sk = sk_alloc(PF_INET6, GFP_KERNEL, answer_prot, 1); 165 sk = sk_alloc(net, PF_INET6, GFP_KERNEL, answer_prot, 1);
163 if (sk == NULL) 166 if (sk == NULL)
164 goto out; 167 goto out;
165 168
diff --git a/net/ipx/af_ipx.c b/net/ipx/af_ipx.c
index 8400525177ab..ee28babad227 100644
--- a/net/ipx/af_ipx.c
+++ b/net/ipx/af_ipx.c
@@ -1360,11 +1360,14 @@ static struct proto ipx_proto = {
1360 .obj_size = sizeof(struct ipx_sock), 1360 .obj_size = sizeof(struct ipx_sock),
1361}; 1361};
1362 1362
1363static int ipx_create(struct socket *sock, int protocol) 1363static int ipx_create(struct net *net, struct socket *sock, int protocol)
1364{ 1364{
1365 int rc = -ESOCKTNOSUPPORT; 1365 int rc = -ESOCKTNOSUPPORT;
1366 struct sock *sk; 1366 struct sock *sk;
1367 1367
1368 if (net != &init_net)
1369 return -EAFNOSUPPORT;
1370
1368 /* 1371 /*
1369 * SPX support is not anymore in the kernel sources. If you want to 1372 * SPX support is not anymore in the kernel sources. If you want to
1370 * ressurrect it, completing it and making it understand shared skbs, 1373 * ressurrect it, completing it and making it understand shared skbs,
@@ -1375,7 +1378,7 @@ static int ipx_create(struct socket *sock, int protocol)
1375 goto out; 1378 goto out;
1376 1379
1377 rc = -ENOMEM; 1380 rc = -ENOMEM;
1378 sk = sk_alloc(PF_IPX, GFP_KERNEL, &ipx_proto, 1); 1381 sk = sk_alloc(net, PF_IPX, GFP_KERNEL, &ipx_proto, 1);
1379 if (!sk) 1382 if (!sk)
1380 goto out; 1383 goto out;
1381#ifdef IPX_REFCNT_DEBUG 1384#ifdef IPX_REFCNT_DEBUG
diff --git a/net/irda/af_irda.c b/net/irda/af_irda.c
index c80949a71923..0328ae2654f4 100644
--- a/net/irda/af_irda.c
+++ b/net/irda/af_irda.c
@@ -60,7 +60,7 @@
60 60
61#include <net/irda/af_irda.h> 61#include <net/irda/af_irda.h>
62 62
63static int irda_create(struct socket *sock, int protocol); 63static int irda_create(struct net *net, struct socket *sock, int protocol);
64 64
65static const struct proto_ops irda_stream_ops; 65static const struct proto_ops irda_stream_ops;
66static const struct proto_ops irda_seqpacket_ops; 66static const struct proto_ops irda_seqpacket_ops;
@@ -831,7 +831,7 @@ static int irda_accept(struct socket *sock, struct socket *newsock, int flags)
831 831
832 IRDA_DEBUG(2, "%s()\n", __FUNCTION__); 832 IRDA_DEBUG(2, "%s()\n", __FUNCTION__);
833 833
834 err = irda_create(newsock, sk->sk_protocol); 834 err = irda_create(sk->sk_net, newsock, sk->sk_protocol);
835 if (err) 835 if (err)
836 return err; 836 return err;
837 837
@@ -1057,13 +1057,16 @@ static struct proto irda_proto = {
1057 * Create IrDA socket 1057 * Create IrDA socket
1058 * 1058 *
1059 */ 1059 */
1060static int irda_create(struct socket *sock, int protocol) 1060static int irda_create(struct net *net, struct socket *sock, int protocol)
1061{ 1061{
1062 struct sock *sk; 1062 struct sock *sk;
1063 struct irda_sock *self; 1063 struct irda_sock *self;
1064 1064
1065 IRDA_DEBUG(2, "%s()\n", __FUNCTION__); 1065 IRDA_DEBUG(2, "%s()\n", __FUNCTION__);
1066 1066
1067 if (net != &init_net)
1068 return -EAFNOSUPPORT;
1069
1067 /* Check for valid socket type */ 1070 /* Check for valid socket type */
1068 switch (sock->type) { 1071 switch (sock->type) {
1069 case SOCK_STREAM: /* For TTP connections with SAR disabled */ 1072 case SOCK_STREAM: /* For TTP connections with SAR disabled */
@@ -1075,7 +1078,7 @@ static int irda_create(struct socket *sock, int protocol)
1075 } 1078 }
1076 1079
1077 /* Allocate networking socket */ 1080 /* Allocate networking socket */
1078 sk = sk_alloc(PF_IRDA, GFP_ATOMIC, &irda_proto, 1); 1081 sk = sk_alloc(net, PF_IRDA, GFP_ATOMIC, &irda_proto, 1);
1079 if (sk == NULL) 1082 if (sk == NULL)
1080 return -ENOMEM; 1083 return -ENOMEM;
1081 1084
diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c
index 53ae14c35f70..53668585e947 100644
--- a/net/iucv/af_iucv.c
+++ b/net/iucv/af_iucv.c
@@ -213,7 +213,7 @@ static struct sock *iucv_sock_alloc(struct socket *sock, int proto, gfp_t prio)
213{ 213{
214 struct sock *sk; 214 struct sock *sk;
215 215
216 sk = sk_alloc(PF_IUCV, prio, &iucv_proto, 1); 216 sk = sk_alloc(&init_net, PF_IUCV, prio, &iucv_proto, 1);
217 if (!sk) 217 if (!sk)
218 return NULL; 218 return NULL;
219 219
@@ -240,7 +240,7 @@ static struct sock *iucv_sock_alloc(struct socket *sock, int proto, gfp_t prio)
240} 240}
241 241
242/* Create an IUCV socket */ 242/* Create an IUCV socket */
243static int iucv_sock_create(struct socket *sock, int protocol) 243static int iucv_sock_create(struct net *net, struct socket *sock, int protocol)
244{ 244{
245 struct sock *sk; 245 struct sock *sk;
246 246
diff --git a/net/key/af_key.c b/net/key/af_key.c
index 5b802bbb856e..ff5c3d03005e 100644
--- a/net/key/af_key.c
+++ b/net/key/af_key.c
@@ -136,11 +136,14 @@ static struct proto key_proto = {
136 .obj_size = sizeof(struct pfkey_sock), 136 .obj_size = sizeof(struct pfkey_sock),
137}; 137};
138 138
139static int pfkey_create(struct socket *sock, int protocol) 139static int pfkey_create(struct net *net, struct socket *sock, int protocol)
140{ 140{
141 struct sock *sk; 141 struct sock *sk;
142 int err; 142 int err;
143 143
144 if (net != &init_net)
145 return -EAFNOSUPPORT;
146
144 if (!capable(CAP_NET_ADMIN)) 147 if (!capable(CAP_NET_ADMIN))
145 return -EPERM; 148 return -EPERM;
146 if (sock->type != SOCK_RAW) 149 if (sock->type != SOCK_RAW)
@@ -149,7 +152,7 @@ static int pfkey_create(struct socket *sock, int protocol)
149 return -EPROTONOSUPPORT; 152 return -EPROTONOSUPPORT;
150 153
151 err = -ENOMEM; 154 err = -ENOMEM;
152 sk = sk_alloc(PF_KEY, GFP_KERNEL, &key_proto, 1); 155 sk = sk_alloc(net, PF_KEY, GFP_KERNEL, &key_proto, 1);
153 if (sk == NULL) 156 if (sk == NULL)
154 goto out; 157 goto out;
155 158
diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c
index 6b8a103cf9e6..b48244156e75 100644
--- a/net/llc/af_llc.c
+++ b/net/llc/af_llc.c
@@ -150,14 +150,17 @@ static struct proto llc_proto = {
150 * socket type we have available. 150 * socket type we have available.
151 * Returns 0 upon success, negative upon failure. 151 * Returns 0 upon success, negative upon failure.
152 */ 152 */
153static int llc_ui_create(struct socket *sock, int protocol) 153static int llc_ui_create(struct net *net, struct socket *sock, int protocol)
154{ 154{
155 struct sock *sk; 155 struct sock *sk;
156 int rc = -ESOCKTNOSUPPORT; 156 int rc = -ESOCKTNOSUPPORT;
157 157
158 if (net != &init_net)
159 return -EAFNOSUPPORT;
160
158 if (likely(sock->type == SOCK_DGRAM || sock->type == SOCK_STREAM)) { 161 if (likely(sock->type == SOCK_DGRAM || sock->type == SOCK_STREAM)) {
159 rc = -ENOMEM; 162 rc = -ENOMEM;
160 sk = llc_sk_alloc(PF_LLC, GFP_KERNEL, &llc_proto); 163 sk = llc_sk_alloc(net, PF_LLC, GFP_KERNEL, &llc_proto);
161 if (sk) { 164 if (sk) {
162 rc = 0; 165 rc = 0;
163 llc_ui_sk_init(sock, sk); 166 llc_ui_sk_init(sock, sk);
diff --git a/net/llc/llc_conn.c b/net/llc/llc_conn.c
index 3b8cfbe029a7..8ebc2769dfda 100644
--- a/net/llc/llc_conn.c
+++ b/net/llc/llc_conn.c
@@ -700,7 +700,7 @@ static struct sock *llc_create_incoming_sock(struct sock *sk,
700 struct llc_addr *saddr, 700 struct llc_addr *saddr,
701 struct llc_addr *daddr) 701 struct llc_addr *daddr)
702{ 702{
703 struct sock *newsk = llc_sk_alloc(sk->sk_family, GFP_ATOMIC, 703 struct sock *newsk = llc_sk_alloc(sk->sk_net, sk->sk_family, GFP_ATOMIC,
704 sk->sk_prot); 704 sk->sk_prot);
705 struct llc_sock *newllc, *llc = llc_sk(sk); 705 struct llc_sock *newllc, *llc = llc_sk(sk);
706 706
@@ -867,9 +867,9 @@ static void llc_sk_init(struct sock* sk)
867 * Allocates a LLC sock and initializes it. Returns the new LLC sock 867 * Allocates a LLC sock and initializes it. Returns the new LLC sock
868 * or %NULL if there's no memory available for one 868 * or %NULL if there's no memory available for one
869 */ 869 */
870struct sock *llc_sk_alloc(int family, gfp_t priority, struct proto *prot) 870struct sock *llc_sk_alloc(struct net *net, int family, gfp_t priority, struct proto *prot)
871{ 871{
872 struct sock *sk = sk_alloc(family, priority, prot, 1); 872 struct sock *sk = sk_alloc(net, family, priority, prot, 1);
873 873
874 if (!sk) 874 if (!sk)
875 goto out; 875 goto out;
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 3982f13dab17..406a493300d8 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -384,15 +384,15 @@ static struct proto netlink_proto = {
384 .obj_size = sizeof(struct netlink_sock), 384 .obj_size = sizeof(struct netlink_sock),
385}; 385};
386 386
387static int __netlink_create(struct socket *sock, struct mutex *cb_mutex, 387static int __netlink_create(struct net *net, struct socket *sock,
388 int protocol) 388 struct mutex *cb_mutex, int protocol)
389{ 389{
390 struct sock *sk; 390 struct sock *sk;
391 struct netlink_sock *nlk; 391 struct netlink_sock *nlk;
392 392
393 sock->ops = &netlink_ops; 393 sock->ops = &netlink_ops;
394 394
395 sk = sk_alloc(PF_NETLINK, GFP_KERNEL, &netlink_proto, 1); 395 sk = sk_alloc(net, PF_NETLINK, GFP_KERNEL, &netlink_proto, 1);
396 if (!sk) 396 if (!sk)
397 return -ENOMEM; 397 return -ENOMEM;
398 398
@@ -412,13 +412,16 @@ static int __netlink_create(struct socket *sock, struct mutex *cb_mutex,
412 return 0; 412 return 0;
413} 413}
414 414
415static int netlink_create(struct socket *sock, int protocol) 415static int netlink_create(struct net *net, struct socket *sock, int protocol)
416{ 416{
417 struct module *module = NULL; 417 struct module *module = NULL;
418 struct mutex *cb_mutex; 418 struct mutex *cb_mutex;
419 struct netlink_sock *nlk; 419 struct netlink_sock *nlk;
420 int err = 0; 420 int err = 0;
421 421
422 if (net != &init_net)
423 return -EAFNOSUPPORT;
424
422 sock->state = SS_UNCONNECTED; 425 sock->state = SS_UNCONNECTED;
423 426
424 if (sock->type != SOCK_RAW && sock->type != SOCK_DGRAM) 427 if (sock->type != SOCK_RAW && sock->type != SOCK_DGRAM)
@@ -441,7 +444,7 @@ static int netlink_create(struct socket *sock, int protocol)
441 cb_mutex = nl_table[protocol].cb_mutex; 444 cb_mutex = nl_table[protocol].cb_mutex;
442 netlink_unlock_table(); 445 netlink_unlock_table();
443 446
444 if ((err = __netlink_create(sock, cb_mutex, protocol)) < 0) 447 if ((err = __netlink_create(net, sock, cb_mutex, protocol)) < 0)
445 goto out_module; 448 goto out_module;
446 449
447 nlk = nlk_sk(sock->sk); 450 nlk = nlk_sk(sock->sk);
@@ -1318,7 +1321,7 @@ netlink_kernel_create(int unit, unsigned int groups,
1318 if (sock_create_lite(PF_NETLINK, SOCK_DGRAM, unit, &sock)) 1321 if (sock_create_lite(PF_NETLINK, SOCK_DGRAM, unit, &sock))
1319 return NULL; 1322 return NULL;
1320 1323
1321 if (__netlink_create(sock, cb_mutex, unit) < 0) 1324 if (__netlink_create(&init_net, sock, cb_mutex, unit) < 0)
1322 goto out_sock_release; 1325 goto out_sock_release;
1323 1326
1324 if (groups < 32) 1327 if (groups < 32)
diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c
index 15c8a92bd719..e969d1bc765c 100644
--- a/net/netrom/af_netrom.c
+++ b/net/netrom/af_netrom.c
@@ -409,15 +409,18 @@ static struct proto nr_proto = {
409 .obj_size = sizeof(struct nr_sock), 409 .obj_size = sizeof(struct nr_sock),
410}; 410};
411 411
412static int nr_create(struct socket *sock, int protocol) 412static int nr_create(struct net *net, struct socket *sock, int protocol)
413{ 413{
414 struct sock *sk; 414 struct sock *sk;
415 struct nr_sock *nr; 415 struct nr_sock *nr;
416 416
417 if (net != &init_net)
418 return -EAFNOSUPPORT;
419
417 if (sock->type != SOCK_SEQPACKET || protocol != 0) 420 if (sock->type != SOCK_SEQPACKET || protocol != 0)
418 return -ESOCKTNOSUPPORT; 421 return -ESOCKTNOSUPPORT;
419 422
420 if ((sk = sk_alloc(PF_NETROM, GFP_ATOMIC, &nr_proto, 1)) == NULL) 423 if ((sk = sk_alloc(net, PF_NETROM, GFP_ATOMIC, &nr_proto, 1)) == NULL)
421 return -ENOMEM; 424 return -ENOMEM;
422 425
423 nr = nr_sk(sk); 426 nr = nr_sk(sk);
@@ -459,7 +462,7 @@ static struct sock *nr_make_new(struct sock *osk)
459 if (osk->sk_type != SOCK_SEQPACKET) 462 if (osk->sk_type != SOCK_SEQPACKET)
460 return NULL; 463 return NULL;
461 464
462 if ((sk = sk_alloc(PF_NETROM, GFP_ATOMIC, osk->sk_prot, 1)) == NULL) 465 if ((sk = sk_alloc(osk->sk_net, PF_NETROM, GFP_ATOMIC, osk->sk_prot, 1)) == NULL)
463 return NULL; 466 return NULL;
464 467
465 nr = nr_sk(sk); 468 nr = nr_sk(sk);
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index 56502292f24c..766b5faaed21 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -977,13 +977,16 @@ static struct proto packet_proto = {
977 * Create a packet of type SOCK_PACKET. 977 * Create a packet of type SOCK_PACKET.
978 */ 978 */
979 979
980static int packet_create(struct socket *sock, int protocol) 980static int packet_create(struct net *net, struct socket *sock, int protocol)
981{ 981{
982 struct sock *sk; 982 struct sock *sk;
983 struct packet_sock *po; 983 struct packet_sock *po;
984 __be16 proto = (__force __be16)protocol; /* weird, but documented */ 984 __be16 proto = (__force __be16)protocol; /* weird, but documented */
985 int err; 985 int err;
986 986
987 if (net != &init_net)
988 return -EAFNOSUPPORT;
989
987 if (!capable(CAP_NET_RAW)) 990 if (!capable(CAP_NET_RAW))
988 return -EPERM; 991 return -EPERM;
989 if (sock->type != SOCK_DGRAM && sock->type != SOCK_RAW && 992 if (sock->type != SOCK_DGRAM && sock->type != SOCK_RAW &&
@@ -993,7 +996,7 @@ static int packet_create(struct socket *sock, int protocol)
993 sock->state = SS_UNCONNECTED; 996 sock->state = SS_UNCONNECTED;
994 997
995 err = -ENOBUFS; 998 err = -ENOBUFS;
996 sk = sk_alloc(PF_PACKET, GFP_KERNEL, &packet_proto, 1); 999 sk = sk_alloc(net, PF_PACKET, GFP_KERNEL, &packet_proto, 1);
997 if (sk == NULL) 1000 if (sk == NULL)
998 goto out; 1001 goto out;
999 1002
diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c
index 48319f7991ac..67e06ab7f854 100644
--- a/net/rose/af_rose.c
+++ b/net/rose/af_rose.c
@@ -499,15 +499,18 @@ static struct proto rose_proto = {
499 .obj_size = sizeof(struct rose_sock), 499 .obj_size = sizeof(struct rose_sock),
500}; 500};
501 501
502static int rose_create(struct socket *sock, int protocol) 502static int rose_create(struct net *net, struct socket *sock, int protocol)
503{ 503{
504 struct sock *sk; 504 struct sock *sk;
505 struct rose_sock *rose; 505 struct rose_sock *rose;
506 506
507 if (net != &init_net)
508 return -EAFNOSUPPORT;
509
507 if (sock->type != SOCK_SEQPACKET || protocol != 0) 510 if (sock->type != SOCK_SEQPACKET || protocol != 0)
508 return -ESOCKTNOSUPPORT; 511 return -ESOCKTNOSUPPORT;
509 512
510 if ((sk = sk_alloc(PF_ROSE, GFP_ATOMIC, &rose_proto, 1)) == NULL) 513 if ((sk = sk_alloc(net, PF_ROSE, GFP_ATOMIC, &rose_proto, 1)) == NULL)
511 return -ENOMEM; 514 return -ENOMEM;
512 515
513 rose = rose_sk(sk); 516 rose = rose_sk(sk);
@@ -545,7 +548,7 @@ static struct sock *rose_make_new(struct sock *osk)
545 if (osk->sk_type != SOCK_SEQPACKET) 548 if (osk->sk_type != SOCK_SEQPACKET)
546 return NULL; 549 return NULL;
547 550
548 if ((sk = sk_alloc(PF_ROSE, GFP_ATOMIC, &rose_proto, 1)) == NULL) 551 if ((sk = sk_alloc(osk->sk_net, PF_ROSE, GFP_ATOMIC, &rose_proto, 1)) == NULL)
549 return NULL; 552 return NULL;
550 553
551 rose = rose_sk(sk); 554 rose = rose_sk(sk);
diff --git a/net/rxrpc/af_rxrpc.c b/net/rxrpc/af_rxrpc.c
index 122d55d992e1..0803f305ed08 100644
--- a/net/rxrpc/af_rxrpc.c
+++ b/net/rxrpc/af_rxrpc.c
@@ -606,13 +606,16 @@ static unsigned int rxrpc_poll(struct file *file, struct socket *sock,
606/* 606/*
607 * create an RxRPC socket 607 * create an RxRPC socket
608 */ 608 */
609static int rxrpc_create(struct socket *sock, int protocol) 609static int rxrpc_create(struct net *net, struct socket *sock, int protocol)
610{ 610{
611 struct rxrpc_sock *rx; 611 struct rxrpc_sock *rx;
612 struct sock *sk; 612 struct sock *sk;
613 613
614 _enter("%p,%d", sock, protocol); 614 _enter("%p,%d", sock, protocol);
615 615
616 if (net != &init_net)
617 return -EAFNOSUPPORT;
618
616 /* we support transport protocol UDP only */ 619 /* we support transport protocol UDP only */
617 if (protocol != PF_INET) 620 if (protocol != PF_INET)
618 return -EPROTONOSUPPORT; 621 return -EPROTONOSUPPORT;
@@ -623,7 +626,7 @@ static int rxrpc_create(struct socket *sock, int protocol)
623 sock->ops = &rxrpc_rpc_ops; 626 sock->ops = &rxrpc_rpc_ops;
624 sock->state = SS_UNCONNECTED; 627 sock->state = SS_UNCONNECTED;
625 628
626 sk = sk_alloc(PF_RXRPC, GFP_KERNEL, &rxrpc_proto, 1); 629 sk = sk_alloc(net, PF_RXRPC, GFP_KERNEL, &rxrpc_proto, 1);
627 if (!sk) 630 if (!sk)
628 return -ENOMEM; 631 return -ENOMEM;
629 632
diff --git a/net/sctp/ipv6.c b/net/sctp/ipv6.c
index ec29b97dbab9..ddeb4882ec75 100644
--- a/net/sctp/ipv6.c
+++ b/net/sctp/ipv6.c
@@ -631,7 +631,7 @@ static struct sock *sctp_v6_create_accept_sk(struct sock *sk,
631 struct ipv6_pinfo *newnp, *np = inet6_sk(sk); 631 struct ipv6_pinfo *newnp, *np = inet6_sk(sk);
632 struct sctp6_sock *newsctp6sk; 632 struct sctp6_sock *newsctp6sk;
633 633
634 newsk = sk_alloc(PF_INET6, GFP_KERNEL, sk->sk_prot, 1); 634 newsk = sk_alloc(sk->sk_net, PF_INET6, GFP_KERNEL, sk->sk_prot, 1);
635 if (!newsk) 635 if (!newsk)
636 goto out; 636 goto out;
637 637
diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c
index 30929e3ca05a..af67c839ef98 100644
--- a/net/sctp/protocol.c
+++ b/net/sctp/protocol.c
@@ -552,7 +552,7 @@ static struct sock *sctp_v4_create_accept_sk(struct sock *sk,
552{ 552{
553 struct inet_sock *inet = inet_sk(sk); 553 struct inet_sock *inet = inet_sk(sk);
554 struct inet_sock *newinet; 554 struct inet_sock *newinet;
555 struct sock *newsk = sk_alloc(PF_INET, GFP_KERNEL, sk->sk_prot, 1); 555 struct sock *newsk = sk_alloc(sk->sk_net, PF_INET, GFP_KERNEL, sk->sk_prot, 1);
556 556
557 if (!newsk) 557 if (!newsk)
558 goto out; 558 goto out;
diff --git a/net/socket.c b/net/socket.c
index b09eb9036a17..a714c6d4e4a1 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -84,6 +84,7 @@
84#include <linux/kmod.h> 84#include <linux/kmod.h>
85#include <linux/audit.h> 85#include <linux/audit.h>
86#include <linux/wireless.h> 86#include <linux/wireless.h>
87#include <linux/nsproxy.h>
87 88
88#include <asm/uaccess.h> 89#include <asm/uaccess.h>
89#include <asm/unistd.h> 90#include <asm/unistd.h>
@@ -1071,7 +1072,7 @@ call_kill:
1071 return 0; 1072 return 0;
1072} 1073}
1073 1074
1074static int __sock_create(int family, int type, int protocol, 1075static int __sock_create(struct net *net, int family, int type, int protocol,
1075 struct socket **res, int kern) 1076 struct socket **res, int kern)
1076{ 1077{
1077 int err; 1078 int err;
@@ -1147,7 +1148,7 @@ static int __sock_create(int family, int type, int protocol,
1147 /* Now protected by module ref count */ 1148 /* Now protected by module ref count */
1148 rcu_read_unlock(); 1149 rcu_read_unlock();
1149 1150
1150 err = pf->create(sock, protocol); 1151 err = pf->create(net, sock, protocol);
1151 if (err < 0) 1152 if (err < 0)
1152 goto out_module_put; 1153 goto out_module_put;
1153 1154
@@ -1186,12 +1187,12 @@ out_release:
1186 1187
1187int sock_create(int family, int type, int protocol, struct socket **res) 1188int sock_create(int family, int type, int protocol, struct socket **res)
1188{ 1189{
1189 return __sock_create(family, type, protocol, res, 0); 1190 return __sock_create(current->nsproxy->net_ns, family, type, protocol, res, 0);
1190} 1191}
1191 1192
1192int sock_create_kern(int family, int type, int protocol, struct socket **res) 1193int sock_create_kern(int family, int type, int protocol, struct socket **res)
1193{ 1194{
1194 return __sock_create(family, type, protocol, res, 1); 1195 return __sock_create(&init_net, family, type, protocol, res, 1);
1195} 1196}
1196 1197
1197asmlinkage long sys_socket(int family, int type, int protocol) 1198asmlinkage long sys_socket(int family, int type, int protocol)
diff --git a/net/tipc/socket.c b/net/tipc/socket.c
index 84110172031e..e36b4b5a5222 100644
--- a/net/tipc/socket.c
+++ b/net/tipc/socket.c
@@ -162,13 +162,16 @@ static void advance_queue(struct tipc_sock *tsock)
162 * 162 *
163 * Returns 0 on success, errno otherwise 163 * Returns 0 on success, errno otherwise
164 */ 164 */
165static int tipc_create(struct socket *sock, int protocol) 165static int tipc_create(struct net *net, struct socket *sock, int protocol)
166{ 166{
167 struct tipc_sock *tsock; 167 struct tipc_sock *tsock;
168 struct tipc_port *port; 168 struct tipc_port *port;
169 struct sock *sk; 169 struct sock *sk;
170 u32 ref; 170 u32 ref;
171 171
172 if (net != &init_net)
173 return -EAFNOSUPPORT;
174
172 if (unlikely(protocol != 0)) 175 if (unlikely(protocol != 0))
173 return -EPROTONOSUPPORT; 176 return -EPROTONOSUPPORT;
174 177
@@ -198,7 +201,7 @@ static int tipc_create(struct socket *sock, int protocol)
198 return -EPROTOTYPE; 201 return -EPROTOTYPE;
199 } 202 }
200 203
201 sk = sk_alloc(AF_TIPC, GFP_KERNEL, &tipc_proto, 1); 204 sk = sk_alloc(net, AF_TIPC, GFP_KERNEL, &tipc_proto, 1);
202 if (!sk) { 205 if (!sk) {
203 tipc_deleteport(ref); 206 tipc_deleteport(ref);
204 return -ENOMEM; 207 return -ENOMEM;
@@ -1372,7 +1375,7 @@ static int accept(struct socket *sock, struct socket *newsock, int flags)
1372 } 1375 }
1373 buf = skb_peek(&sock->sk->sk_receive_queue); 1376 buf = skb_peek(&sock->sk->sk_receive_queue);
1374 1377
1375 res = tipc_create(newsock, 0); 1378 res = tipc_create(sock->sk->sk_net, newsock, 0);
1376 if (!res) { 1379 if (!res) {
1377 struct tipc_sock *new_tsock = tipc_sk(newsock->sk); 1380 struct tipc_sock *new_tsock = tipc_sk(newsock->sk);
1378 struct tipc_portid id; 1381 struct tipc_portid id;
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index 2386090c3a16..10e73122c34c 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -594,7 +594,7 @@ static struct proto unix_proto = {
594 */ 594 */
595static struct lock_class_key af_unix_sk_receive_queue_lock_key; 595static struct lock_class_key af_unix_sk_receive_queue_lock_key;
596 596
597static struct sock * unix_create1(struct socket *sock) 597static struct sock * unix_create1(struct net *net, struct socket *sock)
598{ 598{
599 struct sock *sk = NULL; 599 struct sock *sk = NULL;
600 struct unix_sock *u; 600 struct unix_sock *u;
@@ -602,7 +602,7 @@ static struct sock * unix_create1(struct socket *sock)
602 if (atomic_read(&unix_nr_socks) >= 2*get_max_files()) 602 if (atomic_read(&unix_nr_socks) >= 2*get_max_files())
603 goto out; 603 goto out;
604 604
605 sk = sk_alloc(PF_UNIX, GFP_KERNEL, &unix_proto, 1); 605 sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_proto, 1);
606 if (!sk) 606 if (!sk)
607 goto out; 607 goto out;
608 608
@@ -628,8 +628,11 @@ out:
628 return sk; 628 return sk;
629} 629}
630 630
631static int unix_create(struct socket *sock, int protocol) 631static int unix_create(struct net *net, struct socket *sock, int protocol)
632{ 632{
633 if (net != &init_net)
634 return -EAFNOSUPPORT;
635
633 if (protocol && protocol != PF_UNIX) 636 if (protocol && protocol != PF_UNIX)
634 return -EPROTONOSUPPORT; 637 return -EPROTONOSUPPORT;
635 638
@@ -655,7 +658,7 @@ static int unix_create(struct socket *sock, int protocol)
655 return -ESOCKTNOSUPPORT; 658 return -ESOCKTNOSUPPORT;
656 } 659 }
657 660
658 return unix_create1(sock) ? 0 : -ENOMEM; 661 return unix_create1(net, sock) ? 0 : -ENOMEM;
659} 662}
660 663
661static int unix_release(struct socket *sock) 664static int unix_release(struct socket *sock)
@@ -1039,7 +1042,7 @@ static int unix_stream_connect(struct socket *sock, struct sockaddr *uaddr,
1039 err = -ENOMEM; 1042 err = -ENOMEM;
1040 1043
1041 /* create new sock for complete connection */ 1044 /* create new sock for complete connection */
1042 newsk = unix_create1(NULL); 1045 newsk = unix_create1(sk->sk_net, NULL);
1043 if (newsk == NULL) 1046 if (newsk == NULL)
1044 goto out; 1047 goto out;
1045 1048
diff --git a/net/x25/af_x25.c b/net/x25/af_x25.c
index 479927cb45ca..2e9931571a4d 100644
--- a/net/x25/af_x25.c
+++ b/net/x25/af_x25.c
@@ -466,10 +466,10 @@ static struct proto x25_proto = {
466 .obj_size = sizeof(struct x25_sock), 466 .obj_size = sizeof(struct x25_sock),
467}; 467};
468 468
469static struct sock *x25_alloc_socket(void) 469static struct sock *x25_alloc_socket(struct net *net)
470{ 470{
471 struct x25_sock *x25; 471 struct x25_sock *x25;
472 struct sock *sk = sk_alloc(AF_X25, GFP_ATOMIC, &x25_proto, 1); 472 struct sock *sk = sk_alloc(net, AF_X25, GFP_ATOMIC, &x25_proto, 1);
473 473
474 if (!sk) 474 if (!sk)
475 goto out; 475 goto out;
@@ -485,17 +485,20 @@ out:
485 return sk; 485 return sk;
486} 486}
487 487
488static int x25_create(struct socket *sock, int protocol) 488static int x25_create(struct net *net, struct socket *sock, int protocol)
489{ 489{
490 struct sock *sk; 490 struct sock *sk;
491 struct x25_sock *x25; 491 struct x25_sock *x25;
492 int rc = -ESOCKTNOSUPPORT; 492 int rc = -ESOCKTNOSUPPORT;
493 493
494 if (net != &init_net)
495 return -EAFNOSUPPORT;
496
494 if (sock->type != SOCK_SEQPACKET || protocol) 497 if (sock->type != SOCK_SEQPACKET || protocol)
495 goto out; 498 goto out;
496 499
497 rc = -ENOMEM; 500 rc = -ENOMEM;
498 if ((sk = x25_alloc_socket()) == NULL) 501 if ((sk = x25_alloc_socket(net)) == NULL)
499 goto out; 502 goto out;
500 503
501 x25 = x25_sk(sk); 504 x25 = x25_sk(sk);
@@ -543,7 +546,7 @@ static struct sock *x25_make_new(struct sock *osk)
543 if (osk->sk_type != SOCK_SEQPACKET) 546 if (osk->sk_type != SOCK_SEQPACKET)
544 goto out; 547 goto out;
545 548
546 if ((sk = x25_alloc_socket()) == NULL) 549 if ((sk = x25_alloc_socket(osk->sk_net)) == NULL)
547 goto out; 550 goto out;
548 551
549 x25 = x25_sk(sk); 552 x25 = x25_sk(sk);