1 files changed, 51 insertions, 2 deletions
diff --git a/net/core/sock.c b/net/core/sock.c
index c0fc6bdad1e3..664ee4295b6f 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -145,6 +145,55 @@
 static DEFINE_MUTEX(proto_list_mutex);
 static LIST_HEAD(proto_list);
+/**
+ * sk_ns_capable - General socket capability test
+ * @sk: Socket to use a capability on or through
+ * @user_ns: The user namespace of the capability to use
+ * @cap: The capability to use
+ *
+ * Test to see if the opener of the socket had when the socket was
+ * created and the current process has the capability @cap in the user
+ * namespace @user_ns.
+ */
+bool sk_ns_capable(const struct sock *sk,
+                   struct user_namespace *user_ns, int cap)
+{
+        return file_ns_capable(sk->sk_socket->file, user_ns, cap) &&
+                ns_capable(user_ns, cap);
+}
+EXPORT_SYMBOL(sk_ns_capable);
+/**
+ * sk_capable - Socket global capability test
+ * @sk: Socket to use a capability on or through
+ * @cap: The global capbility to use
+ *
+ * Test to see if the opener of the socket had when the socket was
+ * created and the current process has the capability @cap in all user
+ * namespaces.
+ */
+bool sk_capable(const struct sock *sk, int cap)
+{
+        return sk_ns_capable(sk, &init_user_ns, cap);
+}
+EXPORT_SYMBOL(sk_capable);
+/**
+ * sk_net_capable - Network namespace socket capability test
+ * @sk: Socket to use a capability on or through
+ * @cap: The capability to use
+ *
+ * Test to see if the opener of the socket had when the socke was created
+ * and the current process has the capability @cap over the network namespace
+ * the socket is a member of.
+ */
+bool sk_net_capable(const struct sock *sk, int cap)
+{
+        return sk_ns_capable(sk, sock_net(sk)->user_ns, cap);
+}
+EXPORT_SYMBOL(sk_net_capable);
 #ifdef CONFIG_MEMCG_KMEM
 int mem_cgroup_sockets_init(struct mem_cgroup *memcg, struct cgroup_subsys *ss)
 {
@@ -428,7 +477,7 @@ int sock_queue_rcv_skb(struct sock *sk, struct sk_buff *skb)
        spin_unlock_irqrestore(&list->lock, flags);
        if (!sock_flag(sk, SOCK_DEAD))
-                sk->sk_data_ready(sk, skb_len);
+                sk->sk_data_ready(sk);
        return 0;
 }
 EXPORT_SYMBOL(sock_queue_rcv_skb);
@@ -2196,7 +2245,7 @@ static void sock_def_error_report(struct sock *sk)
        rcu_read_unlock();
 }
-static void sock_def_readable(struct sock *sk, int len)
+static void sock_def_readable(struct sock *sk)
 {
        struct socket_wq *wq;

diff --git a/net/core/sock.c b/net/core/sock.c index c0fc6bdad1e3..664ee4295b6f 100644 --- a/net/core/sock.c +++ b/net/core/sock.c
@@ -145,6 +145,55 @@
145	static DEFINE_MUTEX(proto_list_mutex);	145	static DEFINE_MUTEX(proto_list_mutex);
146	static LIST_HEAD(proto_list);	146	static LIST_HEAD(proto_list);
147		147
		148	/**
		149	* sk_ns_capable - General socket capability test
		150	* @sk: Socket to use a capability on or through
		151	* @user_ns: The user namespace of the capability to use
		152	* @cap: The capability to use
		153	*
		154	* Test to see if the opener of the socket had when the socket was
		155	* created and the current process has the capability @cap in the user
		156	* namespace @user_ns.
		157	*/
		158	bool sk_ns_capable(const struct sock *sk,
		159	struct user_namespace *user_ns, int cap)
		160	{
		161	return file_ns_capable(sk->sk_socket->file, user_ns, cap) &&
		162	ns_capable(user_ns, cap);
		163	}
		164	EXPORT_SYMBOL(sk_ns_capable);
		165
		166	/**
		167	* sk_capable - Socket global capability test
		168	* @sk: Socket to use a capability on or through
		169	* @cap: The global capbility to use
		170	*
		171	* Test to see if the opener of the socket had when the socket was
		172	* created and the current process has the capability @cap in all user
		173	* namespaces.
		174	*/
		175	bool sk_capable(const struct sock *sk, int cap)
		176	{
		177	return sk_ns_capable(sk, &init_user_ns, cap);
		178	}
		179	EXPORT_SYMBOL(sk_capable);
		180
		181	/**
		182	* sk_net_capable - Network namespace socket capability test
		183	* @sk: Socket to use a capability on or through
		184	* @cap: The capability to use
		185	*
		186	* Test to see if the opener of the socket had when the socke was created
		187	* and the current process has the capability @cap over the network namespace
		188	* the socket is a member of.
		189	*/
		190	bool sk_net_capable(const struct sock *sk, int cap)
		191	{
		192	return sk_ns_capable(sk, sock_net(sk)->user_ns, cap);
		193	}
		194	EXPORT_SYMBOL(sk_net_capable);
		195
		196
148	#ifdef CONFIG_MEMCG_KMEM	197	#ifdef CONFIG_MEMCG_KMEM
149	int mem_cgroup_sockets_init(struct mem_cgroup memcg, struct cgroup_subsys ss)	198	int mem_cgroup_sockets_init(struct mem_cgroup memcg, struct cgroup_subsys ss)
150	{	199	{
@@ -428,7 +477,7 @@ int sock_queue_rcv_skb(struct sock sk, struct sk_buff skb)
428	spin_unlock_irqrestore(&list->lock, flags);	477	spin_unlock_irqrestore(&list->lock, flags);
429		478
430	if (!sock_flag(sk, SOCK_DEAD))	479	if (!sock_flag(sk, SOCK_DEAD))
431	sk->sk_data_ready(sk, skb_len);	480	sk->sk_data_ready(sk);
432	return 0;	481	return 0;
433	}	482	}
434	EXPORT_SYMBOL(sock_queue_rcv_skb);	483	EXPORT_SYMBOL(sock_queue_rcv_skb);
@@ -2196,7 +2245,7 @@ static void sock_def_error_report(struct sock *sk)
2196	rcu_read_unlock();	2245	rcu_read_unlock();
2197	}	2246	}
2198		2247
2199	static void sock_def_readable(struct sock *sk, int len)	2248	static void sock_def_readable(struct sock *sk)
2200	{	2249	{
2201	struct socket_wq *wq;	2250	struct socket_wq *wq;
2202		2251