aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/bluetooth/hci_conn.c9
-rw-r--r--net/bluetooth/hci_event.c6
-rw-r--r--net/bridge/br_netlink.c15
-rw-r--r--net/can/gw.c4
-rw-r--r--net/ceph/osdmap.c9
-rw-r--r--net/core/filter.c16
-rw-r--r--net/core/rtnetlink.c53
-rw-r--r--net/core/sock.c49
-rw-r--r--net/core/sock_diag.c4
-rw-r--r--net/dcb/dcbnl.c2
-rw-r--r--net/decnet/dn_dev.c4
-rw-r--r--net/decnet/dn_fib.c4
-rw-r--r--net/decnet/netfilter/dn_rtmsg.c2
-rw-r--r--net/ipv4/ip_tunnel.c2
-rw-r--r--net/ipv4/tcp_cubic.c2
-rw-r--r--net/ipv4/tcp_output.c14
-rw-r--r--net/ipv6/ip6_fib.c3
-rw-r--r--net/ipv6/ip6mr.c2
-rw-r--r--net/ipv6/netfilter/ip6t_rpfilter.c1
-rw-r--r--net/ipv6/route.c2
-rw-r--r--net/netfilter/nfnetlink.c3
-rw-r--r--net/netlink/af_netlink.c75
-rw-r--r--net/netlink/genetlink.c2
-rw-r--r--net/packet/diag.c7
-rw-r--r--net/phonet/pn_netlink.c8
-rw-r--r--net/sched/act_api.c2
-rw-r--r--net/sched/cls_api.c2
-rw-r--r--net/sched/sch_api.c6
-rw-r--r--net/sched/sch_hhf.c11
-rw-r--r--net/sctp/protocol.c7
-rw-r--r--net/sctp/sm_sideeffect.c7
-rw-r--r--net/tipc/netlink.c2
-rw-r--r--net/vmw_vsock/af_vsock.c47
-rw-r--r--net/xfrm/xfrm_user.c2
34 files changed, 275 insertions, 109 deletions
diff --git a/net/bluetooth/hci_conn.c b/net/bluetooth/hci_conn.c
index d958e2dca52f..521fd4f3985e 100644
--- a/net/bluetooth/hci_conn.c
+++ b/net/bluetooth/hci_conn.c
@@ -819,14 +819,17 @@ static int hci_conn_auth(struct hci_conn *conn, __u8 sec_level, __u8 auth_type)
819 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) { 819 if (!test_and_set_bit(HCI_CONN_AUTH_PEND, &conn->flags)) {
820 struct hci_cp_auth_requested cp; 820 struct hci_cp_auth_requested cp;
821 821
822 /* encrypt must be pending if auth is also pending */
823 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
824
825 cp.handle = cpu_to_le16(conn->handle); 822 cp.handle = cpu_to_le16(conn->handle);
826 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED, 823 hci_send_cmd(conn->hdev, HCI_OP_AUTH_REQUESTED,
827 sizeof(cp), &cp); 824 sizeof(cp), &cp);
825
826 /* If we're already encrypted set the REAUTH_PEND flag,
827 * otherwise set the ENCRYPT_PEND.
828 */
828 if (conn->key_type != 0xff) 829 if (conn->key_type != 0xff)
829 set_bit(HCI_CONN_REAUTH_PEND, &conn->flags); 830 set_bit(HCI_CONN_REAUTH_PEND, &conn->flags);
831 else
832 set_bit(HCI_CONN_ENCRYPT_PEND, &conn->flags);
830 } 833 }
831 834
832 return 0; 835 return 0;
diff --git a/net/bluetooth/hci_event.c b/net/bluetooth/hci_event.c
index 49774912cb01..15010a230b6d 100644
--- a/net/bluetooth/hci_event.c
+++ b/net/bluetooth/hci_event.c
@@ -3330,6 +3330,12 @@ static void hci_key_refresh_complete_evt(struct hci_dev *hdev,
3330 if (!conn) 3330 if (!conn)
3331 goto unlock; 3331 goto unlock;
3332 3332
3333 /* For BR/EDR the necessary steps are taken through the
3334 * auth_complete event.
3335 */
3336 if (conn->type != LE_LINK)
3337 goto unlock;
3338
3333 if (!ev->status) 3339 if (!ev->status)
3334 conn->sec_level = conn->pending_sec_level; 3340 conn->sec_level = conn->pending_sec_level;
3335 3341
diff --git a/net/bridge/br_netlink.c b/net/bridge/br_netlink.c
index e74b6d530cb6..e8844d975b32 100644
--- a/net/bridge/br_netlink.c
+++ b/net/bridge/br_netlink.c
@@ -445,6 +445,20 @@ static int br_validate(struct nlattr *tb[], struct nlattr *data[])
445 return 0; 445 return 0;
446} 446}
447 447
448static int br_dev_newlink(struct net *src_net, struct net_device *dev,
449 struct nlattr *tb[], struct nlattr *data[])
450{
451 struct net_bridge *br = netdev_priv(dev);
452
453 if (tb[IFLA_ADDRESS]) {
454 spin_lock_bh(&br->lock);
455 br_stp_change_bridge_id(br, nla_data(tb[IFLA_ADDRESS]));
456 spin_unlock_bh(&br->lock);
457 }
458
459 return register_netdevice(dev);
460}
461
448static size_t br_get_link_af_size(const struct net_device *dev) 462static size_t br_get_link_af_size(const struct net_device *dev)
449{ 463{
450 struct net_port_vlans *pv; 464 struct net_port_vlans *pv;
@@ -473,6 +487,7 @@ struct rtnl_link_ops br_link_ops __read_mostly = {
473 .priv_size = sizeof(struct net_bridge), 487 .priv_size = sizeof(struct net_bridge),
474 .setup = br_dev_setup, 488 .setup = br_dev_setup,
475 .validate = br_validate, 489 .validate = br_validate,
490 .newlink = br_dev_newlink,
476 .dellink = br_dev_delete, 491 .dellink = br_dev_delete,
477}; 492};
478 493
diff --git a/net/can/gw.c b/net/can/gw.c
index ac31891967da..050a2110d43f 100644
--- a/net/can/gw.c
+++ b/net/can/gw.c
@@ -804,7 +804,7 @@ static int cgw_create_job(struct sk_buff *skb, struct nlmsghdr *nlh)
804 u8 limhops = 0; 804 u8 limhops = 0;
805 int err = 0; 805 int err = 0;
806 806
807 if (!capable(CAP_NET_ADMIN)) 807 if (!netlink_capable(skb, CAP_NET_ADMIN))
808 return -EPERM; 808 return -EPERM;
809 809
810 if (nlmsg_len(nlh) < sizeof(*r)) 810 if (nlmsg_len(nlh) < sizeof(*r))
@@ -893,7 +893,7 @@ static int cgw_remove_job(struct sk_buff *skb, struct nlmsghdr *nlh)
893 u8 limhops = 0; 893 u8 limhops = 0;
894 int err = 0; 894 int err = 0;
895 895
896 if (!capable(CAP_NET_ADMIN)) 896 if (!netlink_capable(skb, CAP_NET_ADMIN))
897 return -EPERM; 897 return -EPERM;
898 898
899 if (nlmsg_len(nlh) < sizeof(*r)) 899 if (nlmsg_len(nlh) < sizeof(*r))
diff --git a/net/ceph/osdmap.c b/net/ceph/osdmap.c
index e632b5a52f5b..8b8a5a24b223 100644
--- a/net/ceph/osdmap.c
+++ b/net/ceph/osdmap.c
@@ -1548,8 +1548,10 @@ static void apply_primary_affinity(struct ceph_osdmap *osdmap, u32 pps,
1548 return; 1548 return;
1549 1549
1550 for (i = 0; i < len; i++) { 1550 for (i = 0; i < len; i++) {
1551 if (osds[i] != CRUSH_ITEM_NONE && 1551 int osd = osds[i];
1552 osdmap->osd_primary_affinity[i] != 1552
1553 if (osd != CRUSH_ITEM_NONE &&
1554 osdmap->osd_primary_affinity[osd] !=
1553 CEPH_OSD_DEFAULT_PRIMARY_AFFINITY) { 1555 CEPH_OSD_DEFAULT_PRIMARY_AFFINITY) {
1554 break; 1556 break;
1555 } 1557 }
@@ -1563,10 +1565,9 @@ static void apply_primary_affinity(struct ceph_osdmap *osdmap, u32 pps,
1563 * osd's pgs get rejected as primary. 1565 * osd's pgs get rejected as primary.
1564 */ 1566 */
1565 for (i = 0; i < len; i++) { 1567 for (i = 0; i < len; i++) {
1566 int osd; 1568 int osd = osds[i];
1567 u32 aff; 1569 u32 aff;
1568 1570
1569 osd = osds[i];
1570 if (osd == CRUSH_ITEM_NONE) 1571 if (osd == CRUSH_ITEM_NONE)
1571 continue; 1572 continue;
1572 1573
diff --git a/net/core/filter.c b/net/core/filter.c
index cd58614660cf..9d79ca0a6e8e 100644
--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -122,6 +122,13 @@ noinline u64 __bpf_call_base(u64 r1, u64 r2, u64 r3, u64 r4, u64 r5)
122 return 0; 122 return 0;
123} 123}
124 124
125/* Register mappings for user programs. */
126#define A_REG 0
127#define X_REG 7
128#define TMP_REG 8
129#define ARG2_REG 2
130#define ARG3_REG 3
131
125/** 132/**
126 * __sk_run_filter - run a filter on a given context 133 * __sk_run_filter - run a filter on a given context
127 * @ctx: buffer to run the filter on 134 * @ctx: buffer to run the filter on
@@ -242,6 +249,8 @@ unsigned int __sk_run_filter(void *ctx, const struct sock_filter_int *insn)
242 249
243 regs[FP_REG] = (u64) (unsigned long) &stack[ARRAY_SIZE(stack)]; 250 regs[FP_REG] = (u64) (unsigned long) &stack[ARRAY_SIZE(stack)];
244 regs[ARG1_REG] = (u64) (unsigned long) ctx; 251 regs[ARG1_REG] = (u64) (unsigned long) ctx;
252 regs[A_REG] = 0;
253 regs[X_REG] = 0;
245 254
246select_insn: 255select_insn:
247 goto *jumptable[insn->code]; 256 goto *jumptable[insn->code];
@@ -643,13 +652,6 @@ static u64 __get_raw_cpu_id(u64 ctx, u64 A, u64 X, u64 r4, u64 r5)
643 return raw_smp_processor_id(); 652 return raw_smp_processor_id();
644} 653}
645 654
646/* Register mappings for user programs. */
647#define A_REG 0
648#define X_REG 7
649#define TMP_REG 8
650#define ARG2_REG 2
651#define ARG3_REG 3
652
653static bool convert_bpf_extensions(struct sock_filter *fp, 655static bool convert_bpf_extensions(struct sock_filter *fp,
654 struct sock_filter_int **insnp) 656 struct sock_filter_int **insnp)
655{ 657{
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index d4ff41739b0f..9837bebf93ce 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -774,7 +774,8 @@ static inline int rtnl_vfinfo_size(const struct net_device *dev,
774 return 0; 774 return 0;
775} 775}
776 776
777static size_t rtnl_port_size(const struct net_device *dev) 777static size_t rtnl_port_size(const struct net_device *dev,
778 u32 ext_filter_mask)
778{ 779{
779 size_t port_size = nla_total_size(4) /* PORT_VF */ 780 size_t port_size = nla_total_size(4) /* PORT_VF */
780 + nla_total_size(PORT_PROFILE_MAX) /* PORT_PROFILE */ 781 + nla_total_size(PORT_PROFILE_MAX) /* PORT_PROFILE */
@@ -790,7 +791,8 @@ static size_t rtnl_port_size(const struct net_device *dev)
790 size_t port_self_size = nla_total_size(sizeof(struct nlattr)) 791 size_t port_self_size = nla_total_size(sizeof(struct nlattr))
791 + port_size; 792 + port_size;
792 793
793 if (!dev->netdev_ops->ndo_get_vf_port || !dev->dev.parent) 794 if (!dev->netdev_ops->ndo_get_vf_port || !dev->dev.parent ||
795 !(ext_filter_mask & RTEXT_FILTER_VF))
794 return 0; 796 return 0;
795 if (dev_num_vf(dev->dev.parent)) 797 if (dev_num_vf(dev->dev.parent))
796 return port_self_size + vf_ports_size + 798 return port_self_size + vf_ports_size +
@@ -826,7 +828,7 @@ static noinline size_t if_nlmsg_size(const struct net_device *dev,
826 + nla_total_size(ext_filter_mask 828 + nla_total_size(ext_filter_mask
827 & RTEXT_FILTER_VF ? 4 : 0) /* IFLA_NUM_VF */ 829 & RTEXT_FILTER_VF ? 4 : 0) /* IFLA_NUM_VF */
828 + rtnl_vfinfo_size(dev, ext_filter_mask) /* IFLA_VFINFO_LIST */ 830 + rtnl_vfinfo_size(dev, ext_filter_mask) /* IFLA_VFINFO_LIST */
829 + rtnl_port_size(dev) /* IFLA_VF_PORTS + IFLA_PORT_SELF */ 831 + rtnl_port_size(dev, ext_filter_mask) /* IFLA_VF_PORTS + IFLA_PORT_SELF */
830 + rtnl_link_get_size(dev) /* IFLA_LINKINFO */ 832 + rtnl_link_get_size(dev) /* IFLA_LINKINFO */
831 + rtnl_link_get_af_size(dev) /* IFLA_AF_SPEC */ 833 + rtnl_link_get_af_size(dev) /* IFLA_AF_SPEC */
832 + nla_total_size(MAX_PHYS_PORT_ID_LEN); /* IFLA_PHYS_PORT_ID */ 834 + nla_total_size(MAX_PHYS_PORT_ID_LEN); /* IFLA_PHYS_PORT_ID */
@@ -888,11 +890,13 @@ static int rtnl_port_self_fill(struct sk_buff *skb, struct net_device *dev)
888 return 0; 890 return 0;
889} 891}
890 892
891static int rtnl_port_fill(struct sk_buff *skb, struct net_device *dev) 893static int rtnl_port_fill(struct sk_buff *skb, struct net_device *dev,
894 u32 ext_filter_mask)
892{ 895{
893 int err; 896 int err;
894 897
895 if (!dev->netdev_ops->ndo_get_vf_port || !dev->dev.parent) 898 if (!dev->netdev_ops->ndo_get_vf_port || !dev->dev.parent ||
899 !(ext_filter_mask & RTEXT_FILTER_VF))
896 return 0; 900 return 0;
897 901
898 err = rtnl_port_self_fill(skb, dev); 902 err = rtnl_port_self_fill(skb, dev);
@@ -1079,7 +1083,7 @@ static int rtnl_fill_ifinfo(struct sk_buff *skb, struct net_device *dev,
1079 nla_nest_end(skb, vfinfo); 1083 nla_nest_end(skb, vfinfo);
1080 } 1084 }
1081 1085
1082 if (rtnl_port_fill(skb, dev)) 1086 if (rtnl_port_fill(skb, dev, ext_filter_mask))
1083 goto nla_put_failure; 1087 goto nla_put_failure;
1084 1088
1085 if (dev->rtnl_link_ops || rtnl_have_link_slave_info(dev)) { 1089 if (dev->rtnl_link_ops || rtnl_have_link_slave_info(dev)) {
@@ -1198,6 +1202,7 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
1198 struct hlist_head *head; 1202 struct hlist_head *head;
1199 struct nlattr *tb[IFLA_MAX+1]; 1203 struct nlattr *tb[IFLA_MAX+1];
1200 u32 ext_filter_mask = 0; 1204 u32 ext_filter_mask = 0;
1205 int err;
1201 1206
1202 s_h = cb->args[0]; 1207 s_h = cb->args[0];
1203 s_idx = cb->args[1]; 1208 s_idx = cb->args[1];
@@ -1218,11 +1223,17 @@ static int rtnl_dump_ifinfo(struct sk_buff *skb, struct netlink_callback *cb)
1218 hlist_for_each_entry_rcu(dev, head, index_hlist) { 1223 hlist_for_each_entry_rcu(dev, head, index_hlist) {
1219 if (idx < s_idx) 1224 if (idx < s_idx)
1220 goto cont; 1225 goto cont;
1221 if (rtnl_fill_ifinfo(skb, dev, RTM_NEWLINK, 1226 err = rtnl_fill_ifinfo(skb, dev, RTM_NEWLINK,
1222 NETLINK_CB(cb->skb).portid, 1227 NETLINK_CB(cb->skb).portid,
1223 cb->nlh->nlmsg_seq, 0, 1228 cb->nlh->nlmsg_seq, 0,
1224 NLM_F_MULTI, 1229 NLM_F_MULTI,
1225 ext_filter_mask) <= 0) 1230 ext_filter_mask);
1231 /* If we ran out of room on the first message,
1232 * we're in trouble
1233 */
1234 WARN_ON((err == -EMSGSIZE) && (skb->len == 0));
1235
1236 if (err <= 0)
1226 goto out; 1237 goto out;
1227 1238
1228 nl_dump_check_consistent(cb, nlmsg_hdr(skb)); 1239 nl_dump_check_consistent(cb, nlmsg_hdr(skb));
@@ -1395,7 +1406,8 @@ static int do_set_master(struct net_device *dev, int ifindex)
1395 return 0; 1406 return 0;
1396} 1407}
1397 1408
1398static int do_setlink(struct net_device *dev, struct ifinfomsg *ifm, 1409static int do_setlink(const struct sk_buff *skb,
1410 struct net_device *dev, struct ifinfomsg *ifm,
1399 struct nlattr **tb, char *ifname, int modified) 1411 struct nlattr **tb, char *ifname, int modified)
1400{ 1412{
1401 const struct net_device_ops *ops = dev->netdev_ops; 1413 const struct net_device_ops *ops = dev->netdev_ops;
@@ -1407,7 +1419,7 @@ static int do_setlink(struct net_device *dev, struct ifinfomsg *ifm,
1407 err = PTR_ERR(net); 1419 err = PTR_ERR(net);
1408 goto errout; 1420 goto errout;
1409 } 1421 }
1410 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) { 1422 if (!netlink_ns_capable(skb, net->user_ns, CAP_NET_ADMIN)) {
1411 err = -EPERM; 1423 err = -EPERM;
1412 goto errout; 1424 goto errout;
1413 } 1425 }
@@ -1661,7 +1673,7 @@ static int rtnl_setlink(struct sk_buff *skb, struct nlmsghdr *nlh)
1661 if (err < 0) 1673 if (err < 0)
1662 goto errout; 1674 goto errout;
1663 1675
1664 err = do_setlink(dev, ifm, tb, ifname, 0); 1676 err = do_setlink(skb, dev, ifm, tb, ifname, 0);
1665errout: 1677errout:
1666 return err; 1678 return err;
1667} 1679}
@@ -1778,7 +1790,8 @@ err:
1778} 1790}
1779EXPORT_SYMBOL(rtnl_create_link); 1791EXPORT_SYMBOL(rtnl_create_link);
1780 1792
1781static int rtnl_group_changelink(struct net *net, int group, 1793static int rtnl_group_changelink(const struct sk_buff *skb,
1794 struct net *net, int group,
1782 struct ifinfomsg *ifm, 1795 struct ifinfomsg *ifm,
1783 struct nlattr **tb) 1796 struct nlattr **tb)
1784{ 1797{
@@ -1787,7 +1800,7 @@ static int rtnl_group_changelink(struct net *net, int group,
1787 1800
1788 for_each_netdev(net, dev) { 1801 for_each_netdev(net, dev) {
1789 if (dev->group == group) { 1802 if (dev->group == group) {
1790 err = do_setlink(dev, ifm, tb, NULL, 0); 1803 err = do_setlink(skb, dev, ifm, tb, NULL, 0);
1791 if (err < 0) 1804 if (err < 0)
1792 return err; 1805 return err;
1793 } 1806 }
@@ -1929,12 +1942,12 @@ replay:
1929 modified = 1; 1942 modified = 1;
1930 } 1943 }
1931 1944
1932 return do_setlink(dev, ifm, tb, ifname, modified); 1945 return do_setlink(skb, dev, ifm, tb, ifname, modified);
1933 } 1946 }
1934 1947
1935 if (!(nlh->nlmsg_flags & NLM_F_CREATE)) { 1948 if (!(nlh->nlmsg_flags & NLM_F_CREATE)) {
1936 if (ifm->ifi_index == 0 && tb[IFLA_GROUP]) 1949 if (ifm->ifi_index == 0 && tb[IFLA_GROUP])
1937 return rtnl_group_changelink(net, 1950 return rtnl_group_changelink(skb, net,
1938 nla_get_u32(tb[IFLA_GROUP]), 1951 nla_get_u32(tb[IFLA_GROUP]),
1939 ifm, tb); 1952 ifm, tb);
1940 return -ENODEV; 1953 return -ENODEV;
@@ -2321,7 +2334,7 @@ static int rtnl_fdb_del(struct sk_buff *skb, struct nlmsghdr *nlh)
2321 int err = -EINVAL; 2334 int err = -EINVAL;
2322 __u8 *addr; 2335 __u8 *addr;
2323 2336
2324 if (!capable(CAP_NET_ADMIN)) 2337 if (!netlink_capable(skb, CAP_NET_ADMIN))
2325 return -EPERM; 2338 return -EPERM;
2326 2339
2327 err = nlmsg_parse(nlh, sizeof(*ndm), tb, NDA_MAX, NULL); 2340 err = nlmsg_parse(nlh, sizeof(*ndm), tb, NDA_MAX, NULL);
@@ -2773,7 +2786,7 @@ static int rtnetlink_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
2773 sz_idx = type>>2; 2786 sz_idx = type>>2;
2774 kind = type&3; 2787 kind = type&3;
2775 2788
2776 if (kind != 2 && !ns_capable(net->user_ns, CAP_NET_ADMIN)) 2789 if (kind != 2 && !netlink_net_capable(skb, CAP_NET_ADMIN))
2777 return -EPERM; 2790 return -EPERM;
2778 2791
2779 if (kind == 2 && nlh->nlmsg_flags&NLM_F_DUMP) { 2792 if (kind == 2 && nlh->nlmsg_flags&NLM_F_DUMP) {
diff --git a/net/core/sock.c b/net/core/sock.c
index b4fff008136f..664ee4295b6f 100644
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -145,6 +145,55 @@
145static DEFINE_MUTEX(proto_list_mutex); 145static DEFINE_MUTEX(proto_list_mutex);
146static LIST_HEAD(proto_list); 146static LIST_HEAD(proto_list);
147 147
148/**
149 * sk_ns_capable - General socket capability test
150 * @sk: Socket to use a capability on or through
151 * @user_ns: The user namespace of the capability to use
152 * @cap: The capability to use
153 *
154 * Test to see if the opener of the socket had when the socket was
155 * created and the current process has the capability @cap in the user
156 * namespace @user_ns.
157 */
158bool sk_ns_capable(const struct sock *sk,
159 struct user_namespace *user_ns, int cap)
160{
161 return file_ns_capable(sk->sk_socket->file, user_ns, cap) &&
162 ns_capable(user_ns, cap);
163}
164EXPORT_SYMBOL(sk_ns_capable);
165
166/**
167 * sk_capable - Socket global capability test
168 * @sk: Socket to use a capability on or through
169 * @cap: The global capbility to use
170 *
171 * Test to see if the opener of the socket had when the socket was
172 * created and the current process has the capability @cap in all user
173 * namespaces.
174 */
175bool sk_capable(const struct sock *sk, int cap)
176{
177 return sk_ns_capable(sk, &init_user_ns, cap);
178}
179EXPORT_SYMBOL(sk_capable);
180
181/**
182 * sk_net_capable - Network namespace socket capability test
183 * @sk: Socket to use a capability on or through
184 * @cap: The capability to use
185 *
186 * Test to see if the opener of the socket had when the socke was created
187 * and the current process has the capability @cap over the network namespace
188 * the socket is a member of.
189 */
190bool sk_net_capable(const struct sock *sk, int cap)
191{
192 return sk_ns_capable(sk, sock_net(sk)->user_ns, cap);
193}
194EXPORT_SYMBOL(sk_net_capable);
195
196
148#ifdef CONFIG_MEMCG_KMEM 197#ifdef CONFIG_MEMCG_KMEM
149int mem_cgroup_sockets_init(struct mem_cgroup *memcg, struct cgroup_subsys *ss) 198int mem_cgroup_sockets_init(struct mem_cgroup *memcg, struct cgroup_subsys *ss)
150{ 199{
diff --git a/net/core/sock_diag.c b/net/core/sock_diag.c
index d7af18859322..a4216a4c9572 100644
--- a/net/core/sock_diag.c
+++ b/net/core/sock_diag.c
@@ -49,7 +49,7 @@ int sock_diag_put_meminfo(struct sock *sk, struct sk_buff *skb, int attrtype)
49} 49}
50EXPORT_SYMBOL_GPL(sock_diag_put_meminfo); 50EXPORT_SYMBOL_GPL(sock_diag_put_meminfo);
51 51
52int sock_diag_put_filterinfo(struct user_namespace *user_ns, struct sock *sk, 52int sock_diag_put_filterinfo(bool may_report_filterinfo, struct sock *sk,
53 struct sk_buff *skb, int attrtype) 53 struct sk_buff *skb, int attrtype)
54{ 54{
55 struct sock_fprog_kern *fprog; 55 struct sock_fprog_kern *fprog;
@@ -58,7 +58,7 @@ int sock_diag_put_filterinfo(struct user_namespace *user_ns, struct sock *sk,
58 unsigned int flen; 58 unsigned int flen;
59 int err = 0; 59 int err = 0;
60 60
61 if (!ns_capable(user_ns, CAP_NET_ADMIN)) { 61 if (!may_report_filterinfo) {
62 nla_reserve(skb, attrtype, 0); 62 nla_reserve(skb, attrtype, 0);
63 return 0; 63 return 0;
64 } 64 }
diff --git a/net/dcb/dcbnl.c b/net/dcb/dcbnl.c
index 553644402670..f8b98d89c285 100644
--- a/net/dcb/dcbnl.c
+++ b/net/dcb/dcbnl.c
@@ -1669,7 +1669,7 @@ static int dcb_doit(struct sk_buff *skb, struct nlmsghdr *nlh)
1669 struct nlmsghdr *reply_nlh = NULL; 1669 struct nlmsghdr *reply_nlh = NULL;
1670 const struct reply_func *fn; 1670 const struct reply_func *fn;
1671 1671
1672 if ((nlh->nlmsg_type == RTM_SETDCB) && !capable(CAP_NET_ADMIN)) 1672 if ((nlh->nlmsg_type == RTM_SETDCB) && !netlink_capable(skb, CAP_NET_ADMIN))
1673 return -EPERM; 1673 return -EPERM;
1674 1674
1675 ret = nlmsg_parse(nlh, sizeof(*dcb), tb, DCB_ATTR_MAX, 1675 ret = nlmsg_parse(nlh, sizeof(*dcb), tb, DCB_ATTR_MAX,
diff --git a/net/decnet/dn_dev.c b/net/decnet/dn_dev.c
index a603823a3e27..3b726f31c64c 100644
--- a/net/decnet/dn_dev.c
+++ b/net/decnet/dn_dev.c
@@ -574,7 +574,7 @@ static int dn_nl_deladdr(struct sk_buff *skb, struct nlmsghdr *nlh)
574 struct dn_ifaddr __rcu **ifap; 574 struct dn_ifaddr __rcu **ifap;
575 int err = -EINVAL; 575 int err = -EINVAL;
576 576
577 if (!capable(CAP_NET_ADMIN)) 577 if (!netlink_capable(skb, CAP_NET_ADMIN))
578 return -EPERM; 578 return -EPERM;
579 579
580 if (!net_eq(net, &init_net)) 580 if (!net_eq(net, &init_net))
@@ -618,7 +618,7 @@ static int dn_nl_newaddr(struct sk_buff *skb, struct nlmsghdr *nlh)
618 struct dn_ifaddr *ifa; 618 struct dn_ifaddr *ifa;
619 int err; 619 int err;
620 620
621 if (!capable(CAP_NET_ADMIN)) 621 if (!netlink_capable(skb, CAP_NET_ADMIN))
622 return -EPERM; 622 return -EPERM;
623 623
624 if (!net_eq(net, &init_net)) 624 if (!net_eq(net, &init_net))
diff --git a/net/decnet/dn_fib.c b/net/decnet/dn_fib.c
index 57dc159245ec..d332aefb0846 100644
--- a/net/decnet/dn_fib.c
+++ b/net/decnet/dn_fib.c
@@ -505,7 +505,7 @@ static int dn_fib_rtm_delroute(struct sk_buff *skb, struct nlmsghdr *nlh)
505 struct nlattr *attrs[RTA_MAX+1]; 505 struct nlattr *attrs[RTA_MAX+1];
506 int err; 506 int err;
507 507
508 if (!capable(CAP_NET_ADMIN)) 508 if (!netlink_capable(skb, CAP_NET_ADMIN))
509 return -EPERM; 509 return -EPERM;
510 510
511 if (!net_eq(net, &init_net)) 511 if (!net_eq(net, &init_net))
@@ -530,7 +530,7 @@ static int dn_fib_rtm_newroute(struct sk_buff *skb, struct nlmsghdr *nlh)
530 struct nlattr *attrs[RTA_MAX+1]; 530 struct nlattr *attrs[RTA_MAX+1];
531 int err; 531 int err;
532 532
533 if (!capable(CAP_NET_ADMIN)) 533 if (!netlink_capable(skb, CAP_NET_ADMIN))
534 return -EPERM; 534 return -EPERM;
535 535
536 if (!net_eq(net, &init_net)) 536 if (!net_eq(net, &init_net))
diff --git a/net/decnet/netfilter/dn_rtmsg.c b/net/decnet/netfilter/dn_rtmsg.c
index e83015cecfa7..e4d9560a910b 100644
--- a/net/decnet/netfilter/dn_rtmsg.c
+++ b/net/decnet/netfilter/dn_rtmsg.c
@@ -107,7 +107,7 @@ static inline void dnrmg_receive_user_skb(struct sk_buff *skb)
107 if (nlh->nlmsg_len < sizeof(*nlh) || skb->len < nlh->nlmsg_len) 107 if (nlh->nlmsg_len < sizeof(*nlh) || skb->len < nlh->nlmsg_len)
108 return; 108 return;
109 109
110 if (!capable(CAP_NET_ADMIN)) 110 if (!netlink_capable(skb, CAP_NET_ADMIN))
111 RCV_SKB_FAIL(-EPERM); 111 RCV_SKB_FAIL(-EPERM);
112 112
113 /* Eventually we might send routing messages too */ 113 /* Eventually we might send routing messages too */
diff --git a/net/ipv4/ip_tunnel.c b/net/ipv4/ip_tunnel.c
index fa5b7519765f..b3f859731c60 100644
--- a/net/ipv4/ip_tunnel.c
+++ b/net/ipv4/ip_tunnel.c
@@ -442,6 +442,8 @@ int ip_tunnel_rcv(struct ip_tunnel *tunnel, struct sk_buff *skb,
442 tunnel->i_seqno = ntohl(tpi->seq) + 1; 442 tunnel->i_seqno = ntohl(tpi->seq) + 1;
443 } 443 }
444 444
445 skb_reset_network_header(skb);
446
445 err = IP_ECN_decapsulate(iph, skb); 447 err = IP_ECN_decapsulate(iph, skb);
446 if (unlikely(err)) { 448 if (unlikely(err)) {
447 if (log_ecn_error) 449 if (log_ecn_error)
diff --git a/net/ipv4/tcp_cubic.c b/net/ipv4/tcp_cubic.c
index 8bf224516ba2..b4f1b29b08bd 100644
--- a/net/ipv4/tcp_cubic.c
+++ b/net/ipv4/tcp_cubic.c
@@ -409,7 +409,7 @@ static void bictcp_acked(struct sock *sk, u32 cnt, s32 rtt_us)
409 ratio -= ca->delayed_ack >> ACK_RATIO_SHIFT; 409 ratio -= ca->delayed_ack >> ACK_RATIO_SHIFT;
410 ratio += cnt; 410 ratio += cnt;
411 411
412 ca->delayed_ack = min(ratio, ACK_RATIO_LIMIT); 412 ca->delayed_ack = clamp(ratio, 1U, ACK_RATIO_LIMIT);
413 } 413 }
414 414
415 /* Some calls are for duplicates without timetamps */ 415 /* Some calls are for duplicates without timetamps */
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 025e25093984..12d6016bdd9a 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -2441,8 +2441,14 @@ int __tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb)
2441 err = tcp_transmit_skb(sk, skb, 1, GFP_ATOMIC); 2441 err = tcp_transmit_skb(sk, skb, 1, GFP_ATOMIC);
2442 } 2442 }
2443 2443
2444 if (likely(!err)) 2444 if (likely(!err)) {
2445 TCP_SKB_CB(skb)->sacked |= TCPCB_EVER_RETRANS; 2445 TCP_SKB_CB(skb)->sacked |= TCPCB_EVER_RETRANS;
2446 /* Update global TCP statistics. */
2447 TCP_INC_STATS(sock_net(sk), TCP_MIB_RETRANSSEGS);
2448 if (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_SYN)
2449 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPSYNRETRANS);
2450 tp->total_retrans++;
2451 }
2446 return err; 2452 return err;
2447} 2453}
2448 2454
@@ -2452,12 +2458,6 @@ int tcp_retransmit_skb(struct sock *sk, struct sk_buff *skb)
2452 int err = __tcp_retransmit_skb(sk, skb); 2458 int err = __tcp_retransmit_skb(sk, skb);
2453 2459
2454 if (err == 0) { 2460 if (err == 0) {
2455 /* Update global TCP statistics. */
2456 TCP_INC_STATS(sock_net(sk), TCP_MIB_RETRANSSEGS);
2457 if (TCP_SKB_CB(skb)->tcp_flags & TCPHDR_SYN)
2458 NET_INC_STATS_BH(sock_net(sk), LINUX_MIB_TCPSYNRETRANS);
2459 tp->total_retrans++;
2460
2461#if FASTRETRANS_DEBUG > 0 2461#if FASTRETRANS_DEBUG > 0
2462 if (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_RETRANS) { 2462 if (TCP_SKB_CB(skb)->sacked & TCPCB_SACKED_RETRANS) {
2463 net_dbg_ratelimited("retrans_out leaked\n"); 2463 net_dbg_ratelimited("retrans_out leaked\n");
diff --git a/net/ipv6/ip6_fib.c b/net/ipv6/ip6_fib.c
index 34e0ded5c14b..87891f5f57b5 100644
--- a/net/ipv6/ip6_fib.c
+++ b/net/ipv6/ip6_fib.c
@@ -1459,7 +1459,7 @@ static int fib6_walk_continue(struct fib6_walker_t *w)
1459 1459
1460 if (w->skip) { 1460 if (w->skip) {
1461 w->skip--; 1461 w->skip--;
1462 continue; 1462 goto skip;
1463 } 1463 }
1464 1464
1465 err = w->func(w); 1465 err = w->func(w);
@@ -1469,6 +1469,7 @@ static int fib6_walk_continue(struct fib6_walker_t *w)
1469 w->count++; 1469 w->count++;
1470 continue; 1470 continue;
1471 } 1471 }
1472skip:
1472 w->state = FWS_U; 1473 w->state = FWS_U;
1473 case FWS_U: 1474 case FWS_U:
1474 if (fn == w->root) 1475 if (fn == w->root)
diff --git a/net/ipv6/ip6mr.c b/net/ipv6/ip6mr.c
index 8659067da28e..8250474ab7dc 100644
--- a/net/ipv6/ip6mr.c
+++ b/net/ipv6/ip6mr.c
@@ -1633,7 +1633,7 @@ struct sock *mroute6_socket(struct net *net, struct sk_buff *skb)
1633{ 1633{
1634 struct mr6_table *mrt; 1634 struct mr6_table *mrt;
1635 struct flowi6 fl6 = { 1635 struct flowi6 fl6 = {
1636 .flowi6_iif = skb->skb_iif, 1636 .flowi6_iif = skb->skb_iif ? : LOOPBACK_IFINDEX,
1637 .flowi6_oif = skb->dev->ifindex, 1637 .flowi6_oif = skb->dev->ifindex,
1638 .flowi6_mark = skb->mark, 1638 .flowi6_mark = skb->mark,
1639 }; 1639 };
diff --git a/net/ipv6/netfilter/ip6t_rpfilter.c b/net/ipv6/netfilter/ip6t_rpfilter.c
index e0983f3648a6..790e0c6b19e1 100644
--- a/net/ipv6/netfilter/ip6t_rpfilter.c
+++ b/net/ipv6/netfilter/ip6t_rpfilter.c
@@ -33,6 +33,7 @@ static bool rpfilter_lookup_reverse6(const struct sk_buff *skb,
33 struct ipv6hdr *iph = ipv6_hdr(skb); 33 struct ipv6hdr *iph = ipv6_hdr(skb);
34 bool ret = false; 34 bool ret = false;
35 struct flowi6 fl6 = { 35 struct flowi6 fl6 = {
36 .flowi6_iif = LOOPBACK_IFINDEX,
36 .flowlabel = (* (__be32 *) iph) & IPV6_FLOWINFO_MASK, 37 .flowlabel = (* (__be32 *) iph) & IPV6_FLOWINFO_MASK,
37 .flowi6_proto = iph->nexthdr, 38 .flowi6_proto = iph->nexthdr,
38 .daddr = iph->saddr, 39 .daddr = iph->saddr,
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 4011617cca68..004fffb6c221 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -1273,6 +1273,7 @@ void ip6_redirect(struct sk_buff *skb, struct net *net, int oif, u32 mark)
1273 struct flowi6 fl6; 1273 struct flowi6 fl6;
1274 1274
1275 memset(&fl6, 0, sizeof(fl6)); 1275 memset(&fl6, 0, sizeof(fl6));
1276 fl6.flowi6_iif = LOOPBACK_IFINDEX;
1276 fl6.flowi6_oif = oif; 1277 fl6.flowi6_oif = oif;
1277 fl6.flowi6_mark = mark; 1278 fl6.flowi6_mark = mark;
1278 fl6.daddr = iph->daddr; 1279 fl6.daddr = iph->daddr;
@@ -1294,6 +1295,7 @@ void ip6_redirect_no_header(struct sk_buff *skb, struct net *net, int oif,
1294 struct flowi6 fl6; 1295 struct flowi6 fl6;
1295 1296
1296 memset(&fl6, 0, sizeof(fl6)); 1297 memset(&fl6, 0, sizeof(fl6));
1298 fl6.flowi6_iif = LOOPBACK_IFINDEX;
1297 fl6.flowi6_oif = oif; 1299 fl6.flowi6_oif = oif;
1298 fl6.flowi6_mark = mark; 1300 fl6.flowi6_mark = mark;
1299 fl6.daddr = msg->dest; 1301 fl6.daddr = msg->dest;
diff --git a/net/netfilter/nfnetlink.c b/net/netfilter/nfnetlink.c
index e8138da4c14f..e009087620e3 100644
--- a/net/netfilter/nfnetlink.c
+++ b/net/netfilter/nfnetlink.c
@@ -368,14 +368,13 @@ done:
368static void nfnetlink_rcv(struct sk_buff *skb) 368static void nfnetlink_rcv(struct sk_buff *skb)
369{ 369{
370 struct nlmsghdr *nlh = nlmsg_hdr(skb); 370 struct nlmsghdr *nlh = nlmsg_hdr(skb);
371 struct net *net = sock_net(skb->sk);
372 int msglen; 371 int msglen;
373 372
374 if (nlh->nlmsg_len < NLMSG_HDRLEN || 373 if (nlh->nlmsg_len < NLMSG_HDRLEN ||
375 skb->len < nlh->nlmsg_len) 374 skb->len < nlh->nlmsg_len)
376 return; 375 return;
377 376
378 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) { 377 if (!netlink_net_capable(skb, CAP_NET_ADMIN)) {
379 netlink_ack(skb, nlh, -EPERM); 378 netlink_ack(skb, nlh, -EPERM);
380 return; 379 return;
381 } 380 }
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 894cda0206bb..81dca96d2be6 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -1360,7 +1360,72 @@ retry:
1360 return err; 1360 return err;
1361} 1361}
1362 1362
1363static inline int netlink_capable(const struct socket *sock, unsigned int flag) 1363/**
1364 * __netlink_ns_capable - General netlink message capability test
1365 * @nsp: NETLINK_CB of the socket buffer holding a netlink command from userspace.
1366 * @user_ns: The user namespace of the capability to use
1367 * @cap: The capability to use
1368 *
1369 * Test to see if the opener of the socket we received the message
1370 * from had when the netlink socket was created and the sender of the
1371 * message has has the capability @cap in the user namespace @user_ns.
1372 */
1373bool __netlink_ns_capable(const struct netlink_skb_parms *nsp,
1374 struct user_namespace *user_ns, int cap)
1375{
1376 return sk_ns_capable(nsp->sk, user_ns, cap);
1377}
1378EXPORT_SYMBOL(__netlink_ns_capable);
1379
1380/**
1381 * netlink_ns_capable - General netlink message capability test
1382 * @skb: socket buffer holding a netlink command from userspace
1383 * @user_ns: The user namespace of the capability to use
1384 * @cap: The capability to use
1385 *
1386 * Test to see if the opener of the socket we received the message
1387 * from had when the netlink socket was created and the sender of the
1388 * message has has the capability @cap in the user namespace @user_ns.
1389 */
1390bool netlink_ns_capable(const struct sk_buff *skb,
1391 struct user_namespace *user_ns, int cap)
1392{
1393 return __netlink_ns_capable(&NETLINK_CB(skb), user_ns, cap);
1394}
1395EXPORT_SYMBOL(netlink_ns_capable);
1396
1397/**
1398 * netlink_capable - Netlink global message capability test
1399 * @skb: socket buffer holding a netlink command from userspace
1400 * @cap: The capability to use
1401 *
1402 * Test to see if the opener of the socket we received the message
1403 * from had when the netlink socket was created and the sender of the
1404 * message has has the capability @cap in all user namespaces.
1405 */
1406bool netlink_capable(const struct sk_buff *skb, int cap)
1407{
1408 return netlink_ns_capable(skb, &init_user_ns, cap);
1409}
1410EXPORT_SYMBOL(netlink_capable);
1411
1412/**
1413 * netlink_net_capable - Netlink network namespace message capability test
1414 * @skb: socket buffer holding a netlink command from userspace
1415 * @cap: The capability to use
1416 *
1417 * Test to see if the opener of the socket we received the message
1418 * from had when the netlink socket was created and the sender of the
1419 * message has has the capability @cap over the network namespace of
1420 * the socket we received the message from.
1421 */
1422bool netlink_net_capable(const struct sk_buff *skb, int cap)
1423{
1424 return netlink_ns_capable(skb, sock_net(skb->sk)->user_ns, cap);
1425}
1426EXPORT_SYMBOL(netlink_net_capable);
1427
1428static inline int netlink_allowed(const struct socket *sock, unsigned int flag)
1364{ 1429{
1365 return (nl_table[sock->sk->sk_protocol].flags & flag) || 1430 return (nl_table[sock->sk->sk_protocol].flags & flag) ||
1366 ns_capable(sock_net(sock->sk)->user_ns, CAP_NET_ADMIN); 1431 ns_capable(sock_net(sock->sk)->user_ns, CAP_NET_ADMIN);
@@ -1428,7 +1493,7 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr,
1428 1493
1429 /* Only superuser is allowed to listen multicasts */ 1494 /* Only superuser is allowed to listen multicasts */
1430 if (nladdr->nl_groups) { 1495 if (nladdr->nl_groups) {
1431 if (!netlink_capable(sock, NL_CFG_F_NONROOT_RECV)) 1496 if (!netlink_allowed(sock, NL_CFG_F_NONROOT_RECV))
1432 return -EPERM; 1497 return -EPERM;
1433 err = netlink_realloc_groups(sk); 1498 err = netlink_realloc_groups(sk);
1434 if (err) 1499 if (err)
@@ -1490,7 +1555,7 @@ static int netlink_connect(struct socket *sock, struct sockaddr *addr,
1490 return -EINVAL; 1555 return -EINVAL;
1491 1556
1492 if ((nladdr->nl_groups || nladdr->nl_pid) && 1557 if ((nladdr->nl_groups || nladdr->nl_pid) &&
1493 !netlink_capable(sock, NL_CFG_F_NONROOT_SEND)) 1558 !netlink_allowed(sock, NL_CFG_F_NONROOT_SEND))
1494 return -EPERM; 1559 return -EPERM;
1495 1560
1496 if (!nlk->portid) 1561 if (!nlk->portid)
@@ -2096,7 +2161,7 @@ static int netlink_setsockopt(struct socket *sock, int level, int optname,
2096 break; 2161 break;
2097 case NETLINK_ADD_MEMBERSHIP: 2162 case NETLINK_ADD_MEMBERSHIP:
2098 case NETLINK_DROP_MEMBERSHIP: { 2163 case NETLINK_DROP_MEMBERSHIP: {
2099 if (!netlink_capable(sock, NL_CFG_F_NONROOT_RECV)) 2164 if (!netlink_allowed(sock, NL_CFG_F_NONROOT_RECV))
2100 return -EPERM; 2165 return -EPERM;
2101 err = netlink_realloc_groups(sk); 2166 err = netlink_realloc_groups(sk);
2102 if (err) 2167 if (err)
@@ -2247,7 +2312,7 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock,
2247 dst_group = ffs(addr->nl_groups); 2312 dst_group = ffs(addr->nl_groups);
2248 err = -EPERM; 2313 err = -EPERM;
2249 if ((dst_group || dst_portid) && 2314 if ((dst_group || dst_portid) &&
2250 !netlink_capable(sock, NL_CFG_F_NONROOT_SEND)) 2315 !netlink_allowed(sock, NL_CFG_F_NONROOT_SEND))
2251 goto out; 2316 goto out;
2252 } else { 2317 } else {
2253 dst_portid = nlk->dst_portid; 2318 dst_portid = nlk->dst_portid;
diff --git a/net/netlink/genetlink.c b/net/netlink/genetlink.c
index b1dcdb932a86..a3ba3ca0ff92 100644
--- a/net/netlink/genetlink.c
+++ b/net/netlink/genetlink.c
@@ -561,7 +561,7 @@ static int genl_family_rcv_msg(struct genl_family *family,
561 return -EOPNOTSUPP; 561 return -EOPNOTSUPP;
562 562
563 if ((ops->flags & GENL_ADMIN_PERM) && 563 if ((ops->flags & GENL_ADMIN_PERM) &&
564 !capable(CAP_NET_ADMIN)) 564 !netlink_capable(skb, CAP_NET_ADMIN))
565 return -EPERM; 565 return -EPERM;
566 566
567 if ((nlh->nlmsg_flags & NLM_F_DUMP) == NLM_F_DUMP) { 567 if ((nlh->nlmsg_flags & NLM_F_DUMP) == NLM_F_DUMP) {
diff --git a/net/packet/diag.c b/net/packet/diag.c
index 533ce4ff108a..92f2c7107eec 100644
--- a/net/packet/diag.c
+++ b/net/packet/diag.c
@@ -128,6 +128,7 @@ static int pdiag_put_fanout(struct packet_sock *po, struct sk_buff *nlskb)
128 128
129static int sk_diag_fill(struct sock *sk, struct sk_buff *skb, 129static int sk_diag_fill(struct sock *sk, struct sk_buff *skb,
130 struct packet_diag_req *req, 130 struct packet_diag_req *req,
131 bool may_report_filterinfo,
131 struct user_namespace *user_ns, 132 struct user_namespace *user_ns,
132 u32 portid, u32 seq, u32 flags, int sk_ino) 133 u32 portid, u32 seq, u32 flags, int sk_ino)
133{ 134{
@@ -172,7 +173,8 @@ static int sk_diag_fill(struct sock *sk, struct sk_buff *skb,
172 goto out_nlmsg_trim; 173 goto out_nlmsg_trim;
173 174
174 if ((req->pdiag_show & PACKET_SHOW_FILTER) && 175 if ((req->pdiag_show & PACKET_SHOW_FILTER) &&
175 sock_diag_put_filterinfo(user_ns, sk, skb, PACKET_DIAG_FILTER)) 176 sock_diag_put_filterinfo(may_report_filterinfo, sk, skb,
177 PACKET_DIAG_FILTER))
176 goto out_nlmsg_trim; 178 goto out_nlmsg_trim;
177 179
178 return nlmsg_end(skb, nlh); 180 return nlmsg_end(skb, nlh);
@@ -188,9 +190,11 @@ static int packet_diag_dump(struct sk_buff *skb, struct netlink_callback *cb)
188 struct packet_diag_req *req; 190 struct packet_diag_req *req;
189 struct net *net; 191 struct net *net;
190 struct sock *sk; 192 struct sock *sk;
193 bool may_report_filterinfo;
191 194
192 net = sock_net(skb->sk); 195 net = sock_net(skb->sk);
193 req = nlmsg_data(cb->nlh); 196 req = nlmsg_data(cb->nlh);
197 may_report_filterinfo = netlink_net_capable(cb->skb, CAP_NET_ADMIN);
194 198
195 mutex_lock(&net->packet.sklist_lock); 199 mutex_lock(&net->packet.sklist_lock);
196 sk_for_each(sk, &net->packet.sklist) { 200 sk_for_each(sk, &net->packet.sklist) {
@@ -200,6 +204,7 @@ static int packet_diag_dump(struct sk_buff *skb, struct netlink_callback *cb)
200 goto next; 204 goto next;
201 205
202 if (sk_diag_fill(sk, skb, req, 206 if (sk_diag_fill(sk, skb, req,
207 may_report_filterinfo,
203 sk_user_ns(NETLINK_CB(cb->skb).sk), 208 sk_user_ns(NETLINK_CB(cb->skb).sk),
204 NETLINK_CB(cb->skb).portid, 209 NETLINK_CB(cb->skb).portid,
205 cb->nlh->nlmsg_seq, NLM_F_MULTI, 210 cb->nlh->nlmsg_seq, NLM_F_MULTI,
diff --git a/net/phonet/pn_netlink.c b/net/phonet/pn_netlink.c
index dc15f4300808..b64151ade6b3 100644
--- a/net/phonet/pn_netlink.c
+++ b/net/phonet/pn_netlink.c
@@ -70,10 +70,10 @@ static int addr_doit(struct sk_buff *skb, struct nlmsghdr *nlh)
70 int err; 70 int err;
71 u8 pnaddr; 71 u8 pnaddr;
72 72
73 if (!capable(CAP_NET_ADMIN)) 73 if (!netlink_capable(skb, CAP_NET_ADMIN))
74 return -EPERM; 74 return -EPERM;
75 75
76 if (!capable(CAP_SYS_ADMIN)) 76 if (!netlink_capable(skb, CAP_SYS_ADMIN))
77 return -EPERM; 77 return -EPERM;
78 78
79 ASSERT_RTNL(); 79 ASSERT_RTNL();
@@ -233,10 +233,10 @@ static int route_doit(struct sk_buff *skb, struct nlmsghdr *nlh)
233 int err; 233 int err;
234 u8 dst; 234 u8 dst;
235 235
236 if (!capable(CAP_NET_ADMIN)) 236 if (!netlink_capable(skb, CAP_NET_ADMIN))
237 return -EPERM; 237 return -EPERM;
238 238
239 if (!capable(CAP_SYS_ADMIN)) 239 if (!netlink_capable(skb, CAP_SYS_ADMIN))
240 return -EPERM; 240 return -EPERM;
241 241
242 ASSERT_RTNL(); 242 ASSERT_RTNL();
diff --git a/net/sched/act_api.c b/net/sched/act_api.c
index 8a5ba5add4bc..648778aef1a2 100644
--- a/net/sched/act_api.c
+++ b/net/sched/act_api.c
@@ -948,7 +948,7 @@ static int tc_ctl_action(struct sk_buff *skb, struct nlmsghdr *n)
948 u32 portid = skb ? NETLINK_CB(skb).portid : 0; 948 u32 portid = skb ? NETLINK_CB(skb).portid : 0;
949 int ret = 0, ovr = 0; 949 int ret = 0, ovr = 0;
950 950
951 if ((n->nlmsg_type != RTM_GETACTION) && !capable(CAP_NET_ADMIN)) 951 if ((n->nlmsg_type != RTM_GETACTION) && !netlink_capable(skb, CAP_NET_ADMIN))
952 return -EPERM; 952 return -EPERM;
953 953
954 ret = nlmsg_parse(n, sizeof(struct tcamsg), tca, TCA_ACT_MAX, NULL); 954 ret = nlmsg_parse(n, sizeof(struct tcamsg), tca, TCA_ACT_MAX, NULL);
diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c
index 29a30a14c315..bdbdb1a7920a 100644
--- a/net/sched/cls_api.c
+++ b/net/sched/cls_api.c
@@ -134,7 +134,7 @@ static int tc_ctl_tfilter(struct sk_buff *skb, struct nlmsghdr *n)
134 int err; 134 int err;
135 int tp_created = 0; 135 int tp_created = 0;
136 136
137 if ((n->nlmsg_type != RTM_GETTFILTER) && !capable(CAP_NET_ADMIN)) 137 if ((n->nlmsg_type != RTM_GETTFILTER) && !netlink_capable(skb, CAP_NET_ADMIN))
138 return -EPERM; 138 return -EPERM;
139 139
140replay: 140replay:
diff --git a/net/sched/sch_api.c b/net/sched/sch_api.c
index a0b84e0e22de..400769014bbd 100644
--- a/net/sched/sch_api.c
+++ b/net/sched/sch_api.c
@@ -1084,7 +1084,7 @@ static int tc_get_qdisc(struct sk_buff *skb, struct nlmsghdr *n)
1084 struct Qdisc *p = NULL; 1084 struct Qdisc *p = NULL;
1085 int err; 1085 int err;
1086 1086
1087 if ((n->nlmsg_type != RTM_GETQDISC) && !capable(CAP_NET_ADMIN)) 1087 if ((n->nlmsg_type != RTM_GETQDISC) && !netlink_capable(skb, CAP_NET_ADMIN))
1088 return -EPERM; 1088 return -EPERM;
1089 1089
1090 err = nlmsg_parse(n, sizeof(*tcm), tca, TCA_MAX, NULL); 1090 err = nlmsg_parse(n, sizeof(*tcm), tca, TCA_MAX, NULL);
@@ -1151,7 +1151,7 @@ static int tc_modify_qdisc(struct sk_buff *skb, struct nlmsghdr *n)
1151 struct Qdisc *q, *p; 1151 struct Qdisc *q, *p;
1152 int err; 1152 int err;
1153 1153
1154 if (!capable(CAP_NET_ADMIN)) 1154 if (!netlink_capable(skb, CAP_NET_ADMIN))
1155 return -EPERM; 1155 return -EPERM;
1156 1156
1157replay: 1157replay:
@@ -1490,7 +1490,7 @@ static int tc_ctl_tclass(struct sk_buff *skb, struct nlmsghdr *n)
1490 u32 qid; 1490 u32 qid;
1491 int err; 1491 int err;
1492 1492
1493 if ((n->nlmsg_type != RTM_GETTCLASS) && !capable(CAP_NET_ADMIN)) 1493 if ((n->nlmsg_type != RTM_GETTCLASS) && !netlink_capable(skb, CAP_NET_ADMIN))
1494 return -EPERM; 1494 return -EPERM;
1495 1495
1496 err = nlmsg_parse(n, sizeof(*tcm), tca, TCA_MAX, NULL); 1496 err = nlmsg_parse(n, sizeof(*tcm), tca, TCA_MAX, NULL);
diff --git a/net/sched/sch_hhf.c b/net/sched/sch_hhf.c
index edee03d922e2..6e957c3b9854 100644
--- a/net/sched/sch_hhf.c
+++ b/net/sched/sch_hhf.c
@@ -553,11 +553,6 @@ static int hhf_change(struct Qdisc *sch, struct nlattr *opt)
553 if (err < 0) 553 if (err < 0)
554 return err; 554 return err;
555 555
556 sch_tree_lock(sch);
557
558 if (tb[TCA_HHF_BACKLOG_LIMIT])
559 sch->limit = nla_get_u32(tb[TCA_HHF_BACKLOG_LIMIT]);
560
561 if (tb[TCA_HHF_QUANTUM]) 556 if (tb[TCA_HHF_QUANTUM])
562 new_quantum = nla_get_u32(tb[TCA_HHF_QUANTUM]); 557 new_quantum = nla_get_u32(tb[TCA_HHF_QUANTUM]);
563 558
@@ -567,6 +562,12 @@ static int hhf_change(struct Qdisc *sch, struct nlattr *opt)
567 non_hh_quantum = (u64)new_quantum * new_hhf_non_hh_weight; 562 non_hh_quantum = (u64)new_quantum * new_hhf_non_hh_weight;
568 if (non_hh_quantum > INT_MAX) 563 if (non_hh_quantum > INT_MAX)
569 return -EINVAL; 564 return -EINVAL;
565
566 sch_tree_lock(sch);
567
568 if (tb[TCA_HHF_BACKLOG_LIMIT])
569 sch->limit = nla_get_u32(tb[TCA_HHF_BACKLOG_LIMIT]);
570
570 q->quantum = new_quantum; 571 q->quantum = new_quantum;
571 q->hhf_non_hh_weight = new_hhf_non_hh_weight; 572 q->hhf_non_hh_weight = new_hhf_non_hh_weight;
572 573
diff --git a/net/sctp/protocol.c b/net/sctp/protocol.c
index c09757fbf803..44cbb54c8574 100644
--- a/net/sctp/protocol.c
+++ b/net/sctp/protocol.c
@@ -491,8 +491,13 @@ static void sctp_v4_get_dst(struct sctp_transport *t, union sctp_addr *saddr,
491 continue; 491 continue;
492 if ((laddr->state == SCTP_ADDR_SRC) && 492 if ((laddr->state == SCTP_ADDR_SRC) &&
493 (AF_INET == laddr->a.sa.sa_family)) { 493 (AF_INET == laddr->a.sa.sa_family)) {
494 fl4->saddr = laddr->a.v4.sin_addr.s_addr;
495 fl4->fl4_sport = laddr->a.v4.sin_port; 494 fl4->fl4_sport = laddr->a.v4.sin_port;
495 flowi4_update_output(fl4,
496 asoc->base.sk->sk_bound_dev_if,
497 RT_CONN_FLAGS(asoc->base.sk),
498 daddr->v4.sin_addr.s_addr,
499 laddr->a.v4.sin_addr.s_addr);
500
496 rt = ip_route_output_key(sock_net(sk), fl4); 501 rt = ip_route_output_key(sock_net(sk), fl4);
497 if (!IS_ERR(rt)) { 502 if (!IS_ERR(rt)) {
498 dst = &rt->dst; 503 dst = &rt->dst;
diff --git a/net/sctp/sm_sideeffect.c b/net/sctp/sm_sideeffect.c
index 5d6883ff00c3..fef2acdf4a2e 100644
--- a/net/sctp/sm_sideeffect.c
+++ b/net/sctp/sm_sideeffect.c
@@ -496,11 +496,10 @@ static void sctp_do_8_2_transport_strike(sctp_cmd_seq_t *commands,
496 496
497 /* If the transport error count is greater than the pf_retrans 497 /* If the transport error count is greater than the pf_retrans
498 * threshold, and less than pathmaxrtx, and if the current state 498 * threshold, and less than pathmaxrtx, and if the current state
499 * is not SCTP_UNCONFIRMED, then mark this transport as Partially 499 * is SCTP_ACTIVE, then mark this transport as Partially Failed,
500 * Failed, see SCTP Quick Failover Draft, section 5.1 500 * see SCTP Quick Failover Draft, section 5.1
501 */ 501 */
502 if ((transport->state != SCTP_PF) && 502 if ((transport->state == SCTP_ACTIVE) &&
503 (transport->state != SCTP_UNCONFIRMED) &&
504 (asoc->pf_retrans < transport->pathmaxrxt) && 503 (asoc->pf_retrans < transport->pathmaxrxt) &&
505 (transport->error_count > asoc->pf_retrans)) { 504 (transport->error_count > asoc->pf_retrans)) {
506 505
diff --git a/net/tipc/netlink.c b/net/tipc/netlink.c
index 3aaf73de9e2d..ad844d365340 100644
--- a/net/tipc/netlink.c
+++ b/net/tipc/netlink.c
@@ -47,7 +47,7 @@ static int handle_cmd(struct sk_buff *skb, struct genl_info *info)
47 int hdr_space = nlmsg_total_size(GENL_HDRLEN + TIPC_GENL_HDRLEN); 47 int hdr_space = nlmsg_total_size(GENL_HDRLEN + TIPC_GENL_HDRLEN);
48 u16 cmd; 48 u16 cmd;
49 49
50 if ((req_userhdr->cmd & 0xC000) && (!capable(CAP_NET_ADMIN))) 50 if ((req_userhdr->cmd & 0xC000) && (!netlink_capable(skb, CAP_NET_ADMIN)))
51 cmd = TIPC_CMD_NOT_NET_ADMIN; 51 cmd = TIPC_CMD_NOT_NET_ADMIN;
52 else 52 else
53 cmd = req_userhdr->cmd; 53 cmd = req_userhdr->cmd;
diff --git a/net/vmw_vsock/af_vsock.c b/net/vmw_vsock/af_vsock.c
index 5adfd94c5b85..85d232bed87d 100644
--- a/net/vmw_vsock/af_vsock.c
+++ b/net/vmw_vsock/af_vsock.c
@@ -1925,9 +1925,23 @@ static struct miscdevice vsock_device = {
1925 .fops = &vsock_device_ops, 1925 .fops = &vsock_device_ops,
1926}; 1926};
1927 1927
1928static int __vsock_core_init(void) 1928int __vsock_core_init(const struct vsock_transport *t, struct module *owner)
1929{ 1929{
1930 int err; 1930 int err = mutex_lock_interruptible(&vsock_register_mutex);
1931
1932 if (err)
1933 return err;
1934
1935 if (transport) {
1936 err = -EBUSY;
1937 goto err_busy;
1938 }
1939
1940 /* Transport must be the owner of the protocol so that it can't
1941 * unload while there are open sockets.
1942 */
1943 vsock_proto.owner = owner;
1944 transport = t;
1931 1945
1932 vsock_init_tables(); 1946 vsock_init_tables();
1933 1947
@@ -1951,36 +1965,19 @@ static int __vsock_core_init(void)
1951 goto err_unregister_proto; 1965 goto err_unregister_proto;
1952 } 1966 }
1953 1967
1968 mutex_unlock(&vsock_register_mutex);
1954 return 0; 1969 return 0;
1955 1970
1956err_unregister_proto: 1971err_unregister_proto:
1957 proto_unregister(&vsock_proto); 1972 proto_unregister(&vsock_proto);
1958err_misc_deregister: 1973err_misc_deregister:
1959 misc_deregister(&vsock_device); 1974 misc_deregister(&vsock_device);
1960 return err; 1975 transport = NULL;
1961} 1976err_busy:
1962
1963int vsock_core_init(const struct vsock_transport *t)
1964{
1965 int retval = mutex_lock_interruptible(&vsock_register_mutex);
1966 if (retval)
1967 return retval;
1968
1969 if (transport) {
1970 retval = -EBUSY;
1971 goto out;
1972 }
1973
1974 transport = t;
1975 retval = __vsock_core_init();
1976 if (retval)
1977 transport = NULL;
1978
1979out:
1980 mutex_unlock(&vsock_register_mutex); 1977 mutex_unlock(&vsock_register_mutex);
1981 return retval; 1978 return err;
1982} 1979}
1983EXPORT_SYMBOL_GPL(vsock_core_init); 1980EXPORT_SYMBOL_GPL(__vsock_core_init);
1984 1981
1985void vsock_core_exit(void) 1982void vsock_core_exit(void)
1986{ 1983{
@@ -2000,5 +1997,5 @@ EXPORT_SYMBOL_GPL(vsock_core_exit);
2000 1997
2001MODULE_AUTHOR("VMware, Inc."); 1998MODULE_AUTHOR("VMware, Inc.");
2002MODULE_DESCRIPTION("VMware Virtual Socket Family"); 1999MODULE_DESCRIPTION("VMware Virtual Socket Family");
2003MODULE_VERSION("1.0.0.0-k"); 2000MODULE_VERSION("1.0.1.0-k");
2004MODULE_LICENSE("GPL v2"); 2001MODULE_LICENSE("GPL v2");
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 8f131c10a6f3..51398ae6cda8 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -2377,7 +2377,7 @@ static int xfrm_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh)
2377 link = &xfrm_dispatch[type]; 2377 link = &xfrm_dispatch[type];
2378 2378
2379 /* All operations require privileges, even GET */ 2379 /* All operations require privileges, even GET */
2380 if (!ns_capable(net->user_ns, CAP_NET_ADMIN)) 2380 if (!netlink_net_capable(skb, CAP_NET_ADMIN))
2381 return -EPERM; 2381 return -EPERM;
2382 2382
2383 if ((type == (XFRM_MSG_GETSA - XFRM_MSG_BASE) || 2383 if ((type == (XFRM_MSG_GETSA - XFRM_MSG_BASE) ||