net: pass kern to net_proto_family create function

The generic __sock_create function has a kern argument which allows the
security system to make decisions based on if a socket is being created by
the kernel or by userspace.  This patch passes that flag to the
net_proto_family specific create function, so it can do the same thing.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Arnaldo Carvalho de Melo <acme@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Eric Paris 2009-11-05 22:18:14 -08:00 коммит произвёл David S. Miller
Родитель 13f18aa05f
Коммит 3f378b6844
37 изменённых файлов: 80 добавлений и 43 удалений

Просмотреть файл

@ -779,7 +779,7 @@ base_sock_create(struct net *net, struct socket *sock, int protocol)
} }
static int static int
mISDN_sock_create(struct net *net, struct socket *sock, int proto) mISDN_sock_create(struct net *net, struct socket *sock, int proto, int kern)
{ {
int err = -EPROTONOSUPPORT; int err = -EPROTONOSUPPORT;

Просмотреть файл

@ -104,7 +104,8 @@ int pppox_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg)
EXPORT_SYMBOL(pppox_ioctl); EXPORT_SYMBOL(pppox_ioctl);
static int pppox_create(struct net *net, struct socket *sock, int protocol) static int pppox_create(struct net *net, struct socket *sock, int protocol,
int kern)
{ {
int rc = -EPROTOTYPE; int rc = -EPROTOTYPE;

Просмотреть файл

@ -204,7 +204,8 @@ struct proto_ops {
struct net_proto_family { struct net_proto_family {
int family; int family;
int (*create)(struct net *net, struct socket *sock, int protocol); int (*create)(struct net *net, struct socket *sock,
int protocol, int kern);
struct module *owner; struct module *owner;
}; };

Просмотреть файл

@ -1021,7 +1021,8 @@ static struct proto ddp_proto = {
* Create a socket. Initialise the socket, blank the addresses * Create a socket. Initialise the socket, blank the addresses
* set the state. * set the state.
*/ */
static int atalk_create(struct net *net, struct socket *sock, int protocol) static int atalk_create(struct net *net, struct socket *sock, int protocol,
int kern)
{ {
struct sock *sk; struct sock *sk;
int rc = -ESOCKTNOSUPPORT; int rc = -ESOCKTNOSUPPORT;

Просмотреть файл

@ -127,7 +127,8 @@ static const struct proto_ops pvc_proto_ops = {
}; };
static int pvc_create(struct net *net, struct socket *sock,int protocol) static int pvc_create(struct net *net, struct socket *sock, int protocol,
int kern)
{ {
if (net != &init_net) if (net != &init_net)
return -EAFNOSUPPORT; return -EAFNOSUPPORT;

Просмотреть файл

@ -25,7 +25,7 @@
#include "signaling.h" #include "signaling.h"
#include "addr.h" #include "addr.h"
static int svc_create(struct net *net, struct socket *sock,int protocol); static int svc_create(struct net *net, struct socket *sock, int protocol, int kern);
/* /*
* Note: since all this is still nicely synchronized with the signaling demon, * Note: since all this is still nicely synchronized with the signaling demon,
@ -330,7 +330,7 @@ static int svc_accept(struct socket *sock,struct socket *newsock,int flags)
lock_sock(sk); lock_sock(sk);
error = svc_create(sock_net(sk), newsock,0); error = svc_create(sock_net(sk), newsock, 0, 0);
if (error) if (error)
goto out; goto out;
@ -650,7 +650,8 @@ static const struct proto_ops svc_proto_ops = {
}; };
static int svc_create(struct net *net, struct socket *sock,int protocol) static int svc_create(struct net *net, struct socket *sock, int protocol,
int kern)
{ {
int error; int error;

Просмотреть файл

@ -799,7 +799,8 @@ static struct proto ax25_proto = {
.obj_size = sizeof(struct sock), .obj_size = sizeof(struct sock),
}; };
static int ax25_create(struct net *net, struct socket *sock, int protocol) static int ax25_create(struct net *net, struct socket *sock, int protocol,
int kern)
{ {
struct sock *sk; struct sock *sk;
ax25_cb *ax25; ax25_cb *ax25;

Просмотреть файл

@ -126,7 +126,8 @@ int bt_sock_unregister(int proto)
} }
EXPORT_SYMBOL(bt_sock_unregister); EXPORT_SYMBOL(bt_sock_unregister);
static int bt_sock_create(struct net *net, struct socket *sock, int proto) static int bt_sock_create(struct net *net, struct socket *sock, int proto,
int kern)
{ {
int err; int err;
@ -144,7 +145,7 @@ static int bt_sock_create(struct net *net, struct socket *sock, int proto)
read_lock(&bt_proto_lock); read_lock(&bt_proto_lock);
if (bt_proto[proto] && try_module_get(bt_proto[proto]->owner)) { if (bt_proto[proto] && try_module_get(bt_proto[proto]->owner)) {
err = bt_proto[proto]->create(net, sock, proto); err = bt_proto[proto]->create(net, sock, proto, kern);
bt_sock_reclassify_lock(sock, proto); bt_sock_reclassify_lock(sock, proto);
module_put(bt_proto[proto]->owner); module_put(bt_proto[proto]->owner);
} }

Просмотреть файл

@ -195,7 +195,8 @@ static struct proto bnep_proto = {
.obj_size = sizeof(struct bt_sock) .obj_size = sizeof(struct bt_sock)
}; };
static int bnep_sock_create(struct net *net, struct socket *sock, int protocol) static int bnep_sock_create(struct net *net, struct socket *sock, int protocol,
int kern)
{ {
struct sock *sk; struct sock *sk;

Просмотреть файл

@ -190,7 +190,8 @@ static struct proto cmtp_proto = {
.obj_size = sizeof(struct bt_sock) .obj_size = sizeof(struct bt_sock)
}; };
static int cmtp_sock_create(struct net *net, struct socket *sock, int protocol) static int cmtp_sock_create(struct net *net, struct socket *sock, int protocol,
int kern)
{ {
struct sock *sk; struct sock *sk;

Просмотреть файл

@ -621,7 +621,8 @@ static struct proto hci_sk_proto = {
.obj_size = sizeof(struct hci_pinfo) .obj_size = sizeof(struct hci_pinfo)
}; };
static int hci_sock_create(struct net *net, struct socket *sock, int protocol) static int hci_sock_create(struct net *net, struct socket *sock, int protocol,
int kern)
{ {
struct sock *sk; struct sock *sk;

Просмотреть файл

@ -241,7 +241,8 @@ static struct proto hidp_proto = {
.obj_size = sizeof(struct bt_sock) .obj_size = sizeof(struct bt_sock)
}; };
static int hidp_sock_create(struct net *net, struct socket *sock, int protocol) static int hidp_sock_create(struct net *net, struct socket *sock, int protocol,
int kern)
{ {
struct sock *sk; struct sock *sk;

Просмотреть файл

@ -819,7 +819,8 @@ static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int p
return sk; return sk;
} }
static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol) static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol,
int kern)
{ {
struct sock *sk; struct sock *sk;

Просмотреть файл

@ -323,7 +323,8 @@ static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int
return sk; return sk;
} }
static int rfcomm_sock_create(struct net *net, struct socket *sock, int protocol) static int rfcomm_sock_create(struct net *net, struct socket *sock,
int protocol, int kern)
{ {
struct sock *sk; struct sock *sk;

Просмотреть файл

@ -430,7 +430,8 @@ static struct sock *sco_sock_alloc(struct net *net, struct socket *sock, int pro
return sk; return sk;
} }
static int sco_sock_create(struct net *net, struct socket *sock, int protocol) static int sco_sock_create(struct net *net, struct socket *sock, int protocol,
int kern)
{ {
struct sock *sk; struct sock *sk;

Просмотреть файл

@ -114,7 +114,8 @@ static void can_sock_destruct(struct sock *sk)
skb_queue_purge(&sk->sk_receive_queue); skb_queue_purge(&sk->sk_receive_queue);
} }
static int can_create(struct net *net, struct socket *sock, int protocol) static int can_create(struct net *net, struct socket *sock, int protocol,
int kern)
{ {
struct sock *sk; struct sock *sk;
struct can_proto *cp; struct can_proto *cp;

Просмотреть файл

@ -675,7 +675,8 @@ char *dn_addr2asc(__u16 addr, char *buf)
static int dn_create(struct net *net, struct socket *sock, int protocol) static int dn_create(struct net *net, struct socket *sock, int protocol,
int kern)
{ {
struct sock *sk; struct sock *sk;

Просмотреть файл

@ -605,7 +605,8 @@ static struct proto econet_proto = {
* Create an Econet socket * Create an Econet socket
*/ */
static int econet_create(struct net *net, struct socket *sock, int protocol) static int econet_create(struct net *net, struct socket *sock, int protocol,
int kern)
{ {
struct sock *sk; struct sock *sk;
struct econet_sock *eo; struct econet_sock *eo;

Просмотреть файл

@ -234,7 +234,7 @@ static const struct proto_ops ieee802154_dgram_ops = {
* set the state. * set the state.
*/ */
static int ieee802154_create(struct net *net, struct socket *sock, static int ieee802154_create(struct net *net, struct socket *sock,
int protocol) int protocol, int kern)
{ {
struct sock *sk; struct sock *sk;
int rc; int rc;

Просмотреть файл

@ -262,7 +262,8 @@ static inline int inet_netns_ok(struct net *net, int protocol)
* Create an inet socket. * Create an inet socket.
*/ */
static int inet_create(struct net *net, struct socket *sock, int protocol) static int inet_create(struct net *net, struct socket *sock, int protocol,
int kern)
{ {
struct sock *sk; struct sock *sk;
struct inet_protosw *answer; struct inet_protosw *answer;

Просмотреть файл

@ -95,7 +95,8 @@ static __inline__ struct ipv6_pinfo *inet6_sk_generic(struct sock *sk)
return (struct ipv6_pinfo *)(((u8 *)sk) + offset); return (struct ipv6_pinfo *)(((u8 *)sk) + offset);
} }
static int inet6_create(struct net *net, struct socket *sock, int protocol) static int inet6_create(struct net *net, struct socket *sock, int protocol,
int kern)
{ {
struct inet_sock *inet; struct inet_sock *inet;
struct ipv6_pinfo *np; struct ipv6_pinfo *np;

Просмотреть файл

@ -1352,7 +1352,8 @@ static struct proto ipx_proto = {
.obj_size = sizeof(struct ipx_sock), .obj_size = sizeof(struct ipx_sock),
}; };
static int ipx_create(struct net *net, struct socket *sock, int protocol) static int ipx_create(struct net *net, struct socket *sock, int protocol,
int kern)
{ {
int rc = -ESOCKTNOSUPPORT; int rc = -ESOCKTNOSUPPORT;
struct sock *sk; struct sock *sk;

Просмотреть файл

@ -61,7 +61,7 @@
#include <net/irda/af_irda.h> #include <net/irda/af_irda.h>
static int irda_create(struct net *net, struct socket *sock, int protocol); static int irda_create(struct net *net, struct socket *sock, int protocol, int kern);
static const struct proto_ops irda_stream_ops; static const struct proto_ops irda_stream_ops;
static const struct proto_ops irda_seqpacket_ops; static const struct proto_ops irda_seqpacket_ops;
@ -839,7 +839,7 @@ static int irda_accept(struct socket *sock, struct socket *newsock, int flags)
IRDA_DEBUG(2, "%s()\n", __func__); IRDA_DEBUG(2, "%s()\n", __func__);
err = irda_create(sock_net(sk), newsock, sk->sk_protocol); err = irda_create(sock_net(sk), newsock, sk->sk_protocol, 0);
if (err) if (err)
return err; return err;
@ -1062,7 +1062,8 @@ static struct proto irda_proto = {
* Create IrDA socket * Create IrDA socket
* *
*/ */
static int irda_create(struct net *net, struct socket *sock, int protocol) static int irda_create(struct net *net, struct socket *sock, int protocol,
int kern)
{ {
struct sock *sk; struct sock *sk;
struct irda_sock *self; struct irda_sock *self;

Просмотреть файл

@ -481,7 +481,8 @@ static struct sock *iucv_sock_alloc(struct socket *sock, int proto, gfp_t prio)
} }
/* Create an IUCV socket */ /* Create an IUCV socket */
static int iucv_sock_create(struct net *net, struct socket *sock, int protocol) static int iucv_sock_create(struct net *net, struct socket *sock, int protocol,
int kern)
{ {
struct sock *sk; struct sock *sk;

Просмотреть файл

@ -177,7 +177,8 @@ static struct proto key_proto = {
.obj_size = sizeof(struct pfkey_sock), .obj_size = sizeof(struct pfkey_sock),
}; };
static int pfkey_create(struct net *net, struct socket *sock, int protocol) static int pfkey_create(struct net *net, struct socket *sock, int protocol,
int kern)
{ {
struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id); struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id);
struct sock *sk; struct sock *sk;

Просмотреть файл

@ -140,14 +140,17 @@ static struct proto llc_proto = {
/** /**
* llc_ui_create - alloc and init a new llc_ui socket * llc_ui_create - alloc and init a new llc_ui socket
* @net: network namespace (must be default network)
* @sock: Socket to initialize and attach allocated sk to. * @sock: Socket to initialize and attach allocated sk to.
* @protocol: Unused. * @protocol: Unused.
* @kern: on behalf of kernel or userspace
* *
* Allocate and initialize a new llc_ui socket, validate the user wants a * Allocate and initialize a new llc_ui socket, validate the user wants a
* socket type we have available. * socket type we have available.
* Returns 0 upon success, negative upon failure. * Returns 0 upon success, negative upon failure.
*/ */
static int llc_ui_create(struct net *net, struct socket *sock, int protocol) static int llc_ui_create(struct net *net, struct socket *sock, int protocol,
int kern)
{ {
struct sock *sk; struct sock *sk;
int rc = -ESOCKTNOSUPPORT; int rc = -ESOCKTNOSUPPORT;

Просмотреть файл

@ -428,7 +428,8 @@ static int __netlink_create(struct net *net, struct socket *sock,
return 0; return 0;
} }
static int netlink_create(struct net *net, struct socket *sock, int protocol) static int netlink_create(struct net *net, struct socket *sock, int protocol,
int kern)
{ {
struct module *module = NULL; struct module *module = NULL;
struct mutex *cb_mutex; struct mutex *cb_mutex;

Просмотреть файл

@ -425,7 +425,8 @@ static struct proto nr_proto = {
.obj_size = sizeof(struct nr_sock), .obj_size = sizeof(struct nr_sock),
}; };
static int nr_create(struct net *net, struct socket *sock, int protocol) static int nr_create(struct net *net, struct socket *sock, int protocol,
int kern)
{ {
struct sock *sk; struct sock *sk;
struct nr_sock *nr; struct nr_sock *nr;

Просмотреть файл

@ -1344,7 +1344,8 @@ static struct proto packet_proto = {
* Create a packet of type SOCK_PACKET. * Create a packet of type SOCK_PACKET.
*/ */
static int packet_create(struct net *net, struct socket *sock, int protocol) static int packet_create(struct net *net, struct socket *sock, int protocol,
int kern)
{ {
struct sock *sk; struct sock *sk;
struct packet_sock *po; struct packet_sock *po;

Просмотреть файл

@ -60,7 +60,8 @@ static inline void phonet_proto_put(struct phonet_protocol *pp)
/* protocol family functions */ /* protocol family functions */
static int pn_socket_create(struct net *net, struct socket *sock, int protocol) static int pn_socket_create(struct net *net, struct socket *sock, int protocol,
int kern)
{ {
struct sock *sk; struct sock *sk;
struct pn_sock *pn; struct pn_sock *pn;

Просмотреть файл

@ -410,7 +410,8 @@ static int __rds_create(struct socket *sock, struct sock *sk, int protocol)
return 0; return 0;
} }
static int rds_create(struct net *net, struct socket *sock, int protocol) static int rds_create(struct net *net, struct socket *sock, int protocol,
int kern)
{ {
struct sock *sk; struct sock *sk;

Просмотреть файл

@ -512,7 +512,8 @@ static struct proto rose_proto = {
.obj_size = sizeof(struct rose_sock), .obj_size = sizeof(struct rose_sock),
}; };
static int rose_create(struct net *net, struct socket *sock, int protocol) static int rose_create(struct net *net, struct socket *sock, int protocol,
int kern)
{ {
struct sock *sk; struct sock *sk;
struct rose_sock *rose; struct rose_sock *rose;

Просмотреть файл

@ -608,7 +608,8 @@ static unsigned int rxrpc_poll(struct file *file, struct socket *sock,
/* /*
* create an RxRPC socket * create an RxRPC socket
*/ */
static int rxrpc_create(struct net *net, struct socket *sock, int protocol) static int rxrpc_create(struct net *net, struct socket *sock, int protocol,
int kern)
{ {
struct rxrpc_sock *rx; struct rxrpc_sock *rx;
struct sock *sk; struct sock *sk;

Просмотреть файл

@ -1252,7 +1252,7 @@ static int __sock_create(struct net *net, int family, int type, int protocol,
/* Now protected by module ref count */ /* Now protected by module ref count */
rcu_read_unlock(); rcu_read_unlock();
err = pf->create(net, sock, protocol); err = pf->create(net, sock, protocol, kern);
if (err < 0) if (err < 0)
goto out_module_put; goto out_module_put;

Просмотреть файл

@ -177,6 +177,7 @@ static void reject_rx_queue(struct sock *sk)
* @net: network namespace (must be default network) * @net: network namespace (must be default network)
* @sock: pre-allocated socket structure * @sock: pre-allocated socket structure
* @protocol: protocol indicator (must be 0) * @protocol: protocol indicator (must be 0)
* @kern: caused by kernel or by userspace?
* *
* This routine creates additional data structures used by the TIPC socket, * This routine creates additional data structures used by the TIPC socket,
* initializes them, and links them together. * initializes them, and links them together.
@ -184,7 +185,8 @@ static void reject_rx_queue(struct sock *sk)
* Returns 0 on success, errno otherwise * Returns 0 on success, errno otherwise
*/ */
static int tipc_create(struct net *net, struct socket *sock, int protocol) static int tipc_create(struct net *net, struct socket *sock, int protocol,
int kern)
{ {
const struct proto_ops *ops; const struct proto_ops *ops;
socket_state state; socket_state state;
@ -1528,7 +1530,7 @@ static int accept(struct socket *sock, struct socket *new_sock, int flags)
buf = skb_peek(&sk->sk_receive_queue); buf = skb_peek(&sk->sk_receive_queue);
res = tipc_create(sock_net(sock->sk), new_sock, 0); res = tipc_create(sock_net(sock->sk), new_sock, 0, 0);
if (!res) { if (!res) {
struct sock *new_sk = new_sock->sk; struct sock *new_sk = new_sock->sk;
struct tipc_sock *new_tsock = tipc_sk(new_sk); struct tipc_sock *new_tsock = tipc_sk(new_sk);

Просмотреть файл

@ -621,7 +621,8 @@ out:
return sk; return sk;
} }
static int unix_create(struct net *net, struct socket *sock, int protocol) static int unix_create(struct net *net, struct socket *sock, int protocol,
int kern)
{ {
if (protocol && protocol != PF_UNIX) if (protocol && protocol != PF_UNIX)
return -EPROTONOSUPPORT; return -EPROTONOSUPPORT;

Просмотреть файл

@ -501,7 +501,8 @@ out:
return sk; return sk;
} }
static int x25_create(struct net *net, struct socket *sock, int protocol) static int x25_create(struct net *net, struct socket *sock, int protocol,
int kern)
{ {
struct sock *sk; struct sock *sk;
struct x25_sock *x25; struct x25_sock *x25;