提交 9785e10a 编写于 作者: P Pablo Neira Ayuso 提交者: David S. Miller

netlink: kill netlink_set_nonroot

Replace netlink_set_nonroot by one new field `flags' in
struct netlink_kernel_cfg that is passed to netlink_kernel_create.

This patch also renames NL_NONROOT_* to NL_CFG_F_NONROOT_* since
now the flags field in nl_table is generic (so we can add more
flags if needed in the future).

Also adjust all callers in the net-next tree to use these flags
instead of netlink_set_nonroot.
Signed-off-by: NPablo Neira Ayuso <pablo@netfilter.org>
Signed-off-by: NDavid S. Miller <davem@davemloft.net>
上级 16fa9e1d
...@@ -176,12 +176,16 @@ struct netlink_skb_parms { ...@@ -176,12 +176,16 @@ struct netlink_skb_parms {
extern void netlink_table_grab(void); extern void netlink_table_grab(void);
extern void netlink_table_ungrab(void); extern void netlink_table_ungrab(void);
#define NL_CFG_F_NONROOT_RECV (1 << 0)
#define NL_CFG_F_NONROOT_SEND (1 << 1)
/* optional Netlink kernel configuration parameters */ /* optional Netlink kernel configuration parameters */
struct netlink_kernel_cfg { struct netlink_kernel_cfg {
unsigned int groups; unsigned int groups;
void (*input)(struct sk_buff *skb); void (*input)(struct sk_buff *skb);
struct mutex *cb_mutex; struct mutex *cb_mutex;
void (*bind)(int group); void (*bind)(int group);
unsigned int flags;
}; };
extern struct sock *netlink_kernel_create(struct net *net, int unit, extern struct sock *netlink_kernel_create(struct net *net, int unit,
...@@ -260,11 +264,6 @@ extern int netlink_dump_start(struct sock *ssk, struct sk_buff *skb, ...@@ -260,11 +264,6 @@ extern int netlink_dump_start(struct sock *ssk, struct sk_buff *skb,
const struct nlmsghdr *nlh, const struct nlmsghdr *nlh,
struct netlink_dump_control *control); struct netlink_dump_control *control);
#define NL_NONROOT_RECV 0x1
#define NL_NONROOT_SEND 0x2
extern void netlink_set_nonroot(int protocol, unsigned flag);
#endif /* __KERNEL__ */ #endif /* __KERNEL__ */
#endif /* __LINUX_NETLINK_H */ #endif /* __LINUX_NETLINK_H */
...@@ -375,6 +375,7 @@ static int uevent_net_init(struct net *net) ...@@ -375,6 +375,7 @@ static int uevent_net_init(struct net *net)
struct uevent_sock *ue_sk; struct uevent_sock *ue_sk;
struct netlink_kernel_cfg cfg = { struct netlink_kernel_cfg cfg = {
.groups = 1, .groups = 1,
.flags = NL_CFG_F_NONROOT_RECV,
}; };
ue_sk = kzalloc(sizeof(*ue_sk), GFP_KERNEL); ue_sk = kzalloc(sizeof(*ue_sk), GFP_KERNEL);
...@@ -422,7 +423,6 @@ static struct pernet_operations uevent_net_ops = { ...@@ -422,7 +423,6 @@ static struct pernet_operations uevent_net_ops = {
static int __init kobject_uevent_init(void) static int __init kobject_uevent_init(void)
{ {
netlink_set_nonroot(NETLINK_KOBJECT_UEVENT, NL_NONROOT_RECV);
return register_pernet_subsys(&uevent_net_ops); return register_pernet_subsys(&uevent_net_ops);
} }
......
...@@ -2381,6 +2381,7 @@ static int __net_init rtnetlink_net_init(struct net *net) ...@@ -2381,6 +2381,7 @@ static int __net_init rtnetlink_net_init(struct net *net)
.groups = RTNLGRP_MAX, .groups = RTNLGRP_MAX,
.input = rtnetlink_rcv, .input = rtnetlink_rcv,
.cb_mutex = &rtnl_mutex, .cb_mutex = &rtnl_mutex,
.flags = NL_CFG_F_NONROOT_RECV,
}; };
sk = netlink_kernel_create(net, NETLINK_ROUTE, THIS_MODULE, &cfg); sk = netlink_kernel_create(net, NETLINK_ROUTE, THIS_MODULE, &cfg);
...@@ -2416,7 +2417,6 @@ void __init rtnetlink_init(void) ...@@ -2416,7 +2417,6 @@ void __init rtnetlink_init(void)
if (register_pernet_subsys(&rtnetlink_net_ops)) if (register_pernet_subsys(&rtnetlink_net_ops))
panic("rtnetlink_init: cannot initialize rtnetlink\n"); panic("rtnetlink_init: cannot initialize rtnetlink\n");
netlink_set_nonroot(NETLINK_ROUTE, NL_NONROOT_RECV);
register_netdevice_notifier(&rtnetlink_dev_notifier); register_netdevice_notifier(&rtnetlink_dev_notifier);
rtnl_register(PF_UNSPEC, RTM_GETLINK, rtnl_getlink, rtnl_register(PF_UNSPEC, RTM_GETLINK, rtnl_getlink,
......
...@@ -121,7 +121,7 @@ struct netlink_table { ...@@ -121,7 +121,7 @@ struct netlink_table {
struct nl_pid_hash hash; struct nl_pid_hash hash;
struct hlist_head mc_list; struct hlist_head mc_list;
struct listeners __rcu *listeners; struct listeners __rcu *listeners;
unsigned int nl_nonroot; unsigned int flags;
unsigned int groups; unsigned int groups;
struct mutex *cb_mutex; struct mutex *cb_mutex;
struct module *module; struct module *module;
...@@ -536,6 +536,8 @@ static int netlink_release(struct socket *sock) ...@@ -536,6 +536,8 @@ static int netlink_release(struct socket *sock)
if (--nl_table[sk->sk_protocol].registered == 0) { if (--nl_table[sk->sk_protocol].registered == 0) {
kfree(nl_table[sk->sk_protocol].listeners); kfree(nl_table[sk->sk_protocol].listeners);
nl_table[sk->sk_protocol].module = NULL; nl_table[sk->sk_protocol].module = NULL;
nl_table[sk->sk_protocol].bind = NULL;
nl_table[sk->sk_protocol].flags = 0;
nl_table[sk->sk_protocol].registered = 0; nl_table[sk->sk_protocol].registered = 0;
} }
} else if (nlk->subscriptions) { } else if (nlk->subscriptions) {
...@@ -596,7 +598,7 @@ static int netlink_autobind(struct socket *sock) ...@@ -596,7 +598,7 @@ static int netlink_autobind(struct socket *sock)
static inline int netlink_capable(const struct socket *sock, unsigned int flag) static inline int netlink_capable(const struct socket *sock, unsigned int flag)
{ {
return (nl_table[sock->sk->sk_protocol].nl_nonroot & flag) || return (nl_table[sock->sk->sk_protocol].flags & flag) ||
capable(CAP_NET_ADMIN); capable(CAP_NET_ADMIN);
} }
...@@ -659,7 +661,7 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr, ...@@ -659,7 +661,7 @@ static int netlink_bind(struct socket *sock, struct sockaddr *addr,
/* Only superuser is allowed to listen multicasts */ /* Only superuser is allowed to listen multicasts */
if (nladdr->nl_groups) { if (nladdr->nl_groups) {
if (!netlink_capable(sock, NL_NONROOT_RECV)) if (!netlink_capable(sock, NL_CFG_F_NONROOT_RECV))
return -EPERM; return -EPERM;
err = netlink_realloc_groups(sk); err = netlink_realloc_groups(sk);
if (err) if (err)
...@@ -721,7 +723,7 @@ static int netlink_connect(struct socket *sock, struct sockaddr *addr, ...@@ -721,7 +723,7 @@ static int netlink_connect(struct socket *sock, struct sockaddr *addr,
return -EINVAL; return -EINVAL;
/* Only superuser is allowed to send multicasts */ /* Only superuser is allowed to send multicasts */
if (nladdr->nl_groups && !netlink_capable(sock, NL_NONROOT_SEND)) if (nladdr->nl_groups && !netlink_capable(sock, NL_CFG_F_NONROOT_SEND))
return -EPERM; return -EPERM;
if (!nlk->pid) if (!nlk->pid)
...@@ -1244,7 +1246,7 @@ static int netlink_setsockopt(struct socket *sock, int level, int optname, ...@@ -1244,7 +1246,7 @@ static int netlink_setsockopt(struct socket *sock, int level, int optname,
break; break;
case NETLINK_ADD_MEMBERSHIP: case NETLINK_ADD_MEMBERSHIP:
case NETLINK_DROP_MEMBERSHIP: { case NETLINK_DROP_MEMBERSHIP: {
if (!netlink_capable(sock, NL_NONROOT_RECV)) if (!netlink_capable(sock, NL_CFG_F_NONROOT_RECV))
return -EPERM; return -EPERM;
err = netlink_realloc_groups(sk); err = netlink_realloc_groups(sk);
if (err) if (err)
...@@ -1376,7 +1378,7 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock, ...@@ -1376,7 +1378,7 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock,
dst_group = ffs(addr->nl_groups); dst_group = ffs(addr->nl_groups);
err = -EPERM; err = -EPERM;
if ((dst_group || dst_pid) && if ((dst_group || dst_pid) &&
!netlink_capable(sock, NL_NONROOT_SEND)) !netlink_capable(sock, NL_CFG_F_NONROOT_SEND))
goto out; goto out;
} else { } else {
dst_pid = nlk->dst_pid; dst_pid = nlk->dst_pid;
...@@ -1580,7 +1582,10 @@ netlink_kernel_create(struct net *net, int unit, ...@@ -1580,7 +1582,10 @@ netlink_kernel_create(struct net *net, int unit,
rcu_assign_pointer(nl_table[unit].listeners, listeners); rcu_assign_pointer(nl_table[unit].listeners, listeners);
nl_table[unit].cb_mutex = cb_mutex; nl_table[unit].cb_mutex = cb_mutex;
nl_table[unit].module = module; nl_table[unit].module = module;
nl_table[unit].bind = cfg ? cfg->bind : NULL; if (cfg) {
nl_table[unit].bind = cfg->bind;
nl_table[unit].flags = cfg->flags;
}
nl_table[unit].registered = 1; nl_table[unit].registered = 1;
} else { } else {
kfree(listeners); kfree(listeners);
...@@ -1679,13 +1684,6 @@ void netlink_clear_multicast_users(struct sock *ksk, unsigned int group) ...@@ -1679,13 +1684,6 @@ void netlink_clear_multicast_users(struct sock *ksk, unsigned int group)
netlink_table_ungrab(); netlink_table_ungrab();
} }
void netlink_set_nonroot(int protocol, unsigned int flags)
{
if ((unsigned int)protocol < MAX_LINKS)
nl_table[protocol].nl_nonroot = flags;
}
EXPORT_SYMBOL(netlink_set_nonroot);
struct nlmsghdr * struct nlmsghdr *
__nlmsg_put(struct sk_buff *skb, u32 pid, u32 seq, int type, int len, int flags) __nlmsg_put(struct sk_buff *skb, u32 pid, u32 seq, int type, int len, int flags)
{ {
...@@ -2150,7 +2148,7 @@ static void __init netlink_add_usersock_entry(void) ...@@ -2150,7 +2148,7 @@ static void __init netlink_add_usersock_entry(void)
rcu_assign_pointer(nl_table[NETLINK_USERSOCK].listeners, listeners); rcu_assign_pointer(nl_table[NETLINK_USERSOCK].listeners, listeners);
nl_table[NETLINK_USERSOCK].module = THIS_MODULE; nl_table[NETLINK_USERSOCK].module = THIS_MODULE;
nl_table[NETLINK_USERSOCK].registered = 1; nl_table[NETLINK_USERSOCK].registered = 1;
nl_table[NETLINK_USERSOCK].nl_nonroot = NL_NONROOT_SEND; nl_table[NETLINK_USERSOCK].flags = NL_CFG_F_NONROOT_SEND;
netlink_table_ungrab(); netlink_table_ungrab();
} }
......
...@@ -918,6 +918,7 @@ static int __net_init genl_pernet_init(struct net *net) ...@@ -918,6 +918,7 @@ static int __net_init genl_pernet_init(struct net *net)
struct netlink_kernel_cfg cfg = { struct netlink_kernel_cfg cfg = {
.input = genl_rcv, .input = genl_rcv,
.cb_mutex = &genl_mutex, .cb_mutex = &genl_mutex,
.flags = NL_CFG_F_NONROOT_RECV,
}; };
/* we'll bump the group number right afterwards */ /* we'll bump the group number right afterwards */
...@@ -955,8 +956,6 @@ static int __init genl_init(void) ...@@ -955,8 +956,6 @@ static int __init genl_init(void)
if (err < 0) if (err < 0)
goto problem; goto problem;
netlink_set_nonroot(NETLINK_GENERIC, NL_NONROOT_RECV);
err = register_pernet_subsys(&genl_pernet_ops); err = register_pernet_subsys(&genl_pernet_ops);
if (err) if (err)
goto problem; goto problem;
......
...@@ -113,13 +113,13 @@ static int __init selnl_init(void) ...@@ -113,13 +113,13 @@ static int __init selnl_init(void)
{ {
struct netlink_kernel_cfg cfg = { struct netlink_kernel_cfg cfg = {
.groups = SELNLGRP_MAX, .groups = SELNLGRP_MAX,
.flags = NL_CFG_F_NONROOT_RECV,
}; };
selnl = netlink_kernel_create(&init_net, NETLINK_SELINUX, selnl = netlink_kernel_create(&init_net, NETLINK_SELINUX,
THIS_MODULE, &cfg); THIS_MODULE, &cfg);
if (selnl == NULL) if (selnl == NULL)
panic("SELinux: Cannot create netlink socket."); panic("SELinux: Cannot create netlink socket.");
netlink_set_nonroot(NETLINK_SELINUX, NL_NONROOT_RECV);
return 0; return 0;
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册