[AX25]: UID fixes · tjh.dev/kernel@01d7dd0

+16 -2

include/net/ax25.h

··· 139 139 #define AX25_DEF_DS_TIMEOUT (3 * 60 * HZ) /* DAMA timeout 3 minutes */ 140 140 141 141 typedef struct ax25_uid_assoc { 142 - struct ax25_uid_assoc *next; 142 + struct hlist_node uid_node; 143 + atomic_t refcount; 143 144 uid_t uid; 144 145 ax25_address call; 145 146 } ax25_uid_assoc; 147 + 148 + #define ax25_uid_for_each(__ax25, node, list) \ 149 + hlist_for_each_entry(__ax25, node, list, uid_node) 150 + 151 + #define ax25_uid_hold(ax25) \ 152 + atomic_inc(&((ax25)->refcount)) 153 + 154 + static inline void ax25_uid_put(ax25_uid_assoc *assoc) 155 + { 156 + if (atomic_dec_and_test(&assoc->refcount)) { 157 + kfree(assoc); 158 + } 159 + } 146 160 147 161 typedef struct { 148 162 ax25_address calls[AX25_MAX_DIGIS]; ··· 390 376 391 377 /* ax25_uid.c */ 392 378 extern int ax25_uid_policy; 393 - extern ax25_address *ax25_findbyuid(uid_t); 379 + extern ax25_uid_assoc *ax25_findbyuid(uid_t); 394 380 extern int ax25_uid_ioctl(int, struct sockaddr_ax25 *); 395 381 extern struct file_operations ax25_uid_fops; 396 382 extern void ax25_uid_free(void);

+12 -8

net/ax25/af_ax25.c

··· 1002 1002 struct sock *sk = sock->sk; 1003 1003 struct full_sockaddr_ax25 *addr = (struct full_sockaddr_ax25 *)uaddr; 1004 1004 ax25_dev *ax25_dev = NULL; 1005 - ax25_address *call; 1005 + ax25_uid_assoc *user; 1006 + ax25_address call; 1006 1007 ax25_cb *ax25; 1007 1008 int err = 0; 1008 1009 ··· 1022 1021 if (addr->fsa_ax25.sax25_family != AF_AX25) 1023 1022 return -EINVAL; 1024 1023 1025 - call = ax25_findbyuid(current->euid); 1026 - if (call == NULL && ax25_uid_policy && !capable(CAP_NET_ADMIN)) { 1027 - return -EACCES; 1024 + user = ax25_findbyuid(current->euid); 1025 + if (user) { 1026 + call = user->call; 1027 + ax25_uid_put(user); 1028 + } else { 1029 + if (ax25_uid_policy && !capable(CAP_NET_ADMIN)) 1030 + return -EACCES; 1031 + 1032 + call = addr->fsa_ax25.sax25_call; 1028 1033 } 1029 1034 1030 1035 lock_sock(sk); ··· 1041 1034 goto out; 1042 1035 } 1043 1036 1044 - if (call == NULL) 1045 - ax25->source_addr = addr->fsa_ax25.sax25_call; 1046 - else 1047 - ax25->source_addr = *call; 1037 + ax25->source_addr = call; 1048 1038 1049 1039 /* 1050 1040 * User already set interface with SO_BINDTODEVICE

+7 -5

net/ax25/ax25_route.c

··· 422 422 */ 423 423 int ax25_rt_autobind(ax25_cb *ax25, ax25_address *addr) 424 424 { 425 + ax25_uid_assoc *user; 425 426 ax25_route *ax25_rt; 426 - ax25_address *call; 427 427 int err; 428 428 429 429 if ((ax25_rt = ax25_get_route(addr, NULL)) == NULL) ··· 434 434 goto put; 435 435 } 436 436 437 - if ((call = ax25_findbyuid(current->euid)) == NULL) { 437 + user = ax25_findbyuid(current->euid); 438 + if (user) { 439 + ax25->source_addr = user->call; 440 + ax25_uid_put(user); 441 + } else { 438 442 if (ax25_uid_policy && !capable(CAP_NET_BIND_SERVICE)) { 439 443 err = -EPERM; 440 444 goto put; 441 445 } 442 - call = (ax25_address *)ax25->ax25_dev->dev->dev_addr; 446 + ax25->source_addr = *(ax25_address *)ax25->ax25_dev->dev->dev_addr; 443 447 } 444 - 445 - ax25->source_addr = *call; 446 448 447 449 if (ax25_rt->digipeat != NULL) { 448 450 if ((ax25->digipeat = kmalloc(sizeof(ax25_digi), GFP_ATOMIC)) == NULL) {

+36 -47

net/ax25/ax25_uid.c

··· 28 28 #include <linux/fcntl.h> 29 29 #include <linux/mm.h> 30 30 #include <linux/interrupt.h> 31 + #include <linux/list.h> 31 32 #include <linux/notifier.h> 32 33 #include <linux/proc_fs.h> 33 34 #include <linux/seq_file.h> ··· 42 41 * Callsign/UID mapper. This is in kernel space for security on multi-amateur machines. 43 42 */ 44 43 45 - static ax25_uid_assoc *ax25_uid_list; 44 + HLIST_HEAD(ax25_uid_list); 46 45 static DEFINE_RWLOCK(ax25_uid_lock); 47 46 48 47 int ax25_uid_policy = 0; 49 48 50 - ax25_address *ax25_findbyuid(uid_t uid) 49 + ax25_uid_assoc *ax25_findbyuid(uid_t uid) 51 50 { 52 - ax25_uid_assoc *ax25_uid; 53 - ax25_address *res = NULL; 51 + ax25_uid_assoc *ax25_uid, *res = NULL; 52 + struct hlist_node *node; 54 53 55 54 read_lock(&ax25_uid_lock); 56 - for (ax25_uid = ax25_uid_list; ax25_uid != NULL; ax25_uid = ax25_uid->next) { 55 + ax25_uid_for_each(ax25_uid, node, &ax25_uid_list) { 57 56 if (ax25_uid->uid == uid) { 58 - res = &ax25_uid->call; 57 + ax25_uid_hold(ax25_uid); 58 + res = ax25_uid; 59 59 break; 60 60 } 61 61 } 62 62 read_unlock(&ax25_uid_lock); 63 63 64 - return NULL; 64 + return res; 65 65 } 66 66 67 67 int ax25_uid_ioctl(int cmd, struct sockaddr_ax25 *sax) 68 68 { 69 - ax25_uid_assoc *s, *ax25_uid; 69 + ax25_uid_assoc *ax25_uid; 70 + struct hlist_node *node; 71 + ax25_uid_assoc *user; 70 72 unsigned long res; 71 73 72 74 switch (cmd) { 73 75 case SIOCAX25GETUID: 74 76 res = -ENOENT; 75 77 read_lock(&ax25_uid_lock); 76 - for (ax25_uid = ax25_uid_list; ax25_uid != NULL; ax25_uid = ax25_uid->next) { 78 + ax25_uid_for_each(ax25_uid, node, &ax25_uid_list) { 77 79 if (ax25cmp(&sax->sax25_call, &ax25_uid->call) == 0) { 78 80 res = ax25_uid->uid; 79 81 break; ··· 89 85 case SIOCAX25ADDUID: 90 86 if (!capable(CAP_NET_ADMIN)) 91 87 return -EPERM; 92 - if (ax25_findbyuid(sax->sax25_uid)) 88 + user = ax25_findbyuid(sax->sax25_uid); 89 + if (user) { 90 + ax25_uid_put(user); 93 91 return -EEXIST; 92 + } 94 93 if (sax->sax25_uid == 0) 95 94 return -EINVAL; 96 95 if ((ax25_uid = kmalloc(sizeof(*ax25_uid), GFP_KERNEL)) == NULL) 97 96 return -ENOMEM; 98 97 98 + atomic_set(&ax25_uid->refcount, 1); 99 99 ax25_uid->uid = sax->sax25_uid; 100 100 ax25_uid->call = sax->sax25_call; 101 101 102 102 write_lock(&ax25_uid_lock); 103 - ax25_uid->next = ax25_uid_list; 104 - ax25_uid_list = ax25_uid; 103 + hlist_add_head(&ax25_uid->uid_node, &ax25_uid_list); 105 104 write_unlock(&ax25_uid_lock); 106 105 107 106 return 0; ··· 113 106 if (!capable(CAP_NET_ADMIN)) 114 107 return -EPERM; 115 108 109 + ax25_uid = NULL; 116 110 write_lock(&ax25_uid_lock); 117 - for (ax25_uid = ax25_uid_list; ax25_uid != NULL; ax25_uid = ax25_uid->next) { 118 - if (ax25cmp(&sax->sax25_call, &ax25_uid->call) == 0) { 111 + ax25_uid_for_each(ax25_uid, node, &ax25_uid_list) { 112 + if (ax25cmp(&sax->sax25_call, &ax25_uid->call) == 0) 119 113 break; 120 - } 121 114 } 122 115 if (ax25_uid == NULL) { 123 116 write_unlock(&ax25_uid_lock); 124 117 return -ENOENT; 125 118 } 126 - if ((s = ax25_uid_list) == ax25_uid) { 127 - ax25_uid_list = s->next; 128 - write_unlock(&ax25_uid_lock); 129 - kfree(ax25_uid); 130 - return 0; 131 - } 132 - while (s != NULL && s->next != NULL) { 133 - if (s->next == ax25_uid) { 134 - s->next = ax25_uid->next; 135 - write_unlock(&ax25_uid_lock); 136 - kfree(ax25_uid); 137 - return 0; 138 - } 139 - s = s->next; 140 - } 119 + hlist_del_init(&ax25_uid->uid_node); 120 + ax25_uid_put(ax25_uid); 141 121 write_unlock(&ax25_uid_lock); 142 122 143 - return -ENOENT; 123 + return 0; 144 124 145 125 default: 146 126 return -EINVAL; ··· 141 147 static void *ax25_uid_seq_start(struct seq_file *seq, loff_t *pos) 142 148 { 143 149 struct ax25_uid_assoc *pt; 144 - int i = 1; 150 + struct hlist_node *node; 151 + int i = 0; 145 152 146 153 read_lock(&ax25_uid_lock); 147 - if (*pos == 0) 148 - return SEQ_START_TOKEN; 149 - 150 - for (pt = ax25_uid_list; pt != NULL; pt = pt->next) { 154 + ax25_uid_for_each(pt, node, &ax25_uid_list) { 151 155 if (i == *pos) 152 156 return pt; 153 157 ++i; ··· 156 164 static void *ax25_uid_seq_next(struct seq_file *seq, void *v, loff_t *pos) 157 165 { 158 166 ++*pos; 159 - return (v == SEQ_START_TOKEN) ? ax25_uid_list : 160 - ((struct ax25_uid_assoc *) v)->next; 167 + 168 + return hlist_entry(((ax25_uid_assoc *)v)->uid_node.next, 169 + ax25_uid_assoc, uid_node); 161 170 } 162 171 163 172 static void ax25_uid_seq_stop(struct seq_file *seq, void *v) ··· 172 179 seq_printf(seq, "Policy: %d\n", ax25_uid_policy); 173 180 else { 174 181 struct ax25_uid_assoc *pt = v; 175 - 176 182 177 183 seq_printf(seq, "%6d %s\n", pt->uid, ax2asc(&pt->call)); 178 184 } ··· 205 213 */ 206 214 void __exit ax25_uid_free(void) 207 215 { 208 - ax25_uid_assoc *s, *ax25_uid; 216 + ax25_uid_assoc *ax25_uid; 217 + struct hlist_node *node; 209 218 210 219 write_lock(&ax25_uid_lock); 211 - ax25_uid = ax25_uid_list; 212 - while (ax25_uid != NULL) { 213 - s = ax25_uid; 214 - ax25_uid = ax25_uid->next; 215 - 216 - kfree(s); 220 + ax25_uid_for_each(ax25_uid, node, &ax25_uid_list) { 221 + hlist_del_init(&ax25_uid->uid_node); 222 + ax25_uid_put(ax25_uid); 217 223 } 218 - ax25_uid_list = NULL; 219 224 write_unlock(&ax25_uid_lock); 220 225 }

+16 -8

net/netrom/af_netrom.c

··· 536 536 struct nr_sock *nr = nr_sk(sk); 537 537 struct full_sockaddr_ax25 *addr = (struct full_sockaddr_ax25 *)uaddr; 538 538 struct net_device *dev; 539 - ax25_address *user, *source; 539 + ax25_uid_assoc *user; 540 + ax25_address *source; 540 541 541 542 lock_sock(sk); 542 543 if (!sock_flag(sk, SOCK_ZAPPED)) { ··· 576 575 } else { 577 576 source = &addr->fsa_ax25.sax25_call; 578 577 579 - if ((user = ax25_findbyuid(current->euid)) == NULL) { 578 + user = ax25_findbyuid(current->euid); 579 + if (user) { 580 + nr->user_addr = user->call; 581 + ax25_uid_put(user); 582 + } else { 580 583 if (ax25_uid_policy && !capable(CAP_NET_BIND_SERVICE)) { 581 584 release_sock(sk); 582 585 dev_put(dev); 583 586 return -EPERM; 584 587 } 585 - user = source; 588 + nr->user_addr = *source; 586 589 } 587 590 588 - nr->user_addr = *user; 589 591 nr->source_addr = *source; 590 592 } 591 593 ··· 608 604 struct sock *sk = sock->sk; 609 605 struct nr_sock *nr = nr_sk(sk); 610 606 struct sockaddr_ax25 *addr = (struct sockaddr_ax25 *)uaddr; 611 - ax25_address *user, *source = NULL; 607 + ax25_address *source = NULL; 608 + ax25_uid_assoc *user; 612 609 struct net_device *dev; 613 610 614 611 lock_sock(sk); ··· 650 645 } 651 646 source = (ax25_address *)dev->dev_addr; 652 647 653 - if ((user = ax25_findbyuid(current->euid)) == NULL) { 648 + user = ax25_findbyuid(current->euid); 649 + if (user) { 650 + nr->user_addr = user->call; 651 + ax25_uid_put(user); 652 + } else { 654 653 if (ax25_uid_policy && !capable(CAP_NET_ADMIN)) { 655 654 dev_put(dev); 656 655 release_sock(sk); 657 656 return -EPERM; 658 657 } 659 - user = source; 658 + nr->user_addr = *source; 660 659 } 661 660 662 - nr->user_addr = *user; 663 661 nr->source_addr = *source; 664 662 nr->device = dev; 665 663

+13 -7

net/rose/af_rose.c

··· 626 626 struct rose_sock *rose = rose_sk(sk); 627 627 struct sockaddr_rose *addr = (struct sockaddr_rose *)uaddr; 628 628 struct net_device *dev; 629 - ax25_address *user, *source; 629 + ax25_address *source; 630 + ax25_uid_assoc *user; 630 631 int n; 631 632 632 633 if (!sock_flag(sk, SOCK_ZAPPED)) ··· 652 651 653 652 source = &addr->srose_call; 654 653 655 - if ((user = ax25_findbyuid(current->euid)) == NULL) { 654 + user = ax25_findbyuid(current->euid); 655 + if (user) { 656 + rose->source_call = user->call; 657 + ax25_uid_put(user); 658 + } else { 656 659 if (ax25_uid_policy && !capable(CAP_NET_BIND_SERVICE)) 657 660 return -EACCES; 658 - user = source; 661 + rose->source_call = *source; 659 662 } 660 663 661 664 rose->source_addr = addr->srose_addr; 662 - rose->source_call = *user; 663 665 rose->device = dev; 664 666 rose->source_ndigis = addr->srose_ndigis; 665 667 ··· 689 685 struct rose_sock *rose = rose_sk(sk); 690 686 struct sockaddr_rose *addr = (struct sockaddr_rose *)uaddr; 691 687 unsigned char cause, diagnostic; 692 - ax25_address *user; 693 688 struct net_device *dev; 689 + ax25_uid_assoc *user; 694 690 int n; 695 691 696 692 if (sk->sk_state == TCP_ESTABLISHED && sock->state == SS_CONNECTING) { ··· 740 736 if ((dev = rose_dev_first()) == NULL) 741 737 return -ENETUNREACH; 742 738 743 - if ((user = ax25_findbyuid(current->euid)) == NULL) 739 + user = ax25_findbyuid(current->euid); 740 + if (!user) 744 741 return -EINVAL; 745 742 746 743 memcpy(&rose->source_addr, dev->dev_addr, ROSE_ADDR_LEN); 747 - rose->source_call = *user; 744 + rose->source_call = user->call; 748 745 rose->device = dev; 746 + ax25_uid_put(user); 749 747 750 748 rose_insert_socket(sk); /* Finish the bind */ 751 749 }

Configure Feed

Configure Feed