[NET]: Make socket creation namespace safe.

tjh.dev / kernel

fork atom

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

fork atom

[NET]: Make socket creation namespace safe.

This patch passes in the namespace a new socket should be created in
and has the socket code do the appropriate reference counting. By
virtue of this all socket create methods are touched. In addition
the socket create methods are modified so that they will fail if
you attempt to create a socket in a non-default network namespace.

Failing if we attempt to create a socket outside of the default
network namespace ensures that as we incrementally make the network stack
network namespace aware we will not export functionality that someone
has not audited and made certain is network namespace safe.
Allowing us to partially enable network namespaces before all of the
exotic protocols are supported.

Any protocol layers I have missed will fail to compile because I now
pass an extra parameter into the socket creation code.

[ Integrated AF_IUCV build fixes from Andrew Morton... -DaveM ]

Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Eric W. Biederman and committed by

David S. Miller 18 years ago 1b8d7ae4 457c4cbc

+184 -113

44 changed files

expand all collapse all

drivers

net

pppoe.c

pppol2tp.c

pppox.c

include

linux

if_pppox.h

net.h

net

iucv

af_iucv.h

llc_conn.h

sock.h

net

appletalk

ddp.c

atm

common.c

common.h

pvc.c

svc.c

ax25

af_ax25.c

bluetooth

af_bluetooth.c

bnep

sock.c

cmtp

sock.c

hci_sock.c

hidp

sock.c

l2cap.c

rfcomm

sock.c

sco.c

core

sock.c

decnet

af_decnet.c

econet

af_econet.c

ipv4

af_inet.c

ipv6

af_inet6.c

ipx

af_ipx.c

irda

af_irda.c

iucv

af_iucv.c

key

af_key.c

llc

af_llc.c

llc_conn.c

netlink

af_netlink.c

netrom

af_netrom.c

packet

af_packet.c

rose

af_rose.c

rxrpc

af_rxrpc.c

sctp

ipv6.c

protocol.c

socket.c

tipc

socket.c

unix

af_unix.c

x25

af_x25.c

+2 -2

drivers/net/pppoe.c

reviewed

··· 477 477 * Initialize a new struct sock. 478 478 * 479 479 **********************************************************************/ 480 480 - static int pppoe_create(struct socket *sock) 480 480 + static int pppoe_create(struct net *net, struct socket *sock) 481 481 { 482 482 int error = -ENOMEM; 483 483 struct sock *sk; 484 484 485 485 - sk = sk_alloc(PF_PPPOX, GFP_KERNEL, &pppoe_sk_proto, 1); 485 485 + sk = sk_alloc(net, PF_PPPOX, GFP_KERNEL, &pppoe_sk_proto, 1); 486 486 if (!sk) 487 487 goto out; 488 488

+2 -2

drivers/net/pppol2tp.c

reviewed

··· 1411 1411 1412 1412 /* socket() handler. Initialize a new struct sock. 1413 1413 */ 1414 1414 - static int pppol2tp_create(struct socket *sock) 1414 1414 + static int pppol2tp_create(struct net *net, struct socket *sock) 1415 1415 { 1416 1416 int error = -ENOMEM; 1417 1417 struct sock *sk; 1418 1418 1419 1419 - sk = sk_alloc(PF_PPPOX, GFP_KERNEL, &pppol2tp_sk_proto, 1); 1419 1419 + sk = sk_alloc(net, PF_PPPOX, GFP_KERNEL, &pppol2tp_sk_proto, 1); 1420 1420 if (!sk) 1421 1421 goto out; 1422 1422

+5 -2

drivers/net/pppox.c

reviewed

··· 104 104 105 105 EXPORT_SYMBOL(pppox_ioctl); 106 106 107 107 - static int pppox_create(struct socket *sock, int protocol) 107 107 + static int pppox_create(struct net *net, struct socket *sock, int protocol) 108 108 { 109 109 int rc = -EPROTOTYPE; 110 110 + 111 111 + if (net != &init_net) 112 112 + return -EAFNOSUPPORT; 110 113 111 114 if (protocol < 0 || protocol > PX_MAX_PROTO) 112 115 goto out; ··· 126 123 !try_module_get(pppox_protos[protocol]->owner)) 127 124 goto out; 128 125 129 129 - rc = pppox_protos[protocol]->create(sock); 126 126 + rc = pppox_protos[protocol]->create(net, sock); 130 127 131 128 module_put(pppox_protos[protocol]->owner); 132 129 out:

+1 -1

include/linux/if_pppox.h

reviewed

··· 172 172 struct module; 173 173 174 174 struct pppox_proto { 175 175 - int (*create)(struct socket *sock); 175 175 + int (*create)(struct net *net, struct socket *sock); 176 176 int (*ioctl)(struct socket *sock, unsigned int cmd, 177 177 unsigned long arg); 178 178 struct module *owner;

+2 -1

include/linux/net.h

reviewed

··· 23 23 24 24 struct poll_table_struct; 25 25 struct inode; 26 26 + struct net; 26 27 27 28 #define NPROTO 34 /* should be enough for now.. */ 28 29 ··· 170 169 171 170 struct net_proto_family { 172 171 int family; 173 173 - int (*create)(struct socket *sock, int protocol); 172 172 + int (*create)(struct net *net, struct socket *sock, int protocol); 174 173 struct module *owner; 175 174 }; 176 175

-1

include/net/iucv/af_iucv.h

reviewed

··· 78 78 static void iucv_sock_cleanup_listen(struct sock *parent); 79 79 static void iucv_sock_kill(struct sock *sk); 80 80 static void iucv_sock_close(struct sock *sk); 81 81 - static int iucv_sock_create(struct socket *sock, int proto); 82 81 static int iucv_sock_bind(struct socket *sock, struct sockaddr *addr, 83 82 int addr_len); 84 83 static int iucv_sock_connect(struct socket *sock, struct sockaddr *addr,

+1 -1

include/net/llc_conn.h

reviewed

··· 93 93 return skb->cb[sizeof(skb->cb) - 1]; 94 94 } 95 95 96 96 - extern struct sock *llc_sk_alloc(int family, gfp_t priority, 96 96 + extern struct sock *llc_sk_alloc(struct net *net, int family, gfp_t priority, 97 97 struct proto *prot); 98 98 extern void llc_sk_free(struct sock *sk); 99 99

+3 -1

include/net/sock.h

reviewed

··· 56 56 #include <asm/atomic.h> 57 57 #include <net/dst.h> 58 58 #include <net/checksum.h> 59 59 + #include <net/net_namespace.h> 59 60 60 61 /* 61 62 * This structure really needs to be cleaned up. ··· 777 776 SINGLE_DEPTH_NESTING) 778 777 #define bh_unlock_sock(__sk) spin_unlock(&((__sk)->sk_lock.slock)) 779 778 780 780 - extern struct sock *sk_alloc(int family, 779 779 + extern struct sock *sk_alloc(struct net *net, int family, 781 780 gfp_t priority, 782 781 struct proto *prot, int zero_it); 783 782 extern void sk_free(struct sock *sk); ··· 1006 1005 #endif 1007 1006 1008 1007 memcpy(nsk, osk, osk->sk_prot->obj_size); 1008 1008 + get_net(nsk->sk_net); 1009 1009 #ifdef CONFIG_SECURITY_NETWORK 1010 1010 nsk->sk_security = sptr; 1011 1011 security_sk_clone(osk, nsk);

+5 -2

net/appletalk/ddp.c

reviewed

··· 1026 1026 * Create a socket. Initialise the socket, blank the addresses 1027 1027 * set the state. 1028 1028 */ 1029 1029 - static int atalk_create(struct socket *sock, int protocol) 1029 1029 + static int atalk_create(struct net *net, struct socket *sock, int protocol) 1030 1030 { 1031 1031 struct sock *sk; 1032 1032 int rc = -ESOCKTNOSUPPORT; 1033 1033 + 1034 1034 + if (net != &init_net) 1035 1035 + return -EAFNOSUPPORT; 1033 1036 1034 1037 /* 1035 1038 * We permit SOCK_DGRAM and RAW is an extension. It is trivial to do ··· 1041 1038 if (sock->type != SOCK_RAW && sock->type != SOCK_DGRAM) 1042 1039 goto out; 1043 1040 rc = -ENOMEM; 1044 1044 - sk = sk_alloc(PF_APPLETALK, GFP_KERNEL, &ddp_proto, 1); 1041 1041 + sk = sk_alloc(net, PF_APPLETALK, GFP_KERNEL, &ddp_proto, 1); 1045 1042 if (!sk) 1046 1043 goto out; 1047 1044 rc = 0;

+2 -2

net/atm/common.c

reviewed

··· 125 125 .obj_size = sizeof(struct atm_vcc), 126 126 }; 127 127 128 128 - int vcc_create(struct socket *sock, int protocol, int family) 128 128 + int vcc_create(struct net *net, struct socket *sock, int protocol, int family) 129 129 { 130 130 struct sock *sk; 131 131 struct atm_vcc *vcc; ··· 133 133 sock->sk = NULL; 134 134 if (sock->type == SOCK_STREAM) 135 135 return -EINVAL; 136 136 - sk = sk_alloc(family, GFP_KERNEL, &vcc_proto, 1); 136 136 + sk = sk_alloc(net, family, GFP_KERNEL, &vcc_proto, 1); 137 137 if (!sk) 138 138 return -ENOMEM; 139 139 sock_init_data(sock, sk);

+1 -1

net/atm/common.h

reviewed

··· 10 10 #include <linux/poll.h> /* for poll_table */ 11 11 12 12 13 13 - int vcc_create(struct socket *sock, int protocol, int family); 13 13 + int vcc_create(struct net *net, struct socket *sock, int protocol, int family); 14 14 int vcc_release(struct socket *sock); 15 15 int vcc_connect(struct socket *sock, int itf, short vpi, int vci); 16 16 int vcc_recvmsg(struct kiocb *iocb, struct socket *sock, struct msghdr *msg,

+5 -2

net/atm/pvc.c

reviewed

··· 124 124 }; 125 125 126 126 127 127 - static int pvc_create(struct socket *sock,int protocol) 127 127 + static int pvc_create(struct net *net, struct socket *sock,int protocol) 128 128 { 129 129 + if (net != &init_net) 130 130 + return -EAFNOSUPPORT; 131 131 + 129 132 sock->ops = &pvc_proto_ops; 130 130 - return vcc_create(sock, protocol, PF_ATMPVC); 133 133 + return vcc_create(net, sock, protocol, PF_ATMPVC); 131 134 } 132 135 133 136

+7 -4

net/atm/svc.c

reviewed

··· 25 25 #include "signaling.h" 26 26 #include "addr.h" 27 27 28 28 - static int svc_create(struct socket *sock,int protocol); 28 28 + static int svc_create(struct net *net, struct socket *sock,int protocol); 29 29 30 30 /* 31 31 * Note: since all this is still nicely synchronized with the signaling demon, ··· 326 326 327 327 lock_sock(sk); 328 328 329 329 - error = svc_create(newsock,0); 329 329 + error = svc_create(sk->sk_net, newsock,0); 330 330 if (error) 331 331 goto out; 332 332 ··· 627 627 }; 628 628 629 629 630 630 - static int svc_create(struct socket *sock,int protocol) 630 630 + static int svc_create(struct net *net, struct socket *sock,int protocol) 631 631 { 632 632 int error; 633 633 634 634 + if (net != &init_net) 635 635 + return -EAFNOSUPPORT; 636 636 + 634 637 sock->ops = &svc_proto_ops; 635 635 - error = vcc_create(sock, protocol, AF_ATMSVC); 638 638 + error = vcc_create(net, sock, protocol, AF_ATMSVC); 636 639 if (error) return error; 637 640 ATM_SD(sock)->local.sas_family = AF_ATMSVC; 638 641 ATM_SD(sock)->remote.sas_family = AF_ATMSVC;

+6 -3

net/ax25/af_ax25.c

reviewed

··· 780 780 .obj_size = sizeof(struct sock), 781 781 }; 782 782 783 783 - static int ax25_create(struct socket *sock, int protocol) 783 783 + static int ax25_create(struct net *net, struct socket *sock, int protocol) 784 784 { 785 785 struct sock *sk; 786 786 ax25_cb *ax25; 787 787 + 788 788 + if (net != &init_net) 789 789 + return -EAFNOSUPPORT; 787 790 788 791 switch (sock->type) { 789 792 case SOCK_DGRAM: ··· 833 830 return -ESOCKTNOSUPPORT; 834 831 } 835 832 836 836 - if ((sk = sk_alloc(PF_AX25, GFP_ATOMIC, &ax25_proto, 1)) == NULL) 833 833 + if ((sk = sk_alloc(net, PF_AX25, GFP_ATOMIC, &ax25_proto, 1)) == NULL) 837 834 return -ENOMEM; 838 835 839 836 ax25 = sk->sk_protinfo = ax25_create_cb(); ··· 858 855 struct sock *sk; 859 856 ax25_cb *ax25, *oax25; 860 857 861 861 - if ((sk = sk_alloc(PF_AX25, GFP_ATOMIC, osk->sk_prot, 1)) == NULL) 858 858 + if ((sk = sk_alloc(osk->sk_net, PF_AX25, GFP_ATOMIC, osk->sk_prot, 1)) == NULL) 862 859 return NULL; 863 860 864 861 if ((ax25 = ax25_create_cb()) == NULL) {

+5 -2

net/bluetooth/af_bluetooth.c

reviewed

··· 95 95 } 96 96 EXPORT_SYMBOL(bt_sock_unregister); 97 97 98 98 - static int bt_sock_create(struct socket *sock, int proto) 98 98 + static int bt_sock_create(struct net *net, struct socket *sock, int proto) 99 99 { 100 100 int err; 101 101 + 102 102 + if (net != &init_net) 103 103 + return -EAFNOSUPPORT; 101 104 102 105 if (proto < 0 || proto >= BT_MAX_PROTO) 103 106 return -EINVAL; ··· 116 113 read_lock(&bt_proto_lock); 117 114 118 115 if (bt_proto[proto] && try_module_get(bt_proto[proto]->owner)) { 119 119 - err = bt_proto[proto]->create(sock, proto); 116 116 + err = bt_proto[proto]->create(net, sock, proto); 120 117 module_put(bt_proto[proto]->owner); 121 118 } 122 119

+2 -2

net/bluetooth/bnep/sock.c

reviewed

··· 204 204 .obj_size = sizeof(struct bt_sock) 205 205 }; 206 206 207 207 - static int bnep_sock_create(struct socket *sock, int protocol) 207 207 + static int bnep_sock_create(struct net *net, struct socket *sock, int protocol) 208 208 { 209 209 struct sock *sk; 210 210 ··· 213 213 if (sock->type != SOCK_RAW) 214 214 return -ESOCKTNOSUPPORT; 215 215 216 216 - sk = sk_alloc(PF_BLUETOOTH, GFP_ATOMIC, &bnep_proto, 1); 216 216 + sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &bnep_proto, 1); 217 217 if (!sk) 218 218 return -ENOMEM; 219 219

+2 -2

net/bluetooth/cmtp/sock.c

reviewed

··· 195 195 .obj_size = sizeof(struct bt_sock) 196 196 }; 197 197 198 198 - static int cmtp_sock_create(struct socket *sock, int protocol) 198 198 + static int cmtp_sock_create(struct net *net, struct socket *sock, int protocol) 199 199 { 200 200 struct sock *sk; 201 201 ··· 204 204 if (sock->type != SOCK_RAW) 205 205 return -ESOCKTNOSUPPORT; 206 206 207 207 - sk = sk_alloc(PF_BLUETOOTH, GFP_ATOMIC, &cmtp_proto, 1); 207 207 + sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &cmtp_proto, 1); 208 208 if (!sk) 209 209 return -ENOMEM; 210 210

+2 -2

net/bluetooth/hci_sock.c

reviewed

··· 634 634 .obj_size = sizeof(struct hci_pinfo) 635 635 }; 636 636 637 637 - static int hci_sock_create(struct socket *sock, int protocol) 637 637 + static int hci_sock_create(struct net *net, struct socket *sock, int protocol) 638 638 { 639 639 struct sock *sk; 640 640 ··· 645 645 646 646 sock->ops = &hci_sock_ops; 647 647 648 648 - sk = sk_alloc(PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto, 1); 648 648 + sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hci_sk_proto, 1); 649 649 if (!sk) 650 650 return -ENOMEM; 651 651

+2 -2

net/bluetooth/hidp/sock.c

reviewed

··· 246 246 .obj_size = sizeof(struct bt_sock) 247 247 }; 248 248 249 249 - static int hidp_sock_create(struct socket *sock, int protocol) 249 249 + static int hidp_sock_create(struct net *net, struct socket *sock, int protocol) 250 250 { 251 251 struct sock *sk; 252 252 ··· 255 255 if (sock->type != SOCK_RAW) 256 256 return -ESOCKTNOSUPPORT; 257 257 258 258 - sk = sk_alloc(PF_BLUETOOTH, GFP_ATOMIC, &hidp_proto, 1); 258 258 + sk = sk_alloc(net, PF_BLUETOOTH, GFP_ATOMIC, &hidp_proto, 1); 259 259 if (!sk) 260 260 return -ENOMEM; 261 261

+5 -5

net/bluetooth/l2cap.c

reviewed

··· 518 518 .obj_size = sizeof(struct l2cap_pinfo) 519 519 }; 520 520 521 521 - static struct sock *l2cap_sock_alloc(struct socket *sock, int proto, gfp_t prio) 521 521 + static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 522 522 { 523 523 struct sock *sk; 524 524 525 525 - sk = sk_alloc(PF_BLUETOOTH, prio, &l2cap_proto, 1); 525 525 + sk = sk_alloc(net, PF_BLUETOOTH, prio, &l2cap_proto, 1); 526 526 if (!sk) 527 527 return NULL; 528 528 ··· 543 543 return sk; 544 544 } 545 545 546 546 - static int l2cap_sock_create(struct socket *sock, int protocol) 546 546 + static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol) 547 547 { 548 548 struct sock *sk; 549 549 ··· 560 560 561 561 sock->ops = &l2cap_sock_ops; 562 562 563 563 - sk = l2cap_sock_alloc(sock, protocol, GFP_ATOMIC); 563 563 + sk = l2cap_sock_alloc(net, sock, protocol, GFP_ATOMIC); 564 564 if (!sk) 565 565 return -ENOMEM; 566 566 ··· 1425 1425 goto response; 1426 1426 } 1427 1427 1428 1428 - sk = l2cap_sock_alloc(NULL, BTPROTO_L2CAP, GFP_ATOMIC); 1428 1428 + sk = l2cap_sock_alloc(parent->sk_net, NULL, BTPROTO_L2CAP, GFP_ATOMIC); 1429 1429 if (!sk) 1430 1430 goto response; 1431 1431

+5 -5

net/bluetooth/rfcomm/sock.c

reviewed

··· 282 282 .obj_size = sizeof(struct rfcomm_pinfo) 283 283 }; 284 284 285 285 - static struct sock *rfcomm_sock_alloc(struct socket *sock, int proto, gfp_t prio) 285 285 + static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 286 286 { 287 287 struct rfcomm_dlc *d; 288 288 struct sock *sk; 289 289 290 290 - sk = sk_alloc(PF_BLUETOOTH, prio, &rfcomm_proto, 1); 290 290 + sk = sk_alloc(net, PF_BLUETOOTH, prio, &rfcomm_proto, 1); 291 291 if (!sk) 292 292 return NULL; 293 293 ··· 323 323 return sk; 324 324 } 325 325 326 326 - static int rfcomm_sock_create(struct socket *sock, int protocol) 326 326 + static int rfcomm_sock_create(struct net *net, struct socket *sock, int protocol) 327 327 { 328 328 struct sock *sk; 329 329 ··· 336 336 337 337 sock->ops = &rfcomm_sock_ops; 338 338 339 339 - sk = rfcomm_sock_alloc(sock, protocol, GFP_ATOMIC); 339 339 + sk = rfcomm_sock_alloc(net, sock, protocol, GFP_ATOMIC); 340 340 if (!sk) 341 341 return -ENOMEM; 342 342 ··· 868 868 goto done; 869 869 } 870 870 871 871 - sk = rfcomm_sock_alloc(NULL, BTPROTO_RFCOMM, GFP_ATOMIC); 871 871 + sk = rfcomm_sock_alloc(parent->sk_net, NULL, BTPROTO_RFCOMM, GFP_ATOMIC); 872 872 if (!sk) 873 873 goto done; 874 874

+5 -5

net/bluetooth/sco.c

reviewed

··· 414 414 .obj_size = sizeof(struct sco_pinfo) 415 415 }; 416 416 417 417 - static struct sock *sco_sock_alloc(struct socket *sock, int proto, gfp_t prio) 417 417 + static struct sock *sco_sock_alloc(struct net *net, struct socket *sock, int proto, gfp_t prio) 418 418 { 419 419 struct sock *sk; 420 420 421 421 - sk = sk_alloc(PF_BLUETOOTH, prio, &sco_proto, 1); 421 421 + sk = sk_alloc(net, PF_BLUETOOTH, prio, &sco_proto, 1); 422 422 if (!sk) 423 423 return NULL; 424 424 ··· 439 439 return sk; 440 440 } 441 441 442 442 - static int sco_sock_create(struct socket *sock, int protocol) 442 442 + static int sco_sock_create(struct net *net, struct socket *sock, int protocol) 443 443 { 444 444 struct sock *sk; 445 445 ··· 452 452 453 453 sock->ops = &sco_sock_ops; 454 454 455 455 - sk = sco_sock_alloc(sock, protocol, GFP_ATOMIC); 455 455 + sk = sco_sock_alloc(net, sock, protocol, GFP_ATOMIC); 456 456 if (!sk) 457 457 return -ENOMEM; 458 458 ··· 807 807 808 808 bh_lock_sock(parent); 809 809 810 810 - sk = sco_sock_alloc(NULL, BTPROTO_SCO, GFP_ATOMIC); 810 810 + sk = sco_sock_alloc(parent->sk_net, NULL, BTPROTO_SCO, GFP_ATOMIC); 811 811 if (!sk) { 812 812 bh_unlock_sock(parent); 813 813 goto done;

+4 -2

net/core/sock.c

reviewed

··· 873 873 * @prot: struct proto associated with this new sock instance 874 874 * @zero_it: if we should zero the newly allocated sock 875 875 */ 876 876 - struct sock *sk_alloc(int family, gfp_t priority, 876 876 + struct sock *sk_alloc(struct net *net, int family, gfp_t priority, 877 877 struct proto *prot, int zero_it) 878 878 { 879 879 struct sock *sk = NULL; ··· 894 894 */ 895 895 sk->sk_prot = sk->sk_prot_creator = prot; 896 896 sock_lock_init(sk); 897 897 + sk->sk_net = get_net(net); 897 898 } 898 899 899 900 if (security_sk_alloc(sk, family, priority)) ··· 934 933 __FUNCTION__, atomic_read(&sk->sk_omem_alloc)); 935 934 936 935 security_sk_free(sk); 936 936 + put_net(sk->sk_net); 937 937 if (sk->sk_prot_creator->slab != NULL) 938 938 kmem_cache_free(sk->sk_prot_creator->slab, sk); 939 939 else ··· 944 942 945 943 struct sock *sk_clone(const struct sock *sk, const gfp_t priority) 946 944 { 947 947 - struct sock *newsk = sk_alloc(sk->sk_family, priority, sk->sk_prot, 0); 945 945 + struct sock *newsk = sk_alloc(sk->sk_net, sk->sk_family, priority, sk->sk_prot, 0); 948 946 949 947 if (newsk != NULL) { 950 948 struct sk_filter *filter;

+8 -5

net/decnet/af_decnet.c

reviewed

··· 471 471 .obj_size = sizeof(struct dn_sock), 472 472 }; 473 473 474 474 - static struct sock *dn_alloc_sock(struct socket *sock, gfp_t gfp) 474 474 + static struct sock *dn_alloc_sock(struct net *net, struct socket *sock, gfp_t gfp) 475 475 { 476 476 struct dn_scp *scp; 477 477 - struct sock *sk = sk_alloc(PF_DECnet, gfp, &dn_proto, 1); 477 477 + struct sock *sk = sk_alloc(net, PF_DECnet, gfp, &dn_proto, 1); 478 478 479 479 if (!sk) 480 480 goto out; ··· 675 675 676 676 677 677 678 678 - static int dn_create(struct socket *sock, int protocol) 678 678 + static int dn_create(struct net *net, struct socket *sock, int protocol) 679 679 { 680 680 struct sock *sk; 681 681 + 682 682 + if (net != &init_net) 683 683 + return -EAFNOSUPPORT; 681 684 682 685 switch(sock->type) { 683 686 case SOCK_SEQPACKET: ··· 694 691 } 695 692 696 693 697 697 - if ((sk = dn_alloc_sock(sock, GFP_KERNEL)) == NULL) 694 694 + if ((sk = dn_alloc_sock(net, sock, GFP_KERNEL)) == NULL) 698 695 return -ENOBUFS; 699 696 700 697 sk->sk_protocol = protocol; ··· 1094 1091 1095 1092 cb = DN_SKB_CB(skb); 1096 1093 sk->sk_ack_backlog--; 1097 1097 - newsk = dn_alloc_sock(newsock, sk->sk_allocation); 1094 1094 + newsk = dn_alloc_sock(sk->sk_net, newsock, sk->sk_allocation); 1098 1095 if (newsk == NULL) { 1099 1096 release_sock(sk); 1100 1097 kfree_skb(skb);

+5 -2

net/econet/af_econet.c

reviewed

··· 608 608 * Create an Econet socket 609 609 */ 610 610 611 611 - static int econet_create(struct socket *sock, int protocol) 611 611 + static int econet_create(struct net *net, struct socket *sock, int protocol) 612 612 { 613 613 struct sock *sk; 614 614 struct econet_sock *eo; 615 615 int err; 616 616 + 617 617 + if (net != &init_net) 618 618 + return -EAFNOSUPPORT; 616 619 617 620 /* Econet only provides datagram services. */ 618 621 if (sock->type != SOCK_DGRAM) ··· 624 621 sock->state = SS_UNCONNECTED; 625 622 626 623 err = -ENOBUFS; 627 627 - sk = sk_alloc(PF_ECONET, GFP_KERNEL, &econet_proto, 1); 624 624 + sk = sk_alloc(net, PF_ECONET, GFP_KERNEL, &econet_proto, 1); 628 625 if (sk == NULL) 629 626 goto out; 630 627

+5 -2

net/ipv4/af_inet.c

reviewed

··· 241 241 * Create an inet socket. 242 242 */ 243 243 244 244 - static int inet_create(struct socket *sock, int protocol) 244 244 + static int inet_create(struct net *net, struct socket *sock, int protocol) 245 245 { 246 246 struct sock *sk; 247 247 struct list_head *p; ··· 252 252 char answer_no_check; 253 253 int try_loading_module = 0; 254 254 int err; 255 255 + 256 256 + if (net != &init_net) 257 257 + return -EAFNOSUPPORT; 255 258 256 259 if (sock->type != SOCK_RAW && 257 260 sock->type != SOCK_DGRAM && ··· 323 320 BUG_TRAP(answer_prot->slab != NULL); 324 321 325 322 err = -ENOBUFS; 326 326 - sk = sk_alloc(PF_INET, GFP_KERNEL, answer_prot, 1); 323 323 + sk = sk_alloc(net, PF_INET, GFP_KERNEL, answer_prot, 1); 327 324 if (sk == NULL) 328 325 goto out; 329 326

+5 -2

net/ipv6/af_inet6.c

reviewed

··· 81 81 return (struct ipv6_pinfo *)(((u8 *)sk) + offset); 82 82 } 83 83 84 84 - static int inet6_create(struct socket *sock, int protocol) 84 84 + static int inet6_create(struct net *net, struct socket *sock, int protocol) 85 85 { 86 86 struct inet_sock *inet; 87 87 struct ipv6_pinfo *np; ··· 93 93 char answer_no_check; 94 94 int try_loading_module = 0; 95 95 int err; 96 96 + 97 97 + if (net != &init_net) 98 98 + return -EAFNOSUPPORT; 96 99 97 100 if (sock->type != SOCK_RAW && 98 101 sock->type != SOCK_DGRAM && ··· 162 159 BUG_TRAP(answer_prot->slab != NULL); 163 160 164 161 err = -ENOBUFS; 165 165 - sk = sk_alloc(PF_INET6, GFP_KERNEL, answer_prot, 1); 162 162 + sk = sk_alloc(net, PF_INET6, GFP_KERNEL, answer_prot, 1); 166 163 if (sk == NULL) 167 164 goto out; 168 165

+5 -2

net/ipx/af_ipx.c

reviewed

··· 1360 1360 .obj_size = sizeof(struct ipx_sock), 1361 1361 }; 1362 1362 1363 1363 - static int ipx_create(struct socket *sock, int protocol) 1363 1363 + static int ipx_create(struct net *net, struct socket *sock, int protocol) 1364 1364 { 1365 1365 int rc = -ESOCKTNOSUPPORT; 1366 1366 struct sock *sk; 1367 1367 + 1368 1368 + if (net != &init_net) 1369 1369 + return -EAFNOSUPPORT; 1367 1370 1368 1371 /* 1369 1372 * SPX support is not anymore in the kernel sources. If you want to ··· 1378 1375 goto out; 1379 1376 1380 1377 rc = -ENOMEM; 1381 1381 - sk = sk_alloc(PF_IPX, GFP_KERNEL, &ipx_proto, 1); 1378 1378 + sk = sk_alloc(net, PF_IPX, GFP_KERNEL, &ipx_proto, 1); 1382 1379 if (!sk) 1383 1380 goto out; 1384 1381 #ifdef IPX_REFCNT_DEBUG

+7 -4

net/irda/af_irda.c

reviewed

··· 60 60 61 61 #include <net/irda/af_irda.h> 62 62 63 63 - static int irda_create(struct socket *sock, int protocol); 63 63 + static int irda_create(struct net *net, struct socket *sock, int protocol); 64 64 65 65 static const struct proto_ops irda_stream_ops; 66 66 static const struct proto_ops irda_seqpacket_ops; ··· 831 831 832 832 IRDA_DEBUG(2, "%s()\n", __FUNCTION__); 833 833 834 834 - err = irda_create(newsock, sk->sk_protocol); 834 834 + err = irda_create(sk->sk_net, newsock, sk->sk_protocol); 835 835 if (err) 836 836 return err; 837 837 ··· 1057 1057 * Create IrDA socket 1058 1058 * 1059 1059 */ 1060 1060 - static int irda_create(struct socket *sock, int protocol) 1060 1060 + static int irda_create(struct net *net, struct socket *sock, int protocol) 1061 1061 { 1062 1062 struct sock *sk; 1063 1063 struct irda_sock *self; 1064 1064 1065 1065 IRDA_DEBUG(2, "%s()\n", __FUNCTION__); 1066 1066 + 1067 1067 + if (net != &init_net) 1068 1068 + return -EAFNOSUPPORT; 1066 1069 1067 1070 /* Check for valid socket type */ 1068 1071 switch (sock->type) { ··· 1078 1075 } 1079 1076 1080 1077 /* Allocate networking socket */ 1081 1081 - sk = sk_alloc(PF_IRDA, GFP_ATOMIC, &irda_proto, 1); 1078 1078 + sk = sk_alloc(net, PF_IRDA, GFP_ATOMIC, &irda_proto, 1); 1082 1079 if (sk == NULL) 1083 1080 return -ENOMEM; 1084 1081

+2 -2

net/iucv/af_iucv.c

reviewed

··· 213 213 { 214 214 struct sock *sk; 215 215 216 216 - sk = sk_alloc(PF_IUCV, prio, &iucv_proto, 1); 216 216 + sk = sk_alloc(&init_net, PF_IUCV, prio, &iucv_proto, 1); 217 217 if (!sk) 218 218 return NULL; 219 219 ··· 240 240 } 241 241 242 242 /* Create an IUCV socket */ 243 243 - static int iucv_sock_create(struct socket *sock, int protocol) 243 243 + static int iucv_sock_create(struct net *net, struct socket *sock, int protocol) 244 244 { 245 245 struct sock *sk; 246 246

+5 -2

net/key/af_key.c

reviewed

··· 136 136 .obj_size = sizeof(struct pfkey_sock), 137 137 }; 138 138 139 139 - static int pfkey_create(struct socket *sock, int protocol) 139 139 + static int pfkey_create(struct net *net, struct socket *sock, int protocol) 140 140 { 141 141 struct sock *sk; 142 142 int err; 143 143 + 144 144 + if (net != &init_net) 145 145 + return -EAFNOSUPPORT; 143 146 144 147 if (!capable(CAP_NET_ADMIN)) 145 148 return -EPERM; ··· 152 149 return -EPROTONOSUPPORT; 153 150 154 151 err = -ENOMEM; 155 155 - sk = sk_alloc(PF_KEY, GFP_KERNEL, &key_proto, 1); 152 152 + sk = sk_alloc(net, PF_KEY, GFP_KERNEL, &key_proto, 1); 156 153 if (sk == NULL) 157 154 goto out; 158 155

+5 -2

net/llc/af_llc.c

reviewed

··· 150 150 * socket type we have available. 151 151 * Returns 0 upon success, negative upon failure. 152 152 */ 153 153 - static int llc_ui_create(struct socket *sock, int protocol) 153 153 + static int llc_ui_create(struct net *net, struct socket *sock, int protocol) 154 154 { 155 155 struct sock *sk; 156 156 int rc = -ESOCKTNOSUPPORT; 157 157 158 158 + if (net != &init_net) 159 159 + return -EAFNOSUPPORT; 160 160 + 158 161 if (likely(sock->type == SOCK_DGRAM || sock->type == SOCK_STREAM)) { 159 162 rc = -ENOMEM; 160 160 - sk = llc_sk_alloc(PF_LLC, GFP_KERNEL, &llc_proto); 163 163 + sk = llc_sk_alloc(net, PF_LLC, GFP_KERNEL, &llc_proto); 161 164 if (sk) { 162 165 rc = 0; 163 166 llc_ui_sk_init(sock, sk);

+3 -3

net/llc/llc_conn.c

reviewed

··· 700 700 struct llc_addr *saddr, 701 701 struct llc_addr *daddr) 702 702 { 703 703 - struct sock *newsk = llc_sk_alloc(sk->sk_family, GFP_ATOMIC, 703 703 + struct sock *newsk = llc_sk_alloc(sk->sk_net, sk->sk_family, GFP_ATOMIC, 704 704 sk->sk_prot); 705 705 struct llc_sock *newllc, *llc = llc_sk(sk); 706 706 ··· 867 867 * Allocates a LLC sock and initializes it. Returns the new LLC sock 868 868 * or %NULL if there's no memory available for one 869 869 */ 870 870 - struct sock *llc_sk_alloc(int family, gfp_t priority, struct proto *prot) 870 870 + struct sock *llc_sk_alloc(struct net *net, int family, gfp_t priority, struct proto *prot) 871 871 { 872 872 - struct sock *sk = sk_alloc(family, priority, prot, 1); 872 872 + struct sock *sk = sk_alloc(net, family, priority, prot, 1); 873 873 874 874 if (!sk) 875 875 goto out;

+9 -6

net/netlink/af_netlink.c

reviewed

··· 384 384 .obj_size = sizeof(struct netlink_sock), 385 385 }; 386 386 387 387 - static int __netlink_create(struct socket *sock, struct mutex *cb_mutex, 388 388 - int protocol) 387 387 + static int __netlink_create(struct net *net, struct socket *sock, 388 388 + struct mutex *cb_mutex, int protocol) 389 389 { 390 390 struct sock *sk; 391 391 struct netlink_sock *nlk; 392 392 393 393 sock->ops = &netlink_ops; 394 394 395 395 - sk = sk_alloc(PF_NETLINK, GFP_KERNEL, &netlink_proto, 1); 395 395 + sk = sk_alloc(net, PF_NETLINK, GFP_KERNEL, &netlink_proto, 1); 396 396 if (!sk) 397 397 return -ENOMEM; 398 398 ··· 412 412 return 0; 413 413 } 414 414 415 415 - static int netlink_create(struct socket *sock, int protocol) 415 415 + static int netlink_create(struct net *net, struct socket *sock, int protocol) 416 416 { 417 417 struct module *module = NULL; 418 418 struct mutex *cb_mutex; 419 419 struct netlink_sock *nlk; 420 420 int err = 0; 421 421 + 422 422 + if (net != &init_net) 423 423 + return -EAFNOSUPPORT; 421 424 422 425 sock->state = SS_UNCONNECTED; 423 426 ··· 444 441 cb_mutex = nl_table[protocol].cb_mutex; 445 442 netlink_unlock_table(); 446 443 447 447 - if ((err = __netlink_create(sock, cb_mutex, protocol)) < 0) 444 444 + if ((err = __netlink_create(net, sock, cb_mutex, protocol)) < 0) 448 445 goto out_module; 449 446 450 447 nlk = nlk_sk(sock->sk); ··· 1321 1318 if (sock_create_lite(PF_NETLINK, SOCK_DGRAM, unit, &sock)) 1322 1319 return NULL; 1323 1320 1324 1324 - if (__netlink_create(sock, cb_mutex, unit) < 0) 1321 1321 + if (__netlink_create(&init_net, sock, cb_mutex, unit) < 0) 1325 1322 goto out_sock_release; 1326 1323 1327 1324 if (groups < 32)

+6 -3

net/netrom/af_netrom.c

reviewed

··· 409 409 .obj_size = sizeof(struct nr_sock), 410 410 }; 411 411 412 412 - static int nr_create(struct socket *sock, int protocol) 412 412 + static int nr_create(struct net *net, struct socket *sock, int protocol) 413 413 { 414 414 struct sock *sk; 415 415 struct nr_sock *nr; 416 416 417 417 + if (net != &init_net) 418 418 + return -EAFNOSUPPORT; 419 419 + 417 420 if (sock->type != SOCK_SEQPACKET || protocol != 0) 418 421 return -ESOCKTNOSUPPORT; 419 422 420 420 - if ((sk = sk_alloc(PF_NETROM, GFP_ATOMIC, &nr_proto, 1)) == NULL) 423 423 + if ((sk = sk_alloc(net, PF_NETROM, GFP_ATOMIC, &nr_proto, 1)) == NULL) 421 424 return -ENOMEM; 422 425 423 426 nr = nr_sk(sk); ··· 462 459 if (osk->sk_type != SOCK_SEQPACKET) 463 460 return NULL; 464 461 465 465 - if ((sk = sk_alloc(PF_NETROM, GFP_ATOMIC, osk->sk_prot, 1)) == NULL) 462 462 + if ((sk = sk_alloc(osk->sk_net, PF_NETROM, GFP_ATOMIC, osk->sk_prot, 1)) == NULL) 466 463 return NULL; 467 464 468 465 nr = nr_sk(sk);

+5 -2

net/packet/af_packet.c

reviewed

··· 977 977 * Create a packet of type SOCK_PACKET. 978 978 */ 979 979 980 980 - static int packet_create(struct socket *sock, int protocol) 980 980 + static int packet_create(struct net *net, struct socket *sock, int protocol) 981 981 { 982 982 struct sock *sk; 983 983 struct packet_sock *po; 984 984 __be16 proto = (__force __be16)protocol; /* weird, but documented */ 985 985 int err; 986 986 + 987 987 + if (net != &init_net) 988 988 + return -EAFNOSUPPORT; 986 989 987 990 if (!capable(CAP_NET_RAW)) 988 991 return -EPERM; ··· 996 993 sock->state = SS_UNCONNECTED; 997 994 998 995 err = -ENOBUFS; 999 999 - sk = sk_alloc(PF_PACKET, GFP_KERNEL, &packet_proto, 1); 996 996 + sk = sk_alloc(net, PF_PACKET, GFP_KERNEL, &packet_proto, 1); 1000 997 if (sk == NULL) 1001 998 goto out; 1002 999

+6 -3

net/rose/af_rose.c

reviewed

··· 499 499 .obj_size = sizeof(struct rose_sock), 500 500 }; 501 501 502 502 - static int rose_create(struct socket *sock, int protocol) 502 502 + static int rose_create(struct net *net, struct socket *sock, int protocol) 503 503 { 504 504 struct sock *sk; 505 505 struct rose_sock *rose; 506 506 507 507 + if (net != &init_net) 508 508 + return -EAFNOSUPPORT; 509 509 + 507 510 if (sock->type != SOCK_SEQPACKET || protocol != 0) 508 511 return -ESOCKTNOSUPPORT; 509 512 510 510 - if ((sk = sk_alloc(PF_ROSE, GFP_ATOMIC, &rose_proto, 1)) == NULL) 513 513 + if ((sk = sk_alloc(net, PF_ROSE, GFP_ATOMIC, &rose_proto, 1)) == NULL) 511 514 return -ENOMEM; 512 515 513 516 rose = rose_sk(sk); ··· 548 545 if (osk->sk_type != SOCK_SEQPACKET) 549 546 return NULL; 550 547 551 551 - if ((sk = sk_alloc(PF_ROSE, GFP_ATOMIC, &rose_proto, 1)) == NULL) 548 548 + if ((sk = sk_alloc(osk->sk_net, PF_ROSE, GFP_ATOMIC, &rose_proto, 1)) == NULL) 552 549 return NULL; 553 550 554 551 rose = rose_sk(sk);

+5 -2

net/rxrpc/af_rxrpc.c

reviewed

··· 606 606 /* 607 607 * create an RxRPC socket 608 608 */ 609 609 - static int rxrpc_create(struct socket *sock, int protocol) 609 609 + static int rxrpc_create(struct net *net, struct socket *sock, int protocol) 610 610 { 611 611 struct rxrpc_sock *rx; 612 612 struct sock *sk; 613 613 614 614 _enter("%p,%d", sock, protocol); 615 615 + 616 616 + if (net != &init_net) 617 617 + return -EAFNOSUPPORT; 615 618 616 619 /* we support transport protocol UDP only */ 617 620 if (protocol != PF_INET) ··· 626 623 sock->ops = &rxrpc_rpc_ops; 627 624 sock->state = SS_UNCONNECTED; 628 625 629 629 - sk = sk_alloc(PF_RXRPC, GFP_KERNEL, &rxrpc_proto, 1); 626 626 + sk = sk_alloc(net, PF_RXRPC, GFP_KERNEL, &rxrpc_proto, 1); 630 627 if (!sk) 631 628 return -ENOMEM; 632 629

+1 -1

net/sctp/ipv6.c

reviewed

··· 631 631 struct ipv6_pinfo *newnp, *np = inet6_sk(sk); 632 632 struct sctp6_sock *newsctp6sk; 633 633 634 634 - newsk = sk_alloc(PF_INET6, GFP_KERNEL, sk->sk_prot, 1); 634 634 + newsk = sk_alloc(sk->sk_net, PF_INET6, GFP_KERNEL, sk->sk_prot, 1); 635 635 if (!newsk) 636 636 goto out; 637 637

+1 -1

net/sctp/protocol.c

reviewed

··· 552 552 { 553 553 struct inet_sock *inet = inet_sk(sk); 554 554 struct inet_sock *newinet; 555 555 - struct sock *newsk = sk_alloc(PF_INET, GFP_KERNEL, sk->sk_prot, 1); 555 555 + struct sock *newsk = sk_alloc(sk->sk_net, PF_INET, GFP_KERNEL, sk->sk_prot, 1); 556 556 557 557 if (!newsk) 558 558 goto out;

+5 -4

net/socket.c

reviewed

··· 84 84 #include <linux/kmod.h> 85 85 #include <linux/audit.h> 86 86 #include <linux/wireless.h> 87 87 + #include <linux/nsproxy.h> 87 88 88 89 #include <asm/uaccess.h> 89 90 #include <asm/unistd.h> ··· 1072 1071 return 0; 1073 1072 } 1074 1073 1075 1075 - static int __sock_create(int family, int type, int protocol, 1074 1074 + static int __sock_create(struct net *net, int family, int type, int protocol, 1076 1075 struct socket **res, int kern) 1077 1076 { 1078 1077 int err; ··· 1148 1147 /* Now protected by module ref count */ 1149 1148 rcu_read_unlock(); 1150 1149 1151 1151 - err = pf->create(sock, protocol); 1150 1150 + err = pf->create(net, sock, protocol); 1152 1151 if (err < 0) 1153 1152 goto out_module_put; 1154 1153 ··· 1187 1186 1188 1187 int sock_create(int family, int type, int protocol, struct socket **res) 1189 1188 { 1190 1190 - return __sock_create(family, type, protocol, res, 0); 1189 1189 + return __sock_create(current->nsproxy->net_ns, family, type, protocol, res, 0); 1191 1190 } 1192 1191 1193 1192 int sock_create_kern(int family, int type, int protocol, struct socket **res) 1194 1193 { 1195 1195 - return __sock_create(family, type, protocol, res, 1); 1194 1194 + return __sock_create(&init_net, family, type, protocol, res, 1); 1196 1195 } 1197 1196 1198 1197 asmlinkage long sys_socket(int family, int type, int protocol)

+6 -3

net/tipc/socket.c

reviewed

··· 162 162 * 163 163 * Returns 0 on success, errno otherwise 164 164 */ 165 165 - static int tipc_create(struct socket *sock, int protocol) 165 165 + static int tipc_create(struct net *net, struct socket *sock, int protocol) 166 166 { 167 167 struct tipc_sock *tsock; 168 168 struct tipc_port *port; 169 169 struct sock *sk; 170 170 u32 ref; 171 171 + 172 172 + if (net != &init_net) 173 173 + return -EAFNOSUPPORT; 171 174 172 175 if (unlikely(protocol != 0)) 173 176 return -EPROTONOSUPPORT; ··· 201 198 return -EPROTOTYPE; 202 199 } 203 200 204 204 - sk = sk_alloc(AF_TIPC, GFP_KERNEL, &tipc_proto, 1); 201 201 + sk = sk_alloc(net, AF_TIPC, GFP_KERNEL, &tipc_proto, 1); 205 202 if (!sk) { 206 203 tipc_deleteport(ref); 207 204 return -ENOMEM; ··· 1375 1372 } 1376 1373 buf = skb_peek(&sock->sk->sk_receive_queue); 1377 1374 1378 1378 - res = tipc_create(newsock, 0); 1375 1375 + res = tipc_create(sock->sk->sk_net, newsock, 0); 1379 1376 if (!res) { 1380 1377 struct tipc_sock *new_tsock = tipc_sk(newsock->sk); 1381 1378 struct tipc_portid id;

+8 -5

net/unix/af_unix.c

reviewed

··· 594 594 */ 595 595 static struct lock_class_key af_unix_sk_receive_queue_lock_key; 596 596 597 597 - static struct sock * unix_create1(struct socket *sock) 597 597 + static struct sock * unix_create1(struct net *net, struct socket *sock) 598 598 { 599 599 struct sock *sk = NULL; 600 600 struct unix_sock *u; ··· 602 602 if (atomic_read(&unix_nr_socks) >= 2*get_max_files()) 603 603 goto out; 604 604 605 605 - sk = sk_alloc(PF_UNIX, GFP_KERNEL, &unix_proto, 1); 605 605 + sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_proto, 1); 606 606 if (!sk) 607 607 goto out; 608 608 ··· 628 628 return sk; 629 629 } 630 630 631 631 - static int unix_create(struct socket *sock, int protocol) 631 631 + static int unix_create(struct net *net, struct socket *sock, int protocol) 632 632 { 633 633 + if (net != &init_net) 634 634 + return -EAFNOSUPPORT; 635 635 + 633 636 if (protocol && protocol != PF_UNIX) 634 637 return -EPROTONOSUPPORT; 635 638 ··· 658 655 return -ESOCKTNOSUPPORT; 659 656 } 660 657 661 661 - return unix_create1(sock) ? 0 : -ENOMEM; 658 658 + return unix_create1(net, sock) ? 0 : -ENOMEM; 662 659 } 663 660 664 661 static int unix_release(struct socket *sock) ··· 1042 1039 err = -ENOMEM; 1043 1040 1044 1041 /* create new sock for complete connection */ 1045 1045 - newsk = unix_create1(NULL); 1042 1042 + newsk = unix_create1(sk->sk_net, NULL); 1046 1043 if (newsk == NULL) 1047 1044 goto out; 1048 1045

+8 -5

net/x25/af_x25.c

reviewed

··· 466 466 .obj_size = sizeof(struct x25_sock), 467 467 }; 468 468 469 469 - static struct sock *x25_alloc_socket(void) 469 469 + static struct sock *x25_alloc_socket(struct net *net) 470 470 { 471 471 struct x25_sock *x25; 472 472 - struct sock *sk = sk_alloc(AF_X25, GFP_ATOMIC, &x25_proto, 1); 472 472 + struct sock *sk = sk_alloc(net, AF_X25, GFP_ATOMIC, &x25_proto, 1); 473 473 474 474 if (!sk) 475 475 goto out; ··· 485 485 return sk; 486 486 } 487 487 488 488 - static int x25_create(struct socket *sock, int protocol) 488 488 + static int x25_create(struct net *net, struct socket *sock, int protocol) 489 489 { 490 490 struct sock *sk; 491 491 struct x25_sock *x25; 492 492 int rc = -ESOCKTNOSUPPORT; 493 493 494 494 + if (net != &init_net) 495 495 + return -EAFNOSUPPORT; 496 496 + 494 497 if (sock->type != SOCK_SEQPACKET || protocol) 495 498 goto out; 496 499 497 500 rc = -ENOMEM; 498 498 - if ((sk = x25_alloc_socket()) == NULL) 501 501 + if ((sk = x25_alloc_socket(net)) == NULL) 499 502 goto out; 500 503 501 504 x25 = x25_sk(sk); ··· 546 543 if (osk->sk_type != SOCK_SEQPACKET) 547 544 goto out; 548 545 549 549 - if ((sk = x25_alloc_socket()) == NULL) 546 546 + if ((sk = x25_alloc_socket(osk->sk_net)) == NULL) 550 547 goto out; 551 548 552 549 x25 = x25_sk(sk);