ipv4: Disallow non-namespace aware protocols to register.

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

All in-tree ipv4 protocol implementations are now namespace
aware. Therefore all the run-time checks are superfluous.

Reject registry of any non-namespace aware ipv4 protocol.
Eventually we'll remove prot->netns_ok and this registry
time check as well.

Signed-off-by: David S. Miller <davem@davemloft.net>

David S. Miller 13 years ago 547472b8 9d6ddb19

+6 -26

3 changed files

expand all

net

ipv4

af_inet.c

ip_input.c

protocol.c

-19

net/ipv4/af_inet.c

··· 263 263 } 264 264 EXPORT_SYMBOL(build_ehash_secret); 265 265 266 - static inline int inet_netns_ok(struct net *net, __u8 protocol) 267 - { 268 - const struct net_protocol *ipprot; 269 - 270 - if (net_eq(net, &init_net)) 271 - return 1; 272 - 273 - ipprot = rcu_dereference(inet_protos[protocol]); 274 - if (ipprot == NULL) { 275 - /* raw IP is OK */ 276 - return 1; 277 - } 278 - return ipprot->netns_ok; 279 - } 280 - 281 266 /* 282 267 * Create an inet socket. 283 268 */ ··· 333 348 err = -EPERM; 334 349 if (sock->type == SOCK_RAW && !kern && 335 350 !ns_capable(net->user_ns, CAP_NET_RAW)) 336 - goto out_rcu_unlock; 337 - 338 - err = -EAFNOSUPPORT; 339 - if (!inet_netns_ok(net, protocol)) 340 351 goto out_rcu_unlock; 341 352 342 353 sock->ops = answer->ops;

-7

net/ipv4/ip_input.c

··· 208 208 if (ipprot != NULL) { 209 209 int ret; 210 210 211 - if (!net_eq(net, &init_net) && !ipprot->netns_ok) { 212 - net_info_ratelimited("%s: proto %d isn't netns-ready\n", 213 - __func__, protocol); 214 - kfree_skb(skb); 215 - goto out; 216 - } 217 - 218 211 if (!ipprot->no_policy) { 219 212 if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) { 220 213 kfree_skb(skb);

net/ipv4/protocol.c

··· 37 37 38 38 int inet_add_protocol(const struct net_protocol *prot, unsigned char protocol) 39 39 { 40 + if (!prot->netns_ok) { 41 + pr_err("Protocol %u is not namespace aware, cannot register.\n", 42 + protocol); 43 + return -EINVAL; 44 + } 45 + 40 46 return !cmpxchg((const struct net_protocol **)&inet_protos[protocol], 41 47 NULL, prot) ? 0 : -1; 42 48 }