From: Dan Smith <danms-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
To: orenl-RdfvBDnrOixBDgjK7y7TUQ@public.gmane.org
Cc: containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org
Subject: [PATCH 1/4] Set socket flags on restore using sock_setsockopt() where possible
Date: Thu, 13 Aug 2009 12:29:07 -0700 [thread overview]
Message-ID: <1250191750-3864-2-git-send-email-danms@us.ibm.com> (raw)
In-Reply-To: <1250191750-3864-1-git-send-email-danms-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
Fail on the TIMESTAMPING_* flags for the moment, with a TODO in place to
handle them later.
Also remove other explicit flag checks because they're no longer copied
blindly into the socket object, so existing checks will be sufficient.
Signed-off-by: Dan Smith <danms-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
---
net/checkpoint.c | 117 +++++++++++++++++++++++++++++++++++++++++++++++------
1 files changed, 103 insertions(+), 14 deletions(-)
diff --git a/net/checkpoint.c b/net/checkpoint.c
index ebbd68a..13c46c1 100644
--- a/net/checkpoint.c
+++ b/net/checkpoint.c
@@ -179,10 +179,6 @@ static int sock_cptrst_verify(struct ckpt_hdr_socket *h)
if (!ckpt_validate_errno(h->sock.err))
return -EINVAL;
- /* None of our supported types use this flag */
- if (h->sock.flags & SOCK_DESTROY)
- return -EINVAL;
-
return 0;
}
@@ -239,15 +235,99 @@ static int sock_cptrst_bufopts(int op, struct sock *sock,
return 0;
}
+static int sock_rst_flags(struct socket *sock,
+ struct ckpt_hdr_socket *h)
+{
+ int ret;
+ int v = 1;
+ unsigned long sk_flags = h->sock.flags;
+ unsigned long sock_flags = h->socket.flags;
+
+ if (test_and_clear_bit(SOCK_URGINLINE, &sk_flags)) {
+ ret = sock_setsockopt(sock, SOL_SOCKET, SO_OOBINLINE,
+ (char *)&v, sizeof(v));
+ if (ret)
+ return ret;
+ }
+
+ if (test_and_clear_bit(SOCK_KEEPOPEN, &sk_flags)) {
+ ret = sock_setsockopt(sock, SOL_SOCKET, SO_KEEPALIVE,
+ (char *)&v, sizeof(v));
+ if (ret)
+ return ret;
+ }
+
+ if (test_and_clear_bit(SOCK_BROADCAST, &sk_flags)) {
+ ret = sock_setsockopt(sock, SOL_SOCKET, SO_BROADCAST,
+ (char *)&v, sizeof(v));
+ if (ret)
+ return ret;
+ }
+
+ if (test_and_clear_bit(SOCK_RCVTSTAMP, &sk_flags)) {
+ ret = sock_setsockopt(sock, SOL_SOCKET, SO_TIMESTAMP,
+ (char *)&v, sizeof(v));
+ if (ret)
+ return ret;
+ }
+
+ if (test_and_clear_bit(SOCK_RCVTSTAMPNS, &sk_flags)) {
+ ret = sock_setsockopt(sock, SOL_SOCKET, SO_TIMESTAMPNS,
+ (char *)&v, sizeof(v));
+ if (ret)
+ return ret;
+ }
+
+ if (test_and_clear_bit(SOCK_DBG, &sk_flags)) {
+ ret = sock_setsockopt(sock, SOL_SOCKET, SO_DEBUG,
+ (char *)&v, sizeof(v));
+ if (ret)
+ return ret;
+ }
+
+ if (test_and_clear_bit(SOCK_LOCALROUTE, &sk_flags)) {
+ ret = sock_setsockopt(sock, SOL_SOCKET, SO_DONTROUTE,
+ (char *)&v, sizeof(v));
+ if (ret)
+ return ret;
+ }
+
+ if (test_and_clear_bit(SOCK_PASSCRED, &sock_flags)) {
+ ret = sock_setsockopt(sock, SOL_SOCKET, SO_PASSCRED,
+ (char *)&v, sizeof(v));
+ if (ret)
+ return ret;
+ }
+
+ /* TODO: Handle SOCK_TIMESTAMPING_* flags */
+ if (test_bit(SOCK_TIMESTAMPING_TX_HARDWARE, &sk_flags) ||
+ test_bit(SOCK_TIMESTAMPING_TX_SOFTWARE, &sk_flags) ||
+ test_bit(SOCK_TIMESTAMPING_RX_HARDWARE, &sk_flags) ||
+ test_bit(SOCK_TIMESTAMPING_RX_SOFTWARE, &sk_flags) ||
+ test_bit(SOCK_TIMESTAMPING_SOFTWARE, &sk_flags) ||
+ test_bit(SOCK_TIMESTAMPING_RAW_HARDWARE, &sk_flags) ||
+ test_bit(SOCK_TIMESTAMPING_SYS_HARDWARE, &sk_flags)) {
+ ckpt_debug("SOF_TIMESTAMPING_* flags are not supported\n");
+ return -ENOSYS;
+ }
+
+ /* Anything that is still set in the flags that isn't part of
+ * our protocol's default set, indicates an error
+ */
+ if (sk_flags & ~sock->sk->sk_flags) {
+ ckpt_debug("Unhandled sock flags: %lx\n", sk_flags);
+ return -EINVAL;
+ }
+
+ return 0;
+}
+
static int sock_cptrst(struct ckpt_ctx *ctx,
struct sock *sock,
struct ckpt_hdr_socket *h,
int op)
{
- if (sock->sk_socket) {
- CKPT_COPY(op, h->socket.flags, sock->sk_socket->flags);
- CKPT_COPY(op, h->socket.state, sock->sk_socket->state);
- }
+ CKPT_COPY(op, h->socket.state, sock->sk_socket->state);
CKPT_COPY(op, h->sock_common.bound_dev_if, sock->sk_bound_dev_if);
CKPT_COPY(op, h->sock_common.family, sock->sk_family);
@@ -262,12 +342,6 @@ static int sock_cptrst(struct ckpt_ctx *ctx,
CKPT_COPY(op, h->sock.state, sock->sk_state);
CKPT_COPY(op, h->sock.backlog, sock->sk_max_ack_backlog);
- /* TODO:
- * Break out setting each of the flags to use setsockopt() or
- * perform proper security check
- */
- CKPT_COPY(op, h->sock.flags, sock->sk_flags);
-
if (sock_cptrst_bufopts(op, sock, h))
return -EINVAL;
@@ -301,6 +375,21 @@ static int sock_cptrst(struct ckpt_ctx *ctx,
return -EINVAL;
}
+ if (op == CKPT_CPT) {
+ h->sock.flags = sock->sk_flags;
+ h->socket.flags = sock->sk_socket->flags;
+ } else {
+ int ret;
+ mm_segment_t old_fs;
+
+ old_fs = get_fs();
+ set_fs(KERNEL_DS);
+ ret = sock_rst_flags(sock->sk_socket, h);
+ set_fs(old_fs);
+ if (ret)
+ return ret;
+ }
+
if ((h->socket.state == SS_CONNECTED) &&
(h->sock.state != TCP_ESTABLISHED)) {
ckpt_debug("socket/sock in inconsistent state: %i/%i",
--
1.6.0.4
next prev parent reply other threads:[~2009-08-13 19:29 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2009-08-13 19:29 Socket c/r additional features Dan Smith
[not found] ` <1250191750-3864-1-git-send-email-danms-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-08-13 19:29 ` Dan Smith [this message]
[not found] ` <1250191750-3864-2-git-send-email-danms-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-08-13 19:44 ` [PATCH 1/4] Set socket flags on restore using sock_setsockopt() where possible Oren Laadan
[not found] ` <4A846D0E.90607-RdfvBDnrOixBDgjK7y7TUQ@public.gmane.org>
2009-08-13 19:55 ` Dan Smith
2009-08-13 22:07 ` Serge E. Hallyn
2009-08-13 19:29 ` [PATCH 2/4] Expose may_setuid() in user.h Dan Smith
[not found] ` <1250191750-3864-3-git-send-email-danms-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-08-13 22:28 ` Serge E. Hallyn
[not found] ` <20090813222837.GB13219-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-08-13 23:11 ` Serge E. Hallyn
2009-08-14 0:52 ` Serge E. Hallyn
2009-08-13 19:29 ` [PATCH 3/4] Save and restore UNIX socket peer credentials Dan Smith
[not found] ` <1250191750-3864-4-git-send-email-danms-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-08-13 23:17 ` Serge E. Hallyn
2009-08-13 19:29 ` [PATCH 4/4] Handle unconnected DGRAM sockets with buffers in-flight Dan Smith
[not found] ` <1250191750-3864-5-git-send-email-danms-r/Jw6+rmf7HQT0dZR+AlfA@public.gmane.org>
2009-08-13 20:33 ` Oren Laadan
[not found] ` <4A8478B4.2070207-RdfvBDnrOixBDgjK7y7TUQ@public.gmane.org>
2009-08-13 20:39 ` Dan Smith
[not found] ` <87my63phwp.fsf-FLMGYpZoEPULwtHQx/6qkW3U47Q5hpJU@public.gmane.org>
2009-08-13 21:00 ` Oren Laadan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1250191750-3864-2-git-send-email-danms@us.ibm.com \
--to=danms-r/jw6+rmf7hqt0dzr+alfa@public.gmane.org \
--cc=containers-qjLDD68F18O7TbgM5vRIOg@public.gmane.org \
--cc=orenl-RdfvBDnrOixBDgjK7y7TUQ@public.gmane.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox