[PATCH v2 1/8] netlink: Make the sending netlink socket availabe in NETLINK_CB

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Wangyufen <wangyufen@huawei.com>
To: <davem@davemloft.net>
Cc: <netdev@vger.kernel.org>,
	"Eric W. Biederman" <ebiederm@xmission.com>,
	Wang Yufen <wangyufen@huawei.com>
Subject: [PATCH v2 1/8] netlink: Make the sending netlink socket availabe in NETLINK_CB
Date: Fri, 25 Jul 2014 16:22:22 +0800	[thread overview]
Message-ID: <1406276549-6616-2-git-send-email-wangyufen@huawei.com> (raw)
In-Reply-To: <1406276549-6616-1-git-send-email-wangyufen@huawei.com>

From: Eric W. Biederman <ebiederm@xmission.com>

The sending socket of an skb is already available by it's port id
in the NETLINK_CB.  If you want to know more like to examine the
credentials on the sending socket you have to look up the sending
socket by it's port id and all of the needed functions and data
structures are static inside of af_netlink.c.  So do the simple
thing and pass the sending socket to the receivers in the NETLINK_CB.

I intend to use this to get the user namespace of the sending socket
in inet_diag so that I can report uids in the context of the process
who opened the socket, the same way I report uids in the contect
of the process who opens files.

Acked-by: David S. Miller <davem@davemloft.net>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Signed-off-by: Wang Yufen <wangyufen@huawei.com>
---
 include/linux/netlink.h  | 1 +
 net/netlink/af_netlink.c | 6 ++++--
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/include/linux/netlink.h b/include/linux/netlink.h
index b23e9cd..af6c763 100644
--- a/include/linux/netlink.h
+++ b/include/linux/netlink.h
@@ -166,6 +166,7 @@ struct netlink_skb_parms {
 	struct ucred		creds;		/* Skb credentials	*/
 	__u32			pid;
 	__u32			dst_group;
+	struct sock             *ssk;
 };
 
 #define NETLINK_CB(skb)		(*(struct netlink_skb_parms*)&((skb)->cb))
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index ff960b7..571fc2c 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -899,7 +899,8 @@ static void netlink_rcv_wake(struct sock *sk)
 		wake_up_interruptible(&nlk->wait);
 }
 
-static int netlink_unicast_kernel(struct sock *sk, struct sk_buff *skb)
+static int netlink_unicast_kernel(struct sock *sk, struct sk_buff *skb,
+				  struct sock *ssk)
 {
 	int ret;
 	struct netlink_sock *nlk = nlk_sk(sk);
@@ -908,6 +909,7 @@ static int netlink_unicast_kernel(struct sock *sk, struct sk_buff *skb)
 	if (nlk->netlink_rcv != NULL) {
 		ret = skb->len;
 		skb_set_owner_r(skb, sk);
+		NETLINK_CB(skb).ssk = ssk;
 		nlk->netlink_rcv(skb);
 	}
 	kfree_skb(skb);
@@ -932,7 +934,7 @@ retry:
 		return PTR_ERR(sk);
 	}
 	if (netlink_is_kernel(sk))
-		return netlink_unicast_kernel(sk, skb);
+		return netlink_unicast_kernel(sk, skb, ssk);
 
 	if (sk_filter(sk, skb)) {
 		err = skb->len;
-- 
1.8.0

next prev parent reply	other threads:[~2014-07-25  8:24 UTC|newest]

Thread overview: 13+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-07-25  8:22 [PATCH v2 0/8] Backport to stable-3.4 for fix CVE-2014-0181 Wangyufen
2014-07-25  8:22 ` Wangyufen [this message]
2014-07-25  8:22 ` [PATCH v2 2/8] userns: make each net (net_ns) belong to a user_ns Wangyufen
2014-07-25  8:22 ` [PATCH v2 3/8] Add file_ns_capable() helper function for open-time capability checking Wangyufen
2014-07-25  8:22 ` [PATCH v2 4/8] netlink: Rename netlink_capable netlink_allowed Wangyufen
2014-07-25  8:22 ` [PATCH v2 5/8] net: Add variants of capable for use on on sockets Wangyufen
2014-07-25  8:22 ` [PATCH v2 6/8] net: Add variants of capable for use on netlink messages Wangyufen
2014-07-25  8:22 ` [PATCH v2 7/8] net: Use netlink_ns_capable to verify the permisions of " Wangyufen
2014-07-31 22:06   ` Jonathan Toppins
2014-08-15  7:38     ` wangyufen
2014-08-15  9:24       ` wangyufen
2014-07-25  8:22 ` [PATCH v2 8/8] netlink: Only check file credentials for implicit destinations Wangyufen
2014-07-29  0:14 ` [PATCH v2 0/8] Backport to stable-3.4 for fix CVE-2014-0181 David Miller

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:b23e9cd dfblob:af6c763 dfblob:ff960b7 dfblob:571fc2c )
 OR (
bs:"[PATCH v2 1/8] netlink: Make the sending netlink socket availabe in NETLINK_CB" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1406276549-6616-2-git-send-email-wangyufen@huawei.com \
    --to=wangyufen@huawei.com \
    --cc=davem@davemloft.net \
    --cc=ebiederm@xmission.com \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).