[Devel] [PATCH] ve_env checks for netlink
Mishin Dmitry
dim at sw.ru
Sat Dec 10 08:43:50 PST 2005
Patch from Dmitry (dim@):
- this patch adds owner_env to primary key for selecting from nl_table
in order to avoid collisions due to virt pids.
Bug #55602
--
Thanks,
Dmitry.
-------------- next part --------------
--- ./net/netlink/af_netlink.c.venetlink 2005-12-05 12:01:57.000000000 +0300
+++ ./net/netlink/af_netlink.c 2005-12-10 19:42:31.000000000 +0300
@@ -154,7 +154,10 @@ static __inline__ struct sock *netlink_l
read_lock(&nl_table_lock);
sk_for_each(sk, node, &nl_table[protocol]) {
- if (nlk_sk(sk)->pid == pid) {
+ /* VEs should find sockets, created by kernel */
+ if ((nlk_sk(sk)->pid == pid) &&
+ (!pid || ve_accessible_strict(VE_OWNER_SK(sk),
+ get_exec_env()))){
sock_hold(sk);
goto found;
}
@@ -175,7 +178,9 @@ static int netlink_insert(struct sock *s
netlink_table_grab();
sk_for_each(osk, node, &nl_table[sk->sk_protocol]) {
- if (nlk_sk(osk)->pid == pid)
+ if ((nlk_sk(osk)->pid == pid) &&
+ ve_accessible_strict(VE_OWNER_SK(osk),
+ get_exec_env()))
break;
}
if (!node) {
@@ -286,13 +291,15 @@ static int netlink_autobind(struct socke
struct sock *sk = sock->sk;
struct sock *osk;
struct hlist_node *node;
- s32 pid = current->pid;
+ s32 pid = virt_pid(current);
int err;
retry:
netlink_table_grab();
sk_for_each(osk, node, &nl_table[sk->sk_protocol]) {
- if (nlk_sk(osk)->pid == pid) {
+ if ((nlk_sk(osk)->pid == pid) &&
+ ve_accessible_strict(VE_OWNER_SK(osk),
+ get_exec_env())){
/* Bind collision, search negative pid values. */
if (pid > 0)
pid = -4096;
@@ -661,6 +668,9 @@ void netlink_set_err(struct sock *ssk, u
if (nlk->pid == pid || !(nlk->groups & group))
continue;
+ if (!ve_accessible_strict(get_exec_env(), VE_OWNER_SK(sk)))
+ continue;
+
sk->sk_err = code;
sk->sk_error_report(sk);
}
@@ -1276,6 +1286,7 @@ static int __init netlink_proto_init(voi
}
sock_register(&netlink_family_ops);
#ifdef CONFIG_PROC_FS
+ /* FIXME: virtualize before give access from VEs */
proc_net_fops_create("netlink", 0, &netlink_seq_fops);
#endif
/* The netlink device handler may be needed early. */
More information about the Devel
mailing list