ANDROID: netfilter: xt_qtaguid/xt_socket: Build fixups (9b19736f) · Commits · e / devices / android_kernel_fairphone_FP4

include/uapi/linux/netfilter/xt_socket.h

+5 −0

Original line number	Original line	Diff line number	Diff line
	@@ -27,4 +27,9 @@ struct xt_socket_mtinfo3 {
	\| XT_SOCKET_NOWILDCARD \		\| XT_SOCKET_NOWILDCARD \
	\| XT_SOCKET_RESTORESKMARK)		\| XT_SOCKET_RESTORESKMARK)

			struct sock xt_socket_get4_sk(const struct sk_buff skb,
			struct xt_action_param *par);
			struct sock xt_socket_get6_sk(const struct sk_buff skb,
			struct xt_action_param *par);

	#endif /* _XT_SOCKET_H */		#endif /* _XT_SOCKET_H */

net/netfilter/xt_qtaguid.c

+82 −67

Original line number	Original line	Diff line number	Diff line
	@@ -145,22 +145,22 @@ static bool can_manipulate_uids(void)
	{		{
	/* root pwnd */		/* root pwnd */
	return in_egroup_p(xt_qtaguid_ctrl_file->gid)		return in_egroup_p(xt_qtaguid_ctrl_file->gid)
	\|\| unlikely(!current_fsuid()) \|\| unlikely(!proc_ctrl_write_limited)		\|\| unlikely(!from_kuid(&init_user_ns, current_fsuid())) \|\| unlikely(!proc_ctrl_write_limited)
	\|\| unlikely(current_fsuid() == xt_qtaguid_ctrl_file->uid);		\|\| unlikely(uid_eq(current_fsuid(), xt_qtaguid_ctrl_file->uid));
	}		}

	static bool can_impersonate_uid(uid_t uid)		static bool can_impersonate_uid(kuid_t uid)
	{		{
	return uid == current_fsuid() \|\| can_manipulate_uids();		return uid_eq(uid, current_fsuid()) \|\| can_manipulate_uids();
	}		}

	static bool can_read_other_uid_stats(uid_t uid)		static bool can_read_other_uid_stats(kuid_t uid)
	{		{
	/* root pwnd */		/* root pwnd */
	return in_egroup_p(xt_qtaguid_stats_file->gid)		return in_egroup_p(xt_qtaguid_stats_file->gid)
	\|\| unlikely(!current_fsuid()) \|\| uid == current_fsuid()		\|\| unlikely(!from_kuid(&init_user_ns, current_fsuid())) \|\| uid_eq(uid, current_fsuid())
	\|\| unlikely(!proc_stats_readall_limited)		\|\| unlikely(!proc_stats_readall_limited)
	\|\| unlikely(current_fsuid() == xt_qtaguid_ctrl_file->uid);		\|\| unlikely(uid_eq(current_fsuid(), xt_qtaguid_ctrl_file->uid));
	}		}

	static inline void dc_add_byte_packets(struct data_counters *counters, int set,		static inline void dc_add_byte_packets(struct data_counters *counters, int set,
	@@ -542,7 +542,7 @@ static void put_utd_entry(struct uid_tag_data *utd_entry)
	"erase utd_entry=%p uid=%u "		"erase utd_entry=%p uid=%u "
	"by pid=%u tgid=%u uid=%u\n", __func__,		"by pid=%u tgid=%u uid=%u\n", __func__,
	utd_entry, utd_entry->uid,		utd_entry, utd_entry->uid,
	current->pid, current->tgid, current_fsuid());		current->pid, current->tgid, from_kuid(&init_user_ns, current_fsuid()));
	BUG_ON(utd_entry->num_active_tags);		BUG_ON(utd_entry->num_active_tags);
	rb_erase(&utd_entry->node, &uid_tag_data_tree);		rb_erase(&utd_entry->node, &uid_tag_data_tree);
	kfree(utd_entry);		kfree(utd_entry);
	@@ -744,7 +744,7 @@ static int iface_stat_fmt_proc_show(struct seq_file m, void v)


	CT_DEBUG("qtaguid:proc iface_stat_fmt pid=%u tgid=%u uid=%u\n",		CT_DEBUG("qtaguid:proc iface_stat_fmt pid=%u tgid=%u uid=%u\n",
	current->pid, current->tgid, current_fsuid());		current->pid, current->tgid, from_kuid(&init_user_ns, current_fsuid()));

	iface_entry = list_entry(v, struct iface_stat, list);		iface_entry = list_entry(v, struct iface_stat, list);

	@@ -1605,7 +1605,7 @@ static struct sock qtaguid_find_sk(const struct sk_buff skb,
	* "struct inet_timewait_sock" which is missing fields.		* "struct inet_timewait_sock" which is missing fields.
	*/		*/
	if (sk->sk_state == TCP_TIME_WAIT) {		if (sk->sk_state == TCP_TIME_WAIT) {
	xt_socket_put_sk(sk);		sock_gen_put(sk);
	sk = NULL;		sk = NULL;
	}		}
	}		}
	@@ -1656,7 +1656,7 @@ static bool qtaguid_mt(const struct sk_buff skb, struct xt_action_param par)
	const struct file *filp;		const struct file *filp;
	bool got_sock = false;		bool got_sock = false;
	struct sock *sk;		struct sock *sk;
	uid_t sock_uid;		kuid_t sock_uid;
	bool res;		bool res;

	if (unlikely(module_passive))		if (unlikely(module_passive))
	@@ -1720,7 +1720,7 @@ static bool qtaguid_mt(const struct sk_buff skb, struct xt_action_param par)
	sk->sk_socket ? sk->sk_socket->file : (void *)-1LL);		sk->sk_socket ? sk->sk_socket->file : (void *)-1LL);
	filp = sk->sk_socket ? sk->sk_socket->file : NULL;		filp = sk->sk_socket ? sk->sk_socket->file : NULL;
	MT_DEBUG("qtaguid[%d]: filp...uid=%u\n",		MT_DEBUG("qtaguid[%d]: filp...uid=%u\n",
	par->hooknum, filp ? filp->f_cred->fsuid : -1);		par->hooknum, filp ? from_kuid(&init_user_ns, filp->f_cred->fsuid) : -1);
	}		}

	if (sk == NULL \|\| sk->sk_socket == NULL) {		if (sk == NULL \|\| sk->sk_socket == NULL) {
	@@ -1761,7 +1761,7 @@ static bool qtaguid_mt(const struct sk_buff skb, struct xt_action_param par)
	* For now we only do iface stats when the uid-owner is not requested		* For now we only do iface stats when the uid-owner is not requested
	*/		*/
	if (!(info->match & XT_QTAGUID_UID))		if (!(info->match & XT_QTAGUID_UID))
	account_for_uid(skb, sk, sock_uid, par);		account_for_uid(skb, sk, from_kuid(&init_user_ns, sock_uid), par);

	/*		/*
	* The following two tests fail the match when:		* The following two tests fail the match when:
	@@ -1769,31 +1769,38 @@ static bool qtaguid_mt(const struct sk_buff skb, struct xt_action_param par)
	* or id in range AND inverted condition requested		* or id in range AND inverted condition requested
	* Thus (!a && b) \|\| (a && !b) == a ^ b		* Thus (!a && b) \|\| (a && !b) == a ^ b
	*/		*/
	if (info->match & XT_QTAGUID_UID)		if (info->match & XT_QTAGUID_UID) {
	if ((filp->f_cred->fsuid >= info->uid_min &&		kuid_t uid_min = make_kuid(&init_user_ns, info->uid_min);
	filp->f_cred->fsuid <= info->uid_max) ^		kuid_t uid_max = make_kuid(&init_user_ns, info->uid_max);

			if ((uid_gte(filp->f_cred->fsuid, uid_min) &&
			uid_lte(filp->f_cred->fsuid, uid_max)) ^
	!(info->invert & XT_QTAGUID_UID)) {		!(info->invert & XT_QTAGUID_UID)) {
	MT_DEBUG("qtaguid[%d]: leaving uid not matching\n",		MT_DEBUG("qtaguid[%d]: leaving uid not matching\n",
	par->hooknum);		par->hooknum);
	res = false;		res = false;
	goto put_sock_ret_res;		goto put_sock_ret_res;
	}		}
	if (info->match & XT_QTAGUID_GID)		}
	if ((filp->f_cred->fsgid >= info->gid_min &&		if (info->match & XT_QTAGUID_GID) {
	filp->f_cred->fsgid <= info->gid_max) ^		kgid_t gid_min = make_kgid(&init_user_ns, info->gid_min);
			kgid_t gid_max = make_kgid(&init_user_ns, info->gid_max);

			if ((gid_gte(filp->f_cred->fsgid, gid_min) &&
			gid_lte(filp->f_cred->fsgid, gid_max)) ^
	!(info->invert & XT_QTAGUID_GID)) {		!(info->invert & XT_QTAGUID_GID)) {
	MT_DEBUG("qtaguid[%d]: leaving gid not matching\n",		MT_DEBUG("qtaguid[%d]: leaving gid not matching\n",
	par->hooknum);		par->hooknum);
	res = false;		res = false;
	goto put_sock_ret_res;		goto put_sock_ret_res;
	}		}
			}
	MT_DEBUG("qtaguid[%d]: leaving matched\n", par->hooknum);		MT_DEBUG("qtaguid[%d]: leaving matched\n", par->hooknum);
	res = true;		res = true;

	put_sock_ret_res:		put_sock_ret_res:
	if (got_sock)		if (got_sock)
	xt_socket_put_sk(sk);		sock_gen_put(sk);
	ret_res:		ret_res:
	MT_DEBUG("qtaguid[%d]: left %d\n", par->hooknum, res);		MT_DEBUG("qtaguid[%d]: left %d\n", par->hooknum, res);
	return res;		return res;
	@@ -1919,7 +1926,7 @@ static int qtaguid_ctrl_proc_show(struct seq_file m, void v)
	long f_count;		long f_count;

	CT_DEBUG("qtaguid: proc ctrl pid=%u tgid=%u uid=%u\n",		CT_DEBUG("qtaguid: proc ctrl pid=%u tgid=%u uid=%u\n",
	current->pid, current->tgid, current_fsuid());		current->pid, current->tgid, from_kuid(&init_user_ns, current_fsuid()));

	if (sock_tag_entry != SEQ_START_TOKEN) {		if (sock_tag_entry != SEQ_START_TOKEN) {
	uid = get_uid_from_tag(sock_tag_entry->tag);		uid = get_uid_from_tag(sock_tag_entry->tag);
	@@ -1950,18 +1957,18 @@ static int qtaguid_ctrl_proc_show(struct seq_file m, void v)
	"match_found_no_sk_in_ct=%llu "		"match_found_no_sk_in_ct=%llu "
	"match_no_sk=%llu "		"match_no_sk=%llu "
	"match_no_sk_file=%llu\n",		"match_no_sk_file=%llu\n",
	atomic64_read(&qtu_events.sockets_tagged),		(u64)atomic64_read(&qtu_events.sockets_tagged),
	atomic64_read(&qtu_events.sockets_untagged),		(u64)atomic64_read(&qtu_events.sockets_untagged),
	atomic64_read(&qtu_events.counter_set_changes),		(u64)atomic64_read(&qtu_events.counter_set_changes),
	atomic64_read(&qtu_events.delete_cmds),		(u64)atomic64_read(&qtu_events.delete_cmds),
	atomic64_read(&qtu_events.iface_events),		(u64)atomic64_read(&qtu_events.iface_events),
	atomic64_read(&qtu_events.match_calls),		(u64)atomic64_read(&qtu_events.match_calls),
	atomic64_read(&qtu_events.match_calls_prepost),		(u64)atomic64_read(&qtu_events.match_calls_prepost),
	atomic64_read(&qtu_events.match_found_sk),		(u64)atomic64_read(&qtu_events.match_found_sk),
	atomic64_read(&qtu_events.match_found_sk_in_ct),		(u64)atomic64_read(&qtu_events.match_found_sk_in_ct),
	atomic64_read(&qtu_events.match_found_no_sk_in_ct),		(u64)atomic64_read(&qtu_events.match_found_no_sk_in_ct),
	atomic64_read(&qtu_events.match_no_sk),		(u64)atomic64_read(&qtu_events.match_no_sk),
	atomic64_read(&qtu_events.match_no_sk_file));		(u64)atomic64_read(&qtu_events.match_no_sk_file));

	/* Count the following as part of the last item_index */		/* Count the following as part of the last item_index */
	prdebug_full_state(0, "proc ctrl");		prdebug_full_state(0, "proc ctrl");
	@@ -1977,7 +1984,8 @@ static int qtaguid_ctrl_proc_show(struct seq_file m, void v)
	static int ctrl_cmd_delete(const char *input)		static int ctrl_cmd_delete(const char *input)
	{		{
	char cmd;		char cmd;
	uid_t uid;		int uid_int;
			kuid_t uid;
	uid_t entry_uid;		uid_t entry_uid;
	tag_t acct_tag;		tag_t acct_tag;
	tag_t tag;		tag_t tag;
	@@ -1991,10 +1999,11 @@ static int ctrl_cmd_delete(const char *input)
	struct tag_ref *tr_entry;		struct tag_ref *tr_entry;
	struct uid_tag_data *utd_entry;		struct uid_tag_data *utd_entry;

	argc = sscanf(input, "%c %llu %u", &cmd, &acct_tag, &uid);		argc = sscanf(input, "%c %llu %u", &cmd, &acct_tag, &uid_int);
			uid = make_kuid(&init_user_ns, uid_int);
	CT_DEBUG("qtaguid: ctrl_delete(%s): argc=%d cmd=%c "		CT_DEBUG("qtaguid: ctrl_delete(%s): argc=%d cmd=%c "
	"user_tag=0x%llx uid=%u\n", input, argc, cmd,		"user_tag=0x%llx uid=%u\n", input, argc, cmd,
	acct_tag, uid);		acct_tag, uid_int);
	if (argc < 2) {		if (argc < 2) {
	res = -EINVAL;		res = -EINVAL;
	goto err;		goto err;
	@@ -2006,18 +2015,19 @@ static int ctrl_cmd_delete(const char *input)
	}		}
	if (argc < 3) {		if (argc < 3) {
	uid = current_fsuid();		uid = current_fsuid();
			uid_int = from_kuid(&init_user_ns, uid);
	} else if (!can_impersonate_uid(uid)) {		} else if (!can_impersonate_uid(uid)) {
	pr_info("qtaguid: ctrl_delete(%s): "		pr_info("qtaguid: ctrl_delete(%s): "
	"insufficient priv from pid=%u tgid=%u uid=%u\n",		"insufficient priv from pid=%u tgid=%u uid=%u\n",
	input, current->pid, current->tgid, current_fsuid());		input, current->pid, current->tgid, from_kuid(&init_user_ns, current_fsuid()));
	res = -EPERM;		res = -EPERM;
	goto err;		goto err;
	}		}

	tag = combine_atag_with_uid(acct_tag, uid);		tag = combine_atag_with_uid(acct_tag, uid_int);
	CT_DEBUG("qtaguid: ctrl_delete(%s): "		CT_DEBUG("qtaguid: ctrl_delete(%s): "
	"looking for tag=0x%llx (uid=%u)\n",		"looking for tag=0x%llx (uid=%u)\n",
	input, tag, uid);		input, tag, uid_int);

	/* Delete socket tags */		/* Delete socket tags */
	spin_lock_bh(&sock_tag_list_lock);		spin_lock_bh(&sock_tag_list_lock);
	@@ -2026,7 +2036,7 @@ static int ctrl_cmd_delete(const char *input)
	st_entry = rb_entry(node, struct sock_tag, sock_node);		st_entry = rb_entry(node, struct sock_tag, sock_node);
	entry_uid = get_uid_from_tag(st_entry->tag);		entry_uid = get_uid_from_tag(st_entry->tag);
	node = rb_next(node);		node = rb_next(node);
	if (entry_uid != uid)		if (entry_uid != uid_int)
	continue;		continue;

	CT_DEBUG("qtaguid: ctrl_delete(%s): st tag=0x%llx (uid=%u)\n",		CT_DEBUG("qtaguid: ctrl_delete(%s): st tag=0x%llx (uid=%u)\n",
	@@ -2087,7 +2097,7 @@ static int ctrl_cmd_delete(const char *input)
	"ts tag=0x%llx (uid=%u)\n",		"ts tag=0x%llx (uid=%u)\n",
	input, ts_entry->tn.tag, entry_uid);		input, ts_entry->tn.tag, entry_uid);

	if (entry_uid != uid)		if (entry_uid != uid_int)
	continue;		continue;
	if (!acct_tag \|\| ts_entry->tn.tag == tag) {		if (!acct_tag \|\| ts_entry->tn.tag == tag) {
	CT_DEBUG("qtaguid: ctrl_delete(%s): "		CT_DEBUG("qtaguid: ctrl_delete(%s): "
	@@ -2116,7 +2126,7 @@ static int ctrl_cmd_delete(const char *input)
	"utd uid=%u\n",		"utd uid=%u\n",
	input, entry_uid);		input, entry_uid);

	if (entry_uid != uid)		if (entry_uid != uid_int)
	continue;		continue;
	/*		/*
	* Go over the tag_refs, and those that don't have		* Go over the tag_refs, and those that don't have
	@@ -2160,7 +2170,7 @@ static int ctrl_cmd_counter_set(const char *input)
	if (!can_manipulate_uids()) {		if (!can_manipulate_uids()) {
	pr_info("qtaguid: ctrl_counterset(%s): "		pr_info("qtaguid: ctrl_counterset(%s): "
	"insufficient priv from pid=%u tgid=%u uid=%u\n",		"insufficient priv from pid=%u tgid=%u uid=%u\n",
	input, current->pid, current->tgid, current_fsuid());		input, current->pid, current->tgid, from_kuid(&init_user_ns, current_fsuid()));
	res = -EPERM;		res = -EPERM;
	goto err;		goto err;
	}		}
	@@ -2197,7 +2207,8 @@ static int ctrl_cmd_tag(const char *input)
	{		{
	char cmd;		char cmd;
	int sock_fd = 0;		int sock_fd = 0;
	uid_t uid = 0;		kuid_t uid;
			unsigned int uid_int = 0;
	tag_t acct_tag = make_atag_from_value(0);		tag_t acct_tag = make_atag_from_value(0);
	tag_t full_tag;		tag_t full_tag;
	struct socket *el_socket;		struct socket *el_socket;
	@@ -2208,10 +2219,11 @@ static int ctrl_cmd_tag(const char *input)
	struct proc_qtu_data *pqd_entry;		struct proc_qtu_data *pqd_entry;

	/* Unassigned args will get defaulted later. */		/* Unassigned args will get defaulted later. */
	argc = sscanf(input, "%c %d %llu %u", &cmd, &sock_fd, &acct_tag, &uid);		argc = sscanf(input, "%c %d %llu %u", &cmd, &sock_fd, &acct_tag, &uid_int);
			uid = make_kuid(&init_user_ns, uid_int);
	CT_DEBUG("qtaguid: ctrl_tag(%s): argc=%d cmd=%c sock_fd=%d "		CT_DEBUG("qtaguid: ctrl_tag(%s): argc=%d cmd=%c sock_fd=%d "
	"acct_tag=0x%llx uid=%u\n", input, argc, cmd, sock_fd,		"acct_tag=0x%llx uid=%u\n", input, argc, cmd, sock_fd,
	acct_tag, uid);		acct_tag, uid_int);
	if (argc < 2) {		if (argc < 2) {
	res = -EINVAL;		res = -EINVAL;
	goto err;		goto err;
	@@ -2221,7 +2233,7 @@ static int ctrl_cmd_tag(const char *input)
	pr_info("qtaguid: ctrl_tag(%s): failed to lookup"		pr_info("qtaguid: ctrl_tag(%s): failed to lookup"
	" sock_fd=%d err=%d pid=%u tgid=%u uid=%u\n",		" sock_fd=%d err=%d pid=%u tgid=%u uid=%u\n",
	input, sock_fd, res, current->pid, current->tgid,		input, sock_fd, res, current->pid, current->tgid,
	current_fsuid());		from_kuid(&init_user_ns, current_fsuid()));
	goto err;		goto err;
	}		}
	CT_DEBUG("qtaguid: ctrl_tag(%s): socket->...->f_count=%ld ->sk=%p\n",		CT_DEBUG("qtaguid: ctrl_tag(%s): socket->...->f_count=%ld ->sk=%p\n",
	@@ -2237,21 +2249,24 @@ static int ctrl_cmd_tag(const char *input)
	CT_DEBUG("qtaguid: ctrl_tag(%s): "		CT_DEBUG("qtaguid: ctrl_tag(%s): "
	"pid=%u tgid=%u uid=%u euid=%u fsuid=%u "		"pid=%u tgid=%u uid=%u euid=%u fsuid=%u "
	"ctrl.gid=%u in_group()=%d in_egroup()=%d\n",		"ctrl.gid=%u in_group()=%d in_egroup()=%d\n",
	input, current->pid, current->tgid, current_uid(),		input, current->pid, current->tgid,
	current_euid(), current_fsuid(),		from_kuid(&init_user_ns, current_uid()),
	xt_qtaguid_ctrl_file->gid,		from_kuid(&init_user_ns, current_euid()),
			from_kuid(&init_user_ns, current_fsuid()),
			from_kgid(&init_user_ns, xt_qtaguid_ctrl_file->gid),
	in_group_p(xt_qtaguid_ctrl_file->gid),		in_group_p(xt_qtaguid_ctrl_file->gid),
	in_egroup_p(xt_qtaguid_ctrl_file->gid));		in_egroup_p(xt_qtaguid_ctrl_file->gid));
	if (argc < 4) {		if (argc < 4) {
	uid = current_fsuid();		uid = current_fsuid();
			uid_int = from_kuid(&init_user_ns, uid);
	} else if (!can_impersonate_uid(uid)) {		} else if (!can_impersonate_uid(uid)) {
	pr_info("qtaguid: ctrl_tag(%s): "		pr_info("qtaguid: ctrl_tag(%s): "
	"insufficient priv from pid=%u tgid=%u uid=%u\n",		"insufficient priv from pid=%u tgid=%u uid=%u\n",
	input, current->pid, current->tgid, current_fsuid());		input, current->pid, current->tgid, from_kuid(&init_user_ns, current_fsuid()));
	res = -EPERM;		res = -EPERM;
	goto err_put;		goto err_put;
	}		}
	full_tag = combine_atag_with_uid(acct_tag, uid);		full_tag = combine_atag_with_uid(acct_tag, uid_int);

	spin_lock_bh(&sock_tag_list_lock);		spin_lock_bh(&sock_tag_list_lock);
	sock_tag_entry = get_sock_stat_nl(el_socket->sk);		sock_tag_entry = get_sock_stat_nl(el_socket->sk);
	@@ -2298,8 +2313,7 @@ static int ctrl_cmd_tag(const char *input)
	sock_tag_entry->sk = el_socket->sk;		sock_tag_entry->sk = el_socket->sk;
	sock_tag_entry->socket = el_socket;		sock_tag_entry->socket = el_socket;
	sock_tag_entry->pid = current->tgid;		sock_tag_entry->pid = current->tgid;
	sock_tag_entry->tag = combine_atag_with_uid(acct_tag,		sock_tag_entry->tag = combine_atag_with_uid(acct_tag, uid_int);
	uid);
	spin_lock_bh(&uid_tag_data_tree_lock);		spin_lock_bh(&uid_tag_data_tree_lock);
	pqd_entry = proc_qtu_data_tree_search(		pqd_entry = proc_qtu_data_tree_search(
	&proc_qtu_data_tree, current->tgid);		&proc_qtu_data_tree, current->tgid);
	@@ -2314,7 +2328,7 @@ static int ctrl_cmd_tag(const char *input)
	"User space forgot to open /dev/xt_qtaguid? "		"User space forgot to open /dev/xt_qtaguid? "
	"pid=%u tgid=%u uid=%u\n", __func__,		"pid=%u tgid=%u uid=%u\n", __func__,
	current->pid, current->tgid,		current->pid, current->tgid,
	current_fsuid());		from_kuid(&init_user_ns, current_fsuid()));
	else		else
	list_add(&sock_tag_entry->list,		list_add(&sock_tag_entry->list,
	&pqd_entry->sock_tag_list);		&pqd_entry->sock_tag_list);
	@@ -2369,7 +2383,7 @@ static int ctrl_cmd_untag(const char *input)
	pr_info("qtaguid: ctrl_untag(%s): failed to lookup"		pr_info("qtaguid: ctrl_untag(%s): failed to lookup"
	" sock_fd=%d err=%d pid=%u tgid=%u uid=%u\n",		" sock_fd=%d err=%d pid=%u tgid=%u uid=%u\n",
	input, sock_fd, res, current->pid, current->tgid,		input, sock_fd, res, current->pid, current->tgid,
	current_fsuid());		from_kuid(&init_user_ns, current_fsuid()));
	goto err;		goto err;
	}		}
	CT_DEBUG("qtaguid: ctrl_untag(%s): socket->...->f_count=%ld ->sk=%p\n",		CT_DEBUG("qtaguid: ctrl_untag(%s): socket->...->f_count=%ld ->sk=%p\n",
	@@ -2403,7 +2417,7 @@ static int ctrl_cmd_untag(const char *input)
	pr_warn_once("qtaguid: %s(): "		pr_warn_once("qtaguid: %s(): "
	"User space forgot to open /dev/xt_qtaguid? "		"User space forgot to open /dev/xt_qtaguid? "
	"pid=%u tgid=%u uid=%u\n", __func__,		"pid=%u tgid=%u uid=%u\n", __func__,
	current->pid, current->tgid, current_fsuid());		current->pid, current->tgid, from_kuid(&init_user_ns, current_fsuid()));
	else		else
	list_del(&sock_tag_entry->list);		list_del(&sock_tag_entry->list);
	spin_unlock_bh(&uid_tag_data_tree_lock);		spin_unlock_bh(&uid_tag_data_tree_lock);
	@@ -2446,7 +2460,7 @@ static ssize_t qtaguid_ctrl_parse(const char *input, size_t count)
	ssize_t res;		ssize_t res;

	CT_DEBUG("qtaguid: ctrl(%s): pid=%u tgid=%u uid=%u\n",		CT_DEBUG("qtaguid: ctrl(%s): pid=%u tgid=%u uid=%u\n",
	input, current->pid, current->tgid, current_fsuid());		input, current->pid, current->tgid, from_kuid(&init_user_ns, current_fsuid()));

	cmd = input[0];		cmd = input[0];
	/* Collect params for commands */		/* Collect params for commands */
	@@ -2528,14 +2542,15 @@ static int pp_stats_line(struct seq_file m, struct tag_stat ts_entry,
	uid_t stat_uid = get_uid_from_tag(tag);		uid_t stat_uid = get_uid_from_tag(tag);
	struct proc_print_info *ppi = m->private;		struct proc_print_info *ppi = m->private;
	/* Detailed tags are not available to everybody */		/* Detailed tags are not available to everybody */
	if (get_atag_from_tag(tag) && !can_read_other_uid_stats(stat_uid)) {		if (get_atag_from_tag(tag) && !can_read_other_uid_stats(
			make_kuid(&init_user_ns,stat_uid))) {
	CT_DEBUG("qtaguid: stats line: "		CT_DEBUG("qtaguid: stats line: "
	"%s 0x%llx %u: insufficient priv "		"%s 0x%llx %u: insufficient priv "
	"from pid=%u tgid=%u uid=%u stats.gid=%u\n",		"from pid=%u tgid=%u uid=%u stats.gid=%u\n",
	ppi->iface_entry->ifname,		ppi->iface_entry->ifname,
	get_atag_from_tag(tag), stat_uid,		get_atag_from_tag(tag), stat_uid,
	current->pid, current->tgid, current_fsuid(),		current->pid, current->tgid, from_kuid(&init_user_ns, current_fsuid()),
	xt_qtaguid_stats_file->gid);		from_kgid(&init_user_ns,xt_qtaguid_stats_file->gid));
	return 0;		return 0;
	}		}
	ppi->item_index++;		ppi->item_index++;
	@@ -2737,12 +2752,12 @@ static int qtudev_open(struct inode inode, struct file file)
	return 0;		return 0;

	DR_DEBUG("qtaguid: qtudev_open(): pid=%u tgid=%u uid=%u\n",		DR_DEBUG("qtaguid: qtudev_open(): pid=%u tgid=%u uid=%u\n",
	current->pid, current->tgid, current_fsuid());		current->pid, current->tgid, from_kuid(&init_user_ns, current_fsuid()));

	spin_lock_bh(&uid_tag_data_tree_lock);		spin_lock_bh(&uid_tag_data_tree_lock);

	/* Look for existing uid data, or alloc one. */		/* Look for existing uid data, or alloc one. */
	utd_entry = get_uid_data(current_fsuid(), &utd_entry_found);		utd_entry = get_uid_data(from_kuid(&init_user_ns, current_fsuid()), &utd_entry_found);
	if (IS_ERR_OR_NULL(utd_entry)) {		if (IS_ERR_OR_NULL(utd_entry)) {
	res = PTR_ERR(utd_entry);		res = PTR_ERR(utd_entry);
	goto err_unlock;		goto err_unlock;
	@@ -2754,7 +2769,7 @@ static int qtudev_open(struct inode inode, struct file file)
	if (pqd_entry) {		if (pqd_entry) {
	pr_err("qtaguid: qtudev_open(): %u/%u %u "		pr_err("qtaguid: qtudev_open(): %u/%u %u "
	"%s already opened\n",		"%s already opened\n",
	current->pid, current->tgid, current_fsuid(),		current->pid, current->tgid, from_kuid(&init_user_ns, current_fsuid()),
	QTU_DEV_NAME);		QTU_DEV_NAME);
	res = -EBUSY;		res = -EBUSY;
	goto err_unlock_free_utd;		goto err_unlock_free_utd;
	@@ -2764,7 +2779,7 @@ static int qtudev_open(struct inode inode, struct file file)
	if (!new_pqd_entry) {		if (!new_pqd_entry) {
	pr_err("qtaguid: qtudev_open(): %u/%u %u: "		pr_err("qtaguid: qtudev_open(): %u/%u %u: "
	"proc data alloc failed\n",		"proc data alloc failed\n",
	current->pid, current->tgid, current_fsuid());		current->pid, current->tgid, from_kuid(&init_user_ns, current_fsuid()));
	res = -ENOMEM;		res = -ENOMEM;
	goto err_unlock_free_utd;		goto err_unlock_free_utd;
	}		}
	@@ -2778,7 +2793,7 @@ static int qtudev_open(struct inode inode, struct file file)

	spin_unlock_bh(&uid_tag_data_tree_lock);		spin_unlock_bh(&uid_tag_data_tree_lock);
	DR_DEBUG("qtaguid: tracking data for uid=%u in pqd=%p\n",		DR_DEBUG("qtaguid: tracking data for uid=%u in pqd=%p\n",
	current_fsuid(), new_pqd_entry);		from_kuid(&init_user_ns, current_fsuid()), new_pqd_entry);
	file->private_data = new_pqd_entry;		file->private_data = new_pqd_entry;
	return 0;		return 0;