ipv4: Disallow non-namespace aware protocols to register. (547472b8) · Commits · e / devices / android_kernel_sony_msm8994

net/ipv4/af_inet.c

+0 −19

Original line number	Diff line number	Diff line
		@@ -263,21 +263,6 @@ void build_ehash_secret(void)
		}
		EXPORT_SYMBOL(build_ehash_secret);

		static inline int inet_netns_ok(struct net *net, __u8 protocol)
		{
		const struct net_protocol *ipprot;

		if (net_eq(net, &init_net))
		return 1;

		ipprot = rcu_dereference(inet_protos[protocol]);
		if (ipprot == NULL) {
		/* raw IP is OK */
		return 1;
		}
		return ipprot->netns_ok;
		}

		/*
		* Create an inet socket.
		*/
		@@ -350,10 +335,6 @@ lookup_protocol:
		!ns_capable(net->user_ns, CAP_NET_RAW))
		goto out_rcu_unlock;

		err = -EAFNOSUPPORT;
		if (!inet_netns_ok(net, protocol))
		goto out_rcu_unlock;

		sock->ops = answer->ops;
		answer_prot = answer->prot;
		answer_no_check = answer->no_check;

+0 −7

Original line number	Diff line number	Diff line
		@@ -208,13 +208,6 @@ static int ip_local_deliver_finish(struct sk_buff *skb)
		if (ipprot != NULL) {
		int ret;

		if (!net_eq(net, &init_net) && !ipprot->netns_ok) {
		net_info_ratelimited("%s: proto %d isn't netns-ready\n",
		__func__, protocol);
		kfree_skb(skb);
		goto out;
		}

		if (!ipprot->no_policy) {
		if (!xfrm4_policy_check(NULL, XFRM_POLICY_IN, skb)) {
		kfree_skb(skb);

+6 −0

Original line number	Diff line number	Diff line
		@@ -37,6 +37,12 @@ const struct net_offload __rcu *inet_offloads[MAX_INET_PROTOS] __read_mostly;

		int inet_add_protocol(const struct net_protocol *prot, unsigned char protocol)
		{
		if (!prot->netns_ok) {
		pr_err("Protocol %u is not namespace aware, cannot register.\n",
		protocol);
		return -EINVAL;
		}

		return !cmpxchg((const struct net_protocol **)&inet_protos[protocol],
		NULL, prot) ? 0 : -1;
		}