With this patch it's possible to use crypto user API form all
network namespaces, not only form the initial net ns.
Signed-off-by: Christian Langrock
---
crypto/crypto_user.c| 39 ++-
include/net/net_namespace.h | 1 +
2 files changed, 31 insertions(+), 9 deletions(-)
diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c
index 0dbe2be7..359ec2f 100644
--- a/crypto/crypto_user.c
+++ b/crypto/crypto_user.c
@@ -23,7 +23,7 @@
#include
#include
#include
-#include
+#include
#include
#include
#include
@@ -36,9 +36,6 @@
static DEFINE_MUTEX(crypto_cfg_mutex);
-/* The crypto netlink socket */
-static struct sock *crypto_nlsk;
-
struct crypto_dump_info {
struct sk_buff *in_skb;
struct sk_buff *out_skb;
@@ -257,6 +254,7 @@ static int crypto_report_alg(struct crypto_alg *alg,
static int crypto_report(struct sk_buff *in_skb, struct nlmsghdr *in_nlh,
struct nlattr **attrs)
{
+struct net *net = sock_net(in_skb->sk);
struct crypto_user_alg *p = nlmsg_data(in_nlh);
struct crypto_alg *alg;
struct sk_buff *skb;
@@ -288,7 +286,7 @@ static int crypto_report(struct sk_buff *in_skb,
struct nlmsghdr *in_nlh,
if (err)
return err;
-return nlmsg_unicast(crypto_nlsk, skb, NETLINK_CB(in_skb).portid);
+return nlmsg_unicast(net->crypto_nlsk, skb, NETLINK_CB(in_skb).portid);
}
static int crypto_dump_report(struct sk_buff *skb, struct
netlink_callback *cb)
@@ -486,6 +484,7 @@ static const struct crypto_link {
static int crypto_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh,
struct netlink_ext_ack *extack)
{
+struct net *net = sock_net(skb->sk);
struct nlattr *attrs[CRYPTOCFGA_MAX+1];
const struct crypto_link *link;
int type, err;
@@ -515,7 +514,7 @@ static int crypto_user_rcv_msg(struct sk_buff *skb,
struct nlmsghdr *nlh,
.done = link->done,
.min_dump_alloc = dump_alloc,
};
-err = netlink_dump_start(crypto_nlsk, skb, nlh, &c);
+err = netlink_dump_start(net->crypto_nlsk, skb, nlh, &c);
}
up_read(&crypto_alg_sem);
@@ -540,22 +539,44 @@ static void crypto_netlink_rcv(struct sk_buff *skb)
mutex_unlock(&crypto_cfg_mutex);
}
-static int __init crypto_user_init(void)
+static int __net_init crypto_user_net_init(struct net *net)
{
+struct sock *crypto_nlsk;
struct netlink_kernel_cfg cfg = {
.input= crypto_netlink_rcv,
};
-crypto_nlsk = netlink_kernel_create(&init_net, NETLINK_CRYPTO, &cfg);
+crypto_nlsk = netlink_kernel_create(net, NETLINK_CRYPTO, &cfg);
if (!crypto_nlsk)
return -ENOMEM;
+net->crypto_nlsk = crypto_nlsk;
+
+return 0;
+}
+
+static void __net_exit crypto_user_net_exit(struct net *net)
+{
+netlink_kernel_release(net->crypto_nlsk);
+net->crypto_nlsk = NULL;
+}
+
+static struct pernet_operations crypto_user_net_ops = {
+.init = crypto_user_net_init,
+.exit = crypto_user_net_exit,
+};
+
+
+static int __init crypto_user_init(void)
+{
+if (register_pernet_subsys(&crypto_user_net_ops))
+panic("crypto_user_init: cannot initialize crypto_user\n");
return 0;
}
static void __exit crypto_user_exit(void)
{
-netlink_kernel_release(crypto_nlsk);
+unregister_pernet_subsys(&crypto_user_net_ops);
}
module_init(crypto_user_init);
diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h
index 31a2b51..d5d831d 100644
--- a/include/net/net_namespace.h
+++ b/include/net/net_namespace.h
@@ -148,6 +148,7 @@ struct net {
#endif
struct sock*diag_nlsk;
atomic_tfnhe_genid;
+struct sock*crypto_nlsk;
};
#include
--
2.7.4
0x82EB6B5E.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature