With this patch it's possible to use crypto user API form all network namespaces, not only form the initial net ns.
Signed-off-by: Christian Langrock <christian.langr...@secunet.com>
---
crypto/crypto_user.c | 39 ++++++++++++++++++++++++++++++---------
include/net/net_namespace.h | 1 +
2 files changed, 31 insertions(+), 9 deletions(-)
diff --git a/crypto/crypto_user.c b/crypto/crypto_user.c
index 0dbe2be7..359ec2f 100644
--- a/crypto/crypto_user.c
+++ b/crypto/crypto_user.c
@@ -23,7 +23,7 @@
#include <linux/cryptouser.h>
#include <linux/sched.h>
#include <net/netlink.h>
-#include <linux/security.h>
+#include <net/sock.h>
#include <net/net_namespace.h>
#include <crypto/internal/skcipher.h>
#include <crypto/internal/rng.h>
@@ -36,9 +36,6 @@
static DEFINE_MUTEX(crypto_cfg_mutex);
-/* The crypto netlink socket */
-static struct sock *crypto_nlsk;
-
struct crypto_dump_info {
struct sk_buff *in_skb;
struct sk_buff *out_skb;
@@ -257,6 +254,7 @@ static int crypto_report_alg(struct crypto_alg *alg,
static int crypto_report(struct sk_buff *in_skb, struct nlmsghdr *in_nlh,
struct nlattr **attrs)
{
+ struct net *net = sock_net(in_skb->sk);
struct crypto_user_alg *p = nlmsg_data(in_nlh);
struct crypto_alg *alg;
struct sk_buff *skb;
@@ -288,7 +286,7 @@ static int crypto_report(struct sk_buff *in_skb,
struct nlmsghdr *in_nlh,
if (err)
return err;
- return nlmsg_unicast(crypto_nlsk, skb, NETLINK_CB(in_skb).portid);
+ return nlmsg_unicast(net->crypto_nlsk, skb, NETLINK_CB(in_skb).portid);
}
static int crypto_dump_report(struct sk_buff *skb, struct
netlink_callback *cb)
@@ -486,6 +484,7 @@ static const struct crypto_link {
static int crypto_user_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh,
struct netlink_ext_ack *extack)
{
+ struct net *net = sock_net(skb->sk);
struct nlattr *attrs[CRYPTOCFGA_MAX+1];
const struct crypto_link *link;
int type, err;
@@ -515,7 +514,7 @@ static int crypto_user_rcv_msg(struct sk_buff *skb,
struct nlmsghdr *nlh,
.done = link->done,
.min_dump_alloc = dump_alloc,
};
- err = netlink_dump_start(crypto_nlsk, skb, nlh, &c);
+ err = netlink_dump_start(net->crypto_nlsk, skb, nlh, &c);
}
up_read(&crypto_alg_sem);
@@ -540,22 +539,44 @@ static void crypto_netlink_rcv(struct sk_buff *skb)
mutex_unlock(&crypto_cfg_mutex);
}
-static int __init crypto_user_init(void)
+static int __net_init crypto_user_net_init(struct net *net)
{
+ struct sock *crypto_nlsk;
struct netlink_kernel_cfg cfg = {
.input = crypto_netlink_rcv,
};
- crypto_nlsk = netlink_kernel_create(&init_net, NETLINK_CRYPTO, &cfg);
+ crypto_nlsk = netlink_kernel_create(net, NETLINK_CRYPTO, &cfg);
if (!crypto_nlsk)
return -ENOMEM;
+ net->crypto_nlsk = crypto_nlsk;
+
+ return 0;
+}
+
+static void __net_exit crypto_user_net_exit(struct net *net)
+{
+ netlink_kernel_release(net->crypto_nlsk);
+ net->crypto_nlsk = NULL;
+}
+
+static struct pernet_operations crypto_user_net_ops = {
+ .init = crypto_user_net_init,
+ .exit = crypto_user_net_exit,
+};
+
+
+static int __init crypto_user_init(void)
+{
+ if (register_pernet_subsys(&crypto_user_net_ops))
+ panic("crypto_user_init: cannot initialize crypto_user\n");
return 0;
}
static void __exit crypto_user_exit(void)
{
- netlink_kernel_release(crypto_nlsk);
+ unregister_pernet_subsys(&crypto_user_net_ops);
}
module_init(crypto_user_init);
diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h
index 31a2b51..d5d831d 100644
--- a/include/net/net_namespace.h
+++ b/include/net/net_namespace.h
@@ -148,6 +148,7 @@ struct net {
#endif
struct sock *diag_nlsk;
atomic_t fnhe_genid;
+ struct sock *crypto_nlsk;
};
#include <linux/seq_file_net.h>
--
2.7.4
0x82EB6B5E.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
