netlink: kill eff_cap from struct netlink_skb_parms

kaber · davem330 · commit 01a16b21d6ad · 2011-03-03T13:32:07.000-08:00
Netlink message processing in the kernel is synchronous these days,
capabilities can be checked directly in security_netlink_recv() from
the current process.

Signed-off-by: Patrick McHardy &lt;kaber@trash.net&gt;
Reviewed-by: James Morris &lt;jmorris@namei.org&gt;
[chrisw: update to include pohmelfs and uvesafb]
Signed-off-by: Chris Wright &lt;chrisw@sous-sol.org&gt;
Signed-off-by: David S. Miller &lt;davem@davemloft.net&gt;
diff --git a/drivers/block/drbd/drbd_nl.c b/drivers/block/drbd/drbd_nl.c
@@ -2177,7 +2177,7 @@ static void drbd_connector_callback(struct cn_msg *req, struct netlink_skb_parms
 		return;
 	}
 
-	if (!cap_raised(nsp->eff_cap, CAP_SYS_ADMIN)) {
+	if (!cap_raised(current_cap(), CAP_SYS_ADMIN)) {
 		retcode = ERR_PERM;
 		goto fail;
 	}
diff --git a/drivers/md/dm-log-userspace-transfer.c b/drivers/md/dm-log-userspace-transfer.c
@@ -134,7 +134,7 @@ static void cn_ulog_callback(struct cn_msg *msg, struct netlink_skb_parms *nsp)
 {
 	struct dm_ulog_request *tfr = (struct dm_ulog_request *)(msg + 1);
 
-	if (!cap_raised(nsp->eff_cap, CAP_SYS_ADMIN))
+	if (!cap_raised(current_cap(), CAP_SYS_ADMIN))
 		return;
 
 	spin_lock(&receiving_list_lock);
diff --git a/drivers/staging/pohmelfs/config.c b/drivers/staging/pohmelfs/config.c
@@ -525,7 +525,7 @@ static void pohmelfs_cn_callback(struct cn_msg *msg, struct netlink_skb_parms *n
 {
 	int err;
 
-	if (!cap_raised(nsp->eff_cap, CAP_SYS_ADMIN))
+	if (!cap_raised(current_cap(), CAP_SYS_ADMIN))
 		return;
 
 	switch (msg->flags) {
diff --git a/drivers/video/uvesafb.c b/drivers/video/uvesafb.c
@@ -73,7 +73,7 @@ static void uvesafb_cn_callback(struct cn_msg *msg, struct netlink_skb_parms *ns
 	struct uvesafb_task *utask;
 	struct uvesafb_ktask *task;
 
-	if (!cap_raised(nsp->eff_cap, CAP_SYS_ADMIN))
+	if (!cap_raised(current_cap(), CAP_SYS_ADMIN))
 		return;
 
 	if (msg->seq >= UVESAFB_TASKS_MAX)
diff --git a/include/linux/netlink.h b/include/linux/netlink.h
@@ -160,7 +160,6 @@ struct netlink_skb_parms {
 	struct ucred		creds;		/* Skb credentials	*/
 	__u32			pid;
 	__u32			dst_group;
-	kernel_cap_t		eff_cap;
 };
 
 #define NETLINK_CB(skb)		(*(struct netlink_skb_parms*)&((skb)->cb))
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
@@ -1364,12 +1364,6 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock,
 	NETLINK_CB(skb).dst_group = dst_group;
 	memcpy(NETLINK_CREDS(skb), &siocb->scm->creds, sizeof(struct ucred));
 
-	/* What can I do? Netlink is asynchronous, so that
-	   we will have to save current capabilities to
-	   check them, when this message will be delivered
-	   to corresponding kernel module.   --ANK (980802)
-	 */
-
 	err = -EFAULT;
 	if (memcpy_fromiovec(skb_put(skb, len), msg->msg_iov, len)) {
 		kfree_skb(skb);
diff --git a/security/commoncap.c b/security/commoncap.c
@@ -52,13 +52,12 @@ static void warn_setuid_and_fcaps_mixed(const char *fname)
 
 int cap_netlink_send(struct sock *sk, struct sk_buff *skb)
 {
-	NETLINK_CB(skb).eff_cap = current_cap();
 	return 0;
 }
 
 int cap_netlink_recv(struct sk_buff *skb, int cap)
 {
-	if (!cap_raised(NETLINK_CB(skb).eff_cap, cap))
+	if (!cap_raised(current_cap(), cap))
 		return -EPERM;
 	return 0;
 }

Original file line number	Diff line number	Diff line change
`@@ -2177,7 +2177,7 @@ static void drbd_connector_callback(struct cn_msg *req, struct netlink_skb_parms`
`2177`	`2177`	`return;`
`2178`	`2178`	`}`
`2179`	`2179`
`2180`		`- if (!cap_raised(nsp->eff_cap, CAP_SYS_ADMIN)) {`
	`2180`	`+ if (!cap_raised(current_cap(), CAP_SYS_ADMIN)) {`
`2181`	`2181`	`retcode = ERR_PERM;`
`2182`	`2182`	`goto fail;`
`2183`	`2183`	`}`
Original file line number	Diff line number	Diff line change
`@@ -134,7 +134,7 @@ static void cn_ulog_callback(struct cn_msg msg, struct netlink_skb_parms nsp)`
`134`	`134`	`{`
`135`	`135`	`struct dm_ulog_request tfr = (struct dm_ulog_request )(msg + 1);`
`136`	`136`
`137`		`- if (!cap_raised(nsp->eff_cap, CAP_SYS_ADMIN))`
	`137`	`+ if (!cap_raised(current_cap(), CAP_SYS_ADMIN))`
`138`	`138`	`return;`
`139`	`139`
`140`	`140`	`spin_lock(&receiving_list_lock);`
Original file line number	Diff line number	Diff line change
`@@ -525,7 +525,7 @@ static void pohmelfs_cn_callback(struct cn_msg msg, struct netlink_skb_parms n`
`525`	`525`	`{`
`526`	`526`	`int err;`
`527`	`527`
`528`		`- if (!cap_raised(nsp->eff_cap, CAP_SYS_ADMIN))`
	`528`	`+ if (!cap_raised(current_cap(), CAP_SYS_ADMIN))`
`529`	`529`	`return;`
`530`	`530`
`531`	`531`	`switch (msg->flags) {`
Original file line number	Diff line number	Diff line change
`@@ -52,13 +52,12 @@ static void warn_setuid_and_fcaps_mixed(const char *fname)`
`52`	`52`
`53`	`53`	`int cap_netlink_send(struct sock sk, struct sk_buff skb)`
`54`	`54`	`{`
`55`		`- NETLINK_CB(skb).eff_cap = current_cap();`
`56`	`55`	`return 0;`
`57`	`56`	`}`
`58`	`57`
`59`	`58`	`int cap_netlink_recv(struct sk_buff *skb, int cap)`
`60`	`59`	`{`
`61`		`- if (!cap_raised(NETLINK_CB(skb).eff_cap, cap))`
	`60`	`+ if (!cap_raised(current_cap(), cap))`
`62`	`61`	`return -EPERM;`
`63`	`62`	`return 0;`
`64`	`63`	`}`