git: bb06a80cf60b - main - netinet[6]: make in[6]_control use ucred instead of td.

Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Alexander V. Chernikov <melifaro_at_FreeBSD.org>
Date: Sat, 01 Jul 2023 07:03:54 UTC
The branch main has been updated by melifaro:

URL: https://cgit.FreeBSD.org/src/commit/?id=bb06a80cf60b3afba459b72b2b2842898938fecf

commit bb06a80cf60b3afba459b72b2b2842898938fecf
Author:     Alexander V. Chernikov <melifaro@FreeBSD.org>
AuthorDate: 2023-06-29 07:02:46 +0000
Commit:     Alexander V. Chernikov <melifaro@FreeBSD.org>
CommitDate: 2023-07-01 06:52:24 +0000

    netinet[6]: make in[6]_control use ucred instead of td.
    
    Reviewed by:    markj, zlei
    Differential Revision: https://reviews.freebsd.org/D40793
    MFC after:      2 weeks
---
 sys/netinet/in.c          | 13 +++++++++----
 sys/netinet/in_var.h      |  3 +++
 sys/netinet6/in6.c        | 29 ++++++++++++++++++-----------
 sys/netinet6/in6_var.h    |  2 ++
 sys/netlink/route/iface.c |  8 ++++----
 5 files changed, 36 insertions(+), 19 deletions(-)

diff --git a/sys/netinet/in.c b/sys/netinet/in.c
index 6a5e3cb4ee6f..fa0d311bb563 100644
--- a/sys/netinet/in.c
+++ b/sys/netinet/in.c
@@ -325,8 +325,8 @@ in_socktrim(struct sockaddr_in *ap)
  * Generic internet control operations (ioctl's).
  */
 int
-in_control(struct socket *so, u_long cmd, void *data, struct ifnet *ifp,
-    struct thread *td)
+in_control_ioctl(u_long cmd, void *data, struct ifnet *ifp,
+    struct ucred *cred)
 {
 	struct ifreq *ifr = (struct ifreq *)data;
 	struct sockaddr_in *addr = (struct sockaddr_in *)&ifr->ifr_addr;
@@ -338,8 +338,6 @@ in_control(struct socket *so, u_long cmd, void *data, struct ifnet *ifp,
 	if (ifp == NULL)
 		return (EADDRNOTAVAIL);
 
-	struct ucred *cred = (td != NULL) ? td->td_ucred : NULL;
-
 	/*
 	 * Filter out 4 ioctls we implement directly.  Forward the rest
 	 * to specific functions and ifp->if_ioctl().
@@ -441,6 +439,13 @@ in_control(struct socket *so, u_long cmd, void *data, struct ifnet *ifp,
 	return (error);
 }
 
+int
+in_control(struct socket *so, u_long cmd, void *data, struct ifnet *ifp,
+    struct thread *td)
+{
+	return (in_control_ioctl(cmd, data, ifp, td ? td->td_ucred : NULL));
+}
+
 static int
 in_aifaddr_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, struct ucred *cred)
 {
diff --git a/sys/netinet/in_var.h b/sys/netinet/in_var.h
index 40955e26bd81..ded314bcfbc0 100644
--- a/sys/netinet/in_var.h
+++ b/sys/netinet/in_var.h
@@ -437,6 +437,7 @@ inm_rele_locked(struct in_multi_head *inmh, struct in_multi *inm)
 
 struct rib_head;
 struct	ip_moptions;
+struct ucred;
 
 struct in_multi *inm_lookup_locked(struct ifnet *, const struct in_addr);
 struct in_multi *inm_lookup(struct ifnet *, const struct in_addr);
@@ -458,6 +459,8 @@ int	in_leavegroup_locked(struct in_multi *,
 	    /*const*/ struct in_mfilter *);
 int	in_control(struct socket *, u_long, void *, struct ifnet *,
 	    struct thread *);
+int	in_control_ioctl(u_long, void *, struct ifnet *,
+	    struct ucred *);
 int	in_addprefix(struct in_ifaddr *);
 int	in_scrubprefix(struct in_ifaddr *, u_int);
 void	in_ifscrub_all(void);
diff --git a/sys/netinet6/in6.c b/sys/netinet6/in6.c
index 0ef640c5c4bf..24a2c20b0cca 100644
--- a/sys/netinet6/in6.c
+++ b/sys/netinet6/in6.c
@@ -249,8 +249,8 @@ struct in6_ndifreq32 {
 #endif
 
 int
-in6_control(struct socket *so, u_long cmd, void *data,
-    struct ifnet *ifp, struct thread *td)
+in6_control_ioctl(u_long cmd, void *data,
+    struct ifnet *ifp, struct ucred *cred)
 {
 	struct	in6_ifreq *ifr = (struct in6_ifreq *)data;
 	struct	in6_ifaddr *ia = NULL;
@@ -281,8 +281,8 @@ in6_control(struct socket *so, u_long cmd, void *data,
 	switch (cmd) {
 	case SIOCAADDRCTL_POLICY:
 	case SIOCDADDRCTL_POLICY:
-		if (td != NULL) {
-			error = priv_check(td, PRIV_NETINET_ADDRCTRL6);
+		if (cred != NULL) {
+			error = priv_check_cred(cred, PRIV_NETINET_ADDRCTRL6);
 			if (error)
 				return (error);
 		}
@@ -299,8 +299,8 @@ in6_control(struct socket *so, u_long cmd, void *data,
 	case SIOCSDEFIFACE_IN6:
 	case SIOCSIFINFO_FLAGS:
 	case SIOCSIFINFO_IN6:
-		if (td != NULL) {
-			error = priv_check(td, PRIV_NETINET_ND6);
+		if (cred != NULL) {
+			error = priv_check_cred(cred, PRIV_NETINET_ND6);
 			if (error)
 				return (error);
 		}
@@ -343,8 +343,8 @@ in6_control(struct socket *so, u_long cmd, void *data,
 
 	switch (cmd) {
 	case SIOCSSCOPE6:
-		if (td != NULL) {
-			error = priv_check(td, PRIV_NETINET_SCOPE6);
+		if (cred != NULL) {
+			error = priv_check_cred(cred, PRIV_NETINET_SCOPE6);
 			if (error)
 				return (error);
 		}
@@ -412,7 +412,7 @@ in6_control(struct socket *so, u_long cmd, void *data,
 			error = in6_setscope(&sa6->sin6_addr, ifp, NULL);
 		if (error != 0)
 			return (error);
-		if (td != NULL && (error = prison_check_ip6(td->td_ucred,
+		if (cred != NULL && (error = prison_check_ip6(cred,
 		    &sa6->sin6_addr)) != 0)
 			return (error);
 		sx_xlock(&in6_control_sx);
@@ -457,8 +457,8 @@ in6_control(struct socket *so, u_long cmd, void *data,
 			goto out;
 		}
 
-		if (td != NULL) {
-			error = priv_check(td, (cmd == SIOCDIFADDR_IN6) ?
+		if (cred != NULL) {
+			error = priv_check_cred(cred, (cmd == SIOCDIFADDR_IN6) ?
 			    PRIV_NET_DELIFADDR : PRIV_NET_ADDIFADDR);
 			if (error)
 				goto out;
@@ -596,6 +596,13 @@ out:
 	return (error);
 }
 
+int
+in6_control(struct socket *so, u_long cmd, void *data,
+    struct ifnet *ifp, struct thread *td)
+{
+	return (in6_control_ioctl(cmd, data, ifp, td ? td->td_ucred : NULL));
+}
+
 static struct in6_multi_mship *
 in6_joingroup_legacy(struct ifnet *ifp, const struct in6_addr *mcaddr,
     int *errorp, int delay)
diff --git a/sys/netinet6/in6_var.h b/sys/netinet6/in6_var.h
index 63dadf6b5207..f80fd80d98fe 100644
--- a/sys/netinet6/in6_var.h
+++ b/sys/netinet6/in6_var.h
@@ -838,6 +838,7 @@ struct ip6_moptions;
 struct sockopt;
 struct inpcbinfo;
 struct rib_head;
+struct ucred;
 
 /* Multicast KPIs. */
 int	im6o_mc_filter(const struct ip6_moptions *, const struct ifnet *,
@@ -862,6 +863,7 @@ int	ip6_setmoptions(struct inpcb *, struct sockopt *);
 int	in6_mask2len(struct in6_addr *, u_char *);
 int	in6_control(struct socket *, u_long, void *, struct ifnet *,
 	struct thread *);
+int	in6_control_ioctl(u_long, void *, struct ifnet *, struct ucred *);
 int	in6_update_ifa(struct ifnet *, struct in6_aliasreq *,
 	struct in6_ifaddr *, int);
 void	in6_prepare_ifra(struct in6_aliasreq *, const struct in6_addr *,
diff --git a/sys/netlink/route/iface.c b/sys/netlink/route/iface.c
index 0874b73a5c98..c32c22af23f6 100644
--- a/sys/netlink/route/iface.c
+++ b/sys/netlink/route/iface.c
@@ -1185,7 +1185,7 @@ handle_newaddr_inet(struct nlmsghdr *hdr, struct nl_parsed_ifa *attrs,
 	if (dst != NULL)
 		req.ifra_dstaddr = *dst;
 
-	return (in_control(NULL, SIOCAIFADDR, &req, ifp, curthread));
+	return (in_control_ioctl(SIOCAIFADDR, &req, ifp, nlp_get_cred(nlp)));
 }
 
 static int
@@ -1204,7 +1204,7 @@ handle_deladdr_inet(struct nlmsghdr *hdr, struct nl_parsed_ifa *attrs,
 
 	struct in_aliasreq req = { .ifra_addr = *addr };
 
-	return (in_control(NULL, SIOCDIFADDR, &req, ifp, curthread));
+	return (in_control_ioctl(SIOCDIFADDR, &req, ifp, nlp_get_cred(nlp)));
 }
 #endif
 
@@ -1269,7 +1269,7 @@ handle_newaddr_inet6(struct nlmsghdr *hdr, struct nl_parsed_ifa *attrs,
 	if (dst != NULL)
 		req.ifra_dstaddr = *dst;
 
-	return (in6_control(NULL, SIOCAIFADDR_IN6, &req, ifp, curthread));
+	return (in6_control_ioctl(SIOCAIFADDR_IN6, &req, ifp, nlp_get_cred(nlp)));
 }
 
 static int
@@ -1288,7 +1288,7 @@ handle_deladdr_inet6(struct nlmsghdr *hdr, struct nl_parsed_ifa *attrs,
 
 	struct in6_aliasreq req = { .ifra_addr = *addr };
 
-	return (in6_control(NULL, SIOCDIFADDR_IN6, &req, ifp, curthread));
+	return (in6_control_ioctl(SIOCDIFADDR_IN6, &req, ifp, nlp_get_cred(nlp)));
 }
 #endif