From nobody Sat Jul 01 07:03:54 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QtNT71mkHz4lD0x; Sat, 1 Jul 2023 07:03:55 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4QtNT70v1nz3jbM; Sat, 1 Jul 2023 07:03:55 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1688195035; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=gBGFYtOJShKp/xG/j6yIXI24sb3FdeSkGhBLyLZQIz4=; b=KPA/+nuK5ge8/swbkkDH/ZJ+C9Fuj/8p8FLNnilkpCNLr3cN8z//o18vr1zcBCq8x3Ecc+ yrWPqXbkFxhE5jQetMVKFqAgG0AnEb2dlv0Q1faM57MtdDkrGITNjTsLp/bGm1+NFqcVZI EXFDvb3cA2EwFTa+PbMvgHBK5Nc0x5i1w4IvokIqOdNHXMTCP9f6bxtaRNMrV009kJO0G4 lzMIazhWgS3Wdvek7Tgm+riMA58dQ4KV+gUCThyXBeJXTAXGfidhVo8o7TNCxHQcpLutND rM/siyZ4iMUEthpqKTmebgHtOLSYsgbIhQl2avAG3iSXhEAoxXeHLJMbiGSM3g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1688195035; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=gBGFYtOJShKp/xG/j6yIXI24sb3FdeSkGhBLyLZQIz4=; b=lkEAF7Z7nPDYLmYoNwFONt1+pQJQyPOKnV1nyX+jVO77+EKK0hNBpTOMhXx3Yy0qcZlodH 9Tk8uQWCDHx2nTl9260SbpP9OyRgYYAlqiiBBHQB2d4g/mevFha5lEYUjxNpFtBFRS5Qxq 25iR9YlMAVjezlhMlgsn1VncnRKGfxVjHcL/kZcSa6BV005WHDcXvuiMBHlwT3IbxbLLjf r0h8Rf7Uv6a2OClOa3lYgK81+yQREbdVVRVesToOj4oLIpjsbOwNAcc80N4Ush4ADWA4ii Vl1+t49qpf3zdfExmuV2rz2SG43PIqCAwdgbjZoUPY4g16r8rStoE0TQhIWrag== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1688195035; a=rsa-sha256; cv=none; b=YQPb0RyzIOHkt3A7xnmdpAT4of0igbDKOr/Yj3V6Qm/LdH85hg+Uesh2A+Yt+JpXze+kiz U/dy00208330ECmi31HGU8Xl9vR2SWxJT0KNGhtzh5GRq2XT5ly87GMlo7lt2ZWHn7LNuH 3if/EIiLSPmdq9I7GlTKrb1txYGfHgSY2jNhglTx4wyW0hlhkpkr01VijTh+RhRk+8MU0b 7ZGRjTyUj0v5y7fXtBUd4TZtEezCYMxWejDwUZBebZ/fYZzAZ2UNPupIPgqZIAhig9GRm9 3qViDXYh1QgSdJTAFkByoH0qT8iPhquDrkdHaVZLXlEhmYTZ54dOHl6vIJAF1w== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4QtNT673vBzGp6; Sat, 1 Jul 2023 07:03:54 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 36173soW042707; Sat, 1 Jul 2023 07:03:54 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 36173snk042706; Sat, 1 Jul 2023 07:03:54 GMT (envelope-from git) Date: Sat, 1 Jul 2023 07:03:54 GMT Message-Id: <202307010703.36173snk042706@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: "Alexander V. Chernikov" Subject: git: bb06a80cf60b - main - netinet[6]: make in[6]_control use ucred instead of td. List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: melifaro X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: bb06a80cf60b3afba459b72b2b2842898938fecf Auto-Submitted: auto-generated X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by melifaro: URL: https://cgit.FreeBSD.org/src/commit/?id=bb06a80cf60b3afba459b72b2b2842898938fecf commit bb06a80cf60b3afba459b72b2b2842898938fecf Author: Alexander V. Chernikov AuthorDate: 2023-06-29 07:02:46 +0000 Commit: Alexander V. Chernikov CommitDate: 2023-07-01 06:52:24 +0000 netinet[6]: make in[6]_control use ucred instead of td. Reviewed by: markj, zlei Differential Revision: https://reviews.freebsd.org/D40793 MFC after: 2 weeks --- sys/netinet/in.c | 13 +++++++++---- sys/netinet/in_var.h | 3 +++ sys/netinet6/in6.c | 29 ++++++++++++++++++----------- sys/netinet6/in6_var.h | 2 ++ sys/netlink/route/iface.c | 8 ++++---- 5 files changed, 36 insertions(+), 19 deletions(-) diff --git a/sys/netinet/in.c b/sys/netinet/in.c index 6a5e3cb4ee6f..fa0d311bb563 100644 --- a/sys/netinet/in.c +++ b/sys/netinet/in.c @@ -325,8 +325,8 @@ in_socktrim(struct sockaddr_in *ap) * Generic internet control operations (ioctl's). */ int -in_control(struct socket *so, u_long cmd, void *data, struct ifnet *ifp, - struct thread *td) +in_control_ioctl(u_long cmd, void *data, struct ifnet *ifp, + struct ucred *cred) { struct ifreq *ifr = (struct ifreq *)data; struct sockaddr_in *addr = (struct sockaddr_in *)&ifr->ifr_addr; @@ -338,8 +338,6 @@ in_control(struct socket *so, u_long cmd, void *data, struct ifnet *ifp, if (ifp == NULL) return (EADDRNOTAVAIL); - struct ucred *cred = (td != NULL) ? td->td_ucred : NULL; - /* * Filter out 4 ioctls we implement directly. Forward the rest * to specific functions and ifp->if_ioctl(). @@ -441,6 +439,13 @@ in_control(struct socket *so, u_long cmd, void *data, struct ifnet *ifp, return (error); } +int +in_control(struct socket *so, u_long cmd, void *data, struct ifnet *ifp, + struct thread *td) +{ + return (in_control_ioctl(cmd, data, ifp, td ? td->td_ucred : NULL)); +} + static int in_aifaddr_ioctl(u_long cmd, caddr_t data, struct ifnet *ifp, struct ucred *cred) { diff --git a/sys/netinet/in_var.h b/sys/netinet/in_var.h index 40955e26bd81..ded314bcfbc0 100644 --- a/sys/netinet/in_var.h +++ b/sys/netinet/in_var.h @@ -437,6 +437,7 @@ inm_rele_locked(struct in_multi_head *inmh, struct in_multi *inm) struct rib_head; struct ip_moptions; +struct ucred; struct in_multi *inm_lookup_locked(struct ifnet *, const struct in_addr); struct in_multi *inm_lookup(struct ifnet *, const struct in_addr); @@ -458,6 +459,8 @@ int in_leavegroup_locked(struct in_multi *, /*const*/ struct in_mfilter *); int in_control(struct socket *, u_long, void *, struct ifnet *, struct thread *); +int in_control_ioctl(u_long, void *, struct ifnet *, + struct ucred *); int in_addprefix(struct in_ifaddr *); int in_scrubprefix(struct in_ifaddr *, u_int); void in_ifscrub_all(void); diff --git a/sys/netinet6/in6.c b/sys/netinet6/in6.c index 0ef640c5c4bf..24a2c20b0cca 100644 --- a/sys/netinet6/in6.c +++ b/sys/netinet6/in6.c @@ -249,8 +249,8 @@ struct in6_ndifreq32 { #endif int -in6_control(struct socket *so, u_long cmd, void *data, - struct ifnet *ifp, struct thread *td) +in6_control_ioctl(u_long cmd, void *data, + struct ifnet *ifp, struct ucred *cred) { struct in6_ifreq *ifr = (struct in6_ifreq *)data; struct in6_ifaddr *ia = NULL; @@ -281,8 +281,8 @@ in6_control(struct socket *so, u_long cmd, void *data, switch (cmd) { case SIOCAADDRCTL_POLICY: case SIOCDADDRCTL_POLICY: - if (td != NULL) { - error = priv_check(td, PRIV_NETINET_ADDRCTRL6); + if (cred != NULL) { + error = priv_check_cred(cred, PRIV_NETINET_ADDRCTRL6); if (error) return (error); } @@ -299,8 +299,8 @@ in6_control(struct socket *so, u_long cmd, void *data, case SIOCSDEFIFACE_IN6: case SIOCSIFINFO_FLAGS: case SIOCSIFINFO_IN6: - if (td != NULL) { - error = priv_check(td, PRIV_NETINET_ND6); + if (cred != NULL) { + error = priv_check_cred(cred, PRIV_NETINET_ND6); if (error) return (error); } @@ -343,8 +343,8 @@ in6_control(struct socket *so, u_long cmd, void *data, switch (cmd) { case SIOCSSCOPE6: - if (td != NULL) { - error = priv_check(td, PRIV_NETINET_SCOPE6); + if (cred != NULL) { + error = priv_check_cred(cred, PRIV_NETINET_SCOPE6); if (error) return (error); } @@ -412,7 +412,7 @@ in6_control(struct socket *so, u_long cmd, void *data, error = in6_setscope(&sa6->sin6_addr, ifp, NULL); if (error != 0) return (error); - if (td != NULL && (error = prison_check_ip6(td->td_ucred, + if (cred != NULL && (error = prison_check_ip6(cred, &sa6->sin6_addr)) != 0) return (error); sx_xlock(&in6_control_sx); @@ -457,8 +457,8 @@ in6_control(struct socket *so, u_long cmd, void *data, goto out; } - if (td != NULL) { - error = priv_check(td, (cmd == SIOCDIFADDR_IN6) ? + if (cred != NULL) { + error = priv_check_cred(cred, (cmd == SIOCDIFADDR_IN6) ? PRIV_NET_DELIFADDR : PRIV_NET_ADDIFADDR); if (error) goto out; @@ -596,6 +596,13 @@ out: return (error); } +int +in6_control(struct socket *so, u_long cmd, void *data, + struct ifnet *ifp, struct thread *td) +{ + return (in6_control_ioctl(cmd, data, ifp, td ? td->td_ucred : NULL)); +} + static struct in6_multi_mship * in6_joingroup_legacy(struct ifnet *ifp, const struct in6_addr *mcaddr, int *errorp, int delay) diff --git a/sys/netinet6/in6_var.h b/sys/netinet6/in6_var.h index 63dadf6b5207..f80fd80d98fe 100644 --- a/sys/netinet6/in6_var.h +++ b/sys/netinet6/in6_var.h @@ -838,6 +838,7 @@ struct ip6_moptions; struct sockopt; struct inpcbinfo; struct rib_head; +struct ucred; /* Multicast KPIs. */ int im6o_mc_filter(const struct ip6_moptions *, const struct ifnet *, @@ -862,6 +863,7 @@ int ip6_setmoptions(struct inpcb *, struct sockopt *); int in6_mask2len(struct in6_addr *, u_char *); int in6_control(struct socket *, u_long, void *, struct ifnet *, struct thread *); +int in6_control_ioctl(u_long, void *, struct ifnet *, struct ucred *); int in6_update_ifa(struct ifnet *, struct in6_aliasreq *, struct in6_ifaddr *, int); void in6_prepare_ifra(struct in6_aliasreq *, const struct in6_addr *, diff --git a/sys/netlink/route/iface.c b/sys/netlink/route/iface.c index 0874b73a5c98..c32c22af23f6 100644 --- a/sys/netlink/route/iface.c +++ b/sys/netlink/route/iface.c @@ -1185,7 +1185,7 @@ handle_newaddr_inet(struct nlmsghdr *hdr, struct nl_parsed_ifa *attrs, if (dst != NULL) req.ifra_dstaddr = *dst; - return (in_control(NULL, SIOCAIFADDR, &req, ifp, curthread)); + return (in_control_ioctl(SIOCAIFADDR, &req, ifp, nlp_get_cred(nlp))); } static int @@ -1204,7 +1204,7 @@ handle_deladdr_inet(struct nlmsghdr *hdr, struct nl_parsed_ifa *attrs, struct in_aliasreq req = { .ifra_addr = *addr }; - return (in_control(NULL, SIOCDIFADDR, &req, ifp, curthread)); + return (in_control_ioctl(SIOCDIFADDR, &req, ifp, nlp_get_cred(nlp))); } #endif @@ -1269,7 +1269,7 @@ handle_newaddr_inet6(struct nlmsghdr *hdr, struct nl_parsed_ifa *attrs, if (dst != NULL) req.ifra_dstaddr = *dst; - return (in6_control(NULL, SIOCAIFADDR_IN6, &req, ifp, curthread)); + return (in6_control_ioctl(SIOCAIFADDR_IN6, &req, ifp, nlp_get_cred(nlp))); } static int @@ -1288,7 +1288,7 @@ handle_deladdr_inet6(struct nlmsghdr *hdr, struct nl_parsed_ifa *attrs, struct in6_aliasreq req = { .ifra_addr = *addr }; - return (in6_control(NULL, SIOCDIFADDR_IN6, &req, ifp, curthread)); + return (in6_control_ioctl(SIOCDIFADDR_IN6, &req, ifp, nlp_get_cred(nlp))); } #endif