#include <linux/kernel.h>
#include <linux/major.h>
#include <linux/slab.h>
-#include <linux/smp_lock.h>
#include <linux/poll.h>
#include <linux/fcntl.h>
#include <linux/init.h>
#include <linux/miscdevice.h>
#include <linux/ethtool.h>
#include <linux/rtnetlink.h>
+#include <linux/compat.h>
#include <linux/if.h>
#include <linux/if_arp.h>
#include <linux/if_ether.h>
uid_t owner;
gid_t group;
- struct sk_buff_head readq;
-
struct net_device *dev;
struct fasync_struct *fasync;
struct tap_filter txflt;
- struct sock *sk;
struct socket socket;
#ifdef TUN_DEBUG
static int tun_attach(struct tun_struct *tun, struct file *file)
{
struct tun_file *tfile = file->private_data;
- const struct cred *cred = current_cred();
int err;
ASSERT_RTNL();
- /* Check permissions */
- if (((tun->owner != -1 && cred->euid != tun->owner) ||
- (tun->group != -1 && !in_egroup_p(tun->group))) &&
- !capable(CAP_NET_ADMIN))
- return -EPERM;
-
netif_tx_lock_bh(tun->dev);
err = -EINVAL;
tfile->tun = tun;
tun->tfile = tfile;
dev_hold(tun->dev);
- sock_hold(tun->sk);
+ sock_hold(tun->socket.sk);
atomic_inc(&tfile->count);
out:
netif_tx_unlock_bh(tun->dev);
/* Drop read queue */
- skb_queue_purge(&tun->readq);
+ skb_queue_purge(&tun->socket.sk->sk_receive_queue);
/* Drop the extra count on the net device */
dev_put(tun->dev);
{
struct tun_struct *tun = netdev_priv(dev);
- sock_put(tun->sk);
+ sock_put(tun->socket.sk);
}
/* Net device open. */
if (!check_filter(&tun->txflt, skb))
goto drop;
- if (skb_queue_len(&tun->readq) >= dev->tx_queue_len) {
+ if (skb_queue_len(&tun->socket.sk->sk_receive_queue) >= dev->tx_queue_len) {
if (!(tun->flags & TUN_ONE_QUEUE)) {
/* Normal queueing mode. */
/* Packet scheduler handles dropping of further packets. */
}
/* Enqueue packet */
- skb_queue_tail(&tun->readq, skb);
+ skb_queue_tail(&tun->socket.sk->sk_receive_queue, skb);
dev->trans_start = jiffies;
/* Notify and wake up reader process */
if (!tun)
return POLLERR;
- sk = tun->sk;
+ sk = tun->socket.sk;
DBG(KERN_INFO "%s: tun_chr_poll\n", tun->dev->name);
poll_wait(file, &tun->socket.wait, wait);
- if (!skb_queue_empty(&tun->readq))
+ if (!skb_queue_empty(&sk->sk_receive_queue))
mask |= POLLIN | POLLRDNORM;
if (sock_writeable(sk) ||
size_t prepad, size_t len,
size_t linear, int noblock)
{
- struct sock *sk = tun->sk;
+ struct sock *sk = tun->socket.sk;
struct sk_buff *skb;
int err;
current->state = TASK_INTERRUPTIBLE;
/* Read frames from the queue */
- if (!(skb=skb_dequeue(&tun->readq))) {
+ if (!(skb=skb_dequeue(&tun->socket.sk->sk_receive_queue))) {
if (file->f_flags & O_NONBLOCK) {
ret = -EAGAIN;
break;
{
struct tun_struct *tun = netdev_priv(dev);
- skb_queue_head_init(&tun->readq);
-
tun->owner = -1;
tun->group = -1;
if (sk->sk_sleep && waitqueue_active(sk->sk_sleep))
wake_up_interruptible_sync(sk->sk_sleep);
- tun = container_of(sk, struct tun_sock, sk)->tun;
+ tun = tun_sk(sk)->tun;
kill_fasync(&tun->fasync, SIGIO, POLL_OUT);
}
static void tun_sock_destruct(struct sock *sk)
{
- free_netdev(container_of(sk, struct tun_sock, sk)->tun->dev);
+ free_netdev(tun_sk(sk)->tun->dev);
}
static struct proto tun_proto = {
dev = __dev_get_by_name(net, ifr->ifr_name);
if (dev) {
+ const struct cred *cred = current_cred();
+
if (ifr->ifr_flags & IFF_TUN_EXCL)
return -EBUSY;
if ((ifr->ifr_flags & IFF_TUN) && dev->netdev_ops == &tun_netdev_ops)
else
return -EINVAL;
+ if (((tun->owner != -1 && cred->euid != tun->owner) ||
+ (tun->group != -1 && !in_egroup_p(tun->group))) &&
+ !capable(CAP_NET_ADMIN))
+ return -EPERM;
+ err = security_tun_dev_attach(tun->socket.sk);
+ if (err < 0)
+ return err;
+
err = tun_attach(tun, file);
if (err < 0)
return err;
char *name;
unsigned long flags = 0;
- err = -EINVAL;
-
if (!capable(CAP_NET_ADMIN))
return -EPERM;
+ err = security_tun_dev_create();
+ if (err < 0)
+ return err;
/* Set dev type */
if (ifr->ifr_flags & IFF_TUN) {
flags |= TUN_TAP_DEV;
name = "tap%d";
} else
- goto failed;
+ return -EINVAL;
if (*ifr->ifr_name)
name = ifr->ifr_name;
sk->sk_write_space = tun_sock_write_space;
sk->sk_sndbuf = INT_MAX;
- tun->sk = sk;
- container_of(sk, struct tun_sock, sk)->tun = tun;
+ tun_sk(sk)->tun = tun;
+
+ security_tun_dev_post_create(sk);
tun_net_init(dev);
return 0;
}
-static long tun_chr_ioctl(struct file *file, unsigned int cmd,
- unsigned long arg)
+static long __tun_chr_ioctl(struct file *file, unsigned int cmd,
+ unsigned long arg, int ifreq_len)
{
struct tun_file *tfile = file->private_data;
struct tun_struct *tun;
int ret;
if (cmd == TUNSETIFF || _IOC_TYPE(cmd) == 0x89)
- if (copy_from_user(&ifr, argp, sizeof ifr))
+ if (copy_from_user(&ifr, argp, ifreq_len))
return -EFAULT;
if (cmd == TUNGETFEATURES) {
if (ret)
goto unlock;
- if (copy_to_user(argp, &ifr, sizeof(ifr)))
+ if (copy_to_user(argp, &ifr, ifreq_len))
ret = -EFAULT;
goto unlock;
}
if (ret)
break;
- if (copy_to_user(argp, &ifr, sizeof(ifr)))
+ if (copy_to_user(argp, &ifr, ifreq_len))
ret = -EFAULT;
break;
/* Get hw addres */
memcpy(ifr.ifr_hwaddr.sa_data, tun->dev->dev_addr, ETH_ALEN);
ifr.ifr_hwaddr.sa_family = tun->dev->type;
- if (copy_to_user(argp, &ifr, sizeof ifr))
+ if (copy_to_user(argp, &ifr, ifreq_len))
ret = -EFAULT;
break;
break;
case TUNGETSNDBUF:
- sndbuf = tun->sk->sk_sndbuf;
+ sndbuf = tun->socket.sk->sk_sndbuf;
if (copy_to_user(argp, &sndbuf, sizeof(sndbuf)))
ret = -EFAULT;
break;
break;
}
- tun->sk->sk_sndbuf = sndbuf;
+ tun->socket.sk->sk_sndbuf = sndbuf;
break;
default:
return ret;
}
+static long tun_chr_ioctl(struct file *file,
+ unsigned int cmd, unsigned long arg)
+{
+ return __tun_chr_ioctl(file, cmd, arg, sizeof (struct ifreq));
+}
+
+#ifdef CONFIG_COMPAT
+static long tun_chr_compat_ioctl(struct file *file,
+ unsigned int cmd, unsigned long arg)
+{
+ switch (cmd) {
+ case TUNSETIFF:
+ case TUNGETIFF:
+ case TUNSETTXFILTER:
+ case TUNGETSNDBUF:
+ case TUNSETSNDBUF:
+ case SIOCGIFHWADDR:
+ case SIOCSIFHWADDR:
+ arg = (unsigned long)compat_ptr(arg);
+ break;
+ default:
+ arg = (compat_ulong_t)arg;
+ break;
+ }
+
+ /*
+ * compat_ifreq is shorter than ifreq, so we must not access beyond
+ * the end of that structure. All fields that are used in this
+ * driver are compatible though, we don't need to convert the
+ * contents.
+ */
+ return __tun_chr_ioctl(file, cmd, arg, sizeof(struct compat_ifreq));
+}
+#endif /* CONFIG_COMPAT */
+
static int tun_chr_fasync(int fd, struct file *file, int on)
{
struct tun_struct *tun = tun_get(file);
DBG(KERN_INFO "%s: tun_chr_fasync %d\n", tun->dev->name, on);
- lock_kernel();
if ((ret = fasync_helper(fd, file, on, &tun->fasync)) < 0)
goto out;
tun->flags &= ~TUN_FASYNC;
ret = 0;
out:
- unlock_kernel();
tun_put(tun);
return ret;
}
static int tun_chr_open(struct inode *inode, struct file * file)
{
struct tun_file *tfile;
- cycle_kernel_lock();
+
DBG1(KERN_INFO "tunX: tun_chr_open\n");
tfile = kmalloc(sizeof(*tfile), GFP_KERNEL);
__tun_detach(tun);
- /* If desireable, unregister the netdevice. */
+ /* If desirable, unregister the netdevice. */
if (!(tun->flags & TUN_PERSIST)) {
rtnl_lock();
if (dev->reg_state == NETREG_REGISTERED)
tun = tfile->tun;
if (tun)
- sock_put(tun->sk);
+ sock_put(tun->socket.sk);
put_net(tfile->net);
kfree(tfile);
.write = do_sync_write,
.aio_write = tun_chr_aio_write,
.poll = tun_chr_poll,
- .unlocked_ioctl = tun_chr_ioctl,
+ .unlocked_ioctl = tun_chr_ioctl,
+#ifdef CONFIG_COMPAT
+ .compat_ioctl = tun_chr_compat_ioctl,
+#endif
.open = tun_chr_open,
.release = tun_chr_close,
.fasync = tun_chr_fasync
static struct miscdevice tun_miscdev = {
.minor = TUN_MINOR,
.name = "tun",
- .devnode = "net/tun",
+ .nodename = "net/tun",
.fops = &tun_fops,
};
git://ftp.safe.ca / safe / jmp / linux-2.6 / blobdiff