From 14fe094c1e89881a1ea29abc21385869c4e04afe Mon Sep 17 00:00:00 2001 From: Kyle McMartin Date: Mon, 6 Sep 2010 14:58:48 -0400 Subject: backport two fixes from 2.6.33 to quiet avc denials (#598796) --- kernel.spec | 9 + net-do-not-check-capable-if-kernel.patch | 682 +++++++++++++++++++++++++++++++ 2 files changed, 691 insertions(+) create mode 100644 net-do-not-check-capable-if-kernel.patch diff --git a/kernel.spec b/kernel.spec index 6f31900..77f42a9 100644 --- a/kernel.spec +++ b/kernel.spec @@ -840,6 +840,8 @@ Patch14141: hid-02-fix-suspend-crash-by-moving-initializations-earlier.patch Patch14150: irda-correctly-clean-up-self-ias_obj-on-irda_bind-failure.patch +Patch14200: net-do-not-check-capable-if-kernel.patch + # ============================================================================== %endif @@ -1550,6 +1552,9 @@ ApplyPatch hid-02-fix-suspend-crash-by-moving-initializations-earlier.patch # CVE-2010-2954 ApplyPatch irda-correctly-clean-up-self-ias_obj-on-irda_bind-failure.patch +# rhbz #598796 +ApplyPatch net-do-not-check-capable-if-kernel.patch + # END OF PATCH APPLICATIONS ==================================================== %endif @@ -2202,6 +2207,10 @@ fi %kernel_variant_files -k vmlinux %{with_kdump} kdump %changelog +* Mon Sep 06 2010 Kyle McMartin +- Backport two fixes from Eric Paris to resolve #598796 which avoids a + capability check if the request comes from the kernel. + * Thu Sep 02 2010 Chuck Ebbert 2.6.32.21-167 - irda-correctly-clean-up-self-ias_obj-on-irda_bind-failure.patch (CVE-2010-2954) diff --git a/net-do-not-check-capable-if-kernel.patch b/net-do-not-check-capable-if-kernel.patch new file mode 100644 index 0000000..0669a6c --- /dev/null +++ b/net-do-not-check-capable-if-kernel.patch @@ -0,0 +1,682 @@ +commit abbee616fa69a781c6e58249318a7ae6796a3394 +Author: Eric Paris +Date: Thu Nov 5 20:45:52 2009 -0800 + + net: check kern before calling security subsystem + + Before calling capable(CAP_NET_RAW) check if this operations is on behalf + of the kernel or on behalf of userspace. Do not do the security check if + it is on behalf of the kernel. + + Signed-off-by: Eric Paris + Acked-by: Arnaldo Carvalho de Melo + Signed-off-by: David S. Miller + +commit 8b7950c0735ab6228f08e7b19fc0f94c09c7f2ba +Author: Eric Paris +Date: Thu Nov 5 22:18:14 2009 -0800 + + net: pass kern to net_proto_family create function + + The generic __sock_create function has a kern argument which allows the + security system to make decisions based on if a socket is being created by + the kernel or by userspace. This patch passes that flag to the + net_proto_family specific create function, so it can do the same thing. + + Signed-off-by: Eric Paris + Acked-by: Arnaldo Carvalho de Melo + Signed-off-by: David S. Miller + +--- + drivers/isdn/mISDN/socket.c | 2 +- + drivers/net/pppox.c | 3 ++- + include/linux/net.h | 3 ++- + net/appletalk/ddp.c | 3 ++- + net/atm/pvc.c | 3 ++- + net/atm/svc.c | 7 ++++--- + net/ax25/af_ax25.c | 3 ++- + net/bluetooth/af_bluetooth.c | 5 +++-- + net/bluetooth/bnep/sock.c | 3 ++- + net/bluetooth/cmtp/sock.c | 3 ++- + net/bluetooth/hci_sock.c | 3 ++- + net/bluetooth/hidp/sock.c | 3 ++- + net/bluetooth/l2cap.c | 5 +++-- + net/bluetooth/rfcomm/sock.c | 3 ++- + net/bluetooth/sco.c | 3 ++- + net/can/af_can.c | 3 ++- + net/decnet/af_decnet.c | 3 ++- + net/econet/af_econet.c | 3 ++- + net/ieee802154/af_ieee802154.c | 2 +- + net/ipv4/af_inet.c | 5 +++-- + net/ipv6/af_inet6.c | 5 +++-- + net/ipx/af_ipx.c | 3 ++- + net/irda/af_irda.c | 7 ++++--- + net/iucv/af_iucv.c | 3 ++- + net/key/af_key.c | 3 ++- + net/llc/af_llc.c | 5 ++++- + net/netlink/af_netlink.c | 3 ++- + net/netrom/af_netrom.c | 3 ++- + net/packet/af_packet.c | 3 ++- + net/phonet/af_phonet.c | 3 ++- + net/rds/af_rds.c | 3 ++- + net/rose/af_rose.c | 3 ++- + net/rxrpc/af_rxrpc.c | 3 ++- + net/socket.c | 2 +- + net/tipc/socket.c | 6 ++++-- + net/unix/af_unix.c | 3 ++- + net/x25/af_x25.c | 3 ++- + 37 files changed, 83 insertions(+), 46 deletions(-) + +diff --git a/drivers/isdn/mISDN/socket.c b/drivers/isdn/mISDN/socket.c +index feb0fa4..8167346 100644 +--- a/drivers/isdn/mISDN/socket.c ++++ b/drivers/isdn/mISDN/socket.c +@@ -779,7 +779,7 @@ base_sock_create(struct net *net, struct socket *sock, int protocol) + } + + static int +-mISDN_sock_create(struct net *net, struct socket *sock, int proto) ++mISDN_sock_create(struct net *net, struct socket *sock, int proto, int kern) + { + int err = -EPROTONOSUPPORT; + +diff --git a/drivers/net/pppox.c b/drivers/net/pppox.c +index 4f6d33f..a155baf 100644 +--- a/drivers/net/pppox.c ++++ b/drivers/net/pppox.c +@@ -104,7 +104,8 @@ int pppox_ioctl(struct socket *sock, unsigned int cmd, unsigned long arg) + + EXPORT_SYMBOL(pppox_ioctl); + +-static int pppox_create(struct net *net, struct socket *sock, int protocol) ++static int pppox_create(struct net *net, struct socket *sock, int protocol, ++ int kern) + { + int rc = -EPROTOTYPE; + +diff --git a/include/linux/net.h b/include/linux/net.h +index 529a093..3a63efd 100644 +--- a/include/linux/net.h ++++ b/include/linux/net.h +@@ -200,7 +200,8 @@ struct proto_ops { + + struct net_proto_family { + int family; +- int (*create)(struct net *net, struct socket *sock, int protocol); ++ int (*create)(struct net *net, struct socket *sock, ++ int protocol, int kern); + struct module *owner; + }; + +diff --git a/net/appletalk/ddp.c b/net/appletalk/ddp.c +index b1a4290..7c22d90 100644 +--- a/net/appletalk/ddp.c ++++ b/net/appletalk/ddp.c +@@ -1021,7 +1021,8 @@ static struct proto ddp_proto = { + * Create a socket. Initialise the socket, blank the addresses + * set the state. + */ +-static int atalk_create(struct net *net, struct socket *sock, int protocol) ++static int atalk_create(struct net *net, struct socket *sock, int protocol, ++ int kern) + { + struct sock *sk; + int rc = -ESOCKTNOSUPPORT; +diff --git a/net/atm/pvc.c b/net/atm/pvc.c +index d4c0245..e879725 100644 +--- a/net/atm/pvc.c ++++ b/net/atm/pvc.c +@@ -127,7 +127,8 @@ static const struct proto_ops pvc_proto_ops = { + }; + + +-static int pvc_create(struct net *net, struct socket *sock,int protocol) ++static int pvc_create(struct net *net, struct socket *sock, int protocol, ++ int kern) + { + if (net != &init_net) + return -EAFNOSUPPORT; +diff --git a/net/atm/svc.c b/net/atm/svc.c +index f90d143..ed096a6 100644 +--- a/net/atm/svc.c ++++ b/net/atm/svc.c +@@ -25,7 +25,7 @@ + #include "signaling.h" + #include "addr.h" + +-static int svc_create(struct net *net, struct socket *sock,int protocol); ++static int svc_create(struct net *net, struct socket *sock, int protocol, int kern); + + /* + * Note: since all this is still nicely synchronized with the signaling demon, +@@ -330,7 +330,7 @@ static int svc_accept(struct socket *sock,struct socket *newsock,int flags) + + lock_sock(sk); + +- error = svc_create(sock_net(sk), newsock,0); ++ error = svc_create(sock_net(sk), newsock, 0, 0); + if (error) + goto out; + +@@ -650,7 +650,8 @@ static const struct proto_ops svc_proto_ops = { + }; + + +-static int svc_create(struct net *net, struct socket *sock,int protocol) ++static int svc_create(struct net *net, struct socket *sock, int protocol, ++ int kern) + { + int error; + +diff --git a/net/ax25/af_ax25.c b/net/ax25/af_ax25.c +index f454607..274d5c0 100644 +--- a/net/ax25/af_ax25.c ++++ b/net/ax25/af_ax25.c +@@ -800,7 +800,8 @@ static struct proto ax25_proto = { + .obj_size = sizeof(struct sock), + }; + +-static int ax25_create(struct net *net, struct socket *sock, int protocol) ++static int ax25_create(struct net *net, struct socket *sock, int protocol, ++ int kern) + { + struct sock *sk; + ax25_cb *ax25; +diff --git a/net/bluetooth/af_bluetooth.c b/net/bluetooth/af_bluetooth.c +index 8cfb5a8..af074ed 100644 +--- a/net/bluetooth/af_bluetooth.c ++++ b/net/bluetooth/af_bluetooth.c +@@ -126,7 +126,8 @@ int bt_sock_unregister(int proto) + } + EXPORT_SYMBOL(bt_sock_unregister); + +-static int bt_sock_create(struct net *net, struct socket *sock, int proto) ++static int bt_sock_create(struct net *net, struct socket *sock, int proto, ++ int kern) + { + int err; + +@@ -144,7 +145,7 @@ static int bt_sock_create(struct net *net, struct socket *sock, int proto) + read_lock(&bt_proto_lock); + + if (bt_proto[proto] && try_module_get(bt_proto[proto]->owner)) { +- err = bt_proto[proto]->create(net, sock, proto); ++ err = bt_proto[proto]->create(net, sock, proto, kern); + bt_sock_reclassify_lock(sock, proto); + module_put(bt_proto[proto]->owner); + } +diff --git a/net/bluetooth/bnep/sock.c b/net/bluetooth/bnep/sock.c +index e857628..ee86b31 100644 +--- a/net/bluetooth/bnep/sock.c ++++ b/net/bluetooth/bnep/sock.c +@@ -195,7 +195,8 @@ static struct proto bnep_proto = { + .obj_size = sizeof(struct bt_sock) + }; + +-static int bnep_sock_create(struct net *net, struct socket *sock, int protocol) ++static int bnep_sock_create(struct net *net, struct socket *sock, int protocol, ++ int kern) + { + struct sock *sk; + +diff --git a/net/bluetooth/cmtp/sock.c b/net/bluetooth/cmtp/sock.c +index 16b0fad..536482f 100644 +--- a/net/bluetooth/cmtp/sock.c ++++ b/net/bluetooth/cmtp/sock.c +@@ -190,7 +190,8 @@ static struct proto cmtp_proto = { + .obj_size = sizeof(struct bt_sock) + }; + +-static int cmtp_sock_create(struct net *net, struct socket *sock, int protocol) ++static int cmtp_sock_create(struct net *net, struct socket *sock, int protocol, ++ int kern) + { + struct sock *sk; + +diff --git a/net/bluetooth/hci_sock.c b/net/bluetooth/hci_sock.c +index 75302a9..94a138f 100644 +--- a/net/bluetooth/hci_sock.c ++++ b/net/bluetooth/hci_sock.c +@@ -621,7 +621,8 @@ static struct proto hci_sk_proto = { + .obj_size = sizeof(struct hci_pinfo) + }; + +-static int hci_sock_create(struct net *net, struct socket *sock, int protocol) ++static int hci_sock_create(struct net *net, struct socket *sock, int protocol, ++ int kern) + { + struct sock *sk; + +diff --git a/net/bluetooth/hidp/sock.c b/net/bluetooth/hidp/sock.c +index 37c9d7d..40fac2c 100644 +--- a/net/bluetooth/hidp/sock.c ++++ b/net/bluetooth/hidp/sock.c +@@ -241,7 +241,8 @@ static struct proto hidp_proto = { + .obj_size = sizeof(struct bt_sock) + }; + +-static int hidp_sock_create(struct net *net, struct socket *sock, int protocol) ++static int hidp_sock_create(struct net *net, struct socket *sock, int protocol, ++ int kern) + { + struct sock *sk; + +diff --git a/net/bluetooth/l2cap.c b/net/bluetooth/l2cap.c +index 8d1c4a9..0fdf477 100644 +--- a/net/bluetooth/l2cap.c ++++ b/net/bluetooth/l2cap.c +@@ -819,7 +819,8 @@ static struct sock *l2cap_sock_alloc(struct net *net, struct socket *sock, int p + return sk; + } + +-static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol) ++static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol, ++ int kern) + { + struct sock *sk; + +@@ -831,7 +832,7 @@ static int l2cap_sock_create(struct net *net, struct socket *sock, int protocol) + sock->type != SOCK_DGRAM && sock->type != SOCK_RAW) + return -ESOCKTNOSUPPORT; + +- if (sock->type == SOCK_RAW && !capable(CAP_NET_RAW)) ++ if (sock->type == SOCK_RAW && !kern && !capable(CAP_NET_RAW)) + return -EPERM; + + sock->ops = &l2cap_sock_ops; +diff --git a/net/bluetooth/rfcomm/sock.c b/net/bluetooth/rfcomm/sock.c +index 30a3649..f596455 100644 +--- a/net/bluetooth/rfcomm/sock.c ++++ b/net/bluetooth/rfcomm/sock.c +@@ -323,7 +323,8 @@ static struct sock *rfcomm_sock_alloc(struct net *net, struct socket *sock, int + return sk; + } + +-static int rfcomm_sock_create(struct net *net, struct socket *sock, int protocol) ++static int rfcomm_sock_create(struct net *net, struct socket *sock, ++ int protocol, int kern) + { + struct sock *sk; + +diff --git a/net/bluetooth/sco.c b/net/bluetooth/sco.c +index 5c0685e..2c06950 100644 +--- a/net/bluetooth/sco.c ++++ b/net/bluetooth/sco.c +@@ -430,7 +430,8 @@ static struct sock *sco_sock_alloc(struct net *net, struct socket *sock, int pro + return sk; + } + +-static int sco_sock_create(struct net *net, struct socket *sock, int protocol) ++static int sco_sock_create(struct net *net, struct socket *sock, int protocol, ++ int kern) + { + struct sock *sk; + +diff --git a/net/can/af_can.c b/net/can/af_can.c +index 6068321..bcd546f 100644 +--- a/net/can/af_can.c ++++ b/net/can/af_can.c +@@ -114,7 +114,8 @@ static void can_sock_destruct(struct sock *sk) + skb_queue_purge(&sk->sk_receive_queue); + } + +-static int can_create(struct net *net, struct socket *sock, int protocol) ++static int can_create(struct net *net, struct socket *sock, int protocol, ++ int kern) + { + struct sock *sk; + struct can_proto *cp; +diff --git a/net/decnet/af_decnet.c b/net/decnet/af_decnet.c +index 7a58c87..5540230 100644 +--- a/net/decnet/af_decnet.c ++++ b/net/decnet/af_decnet.c +@@ -675,7 +675,8 @@ char *dn_addr2asc(__u16 addr, char *buf) + + + +-static int dn_create(struct net *net, struct socket *sock, int protocol) ++static int dn_create(struct net *net, struct socket *sock, int protocol, ++ int kern) + { + struct sock *sk; + +diff --git a/net/econet/af_econet.c b/net/econet/af_econet.c +index 0e0254f..b9d5f2f 100644 +--- a/net/econet/af_econet.c ++++ b/net/econet/af_econet.c +@@ -605,7 +605,8 @@ static struct proto econet_proto = { + * Create an Econet socket + */ + +-static int econet_create(struct net *net, struct socket *sock, int protocol) ++static int econet_create(struct net *net, struct socket *sock, int protocol, ++ int kern) + { + struct sock *sk; + struct econet_sock *eo; +diff --git a/net/ieee802154/af_ieee802154.c b/net/ieee802154/af_ieee802154.c +index cd949d5..40dcb54 100644 +--- a/net/ieee802154/af_ieee802154.c ++++ b/net/ieee802154/af_ieee802154.c +@@ -234,7 +234,7 @@ static const struct proto_ops ieee802154_dgram_ops = { + * set the state. + */ + static int ieee802154_create(struct net *net, struct socket *sock, +- int protocol) ++ int protocol, int kern) + { + struct sock *sk; + int rc; +diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c +index 57737b8..e718ab6 100644 +--- a/net/ipv4/af_inet.c ++++ b/net/ipv4/af_inet.c +@@ -262,7 +262,8 @@ static inline int inet_netns_ok(struct net *net, int protocol) + * Create an inet socket. + */ + +-static int inet_create(struct net *net, struct socket *sock, int protocol) ++static int inet_create(struct net *net, struct socket *sock, int protocol, ++ int kern) + { + struct sock *sk; + struct inet_protosw *answer; +@@ -325,7 +326,7 @@ lookup_protocol: + } + + err = -EPERM; +- if (answer->capability > 0 && !capable(answer->capability)) ++ if (answer->capability > 0 && !kern && !capable(answer->capability)) + goto out_rcu_unlock; + + err = -EAFNOSUPPORT; +diff --git a/net/ipv6/af_inet6.c b/net/ipv6/af_inet6.c +index e127a32..10776f0 100644 +--- a/net/ipv6/af_inet6.c ++++ b/net/ipv6/af_inet6.c +@@ -95,7 +95,8 @@ static __inline__ struct ipv6_pinfo *inet6_sk_generic(struct sock *sk) + return (struct ipv6_pinfo *)(((u8 *)sk) + offset); + } + +-static int inet6_create(struct net *net, struct socket *sock, int protocol) ++static int inet6_create(struct net *net, struct socket *sock, int protocol, ++ int kern) + { + struct inet_sock *inet; + struct ipv6_pinfo *np; +@@ -158,7 +159,7 @@ lookup_protocol: + } + + err = -EPERM; +- if (answer->capability > 0 && !capable(answer->capability)) ++ if (answer->capability > 0 && !kern && !capable(answer->capability)) + goto out_rcu_unlock; + + sock->ops = answer->ops; +diff --git a/net/ipx/af_ipx.c b/net/ipx/af_ipx.c +index 66c7a20..7a7ac38 100644 +--- a/net/ipx/af_ipx.c ++++ b/net/ipx/af_ipx.c +@@ -1352,7 +1352,8 @@ static struct proto ipx_proto = { + .obj_size = sizeof(struct ipx_sock), + }; + +-static int ipx_create(struct net *net, struct socket *sock, int protocol) ++static int ipx_create(struct net *net, struct socket *sock, int protocol, ++ int kern) + { + int rc = -ESOCKTNOSUPPORT; + struct sock *sk; +diff --git a/net/irda/af_irda.c b/net/irda/af_irda.c +index dd35641..ef1ac44 100644 +--- a/net/irda/af_irda.c ++++ b/net/irda/af_irda.c +@@ -61,7 +61,7 @@ + + #include + +-static int irda_create(struct net *net, struct socket *sock, int protocol); ++static int irda_create(struct net *net, struct socket *sock, int protocol, int kern); + + static const struct proto_ops irda_stream_ops; + static const struct proto_ops irda_seqpacket_ops; +@@ -839,7 +839,7 @@ static int irda_accept(struct socket *sock, struct socket *newsock, int flags) + + IRDA_DEBUG(2, "%s()\n", __func__); + +- err = irda_create(sock_net(sk), newsock, sk->sk_protocol); ++ err = irda_create(sock_net(sk), newsock, sk->sk_protocol, 0); + if (err) + return err; + +@@ -1062,7 +1062,8 @@ static struct proto irda_proto = { + * Create IrDA socket + * + */ +-static int irda_create(struct net *net, struct socket *sock, int protocol) ++static int irda_create(struct net *net, struct socket *sock, int protocol, ++ int kern) + { + struct sock *sk; + struct irda_sock *self; +diff --git a/net/iucv/af_iucv.c b/net/iucv/af_iucv.c +index bada1b9..efc05e1 100644 +--- a/net/iucv/af_iucv.c ++++ b/net/iucv/af_iucv.c +@@ -482,7 +482,8 @@ static struct sock *iucv_sock_alloc(struct socket *sock, int proto, gfp_t prio) + } + + /* Create an IUCV socket */ +-static int iucv_sock_create(struct net *net, struct socket *sock, int protocol) ++static int iucv_sock_create(struct net *net, struct socket *sock, int protocol, ++ int kern) + { + struct sock *sk; + +diff --git a/net/key/af_key.c b/net/key/af_key.c +index 4e98193..8c44f69 100644 +--- a/net/key/af_key.c ++++ b/net/key/af_key.c +@@ -177,7 +177,8 @@ static struct proto key_proto = { + .obj_size = sizeof(struct pfkey_sock), + }; + +-static int pfkey_create(struct net *net, struct socket *sock, int protocol) ++static int pfkey_create(struct net *net, struct socket *sock, int protocol, ++ int kern) + { + struct netns_pfkey *net_pfkey = net_generic(net, pfkey_net_id); + struct sock *sk; +diff --git a/net/llc/af_llc.c b/net/llc/af_llc.c +index 7aa4fd1..6f38b8a 100644 +--- a/net/llc/af_llc.c ++++ b/net/llc/af_llc.c +@@ -140,14 +140,17 @@ static struct proto llc_proto = { + + /** + * llc_ui_create - alloc and init a new llc_ui socket ++ * @net: network namespace (must be default network) + * @sock: Socket to initialize and attach allocated sk to. + * @protocol: Unused. ++ * @kern: on behalf of kernel or userspace + * + * Allocate and initialize a new llc_ui socket, validate the user wants a + * socket type we have available. + * Returns 0 upon success, negative upon failure. + */ +-static int llc_ui_create(struct net *net, struct socket *sock, int protocol) ++static int llc_ui_create(struct net *net, struct socket *sock, int protocol, ++ int kern) + { + struct sock *sk; + int rc = -ESOCKTNOSUPPORT; +diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c +index 5a7dcdf..eadedb5 100644 +--- a/net/netlink/af_netlink.c ++++ b/net/netlink/af_netlink.c +@@ -428,7 +428,8 @@ static int __netlink_create(struct net *net, struct socket *sock, + return 0; + } + +-static int netlink_create(struct net *net, struct socket *sock, int protocol) ++static int netlink_create(struct net *net, struct socket *sock, int protocol, ++ int kern) + { + struct module *module = NULL; + struct mutex *cb_mutex; +diff --git a/net/netrom/af_netrom.c b/net/netrom/af_netrom.c +index 7a83495..837e10b 100644 +--- a/net/netrom/af_netrom.c ++++ b/net/netrom/af_netrom.c +@@ -425,7 +425,8 @@ static struct proto nr_proto = { + .obj_size = sizeof(struct nr_sock), + }; + +-static int nr_create(struct net *net, struct socket *sock, int protocol) ++static int nr_create(struct net *net, struct socket *sock, int protocol, ++ int kern) + { + struct sock *sk; + struct nr_sock *nr; +diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c +index 41866eb..e0e3f6c 100644 +--- a/net/packet/af_packet.c ++++ b/net/packet/af_packet.c +@@ -1350,7 +1350,8 @@ static struct proto packet_proto = { + * Create a packet of type SOCK_PACKET. + */ + +-static int packet_create(struct net *net, struct socket *sock, int protocol) ++static int packet_create(struct net *net, struct socket *sock, int protocol, ++ int kern) + { + struct sock *sk; + struct packet_sock *po; +diff --git a/net/phonet/af_phonet.c b/net/phonet/af_phonet.c +index f60c0c2..61bcae9 100644 +--- a/net/phonet/af_phonet.c ++++ b/net/phonet/af_phonet.c +@@ -60,7 +60,8 @@ static inline void phonet_proto_put(struct phonet_protocol *pp) + + /* protocol family functions */ + +-static int pn_socket_create(struct net *net, struct socket *sock, int protocol) ++static int pn_socket_create(struct net *net, struct socket *sock, int protocol, ++ int kern) + { + struct sock *sk; + struct pn_sock *pn; +diff --git a/net/rds/af_rds.c b/net/rds/af_rds.c +index 98e0538..ca35aad 100644 +--- a/net/rds/af_rds.c ++++ b/net/rds/af_rds.c +@@ -407,7 +407,8 @@ static int __rds_create(struct socket *sock, struct sock *sk, int protocol) + return 0; + } + +-static int rds_create(struct net *net, struct socket *sock, int protocol) ++static int rds_create(struct net *net, struct socket *sock, int protocol, ++ int kern) + { + struct sock *sk; + +diff --git a/net/rose/af_rose.c b/net/rose/af_rose.c +index 502cce7..f167ed0 100644 +--- a/net/rose/af_rose.c ++++ b/net/rose/af_rose.c +@@ -512,7 +512,8 @@ static struct proto rose_proto = { + .obj_size = sizeof(struct rose_sock), + }; + +-static int rose_create(struct net *net, struct socket *sock, int protocol) ++static int rose_create(struct net *net, struct socket *sock, int protocol, ++ int kern) + { + struct sock *sk; + struct rose_sock *rose; +diff --git a/net/rxrpc/af_rxrpc.c b/net/rxrpc/af_rxrpc.c +index a86afce..b37e304 100644 +--- a/net/rxrpc/af_rxrpc.c ++++ b/net/rxrpc/af_rxrpc.c +@@ -608,7 +608,8 @@ static unsigned int rxrpc_poll(struct file *file, struct socket *sock, + /* + * create an RxRPC socket + */ +-static int rxrpc_create(struct net *net, struct socket *sock, int protocol) ++static int rxrpc_create(struct net *net, struct socket *sock, int protocol, ++ int kern) + { + struct rxrpc_sock *rx; + struct sock *sk; +diff --git a/net/socket.c b/net/socket.c +index 7565536..55c6e4f 100644 +--- a/net/socket.c ++++ b/net/socket.c +@@ -1216,7 +1216,7 @@ static int __sock_create(struct net *net, int family, int type, int protocol, + /* Now protected by module ref count */ + rcu_read_unlock(); + +- err = pf->create(net, sock, protocol); ++ err = pf->create(net, sock, protocol, kern); + if (err < 0) + goto out_module_put; + +diff --git a/net/tipc/socket.c b/net/tipc/socket.c +index e6d9abf..d00c211 100644 +--- a/net/tipc/socket.c ++++ b/net/tipc/socket.c +@@ -177,6 +177,7 @@ static void reject_rx_queue(struct sock *sk) + * @net: network namespace (must be default network) + * @sock: pre-allocated socket structure + * @protocol: protocol indicator (must be 0) ++ * @kern: caused by kernel or by userspace? + * + * This routine creates additional data structures used by the TIPC socket, + * initializes them, and links them together. +@@ -184,7 +185,8 @@ static void reject_rx_queue(struct sock *sk) + * Returns 0 on success, errno otherwise + */ + +-static int tipc_create(struct net *net, struct socket *sock, int protocol) ++static int tipc_create(struct net *net, struct socket *sock, int protocol, ++ int kern) + { + const struct proto_ops *ops; + socket_state state; +@@ -1528,7 +1530,7 @@ static int accept(struct socket *sock, struct socket *new_sock, int flags) + + buf = skb_peek(&sk->sk_receive_queue); + +- res = tipc_create(sock_net(sock->sk), new_sock, 0); ++ res = tipc_create(sock_net(sock->sk), new_sock, 0, 0); + if (!res) { + struct sock *new_sk = new_sock->sk; + struct tipc_sock *new_tsock = tipc_sk(new_sk); +diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c +index fc820cd..a1e3c85 100644 +--- a/net/unix/af_unix.c ++++ b/net/unix/af_unix.c +@@ -621,7 +621,8 @@ out: + return sk; + } + +-static int unix_create(struct net *net, struct socket *sock, int protocol) ++static int unix_create(struct net *net, struct socket *sock, int protocol, ++ int kern) + { + if (protocol && protocol != PF_UNIX) + return -EPROTONOSUPPORT; +diff --git a/net/x25/af_x25.c b/net/x25/af_x25.c +index 7fa9c7a..62c47a4 100644 +--- a/net/x25/af_x25.c ++++ b/net/x25/af_x25.c +@@ -501,7 +501,8 @@ out: + return sk; + } + +-static int x25_create(struct net *net, struct socket *sock, int protocol) ++static int x25_create(struct net *net, struct socket *sock, int protocol, ++ int kern) + { + struct sock *sk; + struct x25_sock *x25; -- cgit