From: David S. Miller <davem@davemloft.net>
Date: Sat, 15 Sep 2012 15:43:53 +0000 (-0400)
Subject: Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
X-Git-Url: https://openfabrics.org/gitweb/?a=commitdiff_plain;h=b48b63a1f6e26b0dec2c9f1690396ed4bcb66903;p=~shefty%2Frdma-dev.git

Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net

Conflicts:
	net/netfilter/nfnetlink_log.c
	net/netfilter/xt_LOG.c

Rather easy conflict resolution, the 'net' tree had bug fixes to make
sure we checked if a socket is a time-wait one or not and elide the
logging code if so.

Whereas on the 'net-next' side we are calculating the UID and GID from
the creds using different interfaces due to the user namespace changes
from Eric Biederman.

Signed-off-by: David S. Miller <davem@davemloft.net>
---

b48b63a1f6e26b0dec2c9f1690396ed4bcb66903
diff --cc net/netfilter/nfnetlink_log.c
index 8cb67c4dbd6,5cfb5bedb2b..10067e3112c
--- a/net/netfilter/nfnetlink_log.c
+++ b/net/netfilter/nfnetlink_log.c
@@@ -501,16 -500,14 +502,16 @@@ __build_packet_message(struct nfulnl_in
  	}
  
  	/* UID */
- 	if (skb->sk) {
- 		read_lock_bh(&skb->sk->sk_callback_lock);
- 		if (skb->sk->sk_socket && skb->sk->sk_socket->file) {
- 			struct file *file = skb->sk->sk_socket->file;
+ 	sk = skb->sk;
+ 	if (sk && sk->sk_state != TCP_TIME_WAIT) {
+ 		read_lock_bh(&sk->sk_callback_lock);
+ 		if (sk->sk_socket && sk->sk_socket->file) {
+ 			struct file *file = sk->sk_socket->file;
 -			__be32 uid = htonl(file->f_cred->fsuid);
 -			__be32 gid = htonl(file->f_cred->fsgid);
 +			__be32 uid = htonl(from_kuid_munged(inst->peer_user_ns,
 +							    file->f_cred->fsuid));
 +			__be32 gid = htonl(from_kgid_munged(inst->peer_user_ns,
 +							    file->f_cred->fsgid));
- 			/* need to unlock here since NLA_PUT may goto */
- 			read_unlock_bh(&skb->sk->sk_callback_lock);
+ 			read_unlock_bh(&sk->sk_callback_lock);
  			if (nla_put_be32(inst->skb, NFULA_UID, uid) ||
  			    nla_put_be32(inst->skb, NFULA_GID, gid))
  				goto nla_put_failure;
diff --cc net/netfilter/xt_LOG.c
index 02a2bf49dcb,91e9af4d1f4..aeb19710a6f
--- a/net/netfilter/xt_LOG.c
+++ b/net/netfilter/xt_LOG.c
@@@ -145,6 -145,19 +145,21 @@@ static int dump_tcp_header(struct sbuf
  	return 0;
  }
  
+ static void dump_sk_uid_gid(struct sbuff *m, struct sock *sk)
+ {
+ 	if (!sk || sk->sk_state == TCP_TIME_WAIT)
+ 		return;
+ 
+ 	read_lock_bh(&sk->sk_callback_lock);
 -	if (sk->sk_socket && sk->sk_socket->file)
++	if (sk->sk_socket && sk->sk_socket->file) {
++		const struct cred *cred = sk->sk_socket->file->f_cred;
+ 		sb_add(m, "UID=%u GID=%u ",
 -			sk->sk_socket->file->f_cred->fsuid,
 -			sk->sk_socket->file->f_cred->fsgid);
++		       from_kuid_munged(&init_user_ns, cred->fsuid),
++		       from_kgid_munged(&init_user_ns, cred->fsgid));
++	}
+ 	read_unlock_bh(&sk->sk_callback_lock);
+ }
+ 
  /* One level of recursion won't kill us */
  static void dump_ipv4_packet(struct sbuff *m,
  			const struct nf_loginfo *info,