Merge with rsync://rsync.kernel.org/pub/scm/linux/kernel/git/torvalds/linux-2.6.git

[linux-2.6] / net / netlink / af_netlink.c
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c

index 1d5905c90cd4bd515a1d6f5962809523cd25f7bc..e41ce458c2a99afd66c1f7255638c918b61c8fea 100644 (file)
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -21,7 +21,6 @@
  
  #include <linux/kernel.h>
  #include <linux/init.h>
-#include <linux/major.h>
  #include <linux/signal.h>
  #include <linux/sched.h>
  #include <linux/errno.h>
@@ -50,6 +49,8 @@
  #include <linux/bitops.h>
  #include <linux/mm.h>
  #include <linux/types.h>
+#include <linux/audit.h>
+
  #include <net/sock.h>
  #include <net/scm.h>
  
@@ -374,7 +375,6 @@ static int netlink_release(struct socket *sock)
                 nlk->cb->done(nlk->cb);
                 netlink_destroy_callback(nlk->cb);
                 nlk->cb = NULL;
-               __sock_put(sk);
         }
         spin_unlock(&nlk->cb_lock);
  
@@ -735,11 +735,15 @@ static inline int do_one_broadcast(struct sock *sk,
  
         sock_hold(sk);
         if (p->skb2 == NULL) {
-               if (atomic_read(&p->skb->users) != 1) {
+               if (skb_shared(p->skb)) {
                         p->skb2 = skb_clone(p->skb, p->allocation);
                 } else {
-                       p->skb2 = p->skb;
-                       atomic_inc(&p->skb->users);
+                       p->skb2 = skb_get(p->skb);
+                       /*
+                        * skb ownership may have been set when
+                        * delivered to a previous socket.
+                        */
+                       skb_orphan(p->skb2);
                 }
         }
         if (p->skb2 == NULL) {
@@ -785,11 +789,12 @@ int netlink_broadcast(struct sock *ssk, struct sk_buff *skb, u32 pid,
         sk_for_each_bound(sk, node, &nl_table[ssk->sk_protocol].mc_list)
                 do_one_broadcast(sk, &info);
  
+       kfree_skb(skb);
+
         netlink_unlock_table();
  
         if (info.skb2)
                 kfree_skb(info.skb2);
-       kfree_skb(skb);
  
         if (info.delivered) {
                 if (info.congested && (allocation & __GFP_WAIT))
@@ -906,6 +911,7 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct socket *sock,
         NETLINK_CB(skb).groups  = nlk->groups;
         NETLINK_CB(skb).dst_pid = dst_pid;
         NETLINK_CB(skb).dst_groups = dst_groups;
+       NETLINK_CB(skb).loginuid = audit_get_loginuid(current->audit_context);
         memcpy(NETLINK_CREDS(skb), &siocb->scm->creds, sizeof(struct ucred));
  
         /* What can I do? Netlink is asynchronous, so that
@@ -1100,7 +1106,6 @@ static int netlink_dump(struct sock *sk)
         spin_unlock(&nlk->cb_lock);
  
         netlink_destroy_callback(cb);
-       __sock_put(sk);
         return 0;
  }
  
@@ -1139,7 +1144,6 @@ int netlink_dump_start(struct sock *ssk, struct sk_buff *skb,
                 return -EBUSY;
         }
         nlk->cb = cb;
-       sock_hold(sk);
         spin_unlock(&nlk->cb_lock);
  
         netlink_dump(sk);