1 // SPDX-License-Identifier: GPL-2.0-only 2 /* -*- linux-c -*- 3 * sysctl_net.c: sysctl interface to net subsystem. 4 * 5 * Begun April 1, 1996, Mike Shaver. 6 * Added /proc/sys/net directories for each protocol family. [MS] 7 * 8 * Revision 1.2 1996/05/08 20:24:40 shaver 9 * Added bits for NET_BRIDGE and the NET_IPV4_ARP stuff and 10 * NET_IPV4_IP_FORWARD. 11 * 12 * 13 */ 14 15 #include <linux/mm.h> 16 #include <linux/export.h> 17 #include <linux/sysctl.h> 18 #include <linux/nsproxy.h> 19 20 #include <net/sock.h> 21 22 #ifdef CONFIG_INET 23 #include <net/ip.h> 24 #endif 25 26 #ifdef CONFIG_NET 27 #include <linux/if_ether.h> 28 #endif 29 30 static struct ctl_table_set * 31 net_ctl_header_lookup(struct ctl_table_root *root) 32 { 33 return ¤t->nsproxy->net_ns->sysctls; 34 } 35 36 static int is_seen(struct ctl_table_set *set) 37 { 38 return ¤t->nsproxy->net_ns->sysctls == set; 39 } 40 41 /* Return standard mode bits for table entry. */ 42 static int net_ctl_permissions(struct ctl_table_header *head, 43 const struct ctl_table *table) 44 { 45 struct net *net = container_of(head->set, struct net, sysctls); 46 47 /* Allow network administrator to have same access as root. */ 48 if (ns_capable_noaudit(net->user_ns, CAP_NET_ADMIN)) { 49 int mode = (table->mode >> 6) & 7; 50 return (mode << 6) | (mode << 3) | mode; 51 } 52 53 return table->mode; 54 } 55 56 static void net_ctl_set_ownership(struct ctl_table_header *head, 57 kuid_t *uid, kgid_t *gid) 58 { 59 struct net *net = container_of(head->set, struct net, sysctls); 60 kuid_t ns_root_uid; 61 kgid_t ns_root_gid; 62 63 ns_root_uid = make_kuid(net->user_ns, 0); 64 if (uid_valid(ns_root_uid)) 65 *uid = ns_root_uid; 66 67 ns_root_gid = make_kgid(net->user_ns, 0); 68 if (gid_valid(ns_root_gid)) 69 *gid = ns_root_gid; 70 } 71 72 static struct ctl_table_root net_sysctl_root = { 73 .lookup = net_ctl_header_lookup, 74 .permissions = net_ctl_permissions, 75 .set_ownership = net_ctl_set_ownership, 76 }; 77 78 static int __net_init sysctl_net_init(struct net *net) 79 { 80 setup_sysctl_set(&net->sysctls, &net_sysctl_root, is_seen); 81 return 0; 82 } 83 84 static void __net_exit sysctl_net_exit(struct net *net) 85 { 86 retire_sysctl_set(&net->sysctls); 87 } 88 89 static struct pernet_operations sysctl_pernet_ops = { 90 .init = sysctl_net_init, 91 .exit = sysctl_net_exit, 92 }; 93 94 static struct ctl_table_header *net_header; 95 __init int net_sysctl_init(void) 96 { 97 static struct ctl_table empty[1]; 98 int ret = -ENOMEM; 99 /* Avoid limitations in the sysctl implementation by 100 * registering "/proc/sys/net" as an empty directory not in a 101 * network namespace. 102 */ 103 net_header = register_sysctl_sz("net", empty, 0); 104 if (!net_header) 105 goto out; 106 ret = register_pernet_subsys(&sysctl_pernet_ops); 107 if (ret) 108 goto out1; 109 out: 110 return ret; 111 out1: 112 unregister_sysctl_table(net_header); 113 net_header = NULL; 114 goto out; 115 } 116 117 /* Verify that sysctls for non-init netns are safe by either: 118 * 1) being read-only, or 119 * 2) having a data pointer which points outside of the global kernel/module 120 * data segment, and rather into the heap where a per-net object was 121 * allocated. 122 */ 123 static void ensure_safe_net_sysctl(struct net *net, const char *path, 124 struct ctl_table *table, size_t table_size) 125 { 126 struct ctl_table *ent; 127 128 pr_debug("Registering net sysctl (net %p): %s\n", net, path); 129 ent = table; 130 for (size_t i = 0; i < table_size; ent++, i++) { 131 unsigned long addr; 132 const char *where; 133 134 pr_debug(" procname=%s mode=%o proc_handler=%ps data=%p\n", 135 ent->procname, ent->mode, ent->proc_handler, ent->data); 136 137 /* If it's not writable inside the netns, then it can't hurt. */ 138 if ((ent->mode & 0222) == 0) { 139 pr_debug(" Not writable by anyone\n"); 140 continue; 141 } 142 143 /* Where does data point? */ 144 addr = (unsigned long)ent->data; 145 if (is_module_address(addr)) 146 where = "module"; 147 else if (is_kernel_core_data(addr)) 148 where = "kernel"; 149 else 150 continue; 151 152 /* If it is writable and points to kernel/module global 153 * data, then it's probably a netns leak. 154 */ 155 WARN(1, "sysctl %s/%s: data points to %s global data: %ps\n", 156 path, ent->procname, where, ent->data); 157 158 /* Make it "safe" by dropping writable perms */ 159 ent->mode &= ~0222; 160 } 161 } 162 163 struct ctl_table_header *register_net_sysctl_sz(struct net *net, 164 const char *path, 165 struct ctl_table *table, 166 size_t table_size) 167 { 168 if (!net_eq(net, &init_net)) 169 ensure_safe_net_sysctl(net, path, table, table_size); 170 171 return __register_sysctl_table(&net->sysctls, path, table, table_size); 172 } 173 EXPORT_SYMBOL_GPL(register_net_sysctl_sz); 174 175 void unregister_net_sysctl_table(struct ctl_table_header *header) 176 { 177 unregister_sysctl_table(header); 178 } 179 EXPORT_SYMBOL_GPL(unregister_net_sysctl_table); 180
Linux® is a registered trademark of Linus Torvalds in the United States and other countries.
TOMOYO® is a registered trademark of NTT DATA CORPORATION.