LVS
lvs-devel
Google
 
Web LinuxVirtualServer.org

Re: [PATCH v2 11/14] networking: Update to register_net_sysctl_sz

To: Przemek Kitszel <przemyslaw.kitszel@xxxxxxxxx>
Subject: Re: [PATCH v2 11/14] networking: Update to register_net_sysctl_sz
Cc: mcgrof@xxxxxxxxxx, Catalin Marinas <catalin.marinas@xxxxxxx>, Iurii Zaikin <yzaikin@xxxxxxxxxx>, Jozsef Kadlecsik <kadlec@xxxxxxxxxxxxx>, Sven Schnelle <svens@xxxxxxxxxxxxx>, Marcelo Ricardo Leitner <marcelo.leitner@xxxxxxxxx>, Steffen Klassert <steffen.klassert@xxxxxxxxxxx>, Kees Cook <keescook@xxxxxxxxxxxx>, "D. Wythe" <alibuda@xxxxxxxxxxxxxxxxx>, mptcp@xxxxxxxxxxxxxxx, Jakub Kicinski <kuba@xxxxxxxxxx>, Vasily Gorbik <gor@xxxxxxxxxxxxx>, Paolo Abeni <pabeni@xxxxxxxxxx>, coreteam@xxxxxxxxxxxxx, Jan Karcher <jaka@xxxxxxxxxxxxx>, Alexander Aring <alex.aring@xxxxxxxxx>, Will Deacon <will@xxxxxxxxxx>, Stefan Schmidt <stefan@xxxxxxxxxxxxxxxxxx>, Matthieu Baerts <matthieu.baerts@xxxxxxxxxxxx>, bridge@xxxxxxxxxxxxxxxxxxxxxxxxxx, linux-arm-kernel@xxxxxxxxxxxxxxxxxxx, Joerg Reuter <jreuter@xxxxxxxx>, Julian Anastasov <ja@xxxxxx>, David Ahern <dsahern@xxxxxxxxxx>, netfilter-devel@xxxxxxxxxxxxxxx, Wen Gu <guwen@xxxxxxxxxxxxxxxxx>, linux-kernel@xxxxxxxxxxxxxxx, Santosh Shilimkar <santosh.shilimkar@xxxxxxxxxx>, linux-wpan@xxxxxxxxxxxxxxx, lvs-devel@xxxxxxxxxxxxxxx, Karsten Graul <kgraul@xxxxxxxxxxxxx>, Miquel Raynal <miquel.raynal@xxxxxxxxxxx>, Herbert Xu <herbert@xxxxxxxxxxxxxxxxxxx>, linux-sctp@xxxxxxxxxxxxxxx, Tony Lu <tonylu@xxxxxxxxxxxxxxxxx>, Pablo Neira Ayuso <pablo@xxxxxxxxxxxxx>, Ralf Baechle <ralf@xxxxxxxxxxxxxx>, Florian Westphal <fw@xxxxxxxxx>, willy@xxxxxxxxxxxxx, Heiko Carstens <hca@xxxxxxxxxxxxx>, "David S. Miller" <davem@xxxxxxxxxxxxx>, linux-rdma@xxxxxxxxxxxxxxx, Roopa Prabhu <roopa@xxxxxxxxxx>, Alexander Gordeev <agordeev@xxxxxxxxxxxxx>, Simon Horman <horms@xxxxxxxxxxxx>, Mat Martineau <martineau@xxxxxxxxxx>, josh@xxxxxxxxxxxxxxxx, Christian Borntraeger <borntraeger@xxxxxxxxxxxxx>, Eric Dumazet <edumazet@xxxxxxxxxx>, linux-hams@xxxxxxxxxxxxxxx, Wenjia Zhang <wenjia@xxxxxxxxxxxxx>, linux-fsdevel@xxxxxxxxxxxxxxx, linux-s390@xxxxxxxxxxxxxxx, Xin Long <lucien.xin@xxxxxxxxx>, Nikolay Aleksandrov <razor@xxxxxxxxxxxxx>, netdev@xxxxxxxxxxxxxxx, rds-devel@xxxxxxxxxxxxxx
From: Joel Granados <joel.granados@xxxxxxxxx>
Date: Tue, 8 Aug 2023 17:23:38 +0200
On Tue, Aug 08, 2023 at 01:20:36PM +0200, Przemek Kitszel wrote:
> On 7/31/23 09:17, Joel Granados wrote:
> > Move from register_net_sysctl to register_net_sysctl_sz for all the
> > networking related files. Do this while making sure to mirror the NULL
> > assignments with a table_size of zero for the unprivileged users.
> > 
> > We need to move to the new function in preparation for when we change
> > SIZE_MAX to ARRAY_SIZE() in the register_net_sysctl macro. Failing to do
> > so would erroneously allow ARRAY_SIZE() to be called on a pointer. We
> > hold off the SIZE_MAX to ARRAY_SIZE change until we have migrated all
> > the relevant net sysctl registering functions to register_net_sysctl_sz
> > in subsequent commits.
> > 
> > An additional size function was added to the following files in order to
> > calculate the size of an array that is defined in another file:
> >      include/net/ipv6.h
> >      net/ipv6/icmp.c
> >      net/ipv6/route.c

...

> > diff --git a/net/ipv6/route.c b/net/ipv6/route.c
> > index 64e873f5895f..51c6cdae8723 100644
> > --- a/net/ipv6/route.c
> > +++ b/net/ipv6/route.c
> > @@ -6447,14 +6447,19 @@ struct ctl_table * __net_init 
> > ipv6_route_sysctl_init(struct net *net)
> >             table[8].data = &net->ipv6.sysctl.ip6_rt_min_advmss;
> >             table[9].data = &net->ipv6.sysctl.ip6_rt_gc_min_interval;
> >             table[10].data = &net->ipv6.sysctl.skip_notify_on_dev_down;
> > -
> > -           /* Don't export sysctls to unprivileged users */
> > -           if (net->user_ns != &init_user_ns)
> > -                   table[1].procname = NULL;
Here I remove the setting of the procname to NULL for ipv6 sysctl
registers in route.c and I do not replace that assignment anywhere.
This means that we will export sysctls to unprivilged users for ipv6.
I'll correct this in V3.

> >     }
> >     return table;
> >   }
> > +
> > +size_t ipv6_route_sysctl_table_size(struct net *net)
> > +{
> > +   /* Don't export sysctls to unprivileged users */
> > +   if (net->user_ns != &init_user_ns)
> > +           return 0;
> > +
> > +   return ARRAY_SIZE(ipv6_route_table_template);
> > +}
> >   #endif
> >   static int __net_init ip6_route_net_init(struct net *net)

-- 

Joel Granados

Attachment: signature.asc
Description: PGP signature

<Prev in Thread] Current Thread [Next in Thread>