1// SPDX-License-Identifier: GPL-2.0-only 2/* -*- linux-c -*- 3 * sysctl_net.c: sysctl interface to net subsystem. 4 * 5 * Begun April 1, 1996, Mike Shaver. 6 * Added /proc/sys/net directories for each protocol family. [MS] 7 * 8 * Revision 1.2 1996/05/08 20:24:40 shaver 9 * Added bits for NET_BRIDGE and the NET_IPV4_ARP stuff and 10 * NET_IPV4_IP_FORWARD. 11 * 12 * 13 */ 14 15#include <linux/mm.h> 16#include <linux/export.h> 17#include <linux/sysctl.h> 18#include <linux/nsproxy.h> 19 20#include <net/sock.h> 21 22#ifdef CONFIG_INET 23#include <net/ip.h> 24#endif 25 26#ifdef CONFIG_NET 27#include <linux/if_ether.h> 28#endif 29 30static struct ctl_table_set * 31net_ctl_header_lookup(struct ctl_table_root *root) 32{ 33 return ¤t->nsproxy->net_ns->sysctls; 34} 35 36static int is_seen(struct ctl_table_set *set) 37{ 38 return ¤t->nsproxy->net_ns->sysctls == set; 39} 40 41/* Return standard mode bits for table entry. */ 42static int net_ctl_permissions(struct ctl_table_header *head, 43 struct ctl_table *table) 44{ 45 struct net *net = container_of(head->set, struct net, sysctls); 46 47 /* Allow network administrator to have same access as root. */ 48 if (ns_capable_noaudit(net->user_ns, CAP_NET_ADMIN)) { 49 int mode = (table->mode >> 6) & 7; 50 return (mode << 6) | (mode << 3) | mode; 51 } 52 53 return table->mode; 54} 55 56static void net_ctl_set_ownership(struct ctl_table_header *head, 57 struct ctl_table *table, 58 kuid_t *uid, kgid_t *gid) 59{ 60 struct net *net = container_of(head->set, struct net, sysctls); 61 kuid_t ns_root_uid; 62 kgid_t ns_root_gid; 63 64 ns_root_uid = make_kuid(net->user_ns, 0); 65 if (uid_valid(ns_root_uid)) 66 *uid = ns_root_uid; 67 68 ns_root_gid = make_kgid(net->user_ns, 0); 69 if (gid_valid(ns_root_gid)) 70 *gid = ns_root_gid; 71} 72 73static struct ctl_table_root net_sysctl_root = { 74 .lookup = net_ctl_header_lookup, 75 .permissions = net_ctl_permissions, 76 .set_ownership = net_ctl_set_ownership, 77}; 78 79static int __net_init sysctl_net_init(struct net *net) 80{ 81 setup_sysctl_set(&net->sysctls, &net_sysctl_root, is_seen); 82 return 0; 83} 84 85static void __net_exit sysctl_net_exit(struct net *net) 86{ 87 retire_sysctl_set(&net->sysctls); 88} 89 90static struct pernet_operations sysctl_pernet_ops = { 91 .init = sysctl_net_init, 92 .exit = sysctl_net_exit, 93}; 94 95static struct ctl_table_header *net_header; 96__init int net_sysctl_init(void) 97{ 98 static struct ctl_table empty[1]; 99 int ret = -ENOMEM; 100 /* Avoid limitations in the sysctl implementation by 101 * registering "/proc/sys/net" as an empty directory not in a 102 * network namespace. 103 */ 104 net_header = register_sysctl_sz("net", empty, 0); 105 if (!net_header) 106 goto out; 107 ret = register_pernet_subsys(&sysctl_pernet_ops); 108 if (ret) 109 goto out1; 110out: 111 return ret; 112out1: 113 unregister_sysctl_table(net_header); 114 net_header = NULL; 115 goto out; 116} 117 118/* Verify that sysctls for non-init netns are safe by either: 119 * 1) being read-only, or 120 * 2) having a data pointer which points outside of the global kernel/module 121 * data segment, and rather into the heap where a per-net object was 122 * allocated. 123 */ 124static void ensure_safe_net_sysctl(struct net *net, const char *path, 125 struct ctl_table *table, size_t table_size) 126{ 127 struct ctl_table *ent; 128 129 pr_debug("Registering net sysctl (net %p): %s\n", net, path); 130 ent = table; 131 for (size_t i = 0; i < table_size && ent->procname; ent++, i++) { 132 unsigned long addr; 133 const char *where; 134 135 pr_debug(" procname=%s mode=%o proc_handler=%ps data=%p\n", 136 ent->procname, ent->mode, ent->proc_handler, ent->data); 137 138 /* If it's not writable inside the netns, then it can't hurt. */ 139 if ((ent->mode & 0222) == 0) { 140 pr_debug(" Not writable by anyone\n"); 141 continue; 142 } 143 144 /* Where does data point? */ 145 addr = (unsigned long)ent->data; 146 if (is_module_address(addr)) 147 where = "module"; 148 else if (is_kernel_core_data(addr)) 149 where = "kernel"; 150 else 151 continue; 152 153 /* If it is writable and points to kernel/module global 154 * data, then it's probably a netns leak. 155 */ 156 WARN(1, "sysctl %s/%s: data points to %s global data: %ps\n", 157 path, ent->procname, where, ent->data); 158 159 /* Make it "safe" by dropping writable perms */ 160 ent->mode &= ~0222; 161 } 162} 163 164struct ctl_table_header *register_net_sysctl_sz(struct net *net, 165 const char *path, 166 struct ctl_table *table, 167 size_t table_size) 168{ 169 int count; 170 struct ctl_table *entry; 171 172 if (!net_eq(net, &init_net)) 173 ensure_safe_net_sysctl(net, path, table, table_size); 174 175 entry = table; 176 for (count = 0 ; count < table_size && entry->procname; entry++, count++) 177 ; 178 179 return __register_sysctl_table(&net->sysctls, path, table, count); 180} 181EXPORT_SYMBOL_GPL(register_net_sysctl_sz); 182 183void unregister_net_sysctl_table(struct ctl_table_header *header) 184{ 185 unregister_sysctl_table(header); 186} 187EXPORT_SYMBOL_GPL(unregister_net_sysctl_table); 188