1// SPDX-License-Identifier: GPL-2.0-only
2/* -*- linux-c -*-
3 * sysctl_net.c: sysctl interface to net subsystem.
4 *
5 * Begun April 1, 1996, Mike Shaver.
6 * Added /proc/sys/net directories for each protocol family. [MS]
7 *
8 * Revision 1.2  1996/05/08  20:24:40  shaver
9 * Added bits for NET_BRIDGE and the NET_IPV4_ARP stuff and
10 * NET_IPV4_IP_FORWARD.
11 *
12 *
13 */
14
15#include <linux/mm.h>
16#include <linux/export.h>
17#include <linux/sysctl.h>
18#include <linux/nsproxy.h>
19
20#include <net/sock.h>
21
22#ifdef CONFIG_INET
23#include <net/ip.h>
24#endif
25
26#ifdef CONFIG_NET
27#include <linux/if_ether.h>
28#endif
29
30static struct ctl_table_set *
31net_ctl_header_lookup(struct ctl_table_root *root)
32{
33	return &current->nsproxy->net_ns->sysctls;
34}
35
36static int is_seen(struct ctl_table_set *set)
37{
38	return &current->nsproxy->net_ns->sysctls == set;
39}
40
41/* Return standard mode bits for table entry. */
42static int net_ctl_permissions(struct ctl_table_header *head,
43			       struct ctl_table *table)
44{
45	struct net *net = container_of(head->set, struct net, sysctls);
46
47	/* Allow network administrator to have same access as root. */
48	if (ns_capable_noaudit(net->user_ns, CAP_NET_ADMIN)) {
49		int mode = (table->mode >> 6) & 7;
50		return (mode << 6) | (mode << 3) | mode;
51	}
52
53	return table->mode;
54}
55
56static void net_ctl_set_ownership(struct ctl_table_header *head,
57				  struct ctl_table *table,
58				  kuid_t *uid, kgid_t *gid)
59{
60	struct net *net = container_of(head->set, struct net, sysctls);
61	kuid_t ns_root_uid;
62	kgid_t ns_root_gid;
63
64	ns_root_uid = make_kuid(net->user_ns, 0);
65	if (uid_valid(ns_root_uid))
66		*uid = ns_root_uid;
67
68	ns_root_gid = make_kgid(net->user_ns, 0);
69	if (gid_valid(ns_root_gid))
70		*gid = ns_root_gid;
71}
72
73static struct ctl_table_root net_sysctl_root = {
74	.lookup = net_ctl_header_lookup,
75	.permissions = net_ctl_permissions,
76	.set_ownership = net_ctl_set_ownership,
77};
78
79static int __net_init sysctl_net_init(struct net *net)
80{
81	setup_sysctl_set(&net->sysctls, &net_sysctl_root, is_seen);
82	return 0;
83}
84
85static void __net_exit sysctl_net_exit(struct net *net)
86{
87	retire_sysctl_set(&net->sysctls);
88}
89
90static struct pernet_operations sysctl_pernet_ops = {
91	.init = sysctl_net_init,
92	.exit = sysctl_net_exit,
93};
94
95static struct ctl_table_header *net_header;
96__init int net_sysctl_init(void)
97{
98	static struct ctl_table empty[1];
99	int ret = -ENOMEM;
100	/* Avoid limitations in the sysctl implementation by
101	 * registering "/proc/sys/net" as an empty directory not in a
102	 * network namespace.
103	 */
104	net_header = register_sysctl_sz("net", empty, 0);
105	if (!net_header)
106		goto out;
107	ret = register_pernet_subsys(&sysctl_pernet_ops);
108	if (ret)
109		goto out1;
110out:
111	return ret;
112out1:
113	unregister_sysctl_table(net_header);
114	net_header = NULL;
115	goto out;
116}
117
118/* Verify that sysctls for non-init netns are safe by either:
119 * 1) being read-only, or
120 * 2) having a data pointer which points outside of the global kernel/module
121 *    data segment, and rather into the heap where a per-net object was
122 *    allocated.
123 */
124static void ensure_safe_net_sysctl(struct net *net, const char *path,
125				   struct ctl_table *table, size_t table_size)
126{
127	struct ctl_table *ent;
128
129	pr_debug("Registering net sysctl (net %p): %s\n", net, path);
130	ent = table;
131	for (size_t i = 0; i < table_size && ent->procname; ent++, i++) {
132		unsigned long addr;
133		const char *where;
134
135		pr_debug("  procname=%s mode=%o proc_handler=%ps data=%p\n",
136			 ent->procname, ent->mode, ent->proc_handler, ent->data);
137
138		/* If it's not writable inside the netns, then it can't hurt. */
139		if ((ent->mode & 0222) == 0) {
140			pr_debug("    Not writable by anyone\n");
141			continue;
142		}
143
144		/* Where does data point? */
145		addr = (unsigned long)ent->data;
146		if (is_module_address(addr))
147			where = "module";
148		else if (is_kernel_core_data(addr))
149			where = "kernel";
150		else
151			continue;
152
153		/* If it is writable and points to kernel/module global
154		 * data, then it's probably a netns leak.
155		 */
156		WARN(1, "sysctl %s/%s: data points to %s global data: %ps\n",
157		     path, ent->procname, where, ent->data);
158
159		/* Make it "safe" by dropping writable perms */
160		ent->mode &= ~0222;
161	}
162}
163
164struct ctl_table_header *register_net_sysctl_sz(struct net *net,
165						const char *path,
166						struct ctl_table *table,
167						size_t table_size)
168{
169	int count;
170	struct ctl_table *entry;
171
172	if (!net_eq(net, &init_net))
173		ensure_safe_net_sysctl(net, path, table, table_size);
174
175	entry = table;
176	for (count = 0 ; count < table_size && entry->procname; entry++, count++)
177		;
178
179	return __register_sysctl_table(&net->sysctls, path, table, count);
180}
181EXPORT_SYMBOL_GPL(register_net_sysctl_sz);
182
183void unregister_net_sysctl_table(struct ctl_table_header *header)
184{
185	unregister_sysctl_table(header);
186}
187EXPORT_SYMBOL_GPL(unregister_net_sysctl_table);
188