1. 17 Apr, 2017 1 commit
  2. 01 Oct, 2016 1 commit
  3. 15 Aug, 2016 1 commit
  4. 08 Aug, 2016 1 commit
  5. 06 Jun, 2016 1 commit
  6. 23 Oct, 2015 1 commit
    • Li RongQing's avatar
      net: sysctl: fix a kmemleak warning · ce9d9b8e
      Li RongQing authored
      the returned buffer of register_sysctl() is stored into net_header
      variable, but net_header is not used after, and compiler maybe
      optimise the variable out, and lead kmemleak reported the below warning
      
      	comm "swapper/0", pid 1, jiffies 4294937448 (age 267.270s)
      	hex dump (first 32 bytes):
      	90 38 8b 01 c0 ff ff ff 00 00 00 00 01 00 00 00 .8..............
      	01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
      	backtrace:
      	[<ffffffc00020f134>] create_object+0x10c/0x2a0
      	[<ffffffc00070ff44>] kmemleak_alloc+0x54/0xa0
      	[<ffffffc0001fe378>] __kmalloc+0x1f8/0x4f8
      	[<ffffffc00028e984>] __register_sysctl_table+0x64/0x5a0
      	[<ffffffc00028eef0>] register_sysctl+0x30/0x40
      	[<ffffffc00099c304>] net_sysctl_init+0x20/0x58
      	[<ffffffc000994dd8>] sock_init+0x10/0xb0
      	[<ffffffc0000842e0>] do_one_initcall+0x90/0x1b8
      	[<ffffffc000966bac>] kernel_init_freeable+0x218/0x2f0
      	[<ffffffc00070ed6c>] kernel_init+0x1c/0xe8
      	[<ffffffc000083bfc>] ret_from_fork+0xc/0x50
      	[<ffffffffffffffff>] 0xffffffffffffffff <<end check kmemleak>>
      
      Before fix, the objdump result on ARM64:
      0000000000000000 <net_sysctl_init>:
         0:   a9be7bfd        stp     x29, x30, [sp,#-32]!
         4:   90000001        adrp    x1, 0 <net_sysctl_init>
         8:   90000000        adrp    x0, 0 <net_sysctl_init>
         c:   910003fd        mov     x29, sp
        10:   91000021        add     x1, x1, #0x0
        14:   91000000        add     x0, x0, #0x0
        18:   a90153f3        stp     x19, x20, [sp,#16]
        1c:   12800174        mov     w20, #0xfffffff4                // #-12
        20:   94000000        bl      0 <register_sysctl>
        24:   b4000120        cbz     x0, 48 <net_sysctl_init+0x48>
        28:   90000013        adrp    x19, 0 <net_sysctl_init>
        2c:   91000273        add     x19, x19, #0x0
        30:   9101a260        add     x0, x19, #0x68
        34:   94000000        bl      0 <register_pernet_subsys>
        38:   2a0003f4        mov     w20, w0
        3c:   35000060        cbnz    w0, 48 <net_sysctl_init+0x48>
        40:   aa1303e0        mov     x0, x19
        44:   94000000        bl      0 <register_sysctl_root>
        48:   2a1403e0        mov     w0, w20
        4c:   a94153f3        ldp     x19, x20, [sp,#16]
        50:   a8c27bfd        ldp     x29, x30, [sp],#32
        54:   d65f03c0        ret
      After:
      0000000000000000 <net_sysctl_init>:
         0:   a9bd7bfd        stp     x29, x30, [sp,#-48]!
         4:   90000000        adrp    x0, 0 <net_sysctl_init>
         8:   910003fd        mov     x29, sp
         c:   a90153f3        stp     x19, x20, [sp,#16]
        10:   90000013        adrp    x19, 0 <net_sysctl_init>
        14:   91000000        add     x0, x0, #0x0
        18:   91000273        add     x19, x19, #0x0
        1c:   f90013f5        str     x21, [sp,#32]
        20:   aa1303e1        mov     x1, x19
        24:   12800175        mov     w21, #0xfffffff4                // #-12
        28:   94000000        bl      0 <register_sysctl>
        2c:   f9002260        str     x0, [x19,#64]
        30:   b40001a0        cbz     x0, 64 <net_sysctl_init+0x64>
        34:   90000014        adrp    x20, 0 <net_sysctl_init>
        38:   91000294        add     x20, x20, #0x0
        3c:   9101a280        add     x0, x20, #0x68
        40:   94000000        bl      0 <register_pernet_subsys>
        44:   2a0003f5        mov     w21, w0
        48:   35000080        cbnz    w0, 58 <net_sysctl_init+0x58>
        4c:   aa1403e0        mov     x0, x20
        50:   94000000        bl      0 <register_sysctl_root>
        54:   14000004        b       64 <net_sysctl_init+0x64>
        58:   f9402260        ldr     x0, [x19,#64]
        5c:   94000000        bl      0 <unregister_sysctl_table>
        60:   f900227f        str     xzr, [x19,#64]
        64:   2a1503e0        mov     w0, w21
        68:   f94013f5        ldr     x21, [sp,#32]
        6c:   a94153f3        ldp     x19, x20, [sp,#16]
        70:   a8c37bfd        ldp     x29, x30, [sp],#48
        74:   d65f03c0        ret
      
      Add the possible error handle to free the net_header to remove the
      kmemleak warning
      Signed-off-by: 's avatarLi RongQing <roy.qing.li@gmail.com>
      Signed-off-by: 's avatarDavid S. Miller <davem@davemloft.net>
      ce9d9b8e
  7. 07 Oct, 2013 1 commit
    • Eric W. Biederman's avatar
      net: Update the sysctl permissions handler to test effective uid/gid · 88ba09df
      Eric W. Biederman authored
      On Tue, 20 Aug 2013 11:40:04 -0500 Eric Sandeen <sandeen@redhat.com> wrote:
      > This was brought up in a Red Hat bug (which may be marked private, I'm sorry):
      >
      > Bug 987055 - open O_WRONLY succeeds on some root owned files in /proc for process running with unprivileged EUID
      >
      > "On RHEL7 some of the files in /proc can be opened for writing by an unprivileged EUID."
      >
      > The flaw existed upstream as well last I checked.
      >
      > This commit in kernel v3.8 caused the regression:
      >
      > commit cff10976
      > Author: Eric W. Biederman <ebiederm@xmission.com>
      > Date:   Fri Nov 16 03:03:01 2012 +0000
      >
      >     net: Update the per network namespace sysctls to be available to the network namespace owner
      >
      >     - Allow anyone with CAP_NET_ADMIN rights in the user namespace of the
      >       the netowrk namespace to change sysctls.
      >     - Allow anyone the uid of the user namespace root the same
      >       permissions over the network namespace sysctls as the global root.
      >     - Allow anyone with gid of the user namespace root group the same
      >       permissions over the network namespace sysctl as the global root group.
      >
      >     Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
      >     Signed-off-by: David S. Miller <davem@davemloft.net>
      >
      > because it changed /sys/net's special permission handler to test current_uid, not
      > current_euid; same for current_gid/current_egid.
      >
      > So in this case, root cannot drop privs via set[ug]id, and retains all privs
      > in this codepath.
      
      Modify the code to use current_euid(), and in_egroup_p, as in done
      in fs/proc/proc_sysctl.c:test_perm()
      
      Cc: stable@vger.kernel.org
      Reviewed-by: 's avatarEric Sandeen <sandeen@redhat.com>
      Reported-by: 's avatarEric Sandeen <sandeen@redhat.com>
      Signed-off-by: 's avatar"Eric W. Biederman" <ebiederm@xmission.com>
      Signed-off-by: 's avatarDavid S. Miller <davem@davemloft.net>
      88ba09df
  8. 06 Oct, 2013 1 commit
  9. 19 Nov, 2012 3 commits
  10. 16 May, 2012 1 commit
    • Paul Gortmaker's avatar
      net: delete all instances of special processing for token ring · 211ed865
      Paul Gortmaker authored
      We are going to delete the Token ring support.  This removes any
      special processing in the core networking for token ring, (aside
      from net/tr.c itself), leaving the drivers and remaining tokenring
      support present but inert.
      
      The mass removal of the drivers and net/tr.c will be in a separate
      commit, so that the history of these files that we still care
      about won't have the giant deletion tied into their history.
      Signed-off-by: 's avatarPaul Gortmaker <paul.gortmaker@windriver.com>
      211ed865
  11. 21 Apr, 2012 5 commits
  12. 25 Jan, 2012 5 commits
  13. 31 Oct, 2011 1 commit
  14. 18 May, 2010 1 commit
  15. 18 Jan, 2010 1 commit
  16. 16 Mar, 2009 1 commit
  17. 27 Jul, 2008 3 commits
    • Al Viro's avatar
      missing bits of net-namespace / sysctl · eeb61f71
      Al Viro authored
      Piss-poor sysctl registration API strikes again, film at 11...
      
      What we really need is _pathname_ required to be present in already
      registered table, so that kernel could warn about bad order.  That's the
      next target for sysctl stuff (and generally saner and more explicit
      order of initialization of ipv[46] internals wouldn't hurt either).
      
      For the time being, here are full fixups required by ..._rotable()
      stuff; we make per-net sysctl sets descendents of "ro" one and make sure
      that sufficient skeleton is there before we start registering per-net
      sysctls.
      Signed-off-by: 's avatarAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: 's avatarLinus Torvalds <torvalds@linux-foundation.org>
      eeb61f71
    • Al Viro's avatar
      net: missing bits of net-namespace / sysctl · 6f9f489a
      Al Viro authored
      Piss-poor sysctl registration API strikes again, film at 11...
      What we really need is _pathname_ required to be present in
      already registered table, so that kernel could warn about bad
      order.  That's the next target for sysctl stuff (and generally
      saner and more explicit order of initialization of ipv[46]
      internals wouldn't hurt either).
      
      For the time being, here are full fixups required by ..._rotable()
      stuff; we make per-net sysctl sets descendents of "ro" one and
      make sure that sufficient skeleton is there before we start registering
      per-net sysctls.
      Signed-off-by: 's avatarAl Viro <viro@zeniv.linux.org.uk>
      Signed-off-by: 's avatarDavid S. Miller <davem@davemloft.net>
      6f9f489a
    • Al Viro's avatar
      [PATCH] beginning of sysctl cleanup - ctl_table_set · 73455092
      Al Viro authored
      New object: set of sysctls [currently - root and per-net-ns].
      Contains: pointer to parent set, list of tables and "should I see this set?"
      method (->is_seen(set)).
      Current lists of tables are subsumed by that; net-ns contains such a beast.
      ->lookup() for ctl_table_root returns pointer to ctl_table_set instead of
      that to ->list of that ctl_table_set.
      
      [folded compile fixes by rdd for configs without sysctl]
      Signed-off-by: 's avatarAl Viro <viro@zeniv.linux.org.uk>
      73455092
  18. 25 Jul, 2008 1 commit
    • Stephen Hemminger's avatar
      sysctl: allow override of /proc/sys/net with CAP_NET_ADMIN · 4ecb9009
      Stephen Hemminger authored
      Extend the permission check for networking sysctl's to allow modification
      when current process has CAP_NET_ADMIN capability and is not root.  This
      version uses the until now unused permissions hook to override the mode
      value for /proc/sys/net if accessed by a user with capabilities.
      
      Found while working with Quagga.  It is impossible to turn forwarding
      on/off through the command interface because Quagga uses secure coding
      practice of dropping privledges during initialization and only raising via
      capabilities when necessary.  Since the dameon has reset real/effective
      uid after initialization, all attempts to access /proc/sys/net variables
      will fail.
      Signed-off-by: 's avatarStephen Hemminger <shemminger@vyatta.com>
      Acked-by: 's avatar"Eric W. Biederman" <ebiederm@xmission.com>
      Cc: Chris Wright <chrisw@sous-sol.org>
      Cc: Alexey Dobriyan <adobriyan@gmail.com>
      Cc: Andrew Morgan <morgan@kernel.org>
      Cc: Pavel Emelyanov <xemul@openvz.org>
      Cc: "David S. Miller" <davem@davemloft.net>
      Signed-off-by: 's avatarAndrew Morton <akpm@linux-foundation.org>
      Signed-off-by: 's avatarLinus Torvalds <torvalds@linux-foundation.org>
      4ecb9009
  19. 12 Jun, 2008 1 commit
  20. 19 May, 2008 1 commit
  21. 01 May, 2008 1 commit
  22. 28 Jan, 2008 5 commits
  23. 30 Jun, 2006 1 commit
  24. 05 Jun, 2006 1 commit