Re: [PATCH v2 11/14] networking: Update to register_net_sysctl_sz

Joel Granados <joel.granados@xxxxxxxxx> · Tue, 8 Aug 2023 17:23:38 +0200



On Tue, Aug 08, 2023 at 01:20:36PM +0200, Przemek Kitszel wrote:
> On 7/31/23 09:17, Joel Granados wrote:
> > Move from register_net_sysctl to register_net_sysctl_sz for all the
> > networking related files. Do this while making sure to mirror the NULL
> > assignments with a table_size of zero for the unprivileged users.
> > 
> > We need to move to the new function in preparation for when we change
> > SIZE_MAX to ARRAY_SIZE() in the register_net_sysctl macro. Failing to do
> > so would erroneously allow ARRAY_SIZE() to be called on a pointer. We
> > hold off the SIZE_MAX to ARRAY_SIZE change until we have migrated all
> > the relevant net sysctl registering functions to register_net_sysctl_sz
> > in subsequent commits.
> > 
> > An additional size function was added to the following files in order to
> > calculate the size of an array that is defined in another file:
> >      include/net/ipv6.h
> >      net/ipv6/icmp.c
> >      net/ipv6/route.c

...

> > diff --git a/net/ipv6/route.c b/net/ipv6/route.c
> > index 64e873f5895f..51c6cdae8723 100644
> > --- a/net/ipv6/route.c
> > +++ b/net/ipv6/route.c
> > @@ -6447,14 +6447,19 @@ struct ctl_table * __net_init ipv6_route_sysctl_init(struct net *net)
> >   		table[8].data = &net->ipv6.sysctl.ip6_rt_min_advmss;
> >   		table[9].data = &net->ipv6.sysctl.ip6_rt_gc_min_interval;
> >   		table[10].data = &net->ipv6.sysctl.skip_notify_on_dev_down;
> > -
> > -		/* Don't export sysctls to unprivileged users */
> > -		if (net->user_ns != &init_user_ns)
> > -			table[1].procname = NULL;
Here I remove the setting of the procname to NULL for ipv6 sysctl
registers in route.c and I do not replace that assignment anywhere.
This means that we will export sysctls to unprivilged users for ipv6.
I'll correct this in V3.

> >   	}
> >   	return table;
> >   }
> > +
> > +size_t ipv6_route_sysctl_table_size(struct net *net)
> > +{
> > +	/* Don't export sysctls to unprivileged users */
> > +	if (net->user_ns != &init_user_ns)
> > +		return 0;
> > +
> > +	return ARRAY_SIZE(ipv6_route_table_template);
> > +}
> >   #endif
> >   static int __net_init ip6_route_net_init(struct net *net)

-- 

Joel Granados
Attachment:
signature.asc

Description: PGP signature