From ab41a2ca50d27ee2dc8b9eef07aeb251168271be Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Thu, 19 Apr 2012 13:18:47 +0000 Subject: net: Implement register_net_sysctl. Right now all of the networking sysctl registrations are running in a compatibiity mode. The natvie sysctl registration api takes a cstring for a path and a simple ctl_table. Implement register_net_sysctl so that we can register network sysctls without needing to use compatiblity code in the sysctl core. Switching from a ctl_path to a cstring results in less boiler plate and denser code that is a little easier to read. I would simply have changed the arguments to register_net_sysctl_table instead of keeping two functions in parallel but gcc will allow a ctl_path pointer to be passed to a char * pointer with only issuing a warning resulting in completely incorrect code can be built. Since I have to change the function name I am taking advantage of the situation to let both register_net_sysctl and register_net_sysctl_table live for a short time in parallel which makes clean conversion patches a bit easier to read and write. Signed-off-by: Eric W. Biederman Acked-by: Pavel Emelyanov Signed-off-by: David S. Miller --- net/sysctl_net.c | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'net/sysctl_net.c') diff --git a/net/sysctl_net.c b/net/sysctl_net.c index c3e65aebecc0..3865c4f76b82 100644 --- a/net/sysctl_net.c +++ b/net/sysctl_net.c @@ -117,6 +117,13 @@ struct ctl_table_header *register_net_sysctl_rotable(const } EXPORT_SYMBOL_GPL(register_net_sysctl_rotable); +struct ctl_table_header *register_net_sysctl(struct net *net, + const char *path, struct ctl_table *table) +{ + return __register_sysctl_table(&net->sysctls, path, table); +} +EXPORT_SYMBOL_GPL(register_net_sysctl); + void unregister_net_sysctl_table(struct ctl_table_header *header) { unregister_sysctl_table(header); -- cgit v1.2.3 From bc8a36942a5c05896d373a8e98d5e6b14514b4bc Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Thu, 19 Apr 2012 13:19:46 +0000 Subject: net sysctl: Register an empty /proc/sys/net Implementation limitations of the sysctl core won't let /proc/sys/net reside in a network namespace. /proc/sys/net at least must be registered as a normal sysctl. So register /proc/sys/net early as an empty directory to guarantee we don't violate this constraint and hit bugs in the sysctl implementation. Signed-off-by: Eric W. Biederman Acked-by: Pavel Emelyanov Signed-off-by: David S. Miller --- net/sysctl_net.c | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'net/sysctl_net.c') diff --git a/net/sysctl_net.c b/net/sysctl_net.c index 3865c4f76b82..2b2986dd04ae 100644 --- a/net/sysctl_net.c +++ b/net/sysctl_net.c @@ -88,9 +88,18 @@ static struct pernet_operations sysctl_pernet_ops = { .exit = sysctl_net_exit, }; +static struct ctl_table_header *net_header; static __init int net_sysctl_init(void) { - int ret; + static struct ctl_table empty[1]; + int ret = -ENOMEM; + /* Avoid limitations in the sysctl implementation by + * registering "/proc/sys/net" as an empty directory not in a + * network namespace. + */ + net_header = register_sysctl("net", empty); + if (!net_header) + goto out; ret = register_pernet_subsys(&sysctl_pernet_ops); if (ret) goto out; -- cgit v1.2.3 From 2ca794e5e86c800d7f98c4ebb8bd325099c0afe8 Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Thu, 19 Apr 2012 13:20:32 +0000 Subject: net sysctl: Initialize the network sysctls sooner to avoid problems. If the netfilter code is modified to use register_net_sysctl_table the kernel fails to boot because the per net sysctl infrasturce is not setup soon enough. So to avoid races call net_sysctl_init from sock_init(). Signed-off-by: Eric W. Biederman Acked-by: Pavel Emelyanov Signed-off-by: David S. Miller --- net/sysctl_net.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'net/sysctl_net.c') diff --git a/net/sysctl_net.c b/net/sysctl_net.c index 2b2986dd04ae..ce97237b653f 100644 --- a/net/sysctl_net.c +++ b/net/sysctl_net.c @@ -89,7 +89,7 @@ static struct pernet_operations sysctl_pernet_ops = { }; static struct ctl_table_header *net_header; -static __init int net_sysctl_init(void) +__init int net_sysctl_init(void) { static struct ctl_table empty[1]; int ret = -ENOMEM; @@ -109,7 +109,6 @@ static __init int net_sysctl_init(void) out: return ret; } -subsys_initcall(net_sysctl_init); struct ctl_table_header *register_net_sysctl_table(struct net *net, const struct ctl_path *path, struct ctl_table *table) -- cgit v1.2.3 From 4344475797a16ef948385780943f7a5cf09f0675 Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Thu, 19 Apr 2012 13:22:55 +0000 Subject: net: Kill register_sysctl_rotable register_sysctl_rotable never caught on as an interesting way to register sysctls. My take on the situation is that what we want are sysctls that we can only see in the initial network namespace. What we have implemented with register_sysctl_rotable are sysctls that we can see in all of the network namespaces and can only change in the initial network namespace. That is a very silly way to go. Just register the network sysctls in the initial network namespace and we don't have any weird special cases to deal with. The sysctls affected are: /proc/sys/net/ipv4/ipfrag_secret_interval /proc/sys/net/ipv4/ipfrag_max_dist /proc/sys/net/ipv6/ip6frag_secret_interval /proc/sys/net/ipv6/mld_max_msf I really don't expect anyone will miss them if they can't read them in a child user namespace. CC: Pavel Emelyanov Signed-off-by: Eric W. Biederman Acked-by: Pavel Emelyanov Signed-off-by: David S. Miller --- net/sysctl_net.c | 23 ----------------------- 1 file changed, 23 deletions(-) (limited to 'net/sysctl_net.c') diff --git a/net/sysctl_net.c b/net/sysctl_net.c index ce97237b653f..2b8d1d950987 100644 --- a/net/sysctl_net.c +++ b/net/sysctl_net.c @@ -59,19 +59,6 @@ static struct ctl_table_root net_sysctl_root = { .permissions = net_ctl_permissions, }; -static int net_ctl_ro_header_perms(struct ctl_table_root *root, - struct nsproxy *namespaces, struct ctl_table *table) -{ - if (net_eq(namespaces->net_ns, &init_net)) - return table->mode; - else - return table->mode & ~0222; -} - -static struct ctl_table_root net_sysctl_ro_root = { - .permissions = net_ctl_ro_header_perms, -}; - static int __net_init sysctl_net_init(struct net *net) { setup_sysctl_set(&net->sysctls, &net_sysctl_root, is_seen); @@ -103,8 +90,6 @@ __init int net_sysctl_init(void) ret = register_pernet_subsys(&sysctl_pernet_ops); if (ret) goto out; - setup_sysctl_set(&net_sysctl_ro_root.default_set, &net_sysctl_ro_root, NULL); - register_sysctl_root(&net_sysctl_ro_root); register_sysctl_root(&net_sysctl_root); out: return ret; @@ -117,14 +102,6 @@ struct ctl_table_header *register_net_sysctl_table(struct net *net, } EXPORT_SYMBOL_GPL(register_net_sysctl_table); -struct ctl_table_header *register_net_sysctl_rotable(const - struct ctl_path *path, struct ctl_table *table) -{ - return __register_sysctl_paths(&net_sysctl_ro_root.default_set, - path, table); -} -EXPORT_SYMBOL_GPL(register_net_sysctl_rotable); - struct ctl_table_header *register_net_sysctl(struct net *net, const char *path, struct ctl_table *table) { -- cgit v1.2.3 From 5f568e5afe35721f2f692bccab243ba87cd8f87a Mon Sep 17 00:00:00 2001 From: "Eric W. Biederman" Date: Thu, 19 Apr 2012 13:46:06 +0000 Subject: net: Remove register_net_sysctl_table All of the users have been converted to use registera_net_sysctl so we no longer need register_net_sysctl. Signed-off-by: Eric W. Biederman Acked-by: Pavel Emelyanov Signed-off-by: David S. Miller --- net/sysctl_net.c | 7 ------- 1 file changed, 7 deletions(-) (limited to 'net/sysctl_net.c') diff --git a/net/sysctl_net.c b/net/sysctl_net.c index 2b8d1d950987..f3e813a8d107 100644 --- a/net/sysctl_net.c +++ b/net/sysctl_net.c @@ -95,13 +95,6 @@ out: return ret; } -struct ctl_table_header *register_net_sysctl_table(struct net *net, - const struct ctl_path *path, struct ctl_table *table) -{ - return __register_sysctl_paths(&net->sysctls, path, table); -} -EXPORT_SYMBOL_GPL(register_net_sysctl_table); - struct ctl_table_header *register_net_sysctl(struct net *net, const char *path, struct ctl_table *table) { -- cgit v1.2.3 From 211ed865108e24697b44bee5daac502ee6bdd4a4 Mon Sep 17 00:00:00 2001 From: Paul Gortmaker Date: Thu, 10 May 2012 17:14:35 -0400 Subject: net: delete all instances of special processing for token ring We are going to delete the Token ring support. This removes any special processing in the core networking for token ring, (aside from net/tr.c itself), leaving the drivers and remaining tokenring support present but inert. The mass removal of the drivers and net/tr.c will be in a separate commit, so that the history of these files that we still care about won't have the giant deletion tied into their history. Signed-off-by: Paul Gortmaker --- net/sysctl_net.c | 4 ---- 1 file changed, 4 deletions(-) (limited to 'net/sysctl_net.c') diff --git a/net/sysctl_net.c b/net/sysctl_net.c index f3e813a8d107..e3a6e37cd1c5 100644 --- a/net/sysctl_net.c +++ b/net/sysctl_net.c @@ -26,10 +26,6 @@ #include #endif -#ifdef CONFIG_TR -#include -#endif - static struct ctl_table_set * net_ctl_header_lookup(struct ctl_table_root *root, struct nsproxy *namespaces) { -- cgit v1.2.3