1 // SPDX-License-Identifier: GPL-2.0-only
2 /*
3 * sysctl.c: General linux system control interface
4 *
5 * Begun 24 March 1995, Stephen Tweedie
6 * Added /proc support, Dec 1995
7 * Added bdflush entry and intvec min/max checking, 2/23/96, Tom Dyas.
8 * Added hooks for /proc/sys/net (minor, minor patch), 96/4/1, Mike Shaver.
9 * Added kernel/java-{interpreter,appletviewer}, 96/5/10, Mike Shaver.
10 * Dynamic registration fixes, Stephen Tweedie.
11 * Added kswapd-interval, ctrl-alt-del, printk stuff, 1/8/97, Chris Horn.
12 * Made sysctl support optional via CONFIG_SYSCTL, 1/10/97, Chris
13 * Horn.
14 * Added proc_doulongvec_ms_jiffies_minmax, 09/08/99, Carlos H. Bauer.
15 * Added proc_doulongvec_minmax, 09/08/99, Carlos H. Bauer.
16 * Changed linked lists to use list.h instead of lists.h, 02/24/00, Bill
17 * Wendling.
18 * The list_for_each() macro wasn't appropriate for the sysctl loop.
19 * Removed it and replaced it with older style, 03/23/00, Bill Wendling
20 */
21
22 #include <linux/module.h>
23 #include <linux/sysctl.h>
24 #include <linux/bitmap.h>
25 #include <linux/signal.h>
26 #include <linux/panic.h>
27 #include <linux/printk.h>
28 #include <linux/proc_fs.h>
29 #include <linux/security.h>
30 #include <linux/ctype.h>
31 #include <linux/filter.h>
32 #include <linux/fs.h>
33 #include <linux/init.h>
34 #include <linux/kernel.h>
35 #include <linux/kobject.h>
36 #include <linux/net.h>
37 #include <linux/sysrq.h>
38 #include <linux/highuid.h>
39 #include <linux/writeback.h>
40 #include <linux/ratelimit.h>
41 #include <linux/initrd.h>
42 #include <linux/key.h>
43 #include <linux/times.h>
44 #include <linux/limits.h>
45 #include <linux/syscalls.h>
46 #include <linux/nfs_fs.h>
47 #include <linux/acpi.h>
48 #include <linux/reboot.h>
49 #include <linux/ftrace.h>
50 #include <linux/kmod.h>
51 #include <linux/capability.h>
52 #include <linux/binfmts.h>
53 #include <linux/sched/sysctl.h>
54 #include <linux/mount.h>
55 #include <linux/pid.h>
56
57 #include "../lib/kstrtox.h"
58
59 #include <linux/uaccess.h>
60 #include <asm/processor.h>
61
62 #ifdef CONFIG_X86
63 #include <asm/nmi.h>
64 #include <asm/stacktrace.h>
65 #include <asm/io.h>
66 #endif
67 #ifdef CONFIG_SPARC
68 #include <asm/setup.h>
69 #endif
70 #ifdef CONFIG_RT_MUTEXES
71 #include <linux/rtmutex.h>
72 #endif
73
74 /* shared constants to be used in various sysctls */
75 const int sysctl_vals[] = { 0, 1, 2, 3, 4, 100, 200, 1000, 3000, INT_MAX, 65535, -1 };
76 EXPORT_SYMBOL(sysctl_vals);
77
78 const unsigned long sysctl_long_vals[] = { 0, 1, LONG_MAX };
79 EXPORT_SYMBOL_GPL(sysctl_long_vals);
80
81 #if defined(CONFIG_SYSCTL)
82
83 /* Constants used for minimum and maximum */
84 static const int ngroups_max = NGROUPS_MAX;
85 static const int cap_last_cap = CAP_LAST_CAP;
86
87 #ifdef CONFIG_PROC_SYSCTL
88
89 /**
90 * enum sysctl_writes_mode - supported sysctl write modes
91 *
92 * @SYSCTL_WRITES_LEGACY: each write syscall must fully contain the sysctl value
93 * to be written, and multiple writes on the same sysctl file descriptor
94 * will rewrite the sysctl value, regardless of file position. No warning
95 * is issued when the initial position is not 0.
96 * @SYSCTL_WRITES_WARN: same as above but warn when the initial file position is
97 * not 0.
98 * @SYSCTL_WRITES_STRICT: writes to numeric sysctl entries must always be at
99 * file position 0 and the value must be fully contained in the buffer
100 * sent to the write syscall. If dealing with strings respect the file
101 * position, but restrict this to the max length of the buffer, anything
102 * passed the max length will be ignored. Multiple writes will append
103 * to the buffer.
104 *
105 * These write modes control how current file position affects the behavior of
106 * updating sysctl values through the proc interface on each write.
107 */
108 enum sysctl_writes_mode {
109 SYSCTL_WRITES_LEGACY = -1,
110 SYSCTL_WRITES_WARN = 0,
111 SYSCTL_WRITES_STRICT = 1,
112 };
113
114 static enum sysctl_writes_mode sysctl_writes_strict = SYSCTL_WRITES_STRICT;
115 #endif /* CONFIG_PROC_SYSCTL */
116 #endif /* CONFIG_SYSCTL */
117
118 /*
119 * /proc/sys support
120 */
121
122 #ifdef CONFIG_PROC_SYSCTL
123
_proc_do_string(char * data,int maxlen,int write,char * buffer,size_t * lenp,loff_t * ppos)124 static int _proc_do_string(char *data, int maxlen, int write,
125 char *buffer, size_t *lenp, loff_t *ppos)
126 {
127 size_t len;
128 char c, *p;
129
130 if (!data || !maxlen || !*lenp) {
131 *lenp = 0;
132 return 0;
133 }
134
135 if (write) {
136 if (sysctl_writes_strict == SYSCTL_WRITES_STRICT) {
137 /* Only continue writes not past the end of buffer. */
138 len = strlen(data);
139 if (len > maxlen - 1)
140 len = maxlen - 1;
141
142 if (*ppos > len)
143 return 0;
144 len = *ppos;
145 } else {
146 /* Start writing from beginning of buffer. */
147 len = 0;
148 }
149
150 *ppos += *lenp;
151 p = buffer;
152 while ((p - buffer) < *lenp && len < maxlen - 1) {
153 c = *(p++);
154 if (c == 0 || c == '\n')
155 break;
156 data[len++] = c;
157 }
158 data[len] = 0;
159 } else {
160 len = strlen(data);
161 if (len > maxlen)
162 len = maxlen;
163
164 if (*ppos > len) {
165 *lenp = 0;
166 return 0;
167 }
168
169 data += *ppos;
170 len -= *ppos;
171
172 if (len > *lenp)
173 len = *lenp;
174 if (len)
175 memcpy(buffer, data, len);
176 if (len < *lenp) {
177 buffer[len] = '\n';
178 len++;
179 }
180 *lenp = len;
181 *ppos += len;
182 }
183 return 0;
184 }
185
warn_sysctl_write(const struct ctl_table * table)186 static void warn_sysctl_write(const struct ctl_table *table)
187 {
188 pr_warn_once("%s wrote to %s when file position was not 0!\n"
189 "This will not be supported in the future. To silence this\n"
190 "warning, set kernel.sysctl_writes_strict = -1\n",
191 current->comm, table->procname);
192 }
193
194 /**
195 * proc_first_pos_non_zero_ignore - check if first position is allowed
196 * @ppos: file position
197 * @table: the sysctl table
198 *
199 * Returns true if the first position is non-zero and the sysctl_writes_strict
200 * mode indicates this is not allowed for numeric input types. String proc
201 * handlers can ignore the return value.
202 */
proc_first_pos_non_zero_ignore(loff_t * ppos,const struct ctl_table * table)203 static bool proc_first_pos_non_zero_ignore(loff_t *ppos,
204 const struct ctl_table *table)
205 {
206 if (!*ppos)
207 return false;
208
209 switch (sysctl_writes_strict) {
210 case SYSCTL_WRITES_STRICT:
211 return true;
212 case SYSCTL_WRITES_WARN:
213 warn_sysctl_write(table);
214 return false;
215 default:
216 return false;
217 }
218 }
219
220 /**
221 * proc_dostring - read a string sysctl
222 * @table: the sysctl table
223 * @write: %TRUE if this is a write to the sysctl file
224 * @buffer: the user buffer
225 * @lenp: the size of the user buffer
226 * @ppos: file position
227 *
228 * Reads/writes a string from/to the user buffer. If the kernel
229 * buffer provided is not large enough to hold the string, the
230 * string is truncated. The copied string is %NULL-terminated.
231 * If the string is being read by the user process, it is copied
232 * and a newline '\n' is added. It is truncated if the buffer is
233 * not large enough.
234 *
235 * Returns 0 on success.
236 */
proc_dostring(const struct ctl_table * table,int write,void * buffer,size_t * lenp,loff_t * ppos)237 int proc_dostring(const struct ctl_table *table, int write,
238 void *buffer, size_t *lenp, loff_t *ppos)
239 {
240 if (write)
241 proc_first_pos_non_zero_ignore(ppos, table);
242
243 return _proc_do_string(table->data, table->maxlen, write, buffer, lenp,
244 ppos);
245 }
246
proc_skip_spaces(char ** buf,size_t * size)247 static void proc_skip_spaces(char **buf, size_t *size)
248 {
249 while (*size) {
250 if (!isspace(**buf))
251 break;
252 (*size)--;
253 (*buf)++;
254 }
255 }
256
proc_skip_char(char ** buf,size_t * size,const char v)257 static void proc_skip_char(char **buf, size_t *size, const char v)
258 {
259 while (*size) {
260 if (**buf != v)
261 break;
262 (*size)--;
263 (*buf)++;
264 }
265 }
266
267 /**
268 * strtoul_lenient - parse an ASCII formatted integer from a buffer and only
269 * fail on overflow
270 *
271 * @cp: kernel buffer containing the string to parse
272 * @endp: pointer to store the trailing characters
273 * @base: the base to use
274 * @res: where the parsed integer will be stored
275 *
276 * In case of success 0 is returned and @res will contain the parsed integer,
277 * @endp will hold any trailing characters.
278 * This function will fail the parse on overflow. If there wasn't an overflow
279 * the function will defer the decision what characters count as invalid to the
280 * caller.
281 */
strtoul_lenient(const char * cp,char ** endp,unsigned int base,unsigned long * res)282 static int strtoul_lenient(const char *cp, char **endp, unsigned int base,
283 unsigned long *res)
284 {
285 unsigned long long result;
286 unsigned int rv;
287
288 cp = _parse_integer_fixup_radix(cp, &base);
289 rv = _parse_integer(cp, base, &result);
290 if ((rv & KSTRTOX_OVERFLOW) || (result != (unsigned long)result))
291 return -ERANGE;
292
293 cp += rv;
294
295 if (endp)
296 *endp = (char *)cp;
297
298 *res = (unsigned long)result;
299 return 0;
300 }
301
302 #define TMPBUFLEN 22
303 /**
304 * proc_get_long - reads an ASCII formatted integer from a user buffer
305 *
306 * @buf: a kernel buffer
307 * @size: size of the kernel buffer
308 * @val: this is where the number will be stored
309 * @neg: set to %TRUE if number is negative
310 * @perm_tr: a vector which contains the allowed trailers
311 * @perm_tr_len: size of the perm_tr vector
312 * @tr: pointer to store the trailer character
313 *
314 * In case of success %0 is returned and @buf and @size are updated with
315 * the amount of bytes read. If @tr is non-NULL and a trailing
316 * character exists (size is non-zero after returning from this
317 * function), @tr is updated with the trailing character.
318 */
proc_get_long(char ** buf,size_t * size,unsigned long * val,bool * neg,const char * perm_tr,unsigned perm_tr_len,char * tr)319 static int proc_get_long(char **buf, size_t *size,
320 unsigned long *val, bool *neg,
321 const char *perm_tr, unsigned perm_tr_len, char *tr)
322 {
323 char *p, tmp[TMPBUFLEN];
324 ssize_t len = *size;
325
326 if (len <= 0)
327 return -EINVAL;
328
329 if (len > TMPBUFLEN - 1)
330 len = TMPBUFLEN - 1;
331
332 memcpy(tmp, *buf, len);
333
334 tmp[len] = 0;
335 p = tmp;
336 if (*p == '-' && *size > 1) {
337 *neg = true;
338 p++;
339 } else
340 *neg = false;
341 if (!isdigit(*p))
342 return -EINVAL;
343
344 if (strtoul_lenient(p, &p, 0, val))
345 return -EINVAL;
346
347 len = p - tmp;
348
349 /* We don't know if the next char is whitespace thus we may accept
350 * invalid integers (e.g. 1234...a) or two integers instead of one
351 * (e.g. 123...1). So lets not allow such large numbers. */
352 if (len == TMPBUFLEN - 1)
353 return -EINVAL;
354
355 if (len < *size && perm_tr_len && !memchr(perm_tr, *p, perm_tr_len))
356 return -EINVAL;
357
358 if (tr && (len < *size))
359 *tr = *p;
360
361 *buf += len;
362 *size -= len;
363
364 return 0;
365 }
366
367 /**
368 * proc_put_long - converts an integer to a decimal ASCII formatted string
369 *
370 * @buf: the user buffer
371 * @size: the size of the user buffer
372 * @val: the integer to be converted
373 * @neg: sign of the number, %TRUE for negative
374 *
375 * In case of success @buf and @size are updated with the amount of bytes
376 * written.
377 */
proc_put_long(void ** buf,size_t * size,unsigned long val,bool neg)378 static void proc_put_long(void **buf, size_t *size, unsigned long val, bool neg)
379 {
380 int len;
381 char tmp[TMPBUFLEN], *p = tmp;
382
383 sprintf(p, "%s%lu", neg ? "-" : "", val);
384 len = strlen(tmp);
385 if (len > *size)
386 len = *size;
387 memcpy(*buf, tmp, len);
388 *size -= len;
389 *buf += len;
390 }
391 #undef TMPBUFLEN
392
proc_put_char(void ** buf,size_t * size,char c)393 static void proc_put_char(void **buf, size_t *size, char c)
394 {
395 if (*size) {
396 char **buffer = (char **)buf;
397 **buffer = c;
398
399 (*size)--;
400 (*buffer)++;
401 *buf = *buffer;
402 }
403 }
404
do_proc_dointvec_conv(bool * negp,unsigned long * lvalp,int * valp,int write,void * data)405 static int do_proc_dointvec_conv(bool *negp, unsigned long *lvalp,
406 int *valp,
407 int write, void *data)
408 {
409 if (write) {
410 if (*negp) {
411 if (*lvalp > (unsigned long) INT_MAX + 1)
412 return -EINVAL;
413 WRITE_ONCE(*valp, -*lvalp);
414 } else {
415 if (*lvalp > (unsigned long) INT_MAX)
416 return -EINVAL;
417 WRITE_ONCE(*valp, *lvalp);
418 }
419 } else {
420 int val = READ_ONCE(*valp);
421 if (val < 0) {
422 *negp = true;
423 *lvalp = -(unsigned long)val;
424 } else {
425 *negp = false;
426 *lvalp = (unsigned long)val;
427 }
428 }
429 return 0;
430 }
431
do_proc_douintvec_conv(unsigned long * lvalp,unsigned int * valp,int write,void * data)432 static int do_proc_douintvec_conv(unsigned long *lvalp,
433 unsigned int *valp,
434 int write, void *data)
435 {
436 if (write) {
437 if (*lvalp > UINT_MAX)
438 return -EINVAL;
439 WRITE_ONCE(*valp, *lvalp);
440 } else {
441 unsigned int val = READ_ONCE(*valp);
442 *lvalp = (unsigned long)val;
443 }
444 return 0;
445 }
446
447 static const char proc_wspace_sep[] = { ' ', '\t', '\n' };
448
__do_proc_dointvec(void * tbl_data,const struct ctl_table * table,int write,void * buffer,size_t * lenp,loff_t * ppos,int (* conv)(bool * negp,unsigned long * lvalp,int * valp,int write,void * data),void * data)449 static int __do_proc_dointvec(void *tbl_data, const struct ctl_table *table,
450 int write, void *buffer,
451 size_t *lenp, loff_t *ppos,
452 int (*conv)(bool *negp, unsigned long *lvalp, int *valp,
453 int write, void *data),
454 void *data)
455 {
456 int *i, vleft, first = 1, err = 0;
457 size_t left;
458 char *p;
459
460 if (!tbl_data || !table->maxlen || !*lenp || (*ppos && !write)) {
461 *lenp = 0;
462 return 0;
463 }
464
465 i = (int *) tbl_data;
466 vleft = table->maxlen / sizeof(*i);
467 left = *lenp;
468
469 if (!conv)
470 conv = do_proc_dointvec_conv;
471
472 if (write) {
473 if (proc_first_pos_non_zero_ignore(ppos, table))
474 goto out;
475
476 if (left > PAGE_SIZE - 1)
477 left = PAGE_SIZE - 1;
478 p = buffer;
479 }
480
481 for (; left && vleft--; i++, first=0) {
482 unsigned long lval;
483 bool neg;
484
485 if (write) {
486 proc_skip_spaces(&p, &left);
487
488 if (!left)
489 break;
490 err = proc_get_long(&p, &left, &lval, &neg,
491 proc_wspace_sep,
492 sizeof(proc_wspace_sep), NULL);
493 if (err)
494 break;
495 if (conv(&neg, &lval, i, 1, data)) {
496 err = -EINVAL;
497 break;
498 }
499 } else {
500 if (conv(&neg, &lval, i, 0, data)) {
501 err = -EINVAL;
502 break;
503 }
504 if (!first)
505 proc_put_char(&buffer, &left, '\t');
506 proc_put_long(&buffer, &left, lval, neg);
507 }
508 }
509
510 if (!write && !first && left && !err)
511 proc_put_char(&buffer, &left, '\n');
512 if (write && !err && left)
513 proc_skip_spaces(&p, &left);
514 if (write && first)
515 return err ? : -EINVAL;
516 *lenp -= left;
517 out:
518 *ppos += *lenp;
519 return err;
520 }
521
do_proc_dointvec(const struct ctl_table * table,int write,void * buffer,size_t * lenp,loff_t * ppos,int (* conv)(bool * negp,unsigned long * lvalp,int * valp,int write,void * data),void * data)522 static int do_proc_dointvec(const struct ctl_table *table, int write,
523 void *buffer, size_t *lenp, loff_t *ppos,
524 int (*conv)(bool *negp, unsigned long *lvalp, int *valp,
525 int write, void *data),
526 void *data)
527 {
528 return __do_proc_dointvec(table->data, table, write,
529 buffer, lenp, ppos, conv, data);
530 }
531
do_proc_douintvec_w(unsigned int * tbl_data,const struct ctl_table * table,void * buffer,size_t * lenp,loff_t * ppos,int (* conv)(unsigned long * lvalp,unsigned int * valp,int write,void * data),void * data)532 static int do_proc_douintvec_w(unsigned int *tbl_data,
533 const struct ctl_table *table,
534 void *buffer,
535 size_t *lenp, loff_t *ppos,
536 int (*conv)(unsigned long *lvalp,
537 unsigned int *valp,
538 int write, void *data),
539 void *data)
540 {
541 unsigned long lval;
542 int err = 0;
543 size_t left;
544 bool neg;
545 char *p = buffer;
546
547 left = *lenp;
548
549 if (proc_first_pos_non_zero_ignore(ppos, table))
550 goto bail_early;
551
552 if (left > PAGE_SIZE - 1)
553 left = PAGE_SIZE - 1;
554
555 proc_skip_spaces(&p, &left);
556 if (!left) {
557 err = -EINVAL;
558 goto out_free;
559 }
560
561 err = proc_get_long(&p, &left, &lval, &neg,
562 proc_wspace_sep,
563 sizeof(proc_wspace_sep), NULL);
564 if (err || neg) {
565 err = -EINVAL;
566 goto out_free;
567 }
568
569 if (conv(&lval, tbl_data, 1, data)) {
570 err = -EINVAL;
571 goto out_free;
572 }
573
574 if (!err && left)
575 proc_skip_spaces(&p, &left);
576
577 out_free:
578 if (err)
579 return -EINVAL;
580
581 return 0;
582
583 /* This is in keeping with old __do_proc_dointvec() */
584 bail_early:
585 *ppos += *lenp;
586 return err;
587 }
588
do_proc_douintvec_r(unsigned int * tbl_data,void * buffer,size_t * lenp,loff_t * ppos,int (* conv)(unsigned long * lvalp,unsigned int * valp,int write,void * data),void * data)589 static int do_proc_douintvec_r(unsigned int *tbl_data, void *buffer,
590 size_t *lenp, loff_t *ppos,
591 int (*conv)(unsigned long *lvalp,
592 unsigned int *valp,
593 int write, void *data),
594 void *data)
595 {
596 unsigned long lval;
597 int err = 0;
598 size_t left;
599
600 left = *lenp;
601
602 if (conv(&lval, tbl_data, 0, data)) {
603 err = -EINVAL;
604 goto out;
605 }
606
607 proc_put_long(&buffer, &left, lval, false);
608 if (!left)
609 goto out;
610
611 proc_put_char(&buffer, &left, '\n');
612
613 out:
614 *lenp -= left;
615 *ppos += *lenp;
616
617 return err;
618 }
619
__do_proc_douintvec(void * tbl_data,const struct ctl_table * table,int write,void * buffer,size_t * lenp,loff_t * ppos,int (* conv)(unsigned long * lvalp,unsigned int * valp,int write,void * data),void * data)620 static int __do_proc_douintvec(void *tbl_data, const struct ctl_table *table,
621 int write, void *buffer,
622 size_t *lenp, loff_t *ppos,
623 int (*conv)(unsigned long *lvalp,
624 unsigned int *valp,
625 int write, void *data),
626 void *data)
627 {
628 unsigned int *i, vleft;
629
630 if (!tbl_data || !table->maxlen || !*lenp || (*ppos && !write)) {
631 *lenp = 0;
632 return 0;
633 }
634
635 i = (unsigned int *) tbl_data;
636 vleft = table->maxlen / sizeof(*i);
637
638 /*
639 * Arrays are not supported, keep this simple. *Do not* add
640 * support for them.
641 */
642 if (vleft != 1) {
643 *lenp = 0;
644 return -EINVAL;
645 }
646
647 if (!conv)
648 conv = do_proc_douintvec_conv;
649
650 if (write)
651 return do_proc_douintvec_w(i, table, buffer, lenp, ppos,
652 conv, data);
653 return do_proc_douintvec_r(i, buffer, lenp, ppos, conv, data);
654 }
655
do_proc_douintvec(const struct ctl_table * table,int write,void * buffer,size_t * lenp,loff_t * ppos,int (* conv)(unsigned long * lvalp,unsigned int * valp,int write,void * data),void * data)656 int do_proc_douintvec(const struct ctl_table *table, int write,
657 void *buffer, size_t *lenp, loff_t *ppos,
658 int (*conv)(unsigned long *lvalp,
659 unsigned int *valp,
660 int write, void *data),
661 void *data)
662 {
663 return __do_proc_douintvec(table->data, table, write,
664 buffer, lenp, ppos, conv, data);
665 }
666
667 /**
668 * proc_dobool - read/write a bool
669 * @table: the sysctl table
670 * @write: %TRUE if this is a write to the sysctl file
671 * @buffer: the user buffer
672 * @lenp: the size of the user buffer
673 * @ppos: file position
674 *
675 * Reads/writes one integer value from/to the user buffer,
676 * treated as an ASCII string.
677 *
678 * table->data must point to a bool variable and table->maxlen must
679 * be sizeof(bool).
680 *
681 * Returns 0 on success.
682 */
proc_dobool(const struct ctl_table * table,int write,void * buffer,size_t * lenp,loff_t * ppos)683 int proc_dobool(const struct ctl_table *table, int write, void *buffer,
684 size_t *lenp, loff_t *ppos)
685 {
686 struct ctl_table tmp;
687 bool *data = table->data;
688 int res, val;
689
690 /* Do not support arrays yet. */
691 if (table->maxlen != sizeof(bool))
692 return -EINVAL;
693
694 tmp = *table;
695 tmp.maxlen = sizeof(val);
696 tmp.data = &val;
697
698 val = READ_ONCE(*data);
699 res = proc_dointvec(&tmp, write, buffer, lenp, ppos);
700 if (res)
701 return res;
702 if (write)
703 WRITE_ONCE(*data, val);
704 return 0;
705 }
706
707 /**
708 * proc_dointvec - read a vector of integers
709 * @table: the sysctl table
710 * @write: %TRUE if this is a write to the sysctl file
711 * @buffer: the user buffer
712 * @lenp: the size of the user buffer
713 * @ppos: file position
714 *
715 * Reads/writes up to table->maxlen/sizeof(unsigned int) integer
716 * values from/to the user buffer, treated as an ASCII string.
717 *
718 * Returns 0 on success.
719 */
proc_dointvec(const struct ctl_table * table,int write,void * buffer,size_t * lenp,loff_t * ppos)720 int proc_dointvec(const struct ctl_table *table, int write, void *buffer,
721 size_t *lenp, loff_t *ppos)
722 {
723 return do_proc_dointvec(table, write, buffer, lenp, ppos, NULL, NULL);
724 }
725
726 /**
727 * proc_douintvec - read a vector of unsigned integers
728 * @table: the sysctl table
729 * @write: %TRUE if this is a write to the sysctl file
730 * @buffer: the user buffer
731 * @lenp: the size of the user buffer
732 * @ppos: file position
733 *
734 * Reads/writes up to table->maxlen/sizeof(unsigned int) unsigned integer
735 * values from/to the user buffer, treated as an ASCII string.
736 *
737 * Returns 0 on success.
738 */
proc_douintvec(const struct ctl_table * table,int write,void * buffer,size_t * lenp,loff_t * ppos)739 int proc_douintvec(const struct ctl_table *table, int write, void *buffer,
740 size_t *lenp, loff_t *ppos)
741 {
742 return do_proc_douintvec(table, write, buffer, lenp, ppos,
743 do_proc_douintvec_conv, NULL);
744 }
745
746 /*
747 * Taint values can only be increased
748 * This means we can safely use a temporary.
749 */
proc_taint(const struct ctl_table * table,int write,void * buffer,size_t * lenp,loff_t * ppos)750 static int proc_taint(const struct ctl_table *table, int write,
751 void *buffer, size_t *lenp, loff_t *ppos)
752 {
753 struct ctl_table t;
754 unsigned long tmptaint = get_taint();
755 int err;
756
757 if (write && !capable(CAP_SYS_ADMIN))
758 return -EPERM;
759
760 t = *table;
761 t.data = &tmptaint;
762 err = proc_doulongvec_minmax(&t, write, buffer, lenp, ppos);
763 if (err < 0)
764 return err;
765
766 if (write) {
767 int i;
768
769 /*
770 * If we are relying on panic_on_taint not producing
771 * false positives due to userspace input, bail out
772 * before setting the requested taint flags.
773 */
774 if (panic_on_taint_nousertaint && (tmptaint & panic_on_taint))
775 return -EINVAL;
776
777 /*
778 * Poor man's atomic or. Not worth adding a primitive
779 * to everyone's atomic.h for this
780 */
781 for (i = 0; i < TAINT_FLAGS_COUNT; i++)
782 if ((1UL << i) & tmptaint)
783 add_taint(i, LOCKDEP_STILL_OK);
784 }
785
786 return err;
787 }
788
789 /**
790 * struct do_proc_dointvec_minmax_conv_param - proc_dointvec_minmax() range checking structure
791 * @min: pointer to minimum allowable value
792 * @max: pointer to maximum allowable value
793 *
794 * The do_proc_dointvec_minmax_conv_param structure provides the
795 * minimum and maximum values for doing range checking for those sysctl
796 * parameters that use the proc_dointvec_minmax() handler.
797 */
798 struct do_proc_dointvec_minmax_conv_param {
799 int *min;
800 int *max;
801 };
802
do_proc_dointvec_minmax_conv(bool * negp,unsigned long * lvalp,int * valp,int write,void * data)803 static int do_proc_dointvec_minmax_conv(bool *negp, unsigned long *lvalp,
804 int *valp,
805 int write, void *data)
806 {
807 int tmp, ret;
808 struct do_proc_dointvec_minmax_conv_param *param = data;
809 /*
810 * If writing, first do so via a temporary local int so we can
811 * bounds-check it before touching *valp.
812 */
813 int *ip = write ? &tmp : valp;
814
815 ret = do_proc_dointvec_conv(negp, lvalp, ip, write, data);
816 if (ret)
817 return ret;
818
819 if (write) {
820 if ((param->min && *param->min > tmp) ||
821 (param->max && *param->max < tmp))
822 return -EINVAL;
823 WRITE_ONCE(*valp, tmp);
824 }
825
826 return 0;
827 }
828
829 /**
830 * proc_dointvec_minmax - read a vector of integers with min/max values
831 * @table: the sysctl table
832 * @write: %TRUE if this is a write to the sysctl file
833 * @buffer: the user buffer
834 * @lenp: the size of the user buffer
835 * @ppos: file position
836 *
837 * Reads/writes up to table->maxlen/sizeof(unsigned int) integer
838 * values from/to the user buffer, treated as an ASCII string.
839 *
840 * This routine will ensure the values are within the range specified by
841 * table->extra1 (min) and table->extra2 (max).
842 *
843 * Returns 0 on success or -EINVAL on write when the range check fails.
844 */
proc_dointvec_minmax(const struct ctl_table * table,int write,void * buffer,size_t * lenp,loff_t * ppos)845 int proc_dointvec_minmax(const struct ctl_table *table, int write,
846 void *buffer, size_t *lenp, loff_t *ppos)
847 {
848 struct do_proc_dointvec_minmax_conv_param param = {
849 .min = (int *) table->extra1,
850 .max = (int *) table->extra2,
851 };
852 return do_proc_dointvec(table, write, buffer, lenp, ppos,
853 do_proc_dointvec_minmax_conv, ¶m);
854 }
855
856 /**
857 * struct do_proc_douintvec_minmax_conv_param - proc_douintvec_minmax() range checking structure
858 * @min: pointer to minimum allowable value
859 * @max: pointer to maximum allowable value
860 *
861 * The do_proc_douintvec_minmax_conv_param structure provides the
862 * minimum and maximum values for doing range checking for those sysctl
863 * parameters that use the proc_douintvec_minmax() handler.
864 */
865 struct do_proc_douintvec_minmax_conv_param {
866 unsigned int *min;
867 unsigned int *max;
868 };
869
do_proc_douintvec_minmax_conv(unsigned long * lvalp,unsigned int * valp,int write,void * data)870 static int do_proc_douintvec_minmax_conv(unsigned long *lvalp,
871 unsigned int *valp,
872 int write, void *data)
873 {
874 int ret;
875 unsigned int tmp;
876 struct do_proc_douintvec_minmax_conv_param *param = data;
877 /* write via temporary local uint for bounds-checking */
878 unsigned int *up = write ? &tmp : valp;
879
880 ret = do_proc_douintvec_conv(lvalp, up, write, data);
881 if (ret)
882 return ret;
883
884 if (write) {
885 if ((param->min && *param->min > tmp) ||
886 (param->max && *param->max < tmp))
887 return -ERANGE;
888
889 WRITE_ONCE(*valp, tmp);
890 }
891
892 return 0;
893 }
894
895 /**
896 * proc_douintvec_minmax - read a vector of unsigned ints with min/max values
897 * @table: the sysctl table
898 * @write: %TRUE if this is a write to the sysctl file
899 * @buffer: the user buffer
900 * @lenp: the size of the user buffer
901 * @ppos: file position
902 *
903 * Reads/writes up to table->maxlen/sizeof(unsigned int) unsigned integer
904 * values from/to the user buffer, treated as an ASCII string. Negative
905 * strings are not allowed.
906 *
907 * This routine will ensure the values are within the range specified by
908 * table->extra1 (min) and table->extra2 (max). There is a final sanity
909 * check for UINT_MAX to avoid having to support wrap around uses from
910 * userspace.
911 *
912 * Returns 0 on success or -ERANGE on write when the range check fails.
913 */
proc_douintvec_minmax(const struct ctl_table * table,int write,void * buffer,size_t * lenp,loff_t * ppos)914 int proc_douintvec_minmax(const struct ctl_table *table, int write,
915 void *buffer, size_t *lenp, loff_t *ppos)
916 {
917 struct do_proc_douintvec_minmax_conv_param param = {
918 .min = (unsigned int *) table->extra1,
919 .max = (unsigned int *) table->extra2,
920 };
921 return do_proc_douintvec(table, write, buffer, lenp, ppos,
922 do_proc_douintvec_minmax_conv, ¶m);
923 }
924
925 /**
926 * proc_dou8vec_minmax - read a vector of unsigned chars with min/max values
927 * @table: the sysctl table
928 * @write: %TRUE if this is a write to the sysctl file
929 * @buffer: the user buffer
930 * @lenp: the size of the user buffer
931 * @ppos: file position
932 *
933 * Reads/writes up to table->maxlen/sizeof(u8) unsigned chars
934 * values from/to the user buffer, treated as an ASCII string. Negative
935 * strings are not allowed.
936 *
937 * This routine will ensure the values are within the range specified by
938 * table->extra1 (min) and table->extra2 (max).
939 *
940 * Returns 0 on success or an error on write when the range check fails.
941 */
proc_dou8vec_minmax(const struct ctl_table * table,int write,void * buffer,size_t * lenp,loff_t * ppos)942 int proc_dou8vec_minmax(const struct ctl_table *table, int write,
943 void *buffer, size_t *lenp, loff_t *ppos)
944 {
945 struct ctl_table tmp;
946 unsigned int min = 0, max = 255U, val;
947 u8 *data = table->data;
948 struct do_proc_douintvec_minmax_conv_param param = {
949 .min = &min,
950 .max = &max,
951 };
952 int res;
953
954 /* Do not support arrays yet. */
955 if (table->maxlen != sizeof(u8))
956 return -EINVAL;
957
958 if (table->extra1)
959 min = *(unsigned int *) table->extra1;
960 if (table->extra2)
961 max = *(unsigned int *) table->extra2;
962
963 tmp = *table;
964
965 tmp.maxlen = sizeof(val);
966 tmp.data = &val;
967 val = READ_ONCE(*data);
968 res = do_proc_douintvec(&tmp, write, buffer, lenp, ppos,
969 do_proc_douintvec_minmax_conv, ¶m);
970 if (res)
971 return res;
972 if (write)
973 WRITE_ONCE(*data, val);
974 return 0;
975 }
976 EXPORT_SYMBOL_GPL(proc_dou8vec_minmax);
977
978 #ifdef CONFIG_MAGIC_SYSRQ
sysrq_sysctl_handler(const struct ctl_table * table,int write,void * buffer,size_t * lenp,loff_t * ppos)979 static int sysrq_sysctl_handler(const struct ctl_table *table, int write,
980 void *buffer, size_t *lenp, loff_t *ppos)
981 {
982 int tmp, ret;
983
984 tmp = sysrq_mask();
985
986 ret = __do_proc_dointvec(&tmp, table, write, buffer,
987 lenp, ppos, NULL, NULL);
988 if (ret || !write)
989 return ret;
990
991 if (write)
992 sysrq_toggle_support(tmp);
993
994 return 0;
995 }
996 #endif
997
__do_proc_doulongvec_minmax(void * data,const struct ctl_table * table,int write,void * buffer,size_t * lenp,loff_t * ppos,unsigned long convmul,unsigned long convdiv)998 static int __do_proc_doulongvec_minmax(void *data,
999 const struct ctl_table *table, int write,
1000 void *buffer, size_t *lenp, loff_t *ppos,
1001 unsigned long convmul, unsigned long convdiv)
1002 {
1003 unsigned long *i, *min, *max;
1004 int vleft, first = 1, err = 0;
1005 size_t left;
1006 char *p;
1007
1008 if (!data || !table->maxlen || !*lenp || (*ppos && !write)) {
1009 *lenp = 0;
1010 return 0;
1011 }
1012
1013 i = data;
1014 min = table->extra1;
1015 max = table->extra2;
1016 vleft = table->maxlen / sizeof(unsigned long);
1017 left = *lenp;
1018
1019 if (write) {
1020 if (proc_first_pos_non_zero_ignore(ppos, table))
1021 goto out;
1022
1023 if (left > PAGE_SIZE - 1)
1024 left = PAGE_SIZE - 1;
1025 p = buffer;
1026 }
1027
1028 for (; left && vleft--; i++, first = 0) {
1029 unsigned long val;
1030
1031 if (write) {
1032 bool neg;
1033
1034 proc_skip_spaces(&p, &left);
1035 if (!left)
1036 break;
1037
1038 err = proc_get_long(&p, &left, &val, &neg,
1039 proc_wspace_sep,
1040 sizeof(proc_wspace_sep), NULL);
1041 if (err || neg) {
1042 err = -EINVAL;
1043 break;
1044 }
1045
1046 val = convmul * val / convdiv;
1047 if ((min && val < *min) || (max && val > *max)) {
1048 err = -EINVAL;
1049 break;
1050 }
1051 WRITE_ONCE(*i, val);
1052 } else {
1053 val = convdiv * READ_ONCE(*i) / convmul;
1054 if (!first)
1055 proc_put_char(&buffer, &left, '\t');
1056 proc_put_long(&buffer, &left, val, false);
1057 }
1058 }
1059
1060 if (!write && !first && left && !err)
1061 proc_put_char(&buffer, &left, '\n');
1062 if (write && !err)
1063 proc_skip_spaces(&p, &left);
1064 if (write && first)
1065 return err ? : -EINVAL;
1066 *lenp -= left;
1067 out:
1068 *ppos += *lenp;
1069 return err;
1070 }
1071
do_proc_doulongvec_minmax(const struct ctl_table * table,int write,void * buffer,size_t * lenp,loff_t * ppos,unsigned long convmul,unsigned long convdiv)1072 static int do_proc_doulongvec_minmax(const struct ctl_table *table, int write,
1073 void *buffer, size_t *lenp, loff_t *ppos, unsigned long convmul,
1074 unsigned long convdiv)
1075 {
1076 return __do_proc_doulongvec_minmax(table->data, table, write,
1077 buffer, lenp, ppos, convmul, convdiv);
1078 }
1079
1080 /**
1081 * proc_doulongvec_minmax - read a vector of long integers with min/max values
1082 * @table: the sysctl table
1083 * @write: %TRUE if this is a write to the sysctl file
1084 * @buffer: the user buffer
1085 * @lenp: the size of the user buffer
1086 * @ppos: file position
1087 *
1088 * Reads/writes up to table->maxlen/sizeof(unsigned long) unsigned long
1089 * values from/to the user buffer, treated as an ASCII string.
1090 *
1091 * This routine will ensure the values are within the range specified by
1092 * table->extra1 (min) and table->extra2 (max).
1093 *
1094 * Returns 0 on success.
1095 */
proc_doulongvec_minmax(const struct ctl_table * table,int write,void * buffer,size_t * lenp,loff_t * ppos)1096 int proc_doulongvec_minmax(const struct ctl_table *table, int write,
1097 void *buffer, size_t *lenp, loff_t *ppos)
1098 {
1099 return do_proc_doulongvec_minmax(table, write, buffer, lenp, ppos, 1l, 1l);
1100 }
1101
1102 /**
1103 * proc_doulongvec_ms_jiffies_minmax - read a vector of millisecond values with min/max values
1104 * @table: the sysctl table
1105 * @write: %TRUE if this is a write to the sysctl file
1106 * @buffer: the user buffer
1107 * @lenp: the size of the user buffer
1108 * @ppos: file position
1109 *
1110 * Reads/writes up to table->maxlen/sizeof(unsigned long) unsigned long
1111 * values from/to the user buffer, treated as an ASCII string. The values
1112 * are treated as milliseconds, and converted to jiffies when they are stored.
1113 *
1114 * This routine will ensure the values are within the range specified by
1115 * table->extra1 (min) and table->extra2 (max).
1116 *
1117 * Returns 0 on success.
1118 */
proc_doulongvec_ms_jiffies_minmax(const struct ctl_table * table,int write,void * buffer,size_t * lenp,loff_t * ppos)1119 int proc_doulongvec_ms_jiffies_minmax(const struct ctl_table *table, int write,
1120 void *buffer, size_t *lenp, loff_t *ppos)
1121 {
1122 return do_proc_doulongvec_minmax(table, write, buffer,
1123 lenp, ppos, HZ, 1000l);
1124 }
1125
1126
do_proc_dointvec_jiffies_conv(bool * negp,unsigned long * lvalp,int * valp,int write,void * data)1127 static int do_proc_dointvec_jiffies_conv(bool *negp, unsigned long *lvalp,
1128 int *valp,
1129 int write, void *data)
1130 {
1131 if (write) {
1132 if (*lvalp > INT_MAX / HZ)
1133 return 1;
1134 if (*negp)
1135 WRITE_ONCE(*valp, -*lvalp * HZ);
1136 else
1137 WRITE_ONCE(*valp, *lvalp * HZ);
1138 } else {
1139 int val = READ_ONCE(*valp);
1140 unsigned long lval;
1141 if (val < 0) {
1142 *negp = true;
1143 lval = -(unsigned long)val;
1144 } else {
1145 *negp = false;
1146 lval = (unsigned long)val;
1147 }
1148 *lvalp = lval / HZ;
1149 }
1150 return 0;
1151 }
1152
do_proc_dointvec_userhz_jiffies_conv(bool * negp,unsigned long * lvalp,int * valp,int write,void * data)1153 static int do_proc_dointvec_userhz_jiffies_conv(bool *negp, unsigned long *lvalp,
1154 int *valp,
1155 int write, void *data)
1156 {
1157 if (write) {
1158 if (USER_HZ < HZ && *lvalp > (LONG_MAX / HZ) * USER_HZ)
1159 return 1;
1160 *valp = clock_t_to_jiffies(*negp ? -*lvalp : *lvalp);
1161 } else {
1162 int val = *valp;
1163 unsigned long lval;
1164 if (val < 0) {
1165 *negp = true;
1166 lval = -(unsigned long)val;
1167 } else {
1168 *negp = false;
1169 lval = (unsigned long)val;
1170 }
1171 *lvalp = jiffies_to_clock_t(lval);
1172 }
1173 return 0;
1174 }
1175
do_proc_dointvec_ms_jiffies_conv(bool * negp,unsigned long * lvalp,int * valp,int write,void * data)1176 static int do_proc_dointvec_ms_jiffies_conv(bool *negp, unsigned long *lvalp,
1177 int *valp,
1178 int write, void *data)
1179 {
1180 if (write) {
1181 unsigned long jif = msecs_to_jiffies(*negp ? -*lvalp : *lvalp);
1182
1183 if (jif > INT_MAX)
1184 return 1;
1185 WRITE_ONCE(*valp, (int)jif);
1186 } else {
1187 int val = READ_ONCE(*valp);
1188 unsigned long lval;
1189 if (val < 0) {
1190 *negp = true;
1191 lval = -(unsigned long)val;
1192 } else {
1193 *negp = false;
1194 lval = (unsigned long)val;
1195 }
1196 *lvalp = jiffies_to_msecs(lval);
1197 }
1198 return 0;
1199 }
1200
do_proc_dointvec_ms_jiffies_minmax_conv(bool * negp,unsigned long * lvalp,int * valp,int write,void * data)1201 static int do_proc_dointvec_ms_jiffies_minmax_conv(bool *negp, unsigned long *lvalp,
1202 int *valp, int write, void *data)
1203 {
1204 int tmp, ret;
1205 struct do_proc_dointvec_minmax_conv_param *param = data;
1206 /*
1207 * If writing, first do so via a temporary local int so we can
1208 * bounds-check it before touching *valp.
1209 */
1210 int *ip = write ? &tmp : valp;
1211
1212 ret = do_proc_dointvec_ms_jiffies_conv(negp, lvalp, ip, write, data);
1213 if (ret)
1214 return ret;
1215
1216 if (write) {
1217 if ((param->min && *param->min > tmp) ||
1218 (param->max && *param->max < tmp))
1219 return -EINVAL;
1220 *valp = tmp;
1221 }
1222 return 0;
1223 }
1224
1225 /**
1226 * proc_dointvec_jiffies - read a vector of integers as seconds
1227 * @table: the sysctl table
1228 * @write: %TRUE if this is a write to the sysctl file
1229 * @buffer: the user buffer
1230 * @lenp: the size of the user buffer
1231 * @ppos: file position
1232 *
1233 * Reads/writes up to table->maxlen/sizeof(unsigned int) integer
1234 * values from/to the user buffer, treated as an ASCII string.
1235 * The values read are assumed to be in seconds, and are converted into
1236 * jiffies.
1237 *
1238 * Returns 0 on success.
1239 */
proc_dointvec_jiffies(const struct ctl_table * table,int write,void * buffer,size_t * lenp,loff_t * ppos)1240 int proc_dointvec_jiffies(const struct ctl_table *table, int write,
1241 void *buffer, size_t *lenp, loff_t *ppos)
1242 {
1243 return do_proc_dointvec(table,write,buffer,lenp,ppos,
1244 do_proc_dointvec_jiffies_conv,NULL);
1245 }
1246
proc_dointvec_ms_jiffies_minmax(const struct ctl_table * table,int write,void * buffer,size_t * lenp,loff_t * ppos)1247 int proc_dointvec_ms_jiffies_minmax(const struct ctl_table *table, int write,
1248 void *buffer, size_t *lenp, loff_t *ppos)
1249 {
1250 struct do_proc_dointvec_minmax_conv_param param = {
1251 .min = (int *) table->extra1,
1252 .max = (int *) table->extra2,
1253 };
1254 return do_proc_dointvec(table, write, buffer, lenp, ppos,
1255 do_proc_dointvec_ms_jiffies_minmax_conv, ¶m);
1256 }
1257
1258 /**
1259 * proc_dointvec_userhz_jiffies - read a vector of integers as 1/USER_HZ seconds
1260 * @table: the sysctl table
1261 * @write: %TRUE if this is a write to the sysctl file
1262 * @buffer: the user buffer
1263 * @lenp: the size of the user buffer
1264 * @ppos: pointer to the file position
1265 *
1266 * Reads/writes up to table->maxlen/sizeof(unsigned int) integer
1267 * values from/to the user buffer, treated as an ASCII string.
1268 * The values read are assumed to be in 1/USER_HZ seconds, and
1269 * are converted into jiffies.
1270 *
1271 * Returns 0 on success.
1272 */
proc_dointvec_userhz_jiffies(const struct ctl_table * table,int write,void * buffer,size_t * lenp,loff_t * ppos)1273 int proc_dointvec_userhz_jiffies(const struct ctl_table *table, int write,
1274 void *buffer, size_t *lenp, loff_t *ppos)
1275 {
1276 return do_proc_dointvec(table, write, buffer, lenp, ppos,
1277 do_proc_dointvec_userhz_jiffies_conv, NULL);
1278 }
1279
1280 /**
1281 * proc_dointvec_ms_jiffies - read a vector of integers as 1 milliseconds
1282 * @table: the sysctl table
1283 * @write: %TRUE if this is a write to the sysctl file
1284 * @buffer: the user buffer
1285 * @lenp: the size of the user buffer
1286 * @ppos: the current position in the file
1287 *
1288 * Reads/writes up to table->maxlen/sizeof(unsigned int) integer
1289 * values from/to the user buffer, treated as an ASCII string.
1290 * The values read are assumed to be in 1/1000 seconds, and
1291 * are converted into jiffies.
1292 *
1293 * Returns 0 on success.
1294 */
proc_dointvec_ms_jiffies(const struct ctl_table * table,int write,void * buffer,size_t * lenp,loff_t * ppos)1295 int proc_dointvec_ms_jiffies(const struct ctl_table *table, int write, void *buffer,
1296 size_t *lenp, loff_t *ppos)
1297 {
1298 return do_proc_dointvec(table, write, buffer, lenp, ppos,
1299 do_proc_dointvec_ms_jiffies_conv, NULL);
1300 }
1301
proc_do_cad_pid(const struct ctl_table * table,int write,void * buffer,size_t * lenp,loff_t * ppos)1302 static int proc_do_cad_pid(const struct ctl_table *table, int write, void *buffer,
1303 size_t *lenp, loff_t *ppos)
1304 {
1305 struct pid *new_pid;
1306 pid_t tmp;
1307 int r;
1308
1309 tmp = pid_vnr(cad_pid);
1310
1311 r = __do_proc_dointvec(&tmp, table, write, buffer,
1312 lenp, ppos, NULL, NULL);
1313 if (r || !write)
1314 return r;
1315
1316 new_pid = find_get_pid(tmp);
1317 if (!new_pid)
1318 return -ESRCH;
1319
1320 put_pid(xchg(&cad_pid, new_pid));
1321 return 0;
1322 }
1323
1324 /**
1325 * proc_do_large_bitmap - read/write from/to a large bitmap
1326 * @table: the sysctl table
1327 * @write: %TRUE if this is a write to the sysctl file
1328 * @buffer: the user buffer
1329 * @lenp: the size of the user buffer
1330 * @ppos: file position
1331 *
1332 * The bitmap is stored at table->data and the bitmap length (in bits)
1333 * in table->maxlen.
1334 *
1335 * We use a range comma separated format (e.g. 1,3-4,10-10) so that
1336 * large bitmaps may be represented in a compact manner. Writing into
1337 * the file will clear the bitmap then update it with the given input.
1338 *
1339 * Returns 0 on success.
1340 */
proc_do_large_bitmap(const struct ctl_table * table,int write,void * buffer,size_t * lenp,loff_t * ppos)1341 int proc_do_large_bitmap(const struct ctl_table *table, int write,
1342 void *buffer, size_t *lenp, loff_t *ppos)
1343 {
1344 int err = 0;
1345 size_t left = *lenp;
1346 unsigned long bitmap_len = table->maxlen;
1347 unsigned long *bitmap = *(unsigned long **) table->data;
1348 unsigned long *tmp_bitmap = NULL;
1349 char tr_a[] = { '-', ',', '\n' }, tr_b[] = { ',', '\n', 0 }, c;
1350
1351 if (!bitmap || !bitmap_len || !left || (*ppos && !write)) {
1352 *lenp = 0;
1353 return 0;
1354 }
1355
1356 if (write) {
1357 char *p = buffer;
1358 size_t skipped = 0;
1359
1360 if (left > PAGE_SIZE - 1) {
1361 left = PAGE_SIZE - 1;
1362 /* How much of the buffer we'll skip this pass */
1363 skipped = *lenp - left;
1364 }
1365
1366 tmp_bitmap = bitmap_zalloc(bitmap_len, GFP_KERNEL);
1367 if (!tmp_bitmap)
1368 return -ENOMEM;
1369 proc_skip_char(&p, &left, '\n');
1370 while (!err && left) {
1371 unsigned long val_a, val_b;
1372 bool neg;
1373 size_t saved_left;
1374
1375 /* In case we stop parsing mid-number, we can reset */
1376 saved_left = left;
1377 err = proc_get_long(&p, &left, &val_a, &neg, tr_a,
1378 sizeof(tr_a), &c);
1379 /*
1380 * If we consumed the entirety of a truncated buffer or
1381 * only one char is left (may be a "-"), then stop here,
1382 * reset, & come back for more.
1383 */
1384 if ((left <= 1) && skipped) {
1385 left = saved_left;
1386 break;
1387 }
1388
1389 if (err)
1390 break;
1391 if (val_a >= bitmap_len || neg) {
1392 err = -EINVAL;
1393 break;
1394 }
1395
1396 val_b = val_a;
1397 if (left) {
1398 p++;
1399 left--;
1400 }
1401
1402 if (c == '-') {
1403 err = proc_get_long(&p, &left, &val_b,
1404 &neg, tr_b, sizeof(tr_b),
1405 &c);
1406 /*
1407 * If we consumed all of a truncated buffer or
1408 * then stop here, reset, & come back for more.
1409 */
1410 if (!left && skipped) {
1411 left = saved_left;
1412 break;
1413 }
1414
1415 if (err)
1416 break;
1417 if (val_b >= bitmap_len || neg ||
1418 val_a > val_b) {
1419 err = -EINVAL;
1420 break;
1421 }
1422 if (left) {
1423 p++;
1424 left--;
1425 }
1426 }
1427
1428 bitmap_set(tmp_bitmap, val_a, val_b - val_a + 1);
1429 proc_skip_char(&p, &left, '\n');
1430 }
1431 left += skipped;
1432 } else {
1433 unsigned long bit_a, bit_b = 0;
1434 bool first = 1;
1435
1436 while (left) {
1437 bit_a = find_next_bit(bitmap, bitmap_len, bit_b);
1438 if (bit_a >= bitmap_len)
1439 break;
1440 bit_b = find_next_zero_bit(bitmap, bitmap_len,
1441 bit_a + 1) - 1;
1442
1443 if (!first)
1444 proc_put_char(&buffer, &left, ',');
1445 proc_put_long(&buffer, &left, bit_a, false);
1446 if (bit_a != bit_b) {
1447 proc_put_char(&buffer, &left, '-');
1448 proc_put_long(&buffer, &left, bit_b, false);
1449 }
1450
1451 first = 0; bit_b++;
1452 }
1453 proc_put_char(&buffer, &left, '\n');
1454 }
1455
1456 if (!err) {
1457 if (write) {
1458 if (*ppos)
1459 bitmap_or(bitmap, bitmap, tmp_bitmap, bitmap_len);
1460 else
1461 bitmap_copy(bitmap, tmp_bitmap, bitmap_len);
1462 }
1463 *lenp -= left;
1464 *ppos += *lenp;
1465 }
1466
1467 bitmap_free(tmp_bitmap);
1468 return err;
1469 }
1470
1471 #else /* CONFIG_PROC_SYSCTL */
1472
proc_dostring(const struct ctl_table * table,int write,void * buffer,size_t * lenp,loff_t * ppos)1473 int proc_dostring(const struct ctl_table *table, int write,
1474 void *buffer, size_t *lenp, loff_t *ppos)
1475 {
1476 return -ENOSYS;
1477 }
1478
proc_dobool(const struct ctl_table * table,int write,void * buffer,size_t * lenp,loff_t * ppos)1479 int proc_dobool(const struct ctl_table *table, int write,
1480 void *buffer, size_t *lenp, loff_t *ppos)
1481 {
1482 return -ENOSYS;
1483 }
1484
proc_dointvec(const struct ctl_table * table,int write,void * buffer,size_t * lenp,loff_t * ppos)1485 int proc_dointvec(const struct ctl_table *table, int write,
1486 void *buffer, size_t *lenp, loff_t *ppos)
1487 {
1488 return -ENOSYS;
1489 }
1490
proc_douintvec(const struct ctl_table * table,int write,void * buffer,size_t * lenp,loff_t * ppos)1491 int proc_douintvec(const struct ctl_table *table, int write,
1492 void *buffer, size_t *lenp, loff_t *ppos)
1493 {
1494 return -ENOSYS;
1495 }
1496
proc_dointvec_minmax(const struct ctl_table * table,int write,void * buffer,size_t * lenp,loff_t * ppos)1497 int proc_dointvec_minmax(const struct ctl_table *table, int write,
1498 void *buffer, size_t *lenp, loff_t *ppos)
1499 {
1500 return -ENOSYS;
1501 }
1502
proc_douintvec_minmax(const struct ctl_table * table,int write,void * buffer,size_t * lenp,loff_t * ppos)1503 int proc_douintvec_minmax(const struct ctl_table *table, int write,
1504 void *buffer, size_t *lenp, loff_t *ppos)
1505 {
1506 return -ENOSYS;
1507 }
1508
proc_dou8vec_minmax(const struct ctl_table * table,int write,void * buffer,size_t * lenp,loff_t * ppos)1509 int proc_dou8vec_minmax(const struct ctl_table *table, int write,
1510 void *buffer, size_t *lenp, loff_t *ppos)
1511 {
1512 return -ENOSYS;
1513 }
1514
proc_dointvec_jiffies(const struct ctl_table * table,int write,void * buffer,size_t * lenp,loff_t * ppos)1515 int proc_dointvec_jiffies(const struct ctl_table *table, int write,
1516 void *buffer, size_t *lenp, loff_t *ppos)
1517 {
1518 return -ENOSYS;
1519 }
1520
proc_dointvec_ms_jiffies_minmax(const struct ctl_table * table,int write,void * buffer,size_t * lenp,loff_t * ppos)1521 int proc_dointvec_ms_jiffies_minmax(const struct ctl_table *table, int write,
1522 void *buffer, size_t *lenp, loff_t *ppos)
1523 {
1524 return -ENOSYS;
1525 }
1526
proc_dointvec_userhz_jiffies(const struct ctl_table * table,int write,void * buffer,size_t * lenp,loff_t * ppos)1527 int proc_dointvec_userhz_jiffies(const struct ctl_table *table, int write,
1528 void *buffer, size_t *lenp, loff_t *ppos)
1529 {
1530 return -ENOSYS;
1531 }
1532
proc_dointvec_ms_jiffies(const struct ctl_table * table,int write,void * buffer,size_t * lenp,loff_t * ppos)1533 int proc_dointvec_ms_jiffies(const struct ctl_table *table, int write,
1534 void *buffer, size_t *lenp, loff_t *ppos)
1535 {
1536 return -ENOSYS;
1537 }
1538
proc_doulongvec_minmax(const struct ctl_table * table,int write,void * buffer,size_t * lenp,loff_t * ppos)1539 int proc_doulongvec_minmax(const struct ctl_table *table, int write,
1540 void *buffer, size_t *lenp, loff_t *ppos)
1541 {
1542 return -ENOSYS;
1543 }
1544
proc_doulongvec_ms_jiffies_minmax(const struct ctl_table * table,int write,void * buffer,size_t * lenp,loff_t * ppos)1545 int proc_doulongvec_ms_jiffies_minmax(const struct ctl_table *table, int write,
1546 void *buffer, size_t *lenp, loff_t *ppos)
1547 {
1548 return -ENOSYS;
1549 }
1550
proc_do_large_bitmap(const struct ctl_table * table,int write,void * buffer,size_t * lenp,loff_t * ppos)1551 int proc_do_large_bitmap(const struct ctl_table *table, int write,
1552 void *buffer, size_t *lenp, loff_t *ppos)
1553 {
1554 return -ENOSYS;
1555 }
1556
1557 #endif /* CONFIG_PROC_SYSCTL */
1558
1559 #if defined(CONFIG_SYSCTL)
proc_do_static_key(const struct ctl_table * table,int write,void * buffer,size_t * lenp,loff_t * ppos)1560 int proc_do_static_key(const struct ctl_table *table, int write,
1561 void *buffer, size_t *lenp, loff_t *ppos)
1562 {
1563 struct static_key *key = (struct static_key *)table->data;
1564 static DEFINE_MUTEX(static_key_mutex);
1565 int val, ret;
1566 struct ctl_table tmp = {
1567 .data = &val,
1568 .maxlen = sizeof(val),
1569 .mode = table->mode,
1570 .extra1 = SYSCTL_ZERO,
1571 .extra2 = SYSCTL_ONE,
1572 };
1573
1574 if (write && !capable(CAP_SYS_ADMIN))
1575 return -EPERM;
1576
1577 mutex_lock(&static_key_mutex);
1578 val = static_key_enabled(key);
1579 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
1580 if (write && !ret) {
1581 if (val)
1582 static_key_enable(key);
1583 else
1584 static_key_disable(key);
1585 }
1586 mutex_unlock(&static_key_mutex);
1587 return ret;
1588 }
1589
1590 static const struct ctl_table kern_table[] = {
1591 {
1592 .procname = "panic",
1593 .data = &panic_timeout,
1594 .maxlen = sizeof(int),
1595 .mode = 0644,
1596 .proc_handler = proc_dointvec,
1597 },
1598 #ifdef CONFIG_PROC_SYSCTL
1599 {
1600 .procname = "tainted",
1601 .maxlen = sizeof(long),
1602 .mode = 0644,
1603 .proc_handler = proc_taint,
1604 },
1605 {
1606 .procname = "sysctl_writes_strict",
1607 .data = &sysctl_writes_strict,
1608 .maxlen = sizeof(int),
1609 .mode = 0644,
1610 .proc_handler = proc_dointvec_minmax,
1611 .extra1 = SYSCTL_NEG_ONE,
1612 .extra2 = SYSCTL_ONE,
1613 },
1614 #endif
1615 {
1616 .procname = "print-fatal-signals",
1617 .data = &print_fatal_signals,
1618 .maxlen = sizeof(int),
1619 .mode = 0644,
1620 .proc_handler = proc_dointvec,
1621 },
1622 #ifdef CONFIG_SPARC
1623 {
1624 .procname = "reboot-cmd",
1625 .data = reboot_command,
1626 .maxlen = 256,
1627 .mode = 0644,
1628 .proc_handler = proc_dostring,
1629 },
1630 {
1631 .procname = "stop-a",
1632 .data = &stop_a_enabled,
1633 .maxlen = sizeof (int),
1634 .mode = 0644,
1635 .proc_handler = proc_dointvec,
1636 },
1637 {
1638 .procname = "scons-poweroff",
1639 .data = &scons_pwroff,
1640 .maxlen = sizeof (int),
1641 .mode = 0644,
1642 .proc_handler = proc_dointvec,
1643 },
1644 #endif
1645 #ifdef CONFIG_SPARC64
1646 {
1647 .procname = "tsb-ratio",
1648 .data = &sysctl_tsb_ratio,
1649 .maxlen = sizeof (int),
1650 .mode = 0644,
1651 .proc_handler = proc_dointvec,
1652 },
1653 #endif
1654 #ifdef CONFIG_PARISC
1655 {
1656 .procname = "soft-power",
1657 .data = &pwrsw_enabled,
1658 .maxlen = sizeof (int),
1659 .mode = 0644,
1660 .proc_handler = proc_dointvec,
1661 },
1662 #endif
1663 #ifdef CONFIG_SYSCTL_ARCH_UNALIGN_ALLOW
1664 {
1665 .procname = "unaligned-trap",
1666 .data = &unaligned_enabled,
1667 .maxlen = sizeof (int),
1668 .mode = 0644,
1669 .proc_handler = proc_dointvec,
1670 },
1671 #endif
1672 #ifdef CONFIG_STACK_TRACER
1673 {
1674 .procname = "stack_tracer_enabled",
1675 .data = &stack_tracer_enabled,
1676 .maxlen = sizeof(int),
1677 .mode = 0644,
1678 .proc_handler = stack_trace_sysctl,
1679 },
1680 #endif
1681 #ifdef CONFIG_TRACING
1682 {
1683 .procname = "ftrace_dump_on_oops",
1684 .data = &ftrace_dump_on_oops,
1685 .maxlen = MAX_TRACER_SIZE,
1686 .mode = 0644,
1687 .proc_handler = proc_dostring,
1688 },
1689 {
1690 .procname = "traceoff_on_warning",
1691 .data = &__disable_trace_on_warning,
1692 .maxlen = sizeof(__disable_trace_on_warning),
1693 .mode = 0644,
1694 .proc_handler = proc_dointvec,
1695 },
1696 {
1697 .procname = "tracepoint_printk",
1698 .data = &tracepoint_printk,
1699 .maxlen = sizeof(tracepoint_printk),
1700 .mode = 0644,
1701 .proc_handler = tracepoint_printk_sysctl,
1702 },
1703 #endif
1704 #ifdef CONFIG_MODULES
1705 {
1706 .procname = "modprobe",
1707 .data = &modprobe_path,
1708 .maxlen = KMOD_PATH_LEN,
1709 .mode = 0644,
1710 .proc_handler = proc_dostring,
1711 },
1712 {
1713 .procname = "modules_disabled",
1714 .data = &modules_disabled,
1715 .maxlen = sizeof(int),
1716 .mode = 0644,
1717 /* only handle a transition from default "0" to "1" */
1718 .proc_handler = proc_dointvec_minmax,
1719 .extra1 = SYSCTL_ONE,
1720 .extra2 = SYSCTL_ONE,
1721 },
1722 #endif
1723 #ifdef CONFIG_UEVENT_HELPER
1724 {
1725 .procname = "hotplug",
1726 .data = &uevent_helper,
1727 .maxlen = UEVENT_HELPER_PATH_LEN,
1728 .mode = 0644,
1729 .proc_handler = proc_dostring,
1730 },
1731 #endif
1732 #ifdef CONFIG_MAGIC_SYSRQ
1733 {
1734 .procname = "sysrq",
1735 .data = NULL,
1736 .maxlen = sizeof (int),
1737 .mode = 0644,
1738 .proc_handler = sysrq_sysctl_handler,
1739 },
1740 #endif
1741 #ifdef CONFIG_PROC_SYSCTL
1742 {
1743 .procname = "cad_pid",
1744 .data = NULL,
1745 .maxlen = sizeof (int),
1746 .mode = 0600,
1747 .proc_handler = proc_do_cad_pid,
1748 },
1749 #endif
1750 {
1751 .procname = "threads-max",
1752 .data = NULL,
1753 .maxlen = sizeof(int),
1754 .mode = 0644,
1755 .proc_handler = sysctl_max_threads,
1756 },
1757 {
1758 .procname = "overflowuid",
1759 .data = &overflowuid,
1760 .maxlen = sizeof(int),
1761 .mode = 0644,
1762 .proc_handler = proc_dointvec_minmax,
1763 .extra1 = SYSCTL_ZERO,
1764 .extra2 = SYSCTL_MAXOLDUID,
1765 },
1766 {
1767 .procname = "overflowgid",
1768 .data = &overflowgid,
1769 .maxlen = sizeof(int),
1770 .mode = 0644,
1771 .proc_handler = proc_dointvec_minmax,
1772 .extra1 = SYSCTL_ZERO,
1773 .extra2 = SYSCTL_MAXOLDUID,
1774 },
1775 #ifdef CONFIG_S390
1776 {
1777 .procname = "userprocess_debug",
1778 .data = &show_unhandled_signals,
1779 .maxlen = sizeof(int),
1780 .mode = 0644,
1781 .proc_handler = proc_dointvec,
1782 },
1783 #endif
1784 {
1785 .procname = "panic_on_oops",
1786 .data = &panic_on_oops,
1787 .maxlen = sizeof(int),
1788 .mode = 0644,
1789 .proc_handler = proc_dointvec,
1790 },
1791 {
1792 .procname = "panic_print",
1793 .data = &panic_print,
1794 .maxlen = sizeof(unsigned long),
1795 .mode = 0644,
1796 .proc_handler = proc_doulongvec_minmax,
1797 },
1798 {
1799 .procname = "ngroups_max",
1800 .data = (void *)&ngroups_max,
1801 .maxlen = sizeof (int),
1802 .mode = 0444,
1803 .proc_handler = proc_dointvec,
1804 },
1805 {
1806 .procname = "cap_last_cap",
1807 .data = (void *)&cap_last_cap,
1808 .maxlen = sizeof(int),
1809 .mode = 0444,
1810 .proc_handler = proc_dointvec,
1811 },
1812 #if (defined(CONFIG_X86_32) || defined(CONFIG_PARISC)) && \
1813 defined(CONFIG_DEBUG_STACKOVERFLOW)
1814 {
1815 .procname = "panic_on_stackoverflow",
1816 .data = &sysctl_panic_on_stackoverflow,
1817 .maxlen = sizeof(int),
1818 .mode = 0644,
1819 .proc_handler = proc_dointvec,
1820 },
1821 #endif
1822 #if defined(CONFIG_MMU)
1823 {
1824 .procname = "randomize_va_space",
1825 .data = &randomize_va_space,
1826 .maxlen = sizeof(int),
1827 .mode = 0644,
1828 .proc_handler = proc_dointvec,
1829 },
1830 #endif
1831 #if defined(CONFIG_S390) && defined(CONFIG_SMP)
1832 {
1833 .procname = "spin_retry",
1834 .data = &spin_retry,
1835 .maxlen = sizeof (int),
1836 .mode = 0644,
1837 .proc_handler = proc_dointvec,
1838 },
1839 #endif
1840 #ifdef CONFIG_SYSCTL_ARCH_UNALIGN_NO_WARN
1841 {
1842 .procname = "ignore-unaligned-usertrap",
1843 .data = &no_unaligned_warning,
1844 .maxlen = sizeof (int),
1845 .mode = 0644,
1846 .proc_handler = proc_dointvec,
1847 },
1848 #endif
1849 #ifdef CONFIG_RT_MUTEXES
1850 {
1851 .procname = "max_lock_depth",
1852 .data = &max_lock_depth,
1853 .maxlen = sizeof(int),
1854 .mode = 0644,
1855 .proc_handler = proc_dointvec,
1856 },
1857 #endif
1858 {
1859 .procname = "panic_on_warn",
1860 .data = &panic_on_warn,
1861 .maxlen = sizeof(int),
1862 .mode = 0644,
1863 .proc_handler = proc_dointvec_minmax,
1864 .extra1 = SYSCTL_ZERO,
1865 .extra2 = SYSCTL_ONE,
1866 },
1867 #ifdef CONFIG_TREE_RCU
1868 {
1869 .procname = "panic_on_rcu_stall",
1870 .data = &sysctl_panic_on_rcu_stall,
1871 .maxlen = sizeof(sysctl_panic_on_rcu_stall),
1872 .mode = 0644,
1873 .proc_handler = proc_dointvec_minmax,
1874 .extra1 = SYSCTL_ZERO,
1875 .extra2 = SYSCTL_ONE,
1876 },
1877 {
1878 .procname = "max_rcu_stall_to_panic",
1879 .data = &sysctl_max_rcu_stall_to_panic,
1880 .maxlen = sizeof(sysctl_max_rcu_stall_to_panic),
1881 .mode = 0644,
1882 .proc_handler = proc_dointvec_minmax,
1883 .extra1 = SYSCTL_ONE,
1884 .extra2 = SYSCTL_INT_MAX,
1885 },
1886 #endif
1887 };
1888
sysctl_init_bases(void)1889 int __init sysctl_init_bases(void)
1890 {
1891 register_sysctl_init("kernel", kern_table);
1892
1893 return 0;
1894 }
1895 #endif /* CONFIG_SYSCTL */
1896 /*
1897 * No sense putting this after each symbol definition, twice,
1898 * exception granted :-)
1899 */
1900 EXPORT_SYMBOL(proc_dobool);
1901 EXPORT_SYMBOL(proc_dointvec);
1902 EXPORT_SYMBOL(proc_douintvec);
1903 EXPORT_SYMBOL(proc_dointvec_jiffies);
1904 EXPORT_SYMBOL(proc_dointvec_minmax);
1905 EXPORT_SYMBOL_GPL(proc_douintvec_minmax);
1906 EXPORT_SYMBOL(proc_dointvec_userhz_jiffies);
1907 EXPORT_SYMBOL(proc_dointvec_ms_jiffies);
1908 EXPORT_SYMBOL(proc_dostring);
1909 EXPORT_SYMBOL(proc_doulongvec_minmax);
1910 EXPORT_SYMBOL(proc_doulongvec_ms_jiffies_minmax);
1911 EXPORT_SYMBOL(proc_do_large_bitmap);
1912