xref: /linux/net/sysctl_net.c (revision c532de5a67a70f8533d495f8f2aaa9a0491c3ad0)
1 // SPDX-License-Identifier: GPL-2.0-only
2 /* -*- linux-c -*-
3  * sysctl_net.c: sysctl interface to net subsystem.
4  *
5  * Begun April 1, 1996, Mike Shaver.
6  * Added /proc/sys/net directories for each protocol family. [MS]
7  *
8  * Revision 1.2  1996/05/08  20:24:40  shaver
9  * Added bits for NET_BRIDGE and the NET_IPV4_ARP stuff and
10  * NET_IPV4_IP_FORWARD.
11  *
12  *
13  */
14 
15 #include <linux/mm.h>
16 #include <linux/export.h>
17 #include <linux/sysctl.h>
18 #include <linux/nsproxy.h>
19 
20 #include <net/sock.h>
21 
22 #ifdef CONFIG_INET
23 #include <net/ip.h>
24 #endif
25 
26 #ifdef CONFIG_NET
27 #include <linux/if_ether.h>
28 #endif
29 
30 static struct ctl_table_set *
31 net_ctl_header_lookup(struct ctl_table_root *root)
32 {
33 	return &current->nsproxy->net_ns->sysctls;
34 }
35 
36 static int is_seen(struct ctl_table_set *set)
37 {
38 	return &current->nsproxy->net_ns->sysctls == set;
39 }
40 
41 /* Return standard mode bits for table entry. */
42 static int net_ctl_permissions(struct ctl_table_header *head,
43 			       const struct ctl_table *table)
44 {
45 	struct net *net = container_of(head->set, struct net, sysctls);
46 
47 	/* Allow network administrator to have same access as root. */
48 	if (ns_capable_noaudit(net->user_ns, CAP_NET_ADMIN)) {
49 		int mode = (table->mode >> 6) & 7;
50 		return (mode << 6) | (mode << 3) | mode;
51 	}
52 
53 	return table->mode;
54 }
55 
56 static void net_ctl_set_ownership(struct ctl_table_header *head,
57 				  kuid_t *uid, kgid_t *gid)
58 {
59 	struct net *net = container_of(head->set, struct net, sysctls);
60 	kuid_t ns_root_uid;
61 	kgid_t ns_root_gid;
62 
63 	ns_root_uid = make_kuid(net->user_ns, 0);
64 	if (uid_valid(ns_root_uid))
65 		*uid = ns_root_uid;
66 
67 	ns_root_gid = make_kgid(net->user_ns, 0);
68 	if (gid_valid(ns_root_gid))
69 		*gid = ns_root_gid;
70 }
71 
72 static struct ctl_table_root net_sysctl_root = {
73 	.lookup = net_ctl_header_lookup,
74 	.permissions = net_ctl_permissions,
75 	.set_ownership = net_ctl_set_ownership,
76 };
77 
78 static int __net_init sysctl_net_init(struct net *net)
79 {
80 	setup_sysctl_set(&net->sysctls, &net_sysctl_root, is_seen);
81 	return 0;
82 }
83 
84 static void __net_exit sysctl_net_exit(struct net *net)
85 {
86 	retire_sysctl_set(&net->sysctls);
87 }
88 
89 static struct pernet_operations sysctl_pernet_ops = {
90 	.init = sysctl_net_init,
91 	.exit = sysctl_net_exit,
92 };
93 
94 static struct ctl_table_header *net_header;
95 __init int net_sysctl_init(void)
96 {
97 	static struct ctl_table empty[1];
98 	int ret = -ENOMEM;
99 	/* Avoid limitations in the sysctl implementation by
100 	 * registering "/proc/sys/net" as an empty directory not in a
101 	 * network namespace.
102 	 */
103 	net_header = register_sysctl_sz("net", empty, 0);
104 	if (!net_header)
105 		goto out;
106 	ret = register_pernet_subsys(&sysctl_pernet_ops);
107 	if (ret)
108 		goto out1;
109 out:
110 	return ret;
111 out1:
112 	unregister_sysctl_table(net_header);
113 	net_header = NULL;
114 	goto out;
115 }
116 
117 /* Verify that sysctls for non-init netns are safe by either:
118  * 1) being read-only, or
119  * 2) having a data pointer which points outside of the global kernel/module
120  *    data segment, and rather into the heap where a per-net object was
121  *    allocated.
122  */
123 static void ensure_safe_net_sysctl(struct net *net, const char *path,
124 				   struct ctl_table *table, size_t table_size)
125 {
126 	struct ctl_table *ent;
127 
128 	pr_debug("Registering net sysctl (net %p): %s\n", net, path);
129 	ent = table;
130 	for (size_t i = 0; i < table_size; ent++, i++) {
131 		unsigned long addr;
132 		const char *where;
133 
134 		pr_debug("  procname=%s mode=%o proc_handler=%ps data=%p\n",
135 			 ent->procname, ent->mode, ent->proc_handler, ent->data);
136 
137 		/* If it's not writable inside the netns, then it can't hurt. */
138 		if ((ent->mode & 0222) == 0) {
139 			pr_debug("    Not writable by anyone\n");
140 			continue;
141 		}
142 
143 		/* Where does data point? */
144 		addr = (unsigned long)ent->data;
145 		if (is_module_address(addr))
146 			where = "module";
147 		else if (is_kernel_core_data(addr))
148 			where = "kernel";
149 		else
150 			continue;
151 
152 		/* If it is writable and points to kernel/module global
153 		 * data, then it's probably a netns leak.
154 		 */
155 		WARN(1, "sysctl %s/%s: data points to %s global data: %ps\n",
156 		     path, ent->procname, where, ent->data);
157 
158 		/* Make it "safe" by dropping writable perms */
159 		ent->mode &= ~0222;
160 	}
161 }
162 
163 struct ctl_table_header *register_net_sysctl_sz(struct net *net,
164 						const char *path,
165 						struct ctl_table *table,
166 						size_t table_size)
167 {
168 	if (!net_eq(net, &init_net))
169 		ensure_safe_net_sysctl(net, path, table, table_size);
170 
171 	return __register_sysctl_table(&net->sysctls, path, table, table_size);
172 }
173 EXPORT_SYMBOL_GPL(register_net_sysctl_sz);
174 
175 void unregister_net_sysctl_table(struct ctl_table_header *header)
176 {
177 	unregister_sysctl_table(header);
178 }
179 EXPORT_SYMBOL_GPL(unregister_net_sysctl_table);
180