proc_sysctl.c 44 KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889909192939495969798991001011021031041051061071081091101111121131141151161171181191201211221231241251261271281291301311321331341351361371381391401411421431441451461471481491501511521531541551561571581591601611621631641651661671681691701711721731741751761771781791801811821831841851861871881891901911921931941951961971981992002012022032042052062072082092102112122132142152162172182192202212222232242252262272282292302312322332342352362372382392402412422432442452462472482492502512522532542552562572582592602612622632642652662672682692702712722732742752762772782792802812822832842852862872882892902912922932942952962972982993003013023033043053063073083093103113123133143153163173183193203213223233243253263273283293303313323333343353363373383393403413423433443453463473483493503513523533543553563573583593603613623633643653663673683693703713723733743753763773783793803813823833843853863873883893903913923933943953963973983994004014024034044054064074084094104114124134144154164174184194204214224234244254264274284294304314324334344354364374384394404414424434444454464474484494504514524534544554564574584594604614624634644654664674684694704714724734744754764774784794804814824834844854864874884894904914924934944954964974984995005015025035045055065075085095105115125135145155165175185195205215225235245255265275285295305315325335345355365375385395405415425435445455465475485495505515525535545555565575585595605615625635645655665675685695705715725735745755765775785795805815825835845855865875885895905915925935945955965975985996006016026036046056066076086096106116126136146156166176186196206216226236246256266276286296306316326336346356366376386396406416426436446456466476486496506516526536546556566576586596606616626636646656666676686696706716726736746756766776786796806816826836846856866876886896906916926936946956966976986997007017027037047057067077087097107117127137147157167177187197207217227237247257267277287297307317327337347357367377387397407417427437447457467477487497507517527537547557567577587597607617627637647657667677687697707717727737747757767777787797807817827837847857867877887897907917927937947957967977987998008018028038048058068078088098108118128138148158168178188198208218228238248258268278288298308318328338348358368378388398408418428438448458468478488498508518528538548558568578588598608618628638648658668678688698708718728738748758768778788798808818828838848858868878888898908918928938948958968978988999009019029039049059069079089099109119129139149159169179189199209219229239249259269279289299309319329339349359369379389399409419429439449459469479489499509519529539549559569579589599609619629639649659669679689699709719729739749759769779789799809819829839849859869879889899909919929939949959969979989991000100110021003100410051006100710081009101010111012101310141015101610171018101910201021102210231024102510261027102810291030103110321033103410351036103710381039104010411042104310441045104610471048104910501051105210531054105510561057105810591060106110621063106410651066106710681069107010711072107310741075107610771078107910801081108210831084108510861087108810891090109110921093109410951096109710981099110011011102110311041105110611071108110911101111111211131114111511161117111811191120112111221123112411251126112711281129113011311132113311341135113611371138113911401141114211431144114511461147114811491150115111521153115411551156115711581159116011611162116311641165116611671168116911701171117211731174117511761177117811791180118111821183118411851186118711881189119011911192119311941195119611971198119912001201120212031204120512061207120812091210121112121213121412151216121712181219122012211222122312241225122612271228122912301231123212331234123512361237123812391240124112421243124412451246124712481249125012511252125312541255125612571258125912601261126212631264126512661267126812691270127112721273127412751276127712781279128012811282128312841285128612871288128912901291129212931294129512961297129812991300130113021303130413051306130713081309131013111312131313141315131613171318131913201321132213231324132513261327132813291330133113321333133413351336133713381339134013411342134313441345134613471348134913501351135213531354135513561357135813591360136113621363136413651366136713681369137013711372137313741375137613771378137913801381138213831384138513861387138813891390139113921393139413951396139713981399140014011402140314041405140614071408140914101411141214131414141514161417141814191420142114221423142414251426142714281429143014311432143314341435143614371438143914401441144214431444144514461447144814491450145114521453145414551456145714581459146014611462146314641465146614671468146914701471147214731474147514761477147814791480148114821483148414851486148714881489149014911492149314941495149614971498149915001501150215031504150515061507150815091510151115121513151415151516151715181519152015211522152315241525152615271528152915301531153215331534153515361537153815391540154115421543154415451546154715481549155015511552155315541555155615571558155915601561156215631564156515661567156815691570157115721573157415751576157715781579158015811582158315841585158615871588158915901591159215931594159515961597159815991600160116021603160416051606160716081609161016111612161316141615161616171618161916201621162216231624162516261627162816291630163116321633163416351636163716381639164016411642164316441645164616471648164916501651165216531654165516561657165816591660166116621663166416651666166716681669167016711672167316741675167616771678167916801681168216831684168516861687168816891690169116921693169416951696169716981699170017011702170317041705170617071708170917101711171217131714171517161717171817191720172117221723172417251726
  1. // SPDX-License-Identifier: GPL-2.0
  2. /*
  3. * /proc/sys support
  4. */
  5. #include <linux/init.h>
  6. #include <linux/sysctl.h>
  7. #include <linux/poll.h>
  8. #include <linux/proc_fs.h>
  9. #include <linux/printk.h>
  10. #include <linux/security.h>
  11. #include <linux/sched.h>
  12. #include <linux/cred.h>
  13. #include <linux/namei.h>
  14. #include <linux/mm.h>
  15. #include <linux/uio.h>
  16. #include <linux/module.h>
  17. #include <linux/bpf-cgroup.h>
  18. #include <linux/mount.h>
  19. #include <linux/kmemleak.h>
  20. #include <linux/lockdep.h>
  21. #include "internal.h"
  22. #define list_for_each_table_entry(entry, header) \
  23. entry = header->ctl_table; \
  24. for (size_t i = 0 ; i < header->ctl_table_size; ++i, entry++)
  25. static const struct dentry_operations proc_sys_dentry_operations;
  26. static const struct file_operations proc_sys_file_operations;
  27. static const struct inode_operations proc_sys_inode_operations;
  28. static const struct file_operations proc_sys_dir_file_operations;
  29. static const struct inode_operations proc_sys_dir_operations;
  30. /*
  31. * Support for permanently empty directories.
  32. * Must be non-empty to avoid sharing an address with other tables.
  33. */
  34. static const struct ctl_table sysctl_mount_point[] = {
  35. { }
  36. };
  37. /**
  38. * register_sysctl_mount_point() - registers a sysctl mount point
  39. * @path: path for the mount point
  40. *
  41. * Used to create a permanently empty directory to serve as mount point.
  42. * There are some subtle but important permission checks this allows in the
  43. * case of unprivileged mounts.
  44. */
  45. struct ctl_table_header *register_sysctl_mount_point(const char *path)
  46. {
  47. return register_sysctl_sz(path, sysctl_mount_point, 0);
  48. }
  49. EXPORT_SYMBOL(register_sysctl_mount_point);
  50. #define sysctl_is_perm_empty_ctl_header(hptr) \
  51. (hptr->type == SYSCTL_TABLE_TYPE_PERMANENTLY_EMPTY)
  52. #define sysctl_set_perm_empty_ctl_header(hptr) \
  53. (hptr->type = SYSCTL_TABLE_TYPE_PERMANENTLY_EMPTY)
  54. #define sysctl_clear_perm_empty_ctl_header(hptr) \
  55. (hptr->type = SYSCTL_TABLE_TYPE_DEFAULT)
  56. void proc_sys_poll_notify(struct ctl_table_poll *poll)
  57. {
  58. if (!poll)
  59. return;
  60. atomic_inc(&poll->event);
  61. wake_up_interruptible(&poll->wait);
  62. }
  63. static const struct ctl_table root_table[] = {
  64. {
  65. .procname = "",
  66. .mode = S_IFDIR|S_IRUGO|S_IXUGO,
  67. },
  68. };
  69. static struct ctl_table_root sysctl_table_root = {
  70. .default_set.dir.header = {
  71. {{.count = 1,
  72. .nreg = 1,
  73. .ctl_table = root_table }},
  74. .ctl_table_arg = root_table,
  75. .root = &sysctl_table_root,
  76. .set = &sysctl_table_root.default_set,
  77. },
  78. };
  79. static DEFINE_SPINLOCK(sysctl_lock);
  80. static void drop_sysctl_table(struct ctl_table_header *header);
  81. static int sysctl_follow_link(struct ctl_table_header **phead,
  82. const struct ctl_table **pentry);
  83. static int insert_links(struct ctl_table_header *head);
  84. static void put_links(struct ctl_table_header *header);
  85. static void sysctl_print_dir(struct ctl_dir *dir)
  86. {
  87. if (dir->header.parent)
  88. sysctl_print_dir(dir->header.parent);
  89. pr_cont("%s/", dir->header.ctl_table[0].procname);
  90. }
  91. static int namecmp(const char *name1, int len1, const char *name2, int len2)
  92. {
  93. int cmp;
  94. cmp = memcmp(name1, name2, min(len1, len2));
  95. if (cmp == 0)
  96. cmp = len1 - len2;
  97. return cmp;
  98. }
  99. static const struct ctl_table *find_entry(struct ctl_table_header **phead,
  100. struct ctl_dir *dir, const char *name, int namelen)
  101. {
  102. struct ctl_table_header *head;
  103. const struct ctl_table *entry;
  104. struct rb_node *node = dir->root.rb_node;
  105. lockdep_assert_held(&sysctl_lock);
  106. while (node)
  107. {
  108. struct ctl_node *ctl_node;
  109. const char *procname;
  110. int cmp;
  111. ctl_node = rb_entry(node, struct ctl_node, node);
  112. head = ctl_node->header;
  113. entry = &head->ctl_table[ctl_node - head->node];
  114. procname = entry->procname;
  115. cmp = namecmp(name, namelen, procname, strlen(procname));
  116. if (cmp < 0)
  117. node = node->rb_left;
  118. else if (cmp > 0)
  119. node = node->rb_right;
  120. else {
  121. *phead = head;
  122. return entry;
  123. }
  124. }
  125. return NULL;
  126. }
  127. static int insert_entry(struct ctl_table_header *head, const struct ctl_table *entry)
  128. {
  129. struct rb_node *node = &head->node[entry - head->ctl_table].node;
  130. struct rb_node **p = &head->parent->root.rb_node;
  131. struct rb_node *parent = NULL;
  132. const char *name = entry->procname;
  133. int namelen = strlen(name);
  134. while (*p) {
  135. struct ctl_table_header *parent_head;
  136. const struct ctl_table *parent_entry;
  137. struct ctl_node *parent_node;
  138. const char *parent_name;
  139. int cmp;
  140. parent = *p;
  141. parent_node = rb_entry(parent, struct ctl_node, node);
  142. parent_head = parent_node->header;
  143. parent_entry = &parent_head->ctl_table[parent_node - parent_head->node];
  144. parent_name = parent_entry->procname;
  145. cmp = namecmp(name, namelen, parent_name, strlen(parent_name));
  146. if (cmp < 0)
  147. p = &(*p)->rb_left;
  148. else if (cmp > 0)
  149. p = &(*p)->rb_right;
  150. else {
  151. pr_err("sysctl duplicate entry: ");
  152. sysctl_print_dir(head->parent);
  153. pr_cont("%s\n", entry->procname);
  154. return -EEXIST;
  155. }
  156. }
  157. rb_link_node(node, parent, p);
  158. rb_insert_color(node, &head->parent->root);
  159. return 0;
  160. }
  161. static void erase_entry(struct ctl_table_header *head, const struct ctl_table *entry)
  162. {
  163. struct rb_node *node = &head->node[entry - head->ctl_table].node;
  164. rb_erase(node, &head->parent->root);
  165. }
  166. static void init_header(struct ctl_table_header *head,
  167. struct ctl_table_root *root, struct ctl_table_set *set,
  168. struct ctl_node *node, const struct ctl_table *table, size_t table_size)
  169. {
  170. head->ctl_table = table;
  171. head->ctl_table_size = table_size;
  172. head->ctl_table_arg = table;
  173. head->used = 0;
  174. head->count = 1;
  175. head->nreg = 1;
  176. head->unregistering = NULL;
  177. head->root = root;
  178. head->set = set;
  179. head->parent = NULL;
  180. head->node = node;
  181. INIT_HLIST_HEAD(&head->inodes);
  182. if (node) {
  183. const struct ctl_table *entry;
  184. list_for_each_table_entry(entry, head) {
  185. node->header = head;
  186. node++;
  187. }
  188. }
  189. if (table == sysctl_mount_point)
  190. sysctl_set_perm_empty_ctl_header(head);
  191. }
  192. static void erase_header(struct ctl_table_header *head)
  193. {
  194. const struct ctl_table *entry;
  195. list_for_each_table_entry(entry, head)
  196. erase_entry(head, entry);
  197. }
  198. static int insert_header(struct ctl_dir *dir, struct ctl_table_header *header)
  199. {
  200. const struct ctl_table *entry;
  201. struct ctl_table_header *dir_h = &dir->header;
  202. int err;
  203. /* Is this a permanently empty directory? */
  204. if (sysctl_is_perm_empty_ctl_header(dir_h))
  205. return -EROFS;
  206. /* Am I creating a permanently empty directory? */
  207. if (sysctl_is_perm_empty_ctl_header(header)) {
  208. if (!RB_EMPTY_ROOT(&dir->root))
  209. return -EINVAL;
  210. sysctl_set_perm_empty_ctl_header(dir_h);
  211. }
  212. dir_h->nreg++;
  213. header->parent = dir;
  214. err = insert_links(header);
  215. if (err)
  216. goto fail_links;
  217. list_for_each_table_entry(entry, header) {
  218. err = insert_entry(header, entry);
  219. if (err)
  220. goto fail;
  221. }
  222. return 0;
  223. fail:
  224. erase_header(header);
  225. put_links(header);
  226. fail_links:
  227. if (header->ctl_table == sysctl_mount_point)
  228. sysctl_clear_perm_empty_ctl_header(dir_h);
  229. header->parent = NULL;
  230. drop_sysctl_table(dir_h);
  231. return err;
  232. }
  233. static int use_table(struct ctl_table_header *p)
  234. {
  235. lockdep_assert_held(&sysctl_lock);
  236. if (unlikely(p->unregistering))
  237. return 0;
  238. p->used++;
  239. return 1;
  240. }
  241. static void unuse_table(struct ctl_table_header *p)
  242. {
  243. lockdep_assert_held(&sysctl_lock);
  244. if (!--p->used)
  245. if (unlikely(p->unregistering))
  246. complete(p->unregistering);
  247. }
  248. static void proc_sys_invalidate_dcache(struct ctl_table_header *head)
  249. {
  250. proc_invalidate_siblings_dcache(&head->inodes, &sysctl_lock);
  251. }
  252. static void start_unregistering(struct ctl_table_header *p)
  253. {
  254. /* will reacquire if has to wait */
  255. lockdep_assert_held(&sysctl_lock);
  256. /*
  257. * if p->used is 0, nobody will ever touch that entry again;
  258. * we'll eliminate all paths to it before dropping sysctl_lock
  259. */
  260. if (unlikely(p->used)) {
  261. struct completion wait;
  262. init_completion(&wait);
  263. p->unregistering = &wait;
  264. spin_unlock(&sysctl_lock);
  265. wait_for_completion(&wait);
  266. } else {
  267. /* anything non-NULL; we'll never dereference it */
  268. p->unregistering = ERR_PTR(-EINVAL);
  269. spin_unlock(&sysctl_lock);
  270. }
  271. /*
  272. * Invalidate dentries for unregistered sysctls: namespaced sysctls
  273. * can have duplicate names and contaminate dcache very badly.
  274. */
  275. proc_sys_invalidate_dcache(p);
  276. /*
  277. * do not remove from the list until nobody holds it; walking the
  278. * list in do_sysctl() relies on that.
  279. */
  280. spin_lock(&sysctl_lock);
  281. erase_header(p);
  282. }
  283. static struct ctl_table_header *sysctl_head_grab(struct ctl_table_header *head)
  284. {
  285. BUG_ON(!head);
  286. spin_lock(&sysctl_lock);
  287. if (!use_table(head))
  288. head = ERR_PTR(-ENOENT);
  289. spin_unlock(&sysctl_lock);
  290. return head;
  291. }
  292. static void sysctl_head_finish(struct ctl_table_header *head)
  293. {
  294. if (!head)
  295. return;
  296. spin_lock(&sysctl_lock);
  297. unuse_table(head);
  298. spin_unlock(&sysctl_lock);
  299. }
  300. static struct ctl_table_set *
  301. lookup_header_set(struct ctl_table_root *root)
  302. {
  303. struct ctl_table_set *set = &root->default_set;
  304. if (root->lookup)
  305. set = root->lookup(root);
  306. return set;
  307. }
  308. static const struct ctl_table *lookup_entry(struct ctl_table_header **phead,
  309. struct ctl_dir *dir,
  310. const char *name, int namelen)
  311. {
  312. struct ctl_table_header *head;
  313. const struct ctl_table *entry;
  314. spin_lock(&sysctl_lock);
  315. entry = find_entry(&head, dir, name, namelen);
  316. if (entry && use_table(head))
  317. *phead = head;
  318. else
  319. entry = NULL;
  320. spin_unlock(&sysctl_lock);
  321. return entry;
  322. }
  323. static struct ctl_node *first_usable_entry(struct rb_node *node)
  324. {
  325. struct ctl_node *ctl_node;
  326. for (;node; node = rb_next(node)) {
  327. ctl_node = rb_entry(node, struct ctl_node, node);
  328. if (use_table(ctl_node->header))
  329. return ctl_node;
  330. }
  331. return NULL;
  332. }
  333. static void first_entry(struct ctl_dir *dir,
  334. struct ctl_table_header **phead, const struct ctl_table **pentry)
  335. {
  336. struct ctl_table_header *head = NULL;
  337. const struct ctl_table *entry = NULL;
  338. struct ctl_node *ctl_node;
  339. spin_lock(&sysctl_lock);
  340. ctl_node = first_usable_entry(rb_first(&dir->root));
  341. spin_unlock(&sysctl_lock);
  342. if (ctl_node) {
  343. head = ctl_node->header;
  344. entry = &head->ctl_table[ctl_node - head->node];
  345. }
  346. *phead = head;
  347. *pentry = entry;
  348. }
  349. static void next_entry(struct ctl_table_header **phead, const struct ctl_table **pentry)
  350. {
  351. struct ctl_table_header *head = *phead;
  352. const struct ctl_table *entry = *pentry;
  353. struct ctl_node *ctl_node = &head->node[entry - head->ctl_table];
  354. spin_lock(&sysctl_lock);
  355. unuse_table(head);
  356. ctl_node = first_usable_entry(rb_next(&ctl_node->node));
  357. spin_unlock(&sysctl_lock);
  358. head = NULL;
  359. if (ctl_node) {
  360. head = ctl_node->header;
  361. entry = &head->ctl_table[ctl_node - head->node];
  362. }
  363. *phead = head;
  364. *pentry = entry;
  365. }
  366. /*
  367. * sysctl_perm does NOT grant the superuser all rights automatically, because
  368. * some sysctl variables are readonly even to root.
  369. */
  370. static int test_perm(int mode, int op)
  371. {
  372. if (uid_eq(current_euid(), GLOBAL_ROOT_UID))
  373. mode >>= 6;
  374. else if (in_egroup_p(GLOBAL_ROOT_GID))
  375. mode >>= 3;
  376. if ((op & ~mode & (MAY_READ|MAY_WRITE|MAY_EXEC)) == 0)
  377. return 0;
  378. return -EACCES;
  379. }
  380. static int sysctl_perm(struct ctl_table_header *head, const struct ctl_table *table, int op)
  381. {
  382. struct ctl_table_root *root = head->root;
  383. int mode;
  384. if (root->permissions)
  385. mode = root->permissions(head, table);
  386. else
  387. mode = table->mode;
  388. return test_perm(mode, op);
  389. }
  390. static struct inode *proc_sys_make_inode(struct super_block *sb,
  391. struct ctl_table_header *head, const struct ctl_table *table)
  392. {
  393. struct ctl_table_root *root = head->root;
  394. struct inode *inode;
  395. struct proc_inode *ei;
  396. inode = new_inode(sb);
  397. if (!inode)
  398. return ERR_PTR(-ENOMEM);
  399. inode->i_ino = get_next_ino();
  400. ei = PROC_I(inode);
  401. spin_lock(&sysctl_lock);
  402. if (unlikely(head->unregistering)) {
  403. spin_unlock(&sysctl_lock);
  404. iput(inode);
  405. return ERR_PTR(-ENOENT);
  406. }
  407. ei->sysctl = head;
  408. ei->sysctl_entry = table;
  409. hlist_add_head_rcu(&ei->sibling_inodes, &head->inodes);
  410. head->count++;
  411. spin_unlock(&sysctl_lock);
  412. simple_inode_init_ts(inode);
  413. inode->i_mode = table->mode;
  414. if (!S_ISDIR(table->mode)) {
  415. inode->i_mode |= S_IFREG;
  416. inode->i_op = &proc_sys_inode_operations;
  417. inode->i_fop = &proc_sys_file_operations;
  418. } else {
  419. inode->i_mode |= S_IFDIR;
  420. inode->i_op = &proc_sys_dir_operations;
  421. inode->i_fop = &proc_sys_dir_file_operations;
  422. if (sysctl_is_perm_empty_ctl_header(head))
  423. make_empty_dir_inode(inode);
  424. }
  425. inode->i_uid = GLOBAL_ROOT_UID;
  426. inode->i_gid = GLOBAL_ROOT_GID;
  427. if (root->set_ownership)
  428. root->set_ownership(head, &inode->i_uid, &inode->i_gid);
  429. return inode;
  430. }
  431. void proc_sys_evict_inode(struct inode *inode, struct ctl_table_header *head)
  432. {
  433. spin_lock(&sysctl_lock);
  434. hlist_del_init_rcu(&PROC_I(inode)->sibling_inodes);
  435. if (!--head->count)
  436. kfree_rcu(head, rcu);
  437. spin_unlock(&sysctl_lock);
  438. }
  439. static struct ctl_table_header *grab_header(struct inode *inode)
  440. {
  441. struct ctl_table_header *head = PROC_I(inode)->sysctl;
  442. if (!head)
  443. head = &sysctl_table_root.default_set.dir.header;
  444. return sysctl_head_grab(head);
  445. }
  446. static struct dentry *proc_sys_lookup(struct inode *dir, struct dentry *dentry,
  447. unsigned int flags)
  448. {
  449. struct ctl_table_header *head = grab_header(dir);
  450. struct ctl_table_header *h = NULL;
  451. const struct qstr *name = &dentry->d_name;
  452. const struct ctl_table *p;
  453. struct inode *inode;
  454. struct dentry *err = ERR_PTR(-ENOENT);
  455. struct ctl_dir *ctl_dir;
  456. int ret;
  457. if (IS_ERR(head))
  458. return ERR_CAST(head);
  459. ctl_dir = container_of(head, struct ctl_dir, header);
  460. p = lookup_entry(&h, ctl_dir, name->name, name->len);
  461. if (!p)
  462. goto out;
  463. if (S_ISLNK(p->mode)) {
  464. ret = sysctl_follow_link(&h, &p);
  465. err = ERR_PTR(ret);
  466. if (ret)
  467. goto out;
  468. }
  469. inode = proc_sys_make_inode(dir->i_sb, h ? h : head, p);
  470. err = d_splice_alias_ops(inode, dentry, &proc_sys_dentry_operations);
  471. out:
  472. if (h)
  473. sysctl_head_finish(h);
  474. sysctl_head_finish(head);
  475. return err;
  476. }
  477. static ssize_t proc_sys_call_handler(struct kiocb *iocb, struct iov_iter *iter,
  478. int write)
  479. {
  480. struct inode *inode = file_inode(iocb->ki_filp);
  481. struct ctl_table_header *head = grab_header(inode);
  482. const struct ctl_table *table = PROC_I(inode)->sysctl_entry;
  483. size_t count = iov_iter_count(iter);
  484. char *kbuf;
  485. ssize_t error;
  486. if (IS_ERR(head))
  487. return PTR_ERR(head);
  488. /*
  489. * At this point we know that the sysctl was not unregistered
  490. * and won't be until we finish.
  491. */
  492. error = -EPERM;
  493. if (sysctl_perm(head, table, write ? MAY_WRITE : MAY_READ))
  494. goto out;
  495. /* if that can happen at all, it should be -EINVAL, not -EISDIR */
  496. error = -EINVAL;
  497. if (!table->proc_handler)
  498. goto out;
  499. /* don't even try if the size is too large */
  500. error = -ENOMEM;
  501. if (count >= KMALLOC_MAX_SIZE)
  502. goto out;
  503. kbuf = kvzalloc(count + 1, GFP_KERNEL);
  504. if (!kbuf)
  505. goto out;
  506. if (write) {
  507. error = -EFAULT;
  508. if (!copy_from_iter_full(kbuf, count, iter))
  509. goto out_free_buf;
  510. kbuf[count] = '\0';
  511. }
  512. error = BPF_CGROUP_RUN_PROG_SYSCTL(head, table, write, &kbuf, &count,
  513. &iocb->ki_pos);
  514. if (error)
  515. goto out_free_buf;
  516. /* careful: calling conventions are nasty here */
  517. error = table->proc_handler(table, write, kbuf, &count, &iocb->ki_pos);
  518. if (error)
  519. goto out_free_buf;
  520. if (!write) {
  521. error = -EFAULT;
  522. if (copy_to_iter(kbuf, count, iter) < count)
  523. goto out_free_buf;
  524. }
  525. error = count;
  526. out_free_buf:
  527. kvfree(kbuf);
  528. out:
  529. sysctl_head_finish(head);
  530. return error;
  531. }
  532. static ssize_t proc_sys_read(struct kiocb *iocb, struct iov_iter *iter)
  533. {
  534. return proc_sys_call_handler(iocb, iter, 0);
  535. }
  536. static ssize_t proc_sys_write(struct kiocb *iocb, struct iov_iter *iter)
  537. {
  538. return proc_sys_call_handler(iocb, iter, 1);
  539. }
  540. static int proc_sys_open(struct inode *inode, struct file *filp)
  541. {
  542. struct ctl_table_header *head = grab_header(inode);
  543. const struct ctl_table *table = PROC_I(inode)->sysctl_entry;
  544. /* sysctl was unregistered */
  545. if (IS_ERR(head))
  546. return PTR_ERR(head);
  547. if (table->poll)
  548. filp->private_data = proc_sys_poll_event(table->poll);
  549. sysctl_head_finish(head);
  550. return 0;
  551. }
  552. static __poll_t proc_sys_poll(struct file *filp, poll_table *wait)
  553. {
  554. struct inode *inode = file_inode(filp);
  555. struct ctl_table_header *head = grab_header(inode);
  556. const struct ctl_table *table = PROC_I(inode)->sysctl_entry;
  557. __poll_t ret = DEFAULT_POLLMASK;
  558. unsigned long event;
  559. /* sysctl was unregistered */
  560. if (IS_ERR(head))
  561. return EPOLLERR | EPOLLHUP;
  562. if (!table->proc_handler)
  563. goto out;
  564. if (!table->poll)
  565. goto out;
  566. event = (unsigned long)filp->private_data;
  567. poll_wait(filp, &table->poll->wait, wait);
  568. if (event != atomic_read(&table->poll->event)) {
  569. filp->private_data = proc_sys_poll_event(table->poll);
  570. ret = EPOLLIN | EPOLLRDNORM | EPOLLERR | EPOLLPRI;
  571. }
  572. out:
  573. sysctl_head_finish(head);
  574. return ret;
  575. }
  576. static bool proc_sys_fill_cache(struct file *file,
  577. struct dir_context *ctx,
  578. struct ctl_table_header *head,
  579. const struct ctl_table *table)
  580. {
  581. struct dentry *child, *dir = file->f_path.dentry;
  582. struct inode *inode;
  583. struct qstr qname;
  584. ino_t ino = 0;
  585. unsigned type = DT_UNKNOWN;
  586. qname.name = table->procname;
  587. qname.len = strlen(table->procname);
  588. qname.hash = full_name_hash(dir, qname.name, qname.len);
  589. child = d_lookup(dir, &qname);
  590. if (!child) {
  591. DECLARE_WAIT_QUEUE_HEAD_ONSTACK(wq);
  592. child = d_alloc_parallel(dir, &qname, &wq);
  593. if (IS_ERR(child))
  594. return false;
  595. if (d_in_lookup(child)) {
  596. struct dentry *res;
  597. inode = proc_sys_make_inode(dir->d_sb, head, table);
  598. res = d_splice_alias_ops(inode, child,
  599. &proc_sys_dentry_operations);
  600. d_lookup_done(child);
  601. if (unlikely(res)) {
  602. dput(child);
  603. if (IS_ERR(res))
  604. return false;
  605. child = res;
  606. }
  607. }
  608. }
  609. inode = d_inode(child);
  610. ino = inode->i_ino;
  611. type = inode->i_mode >> 12;
  612. dput(child);
  613. return dir_emit(ctx, qname.name, qname.len, ino, type);
  614. }
  615. static bool proc_sys_link_fill_cache(struct file *file,
  616. struct dir_context *ctx,
  617. struct ctl_table_header *head,
  618. const struct ctl_table *table)
  619. {
  620. bool ret = true;
  621. head = sysctl_head_grab(head);
  622. if (IS_ERR(head))
  623. return false;
  624. /* It is not an error if we can not follow the link ignore it */
  625. if (sysctl_follow_link(&head, &table))
  626. goto out;
  627. ret = proc_sys_fill_cache(file, ctx, head, table);
  628. out:
  629. sysctl_head_finish(head);
  630. return ret;
  631. }
  632. static int scan(struct ctl_table_header *head, const struct ctl_table *table,
  633. unsigned long *pos, struct file *file,
  634. struct dir_context *ctx)
  635. {
  636. bool res;
  637. if ((*pos)++ < ctx->pos)
  638. return true;
  639. if (unlikely(S_ISLNK(table->mode)))
  640. res = proc_sys_link_fill_cache(file, ctx, head, table);
  641. else
  642. res = proc_sys_fill_cache(file, ctx, head, table);
  643. if (res)
  644. ctx->pos = *pos;
  645. return res;
  646. }
  647. static int proc_sys_readdir(struct file *file, struct dir_context *ctx)
  648. {
  649. struct ctl_table_header *head = grab_header(file_inode(file));
  650. struct ctl_table_header *h = NULL;
  651. const struct ctl_table *entry;
  652. struct ctl_dir *ctl_dir;
  653. unsigned long pos;
  654. if (IS_ERR(head))
  655. return PTR_ERR(head);
  656. ctl_dir = container_of(head, struct ctl_dir, header);
  657. if (!dir_emit_dots(file, ctx))
  658. goto out;
  659. pos = 2;
  660. for (first_entry(ctl_dir, &h, &entry); h; next_entry(&h, &entry)) {
  661. if (!scan(h, entry, &pos, file, ctx)) {
  662. sysctl_head_finish(h);
  663. break;
  664. }
  665. }
  666. out:
  667. sysctl_head_finish(head);
  668. return 0;
  669. }
  670. static int proc_sys_permission(struct mnt_idmap *idmap,
  671. struct inode *inode, int mask)
  672. {
  673. /*
  674. * sysctl entries that are not writeable,
  675. * are _NOT_ writeable, capabilities or not.
  676. */
  677. struct ctl_table_header *head;
  678. const struct ctl_table *table;
  679. int error;
  680. /* Executable files are not allowed under /proc/sys/ */
  681. if ((mask & MAY_EXEC) && S_ISREG(inode->i_mode))
  682. return -EACCES;
  683. head = grab_header(inode);
  684. if (IS_ERR(head))
  685. return PTR_ERR(head);
  686. table = PROC_I(inode)->sysctl_entry;
  687. if (!table) /* global root - r-xr-xr-x */
  688. error = mask & MAY_WRITE ? -EACCES : 0;
  689. else /* Use the permissions on the sysctl table entry */
  690. error = sysctl_perm(head, table, mask & ~MAY_NOT_BLOCK);
  691. sysctl_head_finish(head);
  692. return error;
  693. }
  694. static int proc_sys_setattr(struct mnt_idmap *idmap,
  695. struct dentry *dentry, struct iattr *attr)
  696. {
  697. struct inode *inode = d_inode(dentry);
  698. int error;
  699. if (attr->ia_valid & (ATTR_MODE | ATTR_UID | ATTR_GID))
  700. return -EPERM;
  701. error = setattr_prepare(&nop_mnt_idmap, dentry, attr);
  702. if (error)
  703. return error;
  704. setattr_copy(&nop_mnt_idmap, inode, attr);
  705. return 0;
  706. }
  707. static int proc_sys_getattr(struct mnt_idmap *idmap,
  708. const struct path *path, struct kstat *stat,
  709. u32 request_mask, unsigned int query_flags)
  710. {
  711. struct inode *inode = d_inode(path->dentry);
  712. struct ctl_table_header *head = grab_header(inode);
  713. const struct ctl_table *table = PROC_I(inode)->sysctl_entry;
  714. if (IS_ERR(head))
  715. return PTR_ERR(head);
  716. generic_fillattr(&nop_mnt_idmap, request_mask, inode, stat);
  717. if (table)
  718. stat->mode = (stat->mode & S_IFMT) | table->mode;
  719. sysctl_head_finish(head);
  720. return 0;
  721. }
  722. static const struct file_operations proc_sys_file_operations = {
  723. .open = proc_sys_open,
  724. .poll = proc_sys_poll,
  725. .read_iter = proc_sys_read,
  726. .write_iter = proc_sys_write,
  727. .splice_read = copy_splice_read,
  728. .splice_write = iter_file_splice_write,
  729. .llseek = default_llseek,
  730. };
  731. static const struct file_operations proc_sys_dir_file_operations = {
  732. .read = generic_read_dir,
  733. .iterate_shared = proc_sys_readdir,
  734. .llseek = generic_file_llseek,
  735. };
  736. static const struct inode_operations proc_sys_inode_operations = {
  737. .permission = proc_sys_permission,
  738. .setattr = proc_sys_setattr,
  739. .getattr = proc_sys_getattr,
  740. };
  741. static const struct inode_operations proc_sys_dir_operations = {
  742. .lookup = proc_sys_lookup,
  743. .permission = proc_sys_permission,
  744. .setattr = proc_sys_setattr,
  745. .getattr = proc_sys_getattr,
  746. };
  747. static int proc_sys_revalidate(struct inode *dir, const struct qstr *name,
  748. struct dentry *dentry, unsigned int flags)
  749. {
  750. if (flags & LOOKUP_RCU)
  751. return -ECHILD;
  752. return !PROC_I(d_inode(dentry))->sysctl->unregistering;
  753. }
  754. static int proc_sys_delete(const struct dentry *dentry)
  755. {
  756. return !!PROC_I(d_inode(dentry))->sysctl->unregistering;
  757. }
  758. static int sysctl_is_seen(struct ctl_table_header *p)
  759. {
  760. struct ctl_table_set *set = p->set;
  761. int res;
  762. spin_lock(&sysctl_lock);
  763. if (p->unregistering)
  764. res = 0;
  765. else if (!set->is_seen)
  766. res = 1;
  767. else
  768. res = set->is_seen(set);
  769. spin_unlock(&sysctl_lock);
  770. return res;
  771. }
  772. static int proc_sys_compare(const struct dentry *dentry,
  773. unsigned int len, const char *str, const struct qstr *name)
  774. {
  775. struct ctl_table_header *head;
  776. struct inode *inode;
  777. if (name->len != len)
  778. return 1;
  779. if (memcmp(name->name, str, len))
  780. return 1;
  781. // false positive is fine here - we'll recheck anyway
  782. if (d_in_lookup(dentry))
  783. return 0;
  784. inode = d_inode_rcu(dentry);
  785. // we just might have run into dentry in the middle of __dentry_kill()
  786. if (!inode)
  787. return 1;
  788. head = READ_ONCE(PROC_I(inode)->sysctl);
  789. return !head || !sysctl_is_seen(head);
  790. }
  791. static const struct dentry_operations proc_sys_dentry_operations = {
  792. .d_revalidate = proc_sys_revalidate,
  793. .d_delete = proc_sys_delete,
  794. .d_compare = proc_sys_compare,
  795. };
  796. static struct ctl_dir *find_subdir(struct ctl_dir *dir,
  797. const char *name, int namelen)
  798. {
  799. struct ctl_table_header *head;
  800. const struct ctl_table *entry;
  801. entry = find_entry(&head, dir, name, namelen);
  802. if (!entry)
  803. return ERR_PTR(-ENOENT);
  804. if (!S_ISDIR(entry->mode))
  805. return ERR_PTR(-ENOTDIR);
  806. return container_of(head, struct ctl_dir, header);
  807. }
  808. static struct ctl_dir *new_dir(struct ctl_table_set *set,
  809. const char *name, int namelen)
  810. {
  811. struct ctl_table *table;
  812. struct ctl_dir *new;
  813. struct ctl_node *node;
  814. char *new_name;
  815. new = kzalloc(sizeof(*new) + sizeof(struct ctl_node) +
  816. sizeof(struct ctl_table) + namelen + 1,
  817. GFP_KERNEL);
  818. if (!new)
  819. return NULL;
  820. node = (struct ctl_node *)(new + 1);
  821. table = (struct ctl_table *)(node + 1);
  822. new_name = (char *)(table + 1);
  823. memcpy(new_name, name, namelen);
  824. table[0].procname = new_name;
  825. table[0].mode = S_IFDIR|S_IRUGO|S_IXUGO;
  826. init_header(&new->header, set->dir.header.root, set, node, table, 1);
  827. return new;
  828. }
  829. /**
  830. * get_subdir - find or create a subdir with the specified name.
  831. * @dir: Directory to create the subdirectory in
  832. * @name: The name of the subdirectory to find or create
  833. * @namelen: The length of name
  834. *
  835. * Takes a directory with an elevated reference count so we know that
  836. * if we drop the lock the directory will not go away. Upon success
  837. * the reference is moved from @dir to the returned subdirectory.
  838. * Upon error an error code is returned and the reference on @dir is
  839. * simply dropped.
  840. */
  841. static struct ctl_dir *get_subdir(struct ctl_dir *dir,
  842. const char *name, int namelen)
  843. {
  844. struct ctl_table_set *set = dir->header.set;
  845. struct ctl_dir *subdir, *new = NULL;
  846. int err;
  847. spin_lock(&sysctl_lock);
  848. subdir = find_subdir(dir, name, namelen);
  849. if (!IS_ERR(subdir))
  850. goto found;
  851. if (PTR_ERR(subdir) != -ENOENT)
  852. goto failed;
  853. spin_unlock(&sysctl_lock);
  854. new = new_dir(set, name, namelen);
  855. spin_lock(&sysctl_lock);
  856. subdir = ERR_PTR(-ENOMEM);
  857. if (!new)
  858. goto failed;
  859. /* Was the subdir added while we dropped the lock? */
  860. subdir = find_subdir(dir, name, namelen);
  861. if (!IS_ERR(subdir))
  862. goto found;
  863. if (PTR_ERR(subdir) != -ENOENT)
  864. goto failed;
  865. /* Nope. Use the our freshly made directory entry. */
  866. err = insert_header(dir, &new->header);
  867. subdir = ERR_PTR(err);
  868. if (err)
  869. goto failed;
  870. subdir = new;
  871. found:
  872. subdir->header.nreg++;
  873. failed:
  874. if (IS_ERR(subdir)) {
  875. pr_err("sysctl could not get directory: ");
  876. sysctl_print_dir(dir);
  877. pr_cont("%*.*s %ld\n", namelen, namelen, name,
  878. PTR_ERR(subdir));
  879. }
  880. drop_sysctl_table(&dir->header);
  881. if (new)
  882. drop_sysctl_table(&new->header);
  883. spin_unlock(&sysctl_lock);
  884. return subdir;
  885. }
  886. static struct ctl_dir *xlate_dir(struct ctl_table_set *set, struct ctl_dir *dir)
  887. {
  888. struct ctl_dir *parent;
  889. const char *procname;
  890. if (!dir->header.parent)
  891. return &set->dir;
  892. parent = xlate_dir(set, dir->header.parent);
  893. if (IS_ERR(parent))
  894. return parent;
  895. procname = dir->header.ctl_table[0].procname;
  896. return find_subdir(parent, procname, strlen(procname));
  897. }
  898. static int sysctl_follow_link(struct ctl_table_header **phead,
  899. const struct ctl_table **pentry)
  900. {
  901. struct ctl_table_header *head;
  902. const struct ctl_table *entry;
  903. struct ctl_table_root *root;
  904. struct ctl_table_set *set;
  905. struct ctl_dir *dir;
  906. int ret;
  907. spin_lock(&sysctl_lock);
  908. root = (*pentry)->data;
  909. set = lookup_header_set(root);
  910. dir = xlate_dir(set, (*phead)->parent);
  911. if (IS_ERR(dir))
  912. ret = PTR_ERR(dir);
  913. else {
  914. const char *procname = (*pentry)->procname;
  915. head = NULL;
  916. entry = find_entry(&head, dir, procname, strlen(procname));
  917. ret = -ENOENT;
  918. if (entry && use_table(head)) {
  919. unuse_table(*phead);
  920. *phead = head;
  921. *pentry = entry;
  922. ret = 0;
  923. }
  924. }
  925. spin_unlock(&sysctl_lock);
  926. return ret;
  927. }
  928. static int sysctl_err(const char *path, const struct ctl_table *table, char *fmt, ...)
  929. {
  930. struct va_format vaf;
  931. va_list args;
  932. va_start(args, fmt);
  933. vaf.fmt = fmt;
  934. vaf.va = &args;
  935. pr_err("sysctl table check failed: %s/%s %pV\n",
  936. path, table->procname, &vaf);
  937. va_end(args);
  938. return -EINVAL;
  939. }
  940. static int sysctl_check_table_array(const char *path, const struct ctl_table *table)
  941. {
  942. unsigned int extra;
  943. int err = 0;
  944. if ((table->proc_handler == proc_douintvec) ||
  945. (table->proc_handler == proc_douintvec_minmax)) {
  946. if (table->maxlen != sizeof(unsigned int))
  947. err |= sysctl_err(path, table, "array not allowed");
  948. }
  949. if (table->proc_handler == proc_dou8vec_minmax) {
  950. if (table->maxlen != sizeof(u8))
  951. err |= sysctl_err(path, table, "array not allowed");
  952. if (table->extra1) {
  953. extra = *(unsigned int *) table->extra1;
  954. if (extra > 255U)
  955. err |= sysctl_err(path, table,
  956. "range value too large for proc_dou8vec_minmax");
  957. }
  958. if (table->extra2) {
  959. extra = *(unsigned int *) table->extra2;
  960. if (extra > 255U)
  961. err |= sysctl_err(path, table,
  962. "range value too large for proc_dou8vec_minmax");
  963. }
  964. }
  965. if (table->proc_handler == proc_dobool) {
  966. if (table->maxlen != sizeof(bool))
  967. err |= sysctl_err(path, table, "array not allowed");
  968. }
  969. return err;
  970. }
  971. static int sysctl_check_table(const char *path, struct ctl_table_header *header)
  972. {
  973. const struct ctl_table *entry;
  974. int err = 0;
  975. list_for_each_table_entry(entry, header) {
  976. if (!entry->procname)
  977. err |= sysctl_err(path, entry, "procname is null");
  978. if ((entry->proc_handler == proc_dostring) ||
  979. (entry->proc_handler == proc_dobool) ||
  980. (entry->proc_handler == proc_dointvec) ||
  981. (entry->proc_handler == proc_douintvec) ||
  982. (entry->proc_handler == proc_douintvec_minmax) ||
  983. (entry->proc_handler == proc_dointvec_minmax) ||
  984. (entry->proc_handler == proc_dou8vec_minmax) ||
  985. (entry->proc_handler == proc_dointvec_jiffies) ||
  986. (entry->proc_handler == proc_dointvec_userhz_jiffies) ||
  987. (entry->proc_handler == proc_dointvec_ms_jiffies) ||
  988. (entry->proc_handler == proc_doulongvec_minmax) ||
  989. (entry->proc_handler == proc_doulongvec_ms_jiffies_minmax)) {
  990. if (!entry->data)
  991. err |= sysctl_err(path, entry, "No data");
  992. if (!entry->maxlen)
  993. err |= sysctl_err(path, entry, "No maxlen");
  994. else
  995. err |= sysctl_check_table_array(path, entry);
  996. }
  997. if (!entry->proc_handler)
  998. err |= sysctl_err(path, entry, "No proc_handler");
  999. if ((entry->mode & (S_IRUGO|S_IWUGO)) != entry->mode)
  1000. err |= sysctl_err(path, entry, "bogus .mode 0%o",
  1001. entry->mode);
  1002. }
  1003. return err;
  1004. }
  1005. static struct ctl_table_header *new_links(struct ctl_dir *dir, struct ctl_table_header *head)
  1006. {
  1007. struct ctl_table *link_table, *link;
  1008. struct ctl_table_header *links;
  1009. const struct ctl_table *entry;
  1010. struct ctl_node *node;
  1011. char *link_name;
  1012. int name_bytes;
  1013. name_bytes = 0;
  1014. list_for_each_table_entry(entry, head) {
  1015. name_bytes += strlen(entry->procname) + 1;
  1016. }
  1017. links = kzalloc(sizeof(struct ctl_table_header) +
  1018. sizeof(struct ctl_node)*head->ctl_table_size +
  1019. sizeof(struct ctl_table)*head->ctl_table_size +
  1020. name_bytes,
  1021. GFP_KERNEL);
  1022. if (!links)
  1023. return NULL;
  1024. node = (struct ctl_node *)(links + 1);
  1025. link_table = (struct ctl_table *)(node + head->ctl_table_size);
  1026. link_name = (char *)(link_table + head->ctl_table_size);
  1027. link = link_table;
  1028. list_for_each_table_entry(entry, head) {
  1029. int len = strlen(entry->procname) + 1;
  1030. memcpy(link_name, entry->procname, len);
  1031. link->procname = link_name;
  1032. link->mode = S_IFLNK|S_IRWXUGO;
  1033. link->data = head->root;
  1034. link_name += len;
  1035. link++;
  1036. }
  1037. init_header(links, dir->header.root, dir->header.set, node, link_table,
  1038. head->ctl_table_size);
  1039. links->nreg = head->ctl_table_size;
  1040. return links;
  1041. }
  1042. static bool get_links(struct ctl_dir *dir,
  1043. struct ctl_table_header *header,
  1044. struct ctl_table_root *link_root)
  1045. {
  1046. struct ctl_table_header *tmp_head;
  1047. const struct ctl_table *entry, *link;
  1048. if (header->ctl_table_size == 0 ||
  1049. sysctl_is_perm_empty_ctl_header(header))
  1050. return true;
  1051. /* Are there links available for every entry in table? */
  1052. list_for_each_table_entry(entry, header) {
  1053. const char *procname = entry->procname;
  1054. link = find_entry(&tmp_head, dir, procname, strlen(procname));
  1055. if (!link)
  1056. return false;
  1057. if (S_ISDIR(link->mode) && S_ISDIR(entry->mode))
  1058. continue;
  1059. if (S_ISLNK(link->mode) && (link->data == link_root))
  1060. continue;
  1061. return false;
  1062. }
  1063. /* The checks passed. Increase the registration count on the links */
  1064. list_for_each_table_entry(entry, header) {
  1065. const char *procname = entry->procname;
  1066. link = find_entry(&tmp_head, dir, procname, strlen(procname));
  1067. tmp_head->nreg++;
  1068. }
  1069. return true;
  1070. }
  1071. static int insert_links(struct ctl_table_header *head)
  1072. {
  1073. struct ctl_table_set *root_set = &sysctl_table_root.default_set;
  1074. struct ctl_dir *core_parent;
  1075. struct ctl_table_header *links;
  1076. int err;
  1077. if (head->set == root_set)
  1078. return 0;
  1079. core_parent = xlate_dir(root_set, head->parent);
  1080. if (IS_ERR(core_parent))
  1081. return 0;
  1082. if (get_links(core_parent, head, head->root))
  1083. return 0;
  1084. core_parent->header.nreg++;
  1085. spin_unlock(&sysctl_lock);
  1086. links = new_links(core_parent, head);
  1087. spin_lock(&sysctl_lock);
  1088. err = -ENOMEM;
  1089. if (!links)
  1090. goto out;
  1091. err = 0;
  1092. if (get_links(core_parent, head, head->root)) {
  1093. kfree(links);
  1094. goto out;
  1095. }
  1096. err = insert_header(core_parent, links);
  1097. if (err)
  1098. kfree(links);
  1099. out:
  1100. drop_sysctl_table(&core_parent->header);
  1101. return err;
  1102. }
  1103. /* Find the directory for the ctl_table. If one is not found create it. */
  1104. static struct ctl_dir *sysctl_mkdir_p(struct ctl_dir *dir, const char *path)
  1105. {
  1106. const char *name, *nextname;
  1107. for (name = path; name; name = nextname) {
  1108. int namelen;
  1109. nextname = strchr(name, '/');
  1110. if (nextname) {
  1111. namelen = nextname - name;
  1112. nextname++;
  1113. } else {
  1114. namelen = strlen(name);
  1115. }
  1116. if (namelen == 0)
  1117. continue;
  1118. /*
  1119. * namelen ensures if name is "foo/bar/yay" only foo is
  1120. * registered first. We traverse as if using mkdir -p and
  1121. * return a ctl_dir for the last directory entry.
  1122. */
  1123. dir = get_subdir(dir, name, namelen);
  1124. if (IS_ERR(dir))
  1125. break;
  1126. }
  1127. return dir;
  1128. }
  1129. /**
  1130. * __register_sysctl_table - register a leaf sysctl table
  1131. * @set: Sysctl tree to register on
  1132. * @path: The path to the directory the sysctl table is in.
  1133. *
  1134. * @table: the top-level table structure. This table should not be free'd
  1135. * after registration. So it should not be used on stack. It can either
  1136. * be a global or dynamically allocated by the caller and free'd later
  1137. * after sysctl unregistration.
  1138. * @table_size : The number of elements in table
  1139. *
  1140. * Register a sysctl table hierarchy. @table should be a filled in ctl_table
  1141. * array.
  1142. *
  1143. * The members of the &struct ctl_table structure are used as follows:
  1144. * procname - the name of the sysctl file under /proc/sys. Set to %NULL to not
  1145. * enter a sysctl file
  1146. * data - a pointer to data for use by proc_handler
  1147. * maxlen - the maximum size in bytes of the data
  1148. * mode - the file permissions for the /proc/sys file
  1149. * type - Defines the target type (described in struct definition)
  1150. * proc_handler - the text handler routine (described below)
  1151. *
  1152. * extra1, extra2 - extra pointers usable by the proc handler routines
  1153. * XXX: we should eventually modify these to use long min / max [0]
  1154. * [0] https://lkml.kernel.org/87zgpte9o4.fsf@email.froward.int.ebiederm.org
  1155. *
  1156. * Leaf nodes in the sysctl tree will be represented by a single file
  1157. * under /proc; non-leaf nodes are not allowed.
  1158. *
  1159. * There must be a proc_handler routine for any terminal nodes.
  1160. * Several default handlers are available to cover common cases -
  1161. *
  1162. * proc_dostring(), proc_dointvec(), proc_dointvec_jiffies(),
  1163. * proc_dointvec_userhz_jiffies(), proc_dointvec_minmax(),
  1164. * proc_doulongvec_ms_jiffies_minmax(), proc_doulongvec_minmax()
  1165. *
  1166. * It is the handler's job to read the input buffer from user memory
  1167. * and process it. The handler should return 0 on success.
  1168. *
  1169. * This routine returns %NULL on a failure to register, and a pointer
  1170. * to the table header on success.
  1171. */
  1172. struct ctl_table_header *__register_sysctl_table(
  1173. struct ctl_table_set *set,
  1174. const char *path, const struct ctl_table *table, size_t table_size)
  1175. {
  1176. struct ctl_table_root *root = set->dir.header.root;
  1177. struct ctl_table_header *header;
  1178. struct ctl_dir *dir;
  1179. struct ctl_node *node;
  1180. header = kzalloc(sizeof(struct ctl_table_header) +
  1181. sizeof(struct ctl_node)*table_size, GFP_KERNEL_ACCOUNT);
  1182. if (!header)
  1183. return NULL;
  1184. node = (struct ctl_node *)(header + 1);
  1185. init_header(header, root, set, node, table, table_size);
  1186. if (sysctl_check_table(path, header))
  1187. goto fail;
  1188. spin_lock(&sysctl_lock);
  1189. dir = &set->dir;
  1190. /* Reference moved down the directory tree get_subdir */
  1191. dir->header.nreg++;
  1192. spin_unlock(&sysctl_lock);
  1193. dir = sysctl_mkdir_p(dir, path);
  1194. if (IS_ERR(dir))
  1195. goto fail;
  1196. spin_lock(&sysctl_lock);
  1197. if (insert_header(dir, header))
  1198. goto fail_put_dir_locked;
  1199. drop_sysctl_table(&dir->header);
  1200. spin_unlock(&sysctl_lock);
  1201. return header;
  1202. fail_put_dir_locked:
  1203. drop_sysctl_table(&dir->header);
  1204. spin_unlock(&sysctl_lock);
  1205. fail:
  1206. kfree(header);
  1207. return NULL;
  1208. }
  1209. /**
  1210. * register_sysctl_sz - register a sysctl table
  1211. * @path: The path to the directory the sysctl table is in. If the path
  1212. * doesn't exist we will create it for you.
  1213. * @table: the table structure. The calller must ensure the life of the @table
  1214. * will be kept during the lifetime use of the syctl. It must not be freed
  1215. * until unregister_sysctl_table() is called with the given returned table
  1216. * with this registration. If your code is non modular then you don't need
  1217. * to call unregister_sysctl_table() and can instead use something like
  1218. * register_sysctl_init() which does not care for the result of the syctl
  1219. * registration.
  1220. * @table_size: The number of elements in table.
  1221. *
  1222. * Register a sysctl table. @table should be a filled in ctl_table
  1223. * array. A completely 0 filled entry terminates the table.
  1224. *
  1225. * See __register_sysctl_table for more details.
  1226. */
  1227. struct ctl_table_header *register_sysctl_sz(const char *path, const struct ctl_table *table,
  1228. size_t table_size)
  1229. {
  1230. return __register_sysctl_table(&sysctl_table_root.default_set,
  1231. path, table, table_size);
  1232. }
  1233. EXPORT_SYMBOL(register_sysctl_sz);
  1234. /**
  1235. * __register_sysctl_init() - register sysctl table to path
  1236. * @path: path name for sysctl base. If that path doesn't exist we will create
  1237. * it for you.
  1238. * @table: This is the sysctl table that needs to be registered to the path.
  1239. * The caller must ensure the life of the @table will be kept during the
  1240. * lifetime use of the sysctl.
  1241. * @table_name: The name of sysctl table, only used for log printing when
  1242. * registration fails
  1243. * @table_size: The number of elements in table
  1244. *
  1245. * The sysctl interface is used by userspace to query or modify at runtime
  1246. * a predefined value set on a variable. These variables however have default
  1247. * values pre-set. Code which depends on these variables will always work even
  1248. * if register_sysctl() fails. If register_sysctl() fails you'd just loose the
  1249. * ability to query or modify the sysctls dynamically at run time. Chances of
  1250. * register_sysctl() failing on init are extremely low, and so for both reasons
  1251. * this function does not return any error as it is used by initialization code.
  1252. *
  1253. * Context: if your base directory does not exist it will be created for you.
  1254. */
  1255. void __init __register_sysctl_init(const char *path, const struct ctl_table *table,
  1256. const char *table_name, size_t table_size)
  1257. {
  1258. struct ctl_table_header *hdr = register_sysctl_sz(path, table, table_size);
  1259. if (unlikely(!hdr)) {
  1260. pr_err("failed when register_sysctl_sz %s to %s\n", table_name, path);
  1261. return;
  1262. }
  1263. kmemleak_not_leak(hdr);
  1264. }
  1265. static void put_links(struct ctl_table_header *header)
  1266. {
  1267. struct ctl_table_set *root_set = &sysctl_table_root.default_set;
  1268. struct ctl_table_root *root = header->root;
  1269. struct ctl_dir *parent = header->parent;
  1270. struct ctl_dir *core_parent;
  1271. const struct ctl_table *entry;
  1272. if (header->set == root_set)
  1273. return;
  1274. core_parent = xlate_dir(root_set, parent);
  1275. if (IS_ERR(core_parent))
  1276. return;
  1277. list_for_each_table_entry(entry, header) {
  1278. struct ctl_table_header *link_head;
  1279. const struct ctl_table *link;
  1280. const char *name = entry->procname;
  1281. link = find_entry(&link_head, core_parent, name, strlen(name));
  1282. if (link &&
  1283. ((S_ISDIR(link->mode) && S_ISDIR(entry->mode)) ||
  1284. (S_ISLNK(link->mode) && (link->data == root)))) {
  1285. drop_sysctl_table(link_head);
  1286. }
  1287. else {
  1288. pr_err("sysctl link missing during unregister: ");
  1289. sysctl_print_dir(parent);
  1290. pr_cont("%s\n", name);
  1291. }
  1292. }
  1293. }
  1294. static void drop_sysctl_table(struct ctl_table_header *header)
  1295. {
  1296. struct ctl_dir *parent = header->parent;
  1297. if (--header->nreg)
  1298. return;
  1299. if (parent) {
  1300. put_links(header);
  1301. start_unregistering(header);
  1302. }
  1303. if (!--header->count)
  1304. kfree_rcu(header, rcu);
  1305. if (parent)
  1306. drop_sysctl_table(&parent->header);
  1307. }
  1308. /**
  1309. * unregister_sysctl_table - unregister a sysctl table hierarchy
  1310. * @header: the header returned from register_sysctl or __register_sysctl_table
  1311. *
  1312. * Unregisters the sysctl table and all children. proc entries may not
  1313. * actually be removed until they are no longer used by anyone.
  1314. */
  1315. void unregister_sysctl_table(struct ctl_table_header * header)
  1316. {
  1317. might_sleep();
  1318. if (header == NULL)
  1319. return;
  1320. spin_lock(&sysctl_lock);
  1321. drop_sysctl_table(header);
  1322. spin_unlock(&sysctl_lock);
  1323. }
  1324. EXPORT_SYMBOL(unregister_sysctl_table);
  1325. void setup_sysctl_set(struct ctl_table_set *set,
  1326. struct ctl_table_root *root,
  1327. int (*is_seen)(struct ctl_table_set *))
  1328. {
  1329. memset(set, 0, sizeof(*set));
  1330. set->is_seen = is_seen;
  1331. init_header(&set->dir.header, root, set, NULL, root_table, 1);
  1332. }
  1333. void retire_sysctl_set(struct ctl_table_set *set)
  1334. {
  1335. WARN_ON(!RB_EMPTY_ROOT(&set->dir.root));
  1336. }
  1337. int __init proc_sys_init(void)
  1338. {
  1339. struct proc_dir_entry *proc_sys_root;
  1340. proc_sys_root = proc_mkdir("sys", NULL);
  1341. proc_sys_root->proc_iops = &proc_sys_dir_operations;
  1342. proc_sys_root->proc_dir_ops = &proc_sys_dir_file_operations;
  1343. proc_sys_root->nlink = 0;
  1344. return sysctl_init_bases();
  1345. }
  1346. struct sysctl_alias {
  1347. const char *kernel_param;
  1348. const char *sysctl_param;
  1349. };
  1350. /*
  1351. * Historically some settings had both sysctl and a command line parameter.
  1352. * With the generic sysctl. parameter support, we can handle them at a single
  1353. * place and only keep the historical name for compatibility. This is not meant
  1354. * to add brand new aliases. When adding existing aliases, consider whether
  1355. * the possibly different moment of changing the value (e.g. from early_param
  1356. * to the moment do_sysctl_args() is called) is an issue for the specific
  1357. * parameter.
  1358. */
  1359. static const struct sysctl_alias sysctl_aliases[] = {
  1360. {"hardlockup_all_cpu_backtrace", "kernel.hardlockup_all_cpu_backtrace" },
  1361. {"hung_task_panic", "kernel.hung_task_panic" },
  1362. {"numa_zonelist_order", "vm.numa_zonelist_order" },
  1363. {"softlockup_all_cpu_backtrace", "kernel.softlockup_all_cpu_backtrace" },
  1364. { }
  1365. };
  1366. static const char *sysctl_find_alias(char *param)
  1367. {
  1368. const struct sysctl_alias *alias;
  1369. for (alias = &sysctl_aliases[0]; alias->kernel_param != NULL; alias++) {
  1370. if (strcmp(alias->kernel_param, param) == 0)
  1371. return alias->sysctl_param;
  1372. }
  1373. return NULL;
  1374. }
  1375. bool sysctl_is_alias(char *param)
  1376. {
  1377. const char *alias = sysctl_find_alias(param);
  1378. return alias != NULL;
  1379. }
  1380. /* Set sysctl value passed on kernel command line. */
  1381. static int process_sysctl_arg(char *param, char *val,
  1382. const char *unused, void *arg)
  1383. {
  1384. char *path;
  1385. struct vfsmount **proc_mnt = arg;
  1386. struct file_system_type *proc_fs_type;
  1387. struct file *file;
  1388. int len;
  1389. int err;
  1390. loff_t pos = 0;
  1391. ssize_t wret;
  1392. if (strncmp(param, "sysctl", sizeof("sysctl") - 1) == 0) {
  1393. param += sizeof("sysctl") - 1;
  1394. if (param[0] != '/' && param[0] != '.')
  1395. return 0;
  1396. param++;
  1397. } else {
  1398. param = (char *) sysctl_find_alias(param);
  1399. if (!param)
  1400. return 0;
  1401. }
  1402. if (!val)
  1403. return -EINVAL;
  1404. len = strlen(val);
  1405. if (len == 0)
  1406. return -EINVAL;
  1407. /*
  1408. * To set sysctl options, we use a temporary mount of proc, look up the
  1409. * respective sys/ file and write to it. To avoid mounting it when no
  1410. * options were given, we mount it only when the first sysctl option is
  1411. * found. Why not a persistent mount? There are problems with a
  1412. * persistent mount of proc in that it forces userspace not to use any
  1413. * proc mount options.
  1414. */
  1415. if (!*proc_mnt) {
  1416. proc_fs_type = get_fs_type("proc");
  1417. if (!proc_fs_type) {
  1418. pr_err("Failed to find procfs to set sysctl from command line\n");
  1419. return 0;
  1420. }
  1421. *proc_mnt = kern_mount(proc_fs_type);
  1422. put_filesystem(proc_fs_type);
  1423. if (IS_ERR(*proc_mnt)) {
  1424. pr_err("Failed to mount procfs to set sysctl from command line\n");
  1425. return 0;
  1426. }
  1427. }
  1428. path = kasprintf(GFP_KERNEL, "sys/%s", param);
  1429. if (!path)
  1430. panic("%s: Failed to allocate path for %s\n", __func__, param);
  1431. strreplace(path, '.', '/');
  1432. file = file_open_root_mnt(*proc_mnt, path, O_WRONLY, 0);
  1433. if (IS_ERR(file)) {
  1434. err = PTR_ERR(file);
  1435. if (err == -ENOENT)
  1436. pr_err("Failed to set sysctl parameter '%s=%s': parameter not found\n",
  1437. param, val);
  1438. else if (err == -EACCES)
  1439. pr_err("Failed to set sysctl parameter '%s=%s': permission denied (read-only?)\n",
  1440. param, val);
  1441. else
  1442. pr_err("Error %pe opening proc file to set sysctl parameter '%s=%s'\n",
  1443. file, param, val);
  1444. goto out;
  1445. }
  1446. wret = kernel_write(file, val, len, &pos);
  1447. if (wret < 0) {
  1448. err = wret;
  1449. if (err == -EINVAL)
  1450. pr_err("Failed to set sysctl parameter '%s=%s': invalid value\n",
  1451. param, val);
  1452. else
  1453. pr_err("Error %pe writing to proc file to set sysctl parameter '%s=%s'\n",
  1454. ERR_PTR(err), param, val);
  1455. } else if (wret != len) {
  1456. pr_err("Wrote only %zd bytes of %d writing to proc file %s to set sysctl parameter '%s=%s\n",
  1457. wret, len, path, param, val);
  1458. }
  1459. err = filp_close(file, NULL);
  1460. if (err)
  1461. pr_err("Error %pe closing proc file to set sysctl parameter '%s=%s\n",
  1462. ERR_PTR(err), param, val);
  1463. out:
  1464. kfree(path);
  1465. return 0;
  1466. }
  1467. void do_sysctl_args(void)
  1468. {
  1469. char *command_line;
  1470. struct vfsmount *proc_mnt = NULL;
  1471. command_line = kstrdup(saved_command_line, GFP_KERNEL);
  1472. if (!command_line)
  1473. panic("%s: Failed to allocate copy of command line\n", __func__);
  1474. parse_args("Setting sysctl args", command_line,
  1475. NULL, 0, -1, -1, &proc_mnt, process_sysctl_arg);
  1476. if (proc_mnt)
  1477. kern_unmount(proc_mnt);
  1478. kfree(command_line);
  1479. }