Message ID | 87fvswt5m5.fsf@tw-ebiederman.twitter.com |
---|---|
State | Changes Requested, archived |
Delegated to: | David Miller |
Headers | show |
Le 23/09/2013 08:27, Eric W. Biederman a écrit : > > - Move sysctl_local_ports from a global variable into struct netns_ipv4. > - Modify inet_get_local_port_range to take a struct net. > - Manually expand inet_get_local_range into ipv4_local_port_range > because I do not know the struct net. > - Move the initialization of sysctl_local_ports into > sysctl_net_ipv4.c:ipv4_sysctl_init_net from inet_connection_sock.c > > Originally-by: Samya <samya@twitter.com> > Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Two minor comments, please see below. After that: Acked-by: Nicolas Dichtel <nicolas.dichtel@6wind.com> > --- > drivers/infiniband/core/cma.c | 2 +- > drivers/net/vxlan.c | 2 +- > include/net/ip.h | 7 +---- > include/net/netns/ipv4.h | 6 +++++ > net/ipv4/inet_connection_sock.c | 20 +++++--------- > net/ipv4/inet_hashtables.c | 2 +- > net/ipv4/ping.c | 4 +-- > net/ipv4/sysctl_net_ipv4.c | 57 ++++++++++++++++++++++++++------------- > net/ipv4/udp.c | 2 +- > net/sctp/socket.c | 2 +- > security/selinux/hooks.c | 3 ++- > 11 files changed, 61 insertions(+), 46 deletions(-) > > diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c > index 7c0f953..9627545 100644 > --- a/drivers/infiniband/core/cma.c > +++ b/drivers/infiniband/core/cma.c > @@ -2302,7 +2302,7 @@ static int cma_alloc_any_port(struct idr *ps, struct rdma_id_private *id_priv) > int low, high, remaining; > unsigned int rover; > > - inet_get_local_port_range(&low, &high); > + inet_get_local_port_range(&init_net, &low, &high); > remaining = (high - low) + 1; > rover = net_random() % remaining + low; > retry: > diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c > index 767f7af..a105376 100644 > --- a/drivers/net/vxlan.c > +++ b/drivers/net/vxlan.c > @@ -1501,7 +1501,7 @@ static void vxlan_setup(struct net_device *dev) > vxlan->age_timer.function = vxlan_cleanup; > vxlan->age_timer.data = (unsigned long) vxlan; > > - inet_get_local_port_range(&low, &high); > + inet_get_local_port_range(dev_net(net), &low, &high); > vxlan->port_min = low; > vxlan->port_max = high; > vxlan->dst_port = htons(vxlan_port); > diff --git a/include/net/ip.h b/include/net/ip.h > index a68f838..5e46435 100644 > --- a/include/net/ip.h > +++ b/include/net/ip.h > @@ -195,12 +195,7 @@ static inline u64 snmp_fold_field64(void __percpu *mib[], int offt, size_t syncp > #endif > extern int snmp_mib_init(void __percpu *ptr[2], size_t mibsize, size_t align); > extern void snmp_mib_free(void __percpu *ptr[2]); > - > -extern struct local_ports { > - seqlock_t lock; > - int range[2]; > -} sysctl_local_ports; > -extern void inet_get_local_port_range(int *low, int *high); > +extern void inet_get_local_port_range(struct net *net, int *low, int *high); > > extern unsigned long *sysctl_local_reserved_ports; > static inline int inet_is_reserved_local_port(int port) > diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h > index 2ba9de8..d685e50 100644 > --- a/include/net/netns/ipv4.h > +++ b/include/net/netns/ipv4.h > @@ -15,6 +15,10 @@ struct fib_rules_ops; > struct hlist_head; > struct fib_table; > struct sock; > +struct local_ports { > + seqlock_t lock; > + int range[2]; > +}; > > struct netns_ipv4 { > #ifdef CONFIG_SYSCTL > @@ -62,6 +66,8 @@ struct netns_ipv4 { > int sysctl_icmp_ratemask; > int sysctl_icmp_errors_use_inbound_ifaddr; > > + struct local_ports sysctl_local_ports; > + > int sysctl_tcp_ecn; > > kgid_t sysctl_ping_group_range[2]; > diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c > index 6acb541..7ac7aa1 100644 > --- a/net/ipv4/inet_connection_sock.c > +++ b/net/ipv4/inet_connection_sock.c > @@ -29,27 +29,19 @@ const char inet_csk_timer_bug_msg[] = "inet_csk BUG: unknown timer value\n"; > EXPORT_SYMBOL(inet_csk_timer_bug_msg); > #endif > > -/* > - * This struct holds the first and last local port number. > - */ > -struct local_ports sysctl_local_ports __read_mostly = { > - .lock = __SEQLOCK_UNLOCKED(sysctl_local_ports.lock), > - .range = { 32768, 61000 }, > -}; > - > unsigned long *sysctl_local_reserved_ports; > EXPORT_SYMBOL(sysctl_local_reserved_ports); > > -void inet_get_local_port_range(int *low, int *high) > +void inet_get_local_port_range(struct net *net, int *low, int *high) > { > unsigned int seq; > > do { > - seq = read_seqbegin(&sysctl_local_ports.lock); > + seq = read_seqbegin(&net->ipv4.sysctl_local_ports.lock); > > - *low = sysctl_local_ports.range[0]; > - *high = sysctl_local_ports.range[1]; > - } while (read_seqretry(&sysctl_local_ports.lock, seq)); > + *low = net->ipv4.sysctl_local_ports.range[0]; > + *high = net->ipv4.sysctl_local_ports.range[1]; > + } while (read_seqretry(&net->ipv4.sysctl_local_ports.lock, seq)); > } > EXPORT_SYMBOL(inet_get_local_port_range); > > @@ -116,7 +108,7 @@ int inet_csk_get_port(struct sock *sk, unsigned short snum) > int remaining, rover, low, high; > > again: > - inet_get_local_port_range(&low, &high); > + inet_get_local_port_range(net, &low, &high); > remaining = (high - low) + 1; > smallest_rover = rover = net_random() % remaining + low; > > diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c > index 7bd8983..2779037 100644 > --- a/net/ipv4/inet_hashtables.c > +++ b/net/ipv4/inet_hashtables.c > @@ -494,7 +494,7 @@ int __inet_hash_connect(struct inet_timewait_death_row *death_row, > u32 offset = hint + port_offset; > struct inet_timewait_sock *tw = NULL; > > - inet_get_local_port_range(&low, &high); > + inet_get_local_port_range(net, &low, &high); > remaining = (high - low) + 1; > > local_bh_disable(); > diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c > index 746427c..d71ecc4 100644 > --- a/net/ipv4/ping.c > +++ b/net/ipv4/ping.c > @@ -237,11 +237,11 @@ static void inet_get_ping_group_range_net(struct net *net, kgid_t *low, > unsigned int seq; > > do { > - seq = read_seqbegin(&sysctl_local_ports.lock); > + seq = read_seqbegin(&net->ipv4.sysctl_local_ports.lock); > > *low = data[0]; > *high = data[1]; > - } while (read_seqretry(&sysctl_local_ports.lock, seq)); > + } while (read_seqretry(&net->ipv4.sysctl_local_ports.lock, seq)); > } > > > diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c > index 610e324..b91f963 100644 > --- a/net/ipv4/sysctl_net_ipv4.c > +++ b/net/ipv4/sysctl_net_ipv4.c > @@ -42,12 +42,12 @@ static int ip_ping_group_range_min[] = { 0, 0 }; > static int ip_ping_group_range_max[] = { GID_T_MAX, GID_T_MAX }; > > /* Update system visible IP port range */ > -static void set_local_port_range(int range[2]) > +static void set_local_port_range(struct local_ports *ports, int range[2]) > { > - write_seqlock(&sysctl_local_ports.lock); > - sysctl_local_ports.range[0] = range[0]; > - sysctl_local_ports.range[1] = range[1]; > - write_sequnlock(&sysctl_local_ports.lock); > + write_seqlock(&ports->lock); > + ports->range[0] = range[0]; > + ports->range[1] = range[1]; > + write_sequnlock(&ports->lock); > } > > /* Validate changes from /proc interface. */ > @@ -55,6 +55,9 @@ static int ipv4_local_port_range(struct ctl_table *table, int write, > void __user *buffer, > size_t *lenp, loff_t *ppos) > { > + struct local_ports *ports = > + container_of(table->data, struct local_ports, range); > + unsigned int seq; > int ret; > int range[2]; > struct ctl_table tmp = { > @@ -65,14 +68,19 @@ static int ipv4_local_port_range(struct ctl_table *table, int write, > .extra2 = &ip_local_port_range_max, > }; > > - inet_get_local_port_range(range, range + 1); > + do { > + seq = read_seqbegin(&ports->lock); > + range[0] = ports->range[0]; > + range[1] = ports->range[1]; > + } while (read_seqretry(&ports->lock, seq)); > + > ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); > > if (write && ret == 0) { > if (range[1] < range[0]) > ret = -EINVAL; > else > - set_local_port_range(range); > + set_local_port_range(ports, range); > } > > return ret; > @@ -82,23 +90,27 @@ static int ipv4_local_port_range(struct ctl_table *table, int write, > static void inet_get_ping_group_range_table(struct ctl_table *table, kgid_t *low, kgid_t *high) > { > kgid_t *data = table->data; > + struct netns_ipv4 *ipv4 = There is spaces here instead of tabs. > + container_of(table->data, struct netns_ipv4, sysctl_ping_group_range); > unsigned int seq; > do { > - seq = read_seqbegin(&sysctl_local_ports.lock); > + seq = read_seqbegin(&ipv4->sysctl_local_ports.lock); > > *low = data[0]; > *high = data[1]; > - } while (read_seqretry(&sysctl_local_ports.lock, seq)); > + } while (read_seqretry(&ipv4->sysctl_local_ports.lock, seq)); > } > > /* Update system visible IP port range */ > static void set_ping_group_range(struct ctl_table *table, kgid_t low, kgid_t high) > { > kgid_t *data = table->data; > - write_seqlock(&sysctl_local_ports.lock); > + struct netns_ipv4 *ipv4 = Same here. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
From: ebiederm@xmission.com (Eric W. Biederman) Date: Sun, 22 Sep 2013 23:27:30 -0700 > > - Move sysctl_local_ports from a global variable into struct netns_ipv4. > - Modify inet_get_local_port_range to take a struct net. > - Manually expand inet_get_local_range into ipv4_local_port_range > because I do not know the struct net. > - Move the initialization of sysctl_local_ports into > sysctl_net_ipv4.c:ipv4_sysctl_init_net from inet_connection_sock.c > > Originally-by: Samya <samya@twitter.com> > Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> Applied. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
David Miller <davem@davemloft.net> writes: > From: David Miller <davem@davemloft.net> > Date: Sat, 28 Sep 2013 15:52:28 -0400 (EDT) > >> From: ebiederm@xmission.com (Eric W. Biederman) >> Date: Sun, 22 Sep 2013 23:27:30 -0700 >> >>> >>> - Move sysctl_local_ports from a global variable into struct netns_ipv4. >>> - Modify inet_get_local_port_range to take a struct net. >>> - Manually expand inet_get_local_range into ipv4_local_port_range >>> because I do not know the struct net. >>> - Move the initialization of sysctl_local_ports into >>> sysctl_net_ipv4.c:ipv4_sysctl_init_net from inet_connection_sock.c >>> >>> Originally-by: Samya <samya@twitter.com> >>> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> >> >> Applied. > > I had to revert, you didn't throughly build test this. My apologies, I was pushing a little too hard that day. v3 will be coming with the fix. > security/selinux/hooks.c: In function ‘selinux_socket_bind’: > security/selinux/hooks.c:3933:4: error: incompatible type for argument 1 of ‘inet_get_local_port_range’ > In file included from security/selinux/hooks.c:53:0: > include/net/ip.h:206:6: note: expected ‘struct net *’ but argument is of type ‘struct lsm_network_audit’ > > And when you repost make sure to deal with the space vs. TAB > issues pointed out to you. Definitely. Eric -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c index 7c0f953..9627545 100644 --- a/drivers/infiniband/core/cma.c +++ b/drivers/infiniband/core/cma.c @@ -2302,7 +2302,7 @@ static int cma_alloc_any_port(struct idr *ps, struct rdma_id_private *id_priv) int low, high, remaining; unsigned int rover; - inet_get_local_port_range(&low, &high); + inet_get_local_port_range(&init_net, &low, &high); remaining = (high - low) + 1; rover = net_random() % remaining + low; retry: diff --git a/drivers/net/vxlan.c b/drivers/net/vxlan.c index 767f7af..a105376 100644 --- a/drivers/net/vxlan.c +++ b/drivers/net/vxlan.c @@ -1501,7 +1501,7 @@ static void vxlan_setup(struct net_device *dev) vxlan->age_timer.function = vxlan_cleanup; vxlan->age_timer.data = (unsigned long) vxlan; - inet_get_local_port_range(&low, &high); + inet_get_local_port_range(dev_net(net), &low, &high); vxlan->port_min = low; vxlan->port_max = high; vxlan->dst_port = htons(vxlan_port); diff --git a/include/net/ip.h b/include/net/ip.h index a68f838..5e46435 100644 --- a/include/net/ip.h +++ b/include/net/ip.h @@ -195,12 +195,7 @@ static inline u64 snmp_fold_field64(void __percpu *mib[], int offt, size_t syncp #endif extern int snmp_mib_init(void __percpu *ptr[2], size_t mibsize, size_t align); extern void snmp_mib_free(void __percpu *ptr[2]); - -extern struct local_ports { - seqlock_t lock; - int range[2]; -} sysctl_local_ports; -extern void inet_get_local_port_range(int *low, int *high); +extern void inet_get_local_port_range(struct net *net, int *low, int *high); extern unsigned long *sysctl_local_reserved_ports; static inline int inet_is_reserved_local_port(int port) diff --git a/include/net/netns/ipv4.h b/include/net/netns/ipv4.h index 2ba9de8..d685e50 100644 --- a/include/net/netns/ipv4.h +++ b/include/net/netns/ipv4.h @@ -15,6 +15,10 @@ struct fib_rules_ops; struct hlist_head; struct fib_table; struct sock; +struct local_ports { + seqlock_t lock; + int range[2]; +}; struct netns_ipv4 { #ifdef CONFIG_SYSCTL @@ -62,6 +66,8 @@ struct netns_ipv4 { int sysctl_icmp_ratemask; int sysctl_icmp_errors_use_inbound_ifaddr; + struct local_ports sysctl_local_ports; + int sysctl_tcp_ecn; kgid_t sysctl_ping_group_range[2]; diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c index 6acb541..7ac7aa1 100644 --- a/net/ipv4/inet_connection_sock.c +++ b/net/ipv4/inet_connection_sock.c @@ -29,27 +29,19 @@ const char inet_csk_timer_bug_msg[] = "inet_csk BUG: unknown timer value\n"; EXPORT_SYMBOL(inet_csk_timer_bug_msg); #endif -/* - * This struct holds the first and last local port number. - */ -struct local_ports sysctl_local_ports __read_mostly = { - .lock = __SEQLOCK_UNLOCKED(sysctl_local_ports.lock), - .range = { 32768, 61000 }, -}; - unsigned long *sysctl_local_reserved_ports; EXPORT_SYMBOL(sysctl_local_reserved_ports); -void inet_get_local_port_range(int *low, int *high) +void inet_get_local_port_range(struct net *net, int *low, int *high) { unsigned int seq; do { - seq = read_seqbegin(&sysctl_local_ports.lock); + seq = read_seqbegin(&net->ipv4.sysctl_local_ports.lock); - *low = sysctl_local_ports.range[0]; - *high = sysctl_local_ports.range[1]; - } while (read_seqretry(&sysctl_local_ports.lock, seq)); + *low = net->ipv4.sysctl_local_ports.range[0]; + *high = net->ipv4.sysctl_local_ports.range[1]; + } while (read_seqretry(&net->ipv4.sysctl_local_ports.lock, seq)); } EXPORT_SYMBOL(inet_get_local_port_range); @@ -116,7 +108,7 @@ int inet_csk_get_port(struct sock *sk, unsigned short snum) int remaining, rover, low, high; again: - inet_get_local_port_range(&low, &high); + inet_get_local_port_range(net, &low, &high); remaining = (high - low) + 1; smallest_rover = rover = net_random() % remaining + low; diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c index 7bd8983..2779037 100644 --- a/net/ipv4/inet_hashtables.c +++ b/net/ipv4/inet_hashtables.c @@ -494,7 +494,7 @@ int __inet_hash_connect(struct inet_timewait_death_row *death_row, u32 offset = hint + port_offset; struct inet_timewait_sock *tw = NULL; - inet_get_local_port_range(&low, &high); + inet_get_local_port_range(net, &low, &high); remaining = (high - low) + 1; local_bh_disable(); diff --git a/net/ipv4/ping.c b/net/ipv4/ping.c index 746427c..d71ecc4 100644 --- a/net/ipv4/ping.c +++ b/net/ipv4/ping.c @@ -237,11 +237,11 @@ static void inet_get_ping_group_range_net(struct net *net, kgid_t *low, unsigned int seq; do { - seq = read_seqbegin(&sysctl_local_ports.lock); + seq = read_seqbegin(&net->ipv4.sysctl_local_ports.lock); *low = data[0]; *high = data[1]; - } while (read_seqretry(&sysctl_local_ports.lock, seq)); + } while (read_seqretry(&net->ipv4.sysctl_local_ports.lock, seq)); } diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c index 610e324..b91f963 100644 --- a/net/ipv4/sysctl_net_ipv4.c +++ b/net/ipv4/sysctl_net_ipv4.c @@ -42,12 +42,12 @@ static int ip_ping_group_range_min[] = { 0, 0 }; static int ip_ping_group_range_max[] = { GID_T_MAX, GID_T_MAX }; /* Update system visible IP port range */ -static void set_local_port_range(int range[2]) +static void set_local_port_range(struct local_ports *ports, int range[2]) { - write_seqlock(&sysctl_local_ports.lock); - sysctl_local_ports.range[0] = range[0]; - sysctl_local_ports.range[1] = range[1]; - write_sequnlock(&sysctl_local_ports.lock); + write_seqlock(&ports->lock); + ports->range[0] = range[0]; + ports->range[1] = range[1]; + write_sequnlock(&ports->lock); } /* Validate changes from /proc interface. */ @@ -55,6 +55,9 @@ static int ipv4_local_port_range(struct ctl_table *table, int write, void __user *buffer, size_t *lenp, loff_t *ppos) { + struct local_ports *ports = + container_of(table->data, struct local_ports, range); + unsigned int seq; int ret; int range[2]; struct ctl_table tmp = { @@ -65,14 +68,19 @@ static int ipv4_local_port_range(struct ctl_table *table, int write, .extra2 = &ip_local_port_range_max, }; - inet_get_local_port_range(range, range + 1); + do { + seq = read_seqbegin(&ports->lock); + range[0] = ports->range[0]; + range[1] = ports->range[1]; + } while (read_seqretry(&ports->lock, seq)); + ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); if (write && ret == 0) { if (range[1] < range[0]) ret = -EINVAL; else - set_local_port_range(range); + set_local_port_range(ports, range); } return ret; @@ -82,23 +90,27 @@ static int ipv4_local_port_range(struct ctl_table *table, int write, static void inet_get_ping_group_range_table(struct ctl_table *table, kgid_t *low, kgid_t *high) { kgid_t *data = table->data; + struct netns_ipv4 *ipv4 = + container_of(table->data, struct netns_ipv4, sysctl_ping_group_range); unsigned int seq; do { - seq = read_seqbegin(&sysctl_local_ports.lock); + seq = read_seqbegin(&ipv4->sysctl_local_ports.lock); *low = data[0]; *high = data[1]; - } while (read_seqretry(&sysctl_local_ports.lock, seq)); + } while (read_seqretry(&ipv4->sysctl_local_ports.lock, seq)); } /* Update system visible IP port range */ static void set_ping_group_range(struct ctl_table *table, kgid_t low, kgid_t high) { kgid_t *data = table->data; - write_seqlock(&sysctl_local_ports.lock); + struct netns_ipv4 *ipv4 = + container_of(table->data, struct netns_ipv4, sysctl_ping_group_range); + write_seqlock(&ipv4->sysctl_local_ports.lock); data[0] = low; data[1] = high; - write_sequnlock(&sysctl_local_ports.lock); + write_sequnlock(&ipv4->sysctl_local_ports.lock); } /* Validate changes from /proc interface. */ @@ -474,13 +486,6 @@ static struct ctl_table ipv4_table[] = { .proc_handler = proc_dointvec }, { - .procname = "ip_local_port_range", - .data = &sysctl_local_ports.range, - .maxlen = sizeof(sysctl_local_ports.range), - .mode = 0644, - .proc_handler = ipv4_local_port_range, - }, - { .procname = "ip_local_reserved_ports", .data = NULL, /* initialized in sysctl_ipv4_init */ .maxlen = 65536, @@ -837,6 +842,13 @@ static struct ctl_table ipv4_net_table[] = { .proc_handler = proc_dointvec }, { + .procname = "ip_local_port_range", + .maxlen = sizeof(init_net.ipv4.sysctl_local_ports.range), + .data = &init_net.ipv4.sysctl_local_ports.range, + .mode = 0644, + .proc_handler = ipv4_local_port_range, + }, + { .procname = "tcp_mem", .maxlen = sizeof(init_net.ipv4.sysctl_tcp_mem), .mode = 0644, @@ -871,6 +883,8 @@ static __net_init int ipv4_sysctl_init_net(struct net *net) &net->ipv4.sysctl_ping_group_range; table[7].data = &net->ipv4.sysctl_tcp_ecn; + table[8].data = + &net->ipv4.sysctl_local_ports.range; /* Don't export sysctls to unprivileged users */ if (net->user_ns != &init_user_ns) @@ -884,6 +898,13 @@ static __net_init int ipv4_sysctl_init_net(struct net *net) net->ipv4.sysctl_ping_group_range[0] = make_kgid(&init_user_ns, 1); net->ipv4.sysctl_ping_group_range[1] = make_kgid(&init_user_ns, 0); + /* + * Set defaults for local port range + */ + seqlock_init(&net->ipv4.sysctl_local_ports.lock); + net->ipv4.sysctl_local_ports.range[0] = 32768; + net->ipv4.sysctl_local_ports.range[1] = 61000; + tcp_init_mem(net); net->ipv4.ipv4_hdr = register_net_sysctl(net, "net/ipv4", table); diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c index 766e6ba..d0c3529 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -219,7 +219,7 @@ int udp_lib_get_port(struct sock *sk, unsigned short snum, unsigned short first, last; DECLARE_BITMAP(bitmap, PORTS_PER_CHAIN); - inet_get_local_port_range(&low, &high); + inet_get_local_port_range(net, &low, &high); remaining = (high - low) + 1; rand = net_random(); diff --git a/net/sctp/socket.c b/net/sctp/socket.c index c6670d2..09f46fb 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c @@ -5893,7 +5893,7 @@ static long sctp_get_port_local(struct sock *sk, union sctp_addr *addr) int low, high, remaining, index; unsigned int rover; - inet_get_local_port_range(&low, &high); + inet_get_local_port_range(sock_net(sk), &low, &high); remaining = (high - low) + 1; rover = net_random() % remaining + low; diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index c956390..558d0d9 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -3898,6 +3898,7 @@ static int selinux_socket_post_create(struct socket *sock, int family, static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen) { struct sock *sk = sock->sk; + struct net *net = sock_net(sk); u16 family; int err; @@ -3934,7 +3935,7 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in if (snum) { int low, high; - inet_get_local_port_range(&low, &high); + inet_get_local_port_range(net, &low, &high); if (snum < max(PROT_SOCK, low) || snum > high) { err = sel_netport_sid(sk->sk_protocol,
- Move sysctl_local_ports from a global variable into struct netns_ipv4. - Modify inet_get_local_port_range to take a struct net. - Manually expand inet_get_local_range into ipv4_local_port_range because I do not know the struct net. - Move the initialization of sysctl_local_ports into sysctl_net_ipv4.c:ipv4_sysctl_init_net from inet_connection_sock.c Originally-by: Samya <samya@twitter.com> Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com> --- drivers/infiniband/core/cma.c | 2 +- drivers/net/vxlan.c | 2 +- include/net/ip.h | 7 +---- include/net/netns/ipv4.h | 6 +++++ net/ipv4/inet_connection_sock.c | 20 +++++--------- net/ipv4/inet_hashtables.c | 2 +- net/ipv4/ping.c | 4 +-- net/ipv4/sysctl_net_ipv4.c | 57 ++++++++++++++++++++++++++------------- net/ipv4/udp.c | 2 +- net/sctp/socket.c | 2 +- security/selinux/hooks.c | 3 ++- 11 files changed, 61 insertions(+), 46 deletions(-)