[linux-block.git] / net / core / sysctl_net_core.c

// SPDX-License-Identifier: GPL-2.0
/* -*- linux-c -*-
 * sysctl_net_core.c: sysctl interface to net core subsystem.
 *
 * Begun April 1, 1996, Mike Shaver.
 * Added /proc/sys/net/core directory entry (empty =) ). [MS]
 */

#include <linux/filter.h>
#include <linux/mm.h>
#include <linux/sysctl.h>
#include <linux/module.h>
#include <linux/socket.h>
#include <linux/netdevice.h>
#include <linux/ratelimit.h>
#include <linux/vmalloc.h>
#include <linux/init.h>
#include <linux/slab.h>

#include <net/ip.h>
#include <net/sock.h>
#include <net/net_ratelimit.h>
#include <net/busy_poll.h>
#include <net/pkt_sched.h>

#include "dev.h"

static int int_3600 = 3600;
static int min_sndbuf = SOCK_MIN_SNDBUF;
static int min_rcvbuf = SOCK_MIN_RCVBUF;
static int max_skb_frags = MAX_SKB_FRAGS;
static long long_max __maybe_unused = LONG_MAX;

static int net_msg_warn;	/* Unused, but still a sysctl */

int sysctl_fb_tunnels_only_for_init_net __read_mostly = 0;
EXPORT_SYMBOL(sysctl_fb_tunnels_only_for_init_net);

/* 0 - Keep current behavior:
 *     IPv4: inherit all current settings from init_net
 *     IPv6: reset all settings to default
 * 1 - Both inherit all current settings from init_net
 * 2 - Both reset all settings to default
 * 3 - Both inherit all settings from current netns
 */
int sysctl_devconf_inherit_init_net __read_mostly;
EXPORT_SYMBOL(sysctl_devconf_inherit_init_net);

#ifdef CONFIG_RPS
static int rps_sock_flow_sysctl(struct ctl_table *table, int write,
				void *buffer, size_t *lenp, loff_t *ppos)
{
	unsigned int orig_size, size;
	int ret, i;
	struct ctl_table tmp = {
		.data = &size,
		.maxlen = sizeof(size),
		.mode = table->mode
	};
	struct rps_sock_flow_table *orig_sock_table, *sock_table;
	static DEFINE_MUTEX(sock_flow_mutex);

	mutex_lock(&sock_flow_mutex);

	orig_sock_table = rcu_dereference_protected(rps_sock_flow_table,
					lockdep_is_held(&sock_flow_mutex));
	size = orig_size = orig_sock_table ? orig_sock_table->mask + 1 : 0;

	ret = proc_dointvec(&tmp, write, buffer, lenp, ppos);

	if (write) {
		if (size) {
			if (size > 1<<29) {
				/* Enforce limit to prevent overflow */
				mutex_unlock(&sock_flow_mutex);
				return -EINVAL;
			}
			size = roundup_pow_of_two(size);
			if (size != orig_size) {
				sock_table =
				    vmalloc(RPS_SOCK_FLOW_TABLE_SIZE(size));
				if (!sock_table) {
					mutex_unlock(&sock_flow_mutex);
					return -ENOMEM;
				}
				rps_cpu_mask = roundup_pow_of_two(nr_cpu_ids) - 1;
				sock_table->mask = size - 1;
			} else
				sock_table = orig_sock_table;

			for (i = 0; i < size; i++)
				sock_table->ents[i] = RPS_NO_CPU;
		} else
			sock_table = NULL;

		if (sock_table != orig_sock_table) {
			rcu_assign_pointer(rps_sock_flow_table, sock_table);
			if (sock_table) {
				static_branch_inc(&rps_needed);
				static_branch_inc(&rfs_needed);
			}
			if (orig_sock_table) {
				static_branch_dec(&rps_needed);
				static_branch_dec(&rfs_needed);
				kvfree_rcu(orig_sock_table);
			}
		}
	}

	mutex_unlock(&sock_flow_mutex);

	return ret;
}
#endif /* CONFIG_RPS */

#ifdef CONFIG_NET_FLOW_LIMIT
static DEFINE_MUTEX(flow_limit_update_mutex);

static int flow_limit_cpu_sysctl(struct ctl_table *table, int write,
				 void *buffer, size_t *lenp, loff_t *ppos)
{
	struct sd_flow_limit *cur;
	struct softnet_data *sd;
	cpumask_var_t mask;
	int i, len, ret = 0;

	if (!alloc_cpumask_var(&mask, GFP_KERNEL))
		return -ENOMEM;

	if (write) {
		ret = cpumask_parse(buffer, mask);
		if (ret)
			goto done;

		mutex_lock(&flow_limit_update_mutex);
		len = sizeof(*cur) + netdev_flow_limit_table_len;
		for_each_possible_cpu(i) {
			sd = &per_cpu(softnet_data, i);
			cur = rcu_dereference_protected(sd->flow_limit,
				     lockdep_is_held(&flow_limit_update_mutex));
			if (cur && !cpumask_test_cpu(i, mask)) {
				RCU_INIT_POINTER(sd->flow_limit, NULL);
				kfree_rcu(cur);
			} else if (!cur && cpumask_test_cpu(i, mask)) {
				cur = kzalloc_node(len, GFP_KERNEL,
						   cpu_to_node(i));
				if (!cur) {
					/* not unwinding previous changes */
					ret = -ENOMEM;
					goto write_unlock;
				}
				cur->num_buckets = netdev_flow_limit_table_len;
				rcu_assign_pointer(sd->flow_limit, cur);
			}
		}
write_unlock:
		mutex_unlock(&flow_limit_update_mutex);
	} else {
		char kbuf[128];

		if (*ppos || !*lenp) {
			*lenp = 0;
			goto done;
		}

		cpumask_clear(mask);
		rcu_read_lock();
		for_each_possible_cpu(i) {
			sd = &per_cpu(softnet_data, i);
			if (rcu_dereference(sd->flow_limit))
				cpumask_set_cpu(i, mask);
		}
		rcu_read_unlock();

		len = min(sizeof(kbuf) - 1, *lenp);
		len = scnprintf(kbuf, len, "%*pb", cpumask_pr_args(mask));
		if (!len) {
			*lenp = 0;
			goto done;
		}
		if (len < *lenp)
			kbuf[len++] = '\n';
		memcpy(buffer, kbuf, len);
		*lenp = len;
		*ppos += len;
	}

done:
	free_cpumask_var(mask);
	return ret;
}

static int flow_limit_table_len_sysctl(struct ctl_table *table, int write,
				       void *buffer, size_t *lenp, loff_t *ppos)
{
	unsigned int old, *ptr;
	int ret;

	mutex_lock(&flow_limit_update_mutex);

	ptr = table->data;
	old = *ptr;
	ret = proc_dointvec(table, write, buffer, lenp, ppos);
	if (!ret && write && !is_power_of_2(*ptr)) {
		*ptr = old;
		ret = -EINVAL;
	}

	mutex_unlock(&flow_limit_update_mutex);
	return ret;
}
#endif /* CONFIG_NET_FLOW_LIMIT */

#ifdef CONFIG_NET_SCHED
static int set_default_qdisc(struct ctl_table *table, int write,
			     void *buffer, size_t *lenp, loff_t *ppos)
{
	char id[IFNAMSIZ];
	struct ctl_table tbl = {
		.data = id,
		.maxlen = IFNAMSIZ,
	};
	int ret;

	qdisc_get_default(id, IFNAMSIZ);

	ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
	if (write && ret == 0)
		ret = qdisc_set_default(id);
	return ret;
}
#endif

static int proc_do_dev_weight(struct ctl_table *table, int write,
			   void *buffer, size_t *lenp, loff_t *ppos)
{
	static DEFINE_MUTEX(dev_weight_mutex);
	int ret, weight;

	mutex_lock(&dev_weight_mutex);
	ret = proc_dointvec(table, write, buffer, lenp, ppos);
	if (!ret && write) {
		weight = READ_ONCE(weight_p);
		WRITE_ONCE(dev_rx_weight, weight * dev_weight_rx_bias);
		WRITE_ONCE(dev_tx_weight, weight * dev_weight_tx_bias);
	}
	mutex_unlock(&dev_weight_mutex);

	return ret;
}

static int proc_do_rss_key(struct ctl_table *table, int write,
			   void *buffer, size_t *lenp, loff_t *ppos)
{
	struct ctl_table fake_table;
	char buf[NETDEV_RSS_KEY_LEN * 3];

	snprintf(buf, sizeof(buf), "%*phC", NETDEV_RSS_KEY_LEN, netdev_rss_key);
	fake_table.data = buf;
	fake_table.maxlen = sizeof(buf);
	return proc_dostring(&fake_table, write, buffer, lenp, ppos);
}

#ifdef CONFIG_BPF_JIT
static int proc_dointvec_minmax_bpf_enable(struct ctl_table *table, int write,
					   void *buffer, size_t *lenp,
					   loff_t *ppos)
{
	int ret, jit_enable = *(int *)table->data;
	int min = *(int *)table->extra1;
	int max = *(int *)table->extra2;
	struct ctl_table tmp = *table;

	if (write && !capable(CAP_SYS_ADMIN))
		return -EPERM;

	tmp.data = &jit_enable;
	ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
	if (write && !ret) {
		if (jit_enable < 2 ||
		    (jit_enable == 2 && bpf_dump_raw_ok(current_cred()))) {
			*(int *)table->data = jit_enable;
			if (jit_enable == 2)
				pr_warn("bpf_jit_enable = 2 was set! NEVER use this in production, only for JIT debugging!\n");
		} else {
			ret = -EPERM;
		}
	}

	if (write && ret && min == max)
		pr_info_once("CONFIG_BPF_JIT_ALWAYS_ON is enabled, bpf_jit_enable is permanently set to 1.\n");

	return ret;
}

# ifdef CONFIG_HAVE_EBPF_JIT
static int
proc_dointvec_minmax_bpf_restricted(struct ctl_table *table, int write,
				    void *buffer, size_t *lenp, loff_t *ppos)
{
	if (!capable(CAP_SYS_ADMIN))
		return -EPERM;

	return proc_dointvec_minmax(table, write, buffer, lenp, ppos);
}
# endif /* CONFIG_HAVE_EBPF_JIT */

static int
proc_dolongvec_minmax_bpf_restricted(struct ctl_table *table, int write,
				     void *buffer, size_t *lenp, loff_t *ppos)
{
	if (!capable(CAP_SYS_ADMIN))
		return -EPERM;

	return proc_doulongvec_minmax(table, write, buffer, lenp, ppos);
}
#endif

static struct ctl_table net_core_table[] = {
	{
		.procname	= "wmem_max",
		.data		= &sysctl_wmem_max,
		.maxlen		= sizeof(int),
		.mode		= 0644,
		.proc_handler	= proc_dointvec_minmax,
		.extra1		= &min_sndbuf,
	},
	{
		.procname	= "rmem_max",
		.data		= &sysctl_rmem_max,
		.maxlen		= sizeof(int),
		.mode		= 0644,
		.proc_handler	= proc_dointvec_minmax,
		.extra1		= &min_rcvbuf,
	},
	{
		.procname	= "wmem_default",
		.data		= &sysctl_wmem_default,
		.maxlen		= sizeof(int),
		.mode		= 0644,
		.proc_handler	= proc_dointvec_minmax,
		.extra1		= &min_sndbuf,
	},
	{
		.procname	= "rmem_default",
		.data		= &sysctl_rmem_default,
		.maxlen		= sizeof(int),
		.mode		= 0644,
		.proc_handler	= proc_dointvec_minmax,
		.extra1		= &min_rcvbuf,
	},
	{
		.procname	= "dev_weight",
		.data		= &weight_p,
		.maxlen		= sizeof(int),
		.mode		= 0644,
		.proc_handler	= proc_do_dev_weight,
	},
	{
		.procname	= "dev_weight_rx_bias",
		.data		= &dev_weight_rx_bias,
		.maxlen		= sizeof(int),
		.mode		= 0644,
		.proc_handler	= proc_do_dev_weight,
	},
	{
		.procname	= "dev_weight_tx_bias",
		.data		= &dev_weight_tx_bias,
		.maxlen		= sizeof(int),
		.mode		= 0644,
		.proc_handler	= proc_do_dev_weight,
	},
	{
		.procname	= "netdev_max_backlog",
		.data		= &netdev_max_backlog,
		.maxlen		= sizeof(int),
		.mode		= 0644,
		.proc_handler	= proc_dointvec
	},
	{
		.procname	= "netdev_rss_key",
		.data		= &netdev_rss_key,
		.maxlen		= sizeof(int),
		.mode		= 0444,
		.proc_handler	= proc_do_rss_key,
	},
#ifdef CONFIG_BPF_JIT
	{
		.procname	= "bpf_jit_enable",
		.data		= &bpf_jit_enable,
		.maxlen		= sizeof(int),
		.mode		= 0644,
		.proc_handler	= proc_dointvec_minmax_bpf_enable,
# ifdef CONFIG_BPF_JIT_ALWAYS_ON
		.extra1		= SYSCTL_ONE,
		.extra2		= SYSCTL_ONE,
# else
		.extra1		= SYSCTL_ZERO,
		.extra2		= SYSCTL_TWO,
# endif
	},
# ifdef CONFIG_HAVE_EBPF_JIT
	{
		.procname	= "bpf_jit_harden",
		.data		= &bpf_jit_harden,
		.maxlen		= sizeof(int),
		.mode		= 0600,
		.proc_handler	= proc_dointvec_minmax_bpf_restricted,
		.extra1		= SYSCTL_ZERO,
		.extra2		= SYSCTL_TWO,
	},
	{
		.procname	= "bpf_jit_kallsyms",
		.data		= &bpf_jit_kallsyms,
		.maxlen		= sizeof(int),
		.mode		= 0600,
		.proc_handler	= proc_dointvec_minmax_bpf_restricted,
		.extra1		= SYSCTL_ZERO,
		.extra2		= SYSCTL_ONE,
	},
# endif
	{
		.procname	= "bpf_jit_limit",
		.data		= &bpf_jit_limit,
		.maxlen		= sizeof(long),
		.mode		= 0600,
		.proc_handler	= proc_dolongvec_minmax_bpf_restricted,
		.extra1		= SYSCTL_LONG_ONE,
		.extra2		= &bpf_jit_limit_max,
	},
#endif
	{
		.procname	= "netdev_tstamp_prequeue",
		.data		= &netdev_tstamp_prequeue,
		.maxlen		= sizeof(int),
		.mode		= 0644,
		.proc_handler	= proc_dointvec
	},
	{
		.procname	= "message_cost",
		.data		= &net_ratelimit_state.interval,
		.maxlen		= sizeof(int),
		.mode		= 0644,
		.proc_handler	= proc_dointvec_jiffies,
	},
	{
		.procname	= "message_burst",
		.data		= &net_ratelimit_state.burst,
		.maxlen		= sizeof(int),
		.mode		= 0644,
		.proc_handler	= proc_dointvec,
	},
	{
		.procname	= "optmem_max",
		.data		= &sysctl_optmem_max,
		.maxlen		= sizeof(int),
		.mode		= 0644,
		.proc_handler	= proc_dointvec
	},
	{
		.procname	= "tstamp_allow_data",
		.data		= &sysctl_tstamp_allow_data,
		.maxlen		= sizeof(int),
		.mode		= 0644,
		.proc_handler	= proc_dointvec_minmax,
		.extra1		= SYSCTL_ZERO,
		.extra2		= SYSCTL_ONE
	},
#ifdef CONFIG_RPS
	{
		.procname	= "rps_sock_flow_entries",
		.maxlen		= sizeof(int),
		.mode		= 0644,
		.proc_handler	= rps_sock_flow_sysctl
	},
#endif
#ifdef CONFIG_NET_FLOW_LIMIT
	{
		.procname	= "flow_limit_cpu_bitmap",
		.mode		= 0644,
		.proc_handler	= flow_limit_cpu_sysctl
	},
	{
		.procname	= "flow_limit_table_len",
		.data		= &netdev_flow_limit_table_len,
		.maxlen		= sizeof(int),
		.mode		= 0644,
		.proc_handler	= flow_limit_table_len_sysctl
	},
#endif /* CONFIG_NET_FLOW_LIMIT */
#ifdef CONFIG_NET_RX_BUSY_POLL
	{
		.procname	= "busy_poll",
		.data		= &sysctl_net_busy_poll,
		.maxlen		= sizeof(unsigned int),
		.mode		= 0644,
		.proc_handler	= proc_dointvec_minmax,
		.extra1		= SYSCTL_ZERO,
	},
	{
		.procname	= "busy_read",
		.data		= &sysctl_net_busy_read,
		.maxlen		= sizeof(unsigned int),
		.mode		= 0644,
		.proc_handler	= proc_dointvec_minmax,
		.extra1		= SYSCTL_ZERO,
	},
#endif
#ifdef CONFIG_NET_SCHED
	{
		.procname	= "default_qdisc",
		.mode		= 0644,
		.maxlen		= IFNAMSIZ,
		.proc_handler	= set_default_qdisc
	},
#endif
	{
		.procname	= "netdev_budget",
		.data		= &netdev_budget,
		.maxlen		= sizeof(int),
		.mode		= 0644,
		.proc_handler	= proc_dointvec
	},
	{
		.procname	= "warnings",
		.data		= &net_msg_warn,
		.maxlen		= sizeof(int),
		.mode		= 0644,
		.proc_handler	= proc_dointvec
	},
	{
		.procname	= "max_skb_frags",
		.data		= &sysctl_max_skb_frags,
		.maxlen		= sizeof(int),
		.mode		= 0644,
		.proc_handler	= proc_dointvec_minmax,
		.extra1		= SYSCTL_ONE,
		.extra2		= &max_skb_frags,
	},
	{
		.procname	= "netdev_budget_usecs",
		.data		= &netdev_budget_usecs,
		.maxlen		= sizeof(unsigned int),
		.mode		= 0644,
		.proc_handler	= proc_dointvec_minmax,
		.extra1		= SYSCTL_ZERO,
	},
	{
		.procname	= "fb_tunnels_only_for_init_net",
		.data		= &sysctl_fb_tunnels_only_for_init_net,
		.maxlen		= sizeof(int),
		.mode		= 0644,
		.proc_handler	= proc_dointvec_minmax,
		.extra1		= SYSCTL_ZERO,
		.extra2		= SYSCTL_TWO,
	},
	{
		.procname	= "devconf_inherit_init_net",
		.data		= &sysctl_devconf_inherit_init_net,
		.maxlen		= sizeof(int),
		.mode		= 0644,
		.proc_handler	= proc_dointvec_minmax,
		.extra1		= SYSCTL_ZERO,
		.extra2		= SYSCTL_THREE,
	},
	{
		.procname	= "high_order_alloc_disable",
		.data		= &net_high_order_alloc_disable_key.key,
		.maxlen         = sizeof(net_high_order_alloc_disable_key),
		.mode		= 0644,
		.proc_handler	= proc_do_static_key,
	},
	{
		.procname	= "gro_normal_batch",
		.data		= &gro_normal_batch,
		.maxlen		= sizeof(unsigned int),
		.mode		= 0644,
		.proc_handler	= proc_dointvec_minmax,
		.extra1		= SYSCTL_ONE,
	},
	{
		.procname	= "netdev_unregister_timeout_secs",
		.data		= &netdev_unregister_timeout_secs,
		.maxlen		= sizeof(unsigned int),
		.mode		= 0644,
		.proc_handler	= proc_dointvec_minmax,
		.extra1		= SYSCTL_ONE,
		.extra2		= &int_3600,
	},
	{
		.procname	= "skb_defer_max",
		.data		= &sysctl_skb_defer_max,
		.maxlen		= sizeof(unsigned int),
		.mode		= 0644,
		.proc_handler	= proc_dointvec_minmax,
		.extra1		= SYSCTL_ZERO,
	},
	{ }
};

static struct ctl_table netns_core_table[] = {
	{
		.procname	= "somaxconn",
		.data		= &init_net.core.sysctl_somaxconn,
		.maxlen		= sizeof(int),
		.mode		= 0644,
		.extra1		= SYSCTL_ZERO,
		.proc_handler	= proc_dointvec_minmax
	},
	{
		.procname	= "txrehash",
		.data		= &init_net.core.sysctl_txrehash,
		.maxlen		= sizeof(u8),
		.mode		= 0644,
		.extra1		= SYSCTL_ZERO,
		.extra2		= SYSCTL_ONE,
		.proc_handler	= proc_dou8vec_minmax,
	},
	{ }
};

static int __init fb_tunnels_only_for_init_net_sysctl_setup(char *str)
{
	/* fallback tunnels for initns only */
	if (!strncmp(str, "initns", 6))
		sysctl_fb_tunnels_only_for_init_net = 1;
	/* no fallback tunnels anywhere */
	else if (!strncmp(str, "none", 4))
		sysctl_fb_tunnels_only_for_init_net = 2;

	return 1;
}
__setup("fb_tunnels=", fb_tunnels_only_for_init_net_sysctl_setup);

static __net_init int sysctl_core_net_init(struct net *net)
{
	struct ctl_table *tbl, *tmp;

	tbl = netns_core_table;
	if (!net_eq(net, &init_net)) {
		tbl = kmemdup(tbl, sizeof(netns_core_table), GFP_KERNEL);
		if (tbl == NULL)
			goto err_dup;

		for (tmp = tbl; tmp->procname; tmp++)
			tmp->data += (char *)net - (char *)&init_net;

		/* Don't export any sysctls to unprivileged users */
		if (net->user_ns != &init_user_ns) {
			tbl[0].procname = NULL;
		}
	}

	net->core.sysctl_hdr = register_net_sysctl(net, "net/core", tbl);
	if (net->core.sysctl_hdr == NULL)
		goto err_reg;

	return 0;

err_reg:
	if (tbl != netns_core_table)
		kfree(tbl);
err_dup:
	return -ENOMEM;
}

static __net_exit void sysctl_core_net_exit(struct net *net)
{
	struct ctl_table *tbl;

	tbl = net->core.sysctl_hdr->ctl_table_arg;
	unregister_net_sysctl_table(net->core.sysctl_hdr);
	BUG_ON(tbl == netns_core_table);
	kfree(tbl);
}

static __net_initdata struct pernet_operations sysctl_core_ops = {
	.init = sysctl_core_net_init,
	.exit = sysctl_core_net_exit,
};

static __init int sysctl_core_init(void)
{
	register_net_sysctl(&init_net, "net/core", net_core_table);
	return register_pernet_subsys(&sysctl_core_ops);
}

fs_initcall(sysctl_core_init);
Commit	Line	Data
b2441318	1	// SPDX-License-Identifier: GPL-2.0
1da177e4 LT	2	/* -- linux-c --
	3	* sysctl_net_core.c: sysctl interface to net core subsystem.
	4	*
	5	* Begun April 1, 1996, Mike Shaver.
	6	* Added /proc/sys/net/core directory entry (empty =) ). [MS]
	7	*/
	8
b6459415	9	#include <linux/filter.h>
1da177e4 LT	10	#include <linux/mm.h>
1da177e4 LT	11	#include <linux/sysctl.h>
1da177e4	12	#include <linux/module.h>
20380731	13	#include <linux/socket.h>
a37ae408	14	#include <linux/netdevice.h>
3fff4c42	15	#include <linux/ratelimit.h>
fec5e652	16	#include <linux/vmalloc.h>
33eb9cfc	17	#include <linux/init.h>
5a0e3ad6	18	#include <linux/slab.h>
3fff4c42	19
63d819ca	20	#include <net/ip.h>
20380731	21	#include <net/sock.h>
c5c177b4	22	#include <net/net_ratelimit.h>
076bb0c8	23	#include <net/busy_poll.h>
6da7c8fc	24	#include <net/pkt_sched.h>
1da177e4	25
6264f58c JK	26	#include "dev.h"
6264f58c JK	27
5aa3afe1	28	static int int_3600 = 3600;
b1cb59cf AK	29	static int min_sndbuf = SOCK_MIN_SNDBUF;
b1cb59cf AK	30	static int min_rcvbuf = SOCK_MIN_RCVBUF;
5f74f82e	31	static int max_skb_frags = MAX_SKB_FRAGS;
fdadd049	32	static long long_max __maybe_unused = LONG_MAX;
cdda8891	33
ba7a46f1 JP	34	static int net_msg_warn; /* Unused, but still a sysctl */
ba7a46f1 JP	35
79134e6c ED	36	int sysctl_fb_tunnels_only_for_init_net __read_mostly = 0;
	37	EXPORT_SYMBOL(sysctl_fb_tunnels_only_for_init_net);
	38
856c395c CW	39	/* 0 - Keep current behavior:
	40	* IPv4: inherit all current settings from init_net
	41	* IPv6: reset all settings to default
	42	* 1 - Both inherit all current settings from init_net
	43	* 2 - Both reset all settings to default
9efd6a3c	44	* 3 - Both inherit all settings from current netns
856c395c CW	45	*/
	46	int sysctl_devconf_inherit_init_net __read_mostly;
	47	EXPORT_SYMBOL(sysctl_devconf_inherit_init_net);
	48
fec5e652	49	#ifdef CONFIG_RPS
fe2c6338	50	static int rps_sock_flow_sysctl(struct ctl_table *table, int write,
32927393	51	void buffer, size_t lenp, loff_t *ppos)
fec5e652 TH	52	{
	53	unsigned int orig_size, size;
	54	int ret, i;
fe2c6338	55	struct ctl_table tmp = {
fec5e652 TH	56	.data = &size,
	57	.maxlen = sizeof(size),
	58	.mode = table->mode
	59	};
	60	struct rps_sock_flow_table orig_sock_table, sock_table;
	61	static DEFINE_MUTEX(sock_flow_mutex);
	62
	63	mutex_lock(&sock_flow_mutex);
	64
6e3f7faf ED	65	orig_sock_table = rcu_dereference_protected(rps_sock_flow_table,
6e3f7faf ED	66	lockdep_is_held(&sock_flow_mutex));
fec5e652 TH	67	size = orig_size = orig_sock_table ? orig_sock_table->mask + 1 : 0;
	68
	69	ret = proc_dointvec(&tmp, write, buffer, lenp, ppos);
	70
	71	if (write) {
	72	if (size) {
93c1af6c	73	if (size > 1<<29) {
fec5e652 TH	74	/* Enforce limit to prevent overflow */
	75	mutex_unlock(&sock_flow_mutex);
	76	return -EINVAL;
	77	}
	78	size = roundup_pow_of_two(size);
	79	if (size != orig_size) {
	80	sock_table =
	81	vmalloc(RPS_SOCK_FLOW_TABLE_SIZE(size));
	82	if (!sock_table) {
	83	mutex_unlock(&sock_flow_mutex);
	84	return -ENOMEM;
	85	}
567e4b79	86	rps_cpu_mask = roundup_pow_of_two(nr_cpu_ids) - 1;
fec5e652 TH	87	sock_table->mask = size - 1;
	88	} else
	89	sock_table = orig_sock_table;
	90
	91	for (i = 0; i < size; i++)
	92	sock_table->ents[i] = RPS_NO_CPU;
	93	} else
	94	sock_table = NULL;
	95
	96	if (sock_table != orig_sock_table) {
	97	rcu_assign_pointer(rps_sock_flow_table, sock_table);
13bfff25	98	if (sock_table) {
dc05360f ED	99	static_branch_inc(&rps_needed);
dc05360f ED	100	static_branch_inc(&rfs_needed);
13bfff25	101	}
adc9300e	102	if (orig_sock_table) {
dc05360f ED	103	static_branch_dec(&rps_needed);
dc05360f ED	104	static_branch_dec(&rfs_needed);
b3483bc7	105	kvfree_rcu(orig_sock_table);
adc9300e	106	}
fec5e652 TH	107	}
	108	}
	109
	110	mutex_unlock(&sock_flow_mutex);
	111
	112	return ret;
	113	}
	114	#endif /* CONFIG_RPS */
	115
99bbc707 WB	116	#ifdef CONFIG_NET_FLOW_LIMIT
	117	static DEFINE_MUTEX(flow_limit_update_mutex);
	118
fe2c6338	119	static int flow_limit_cpu_sysctl(struct ctl_table *table, int write,
32927393	120	void buffer, size_t lenp, loff_t *ppos)
99bbc707 WB	121	{
	122	struct sd_flow_limit *cur;
	123	struct softnet_data *sd;
	124	cpumask_var_t mask;
	125	int i, len, ret = 0;
	126
	127	if (!alloc_cpumask_var(&mask, GFP_KERNEL))
	128	return -ENOMEM;
	129
	130	if (write) {
56965ac7	131	ret = cpumask_parse(buffer, mask);
99bbc707 WB	132	if (ret)
	133	goto done;
	134
	135	mutex_lock(&flow_limit_update_mutex);
	136	len = sizeof(*cur) + netdev_flow_limit_table_len;
	137	for_each_possible_cpu(i) {
	138	sd = &per_cpu(softnet_data, i);
	139	cur = rcu_dereference_protected(sd->flow_limit,
	140	lockdep_is_held(&flow_limit_update_mutex));
	141	if (cur && !cpumask_test_cpu(i, mask)) {
	142	RCU_INIT_POINTER(sd->flow_limit, NULL);
b3483bc7	143	kfree_rcu(cur);
99bbc707	144	} else if (!cur && cpumask_test_cpu(i, mask)) {
5b59d467 ED	145	cur = kzalloc_node(len, GFP_KERNEL,
5b59d467 ED	146	cpu_to_node(i));
99bbc707 WB	147	if (!cur) {
	148	/* not unwinding previous changes */
	149	ret = -ENOMEM;
	150	goto write_unlock;
	151	}
	152	cur->num_buckets = netdev_flow_limit_table_len;
	153	rcu_assign_pointer(sd->flow_limit, cur);
	154	}
	155	}
	156	write_unlock:
	157	mutex_unlock(&flow_limit_update_mutex);
	158	} else {
5f121b9a WB	159	char kbuf[128];
5f121b9a WB	160
99bbc707 WB	161	if (ppos \|\| !lenp) {
	162	*lenp = 0;
	163	goto done;
	164	}
	165
	166	cpumask_clear(mask);
	167	rcu_read_lock();
	168	for_each_possible_cpu(i) {
	169	sd = &per_cpu(softnet_data, i);
	170	if (rcu_dereference(sd->flow_limit))
	171	cpumask_set_cpu(i, mask);
	172	}
	173	rcu_read_unlock();
	174
5f121b9a	175	len = min(sizeof(kbuf) - 1, *lenp);
f0906827	176	len = scnprintf(kbuf, len, "%*pb", cpumask_pr_args(mask));
5f121b9a WB	177	if (!len) {
	178	*lenp = 0;
	179	goto done;
	180	}
	181	if (len < *lenp)
	182	kbuf[len++] = '\n';
32927393	183	memcpy(buffer, kbuf, len);
5f121b9a WB	184	*lenp = len;
5f121b9a WB	185	*ppos += len;
99bbc707 WB	186	}
	187
	188	done:
	189	free_cpumask_var(mask);
	190	return ret;
	191	}
	192
fe2c6338	193	static int flow_limit_table_len_sysctl(struct ctl_table *table, int write,
32927393	194	void buffer, size_t lenp, loff_t *ppos)
99bbc707 WB	195	{
	196	unsigned int old, *ptr;
	197	int ret;
	198
	199	mutex_lock(&flow_limit_update_mutex);
	200
	201	ptr = table->data;
	202	old = *ptr;
	203	ret = proc_dointvec(table, write, buffer, lenp, ppos);
	204	if (!ret && write && !is_power_of_2(*ptr)) {
	205	*ptr = old;
	206	ret = -EINVAL;
	207	}
	208
	209	mutex_unlock(&flow_limit_update_mutex);
	210	return ret;
	211	}
	212	#endif /* CONFIG_NET_FLOW_LIMIT */
	213
6da7c8fc	214	#ifdef CONFIG_NET_SCHED
6da7c8fc	215	static int set_default_qdisc(struct ctl_table *table, int write,
32927393	216	void buffer, size_t lenp, loff_t *ppos)
6da7c8fc	217	{
	218	char id[IFNAMSIZ];
	219	struct ctl_table tbl = {
	220	.data = id,
	221	.maxlen = IFNAMSIZ,
	222	};
	223	int ret;
	224
	225	qdisc_get_default(id, IFNAMSIZ);
	226
	227	ret = proc_dostring(&tbl, write, buffer, lenp, ppos);
	228	if (write && ret == 0)
	229	ret = qdisc_set_default(id);
	230	return ret;
	231	}
	232	#endif
	233
3d48b53f	234	static int proc_do_dev_weight(struct ctl_table *table, int write,
32927393	235	void buffer, size_t lenp, loff_t *ppos)
3d48b53f	236	{
bf955b5a KI	237	static DEFINE_MUTEX(dev_weight_mutex);
bf955b5a KI	238	int ret, weight;
3d48b53f	239
bf955b5a	240	mutex_lock(&dev_weight_mutex);
3d48b53f	241	ret = proc_dointvec(table, write, buffer, lenp, ppos);
bf955b5a KI	242	if (!ret && write) {
	243	weight = READ_ONCE(weight_p);
	244	WRITE_ONCE(dev_rx_weight, weight * dev_weight_rx_bias);
	245	WRITE_ONCE(dev_tx_weight, weight * dev_weight_tx_bias);
	246	}
	247	mutex_unlock(&dev_weight_mutex);
3d48b53f MT	248
	249	return ret;
	250	}
	251
960fb622	252	static int proc_do_rss_key(struct ctl_table *table, int write,
32927393	253	void buffer, size_t lenp, loff_t *ppos)
960fb622 ED	254	{
	255	struct ctl_table fake_table;
	256	char buf[NETDEV_RSS_KEY_LEN * 3];
	257
	258	snprintf(buf, sizeof(buf), "%*phC", NETDEV_RSS_KEY_LEN, netdev_rss_key);
	259	fake_table.data = buf;
	260	fake_table.maxlen = sizeof(buf);
	261	return proc_dostring(&fake_table, write, buffer, lenp, ppos);
	262	}
	263
2e4a3098 DB	264	#ifdef CONFIG_BPF_JIT
2e4a3098 DB	265	static int proc_dointvec_minmax_bpf_enable(struct ctl_table *table, int write,
32927393	266	void buffer, size_t lenp,
2e4a3098 DB	267	loff_t *ppos)
	268	{
	269	int ret, jit_enable = (int )table->data;
174efa78 TY	270	int min = (int )table->extra1;
174efa78 TY	271	int max = (int )table->extra2;
2e4a3098 DB	272	struct ctl_table tmp = *table;
	273
	274	if (write && !capable(CAP_SYS_ADMIN))
	275	return -EPERM;
	276
	277	tmp.data = &jit_enable;
	278	ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
	279	if (write && !ret) {
	280	if (jit_enable < 2 \|\|
63960260	281	(jit_enable == 2 && bpf_dump_raw_ok(current_cred()))) {
2e4a3098 DB	282	(int )table->data = jit_enable;
	283	if (jit_enable == 2)
	284	pr_warn("bpf_jit_enable = 2 was set! NEVER use this in production, only for JIT debugging!\n");
	285	} else {
	286	ret = -EPERM;
	287	}
	288	}
174efa78 TY	289
	290	if (write && ret && min == max)
	291	pr_info_once("CONFIG_BPF_JIT_ALWAYS_ON is enabled, bpf_jit_enable is permanently set to 1.\n");
	292
2e4a3098 DB	293	return ret;
	294	}
	295
1148f9ad	296	# ifdef CONFIG_HAVE_EBPF_JIT
2e4a3098 DB	297	static int
2e4a3098 DB	298	proc_dointvec_minmax_bpf_restricted(struct ctl_table *table, int write,
32927393	299	void buffer, size_t lenp, loff_t *ppos)
2e4a3098 DB	300	{
	301	if (!capable(CAP_SYS_ADMIN))
	302	return -EPERM;
	303
	304	return proc_dointvec_minmax(table, write, buffer, lenp, ppos);
	305	}
1148f9ad	306	# endif /* CONFIG_HAVE_EBPF_JIT */
fdadd049 DB	307
	308	static int
	309	proc_dolongvec_minmax_bpf_restricted(struct ctl_table *table, int write,
32927393	310	void buffer, size_t lenp, loff_t *ppos)
fdadd049 DB	311	{
	312	if (!capable(CAP_SYS_ADMIN))
	313	return -EPERM;
	314
	315	return proc_doulongvec_minmax(table, write, buffer, lenp, ppos);
	316	}
2e4a3098 DB	317	#endif
2e4a3098 DB	318
33eb9cfc	319	static struct ctl_table net_core_table[] = {
1da177e4	320	{
1da177e4 LT	321	.procname = "wmem_max",
	322	.data = &sysctl_wmem_max,
	323	.maxlen = sizeof(int),
	324	.mode = 0644,
cdda8891	325	.proc_handler = proc_dointvec_minmax,
b1cb59cf	326	.extra1 = &min_sndbuf,
1da177e4 LT	327	},
1da177e4 LT	328	{
1da177e4 LT	329	.procname = "rmem_max",
	330	.data = &sysctl_rmem_max,
	331	.maxlen = sizeof(int),
	332	.mode = 0644,
cdda8891	333	.proc_handler = proc_dointvec_minmax,
b1cb59cf	334	.extra1 = &min_rcvbuf,
1da177e4 LT	335	},
1da177e4 LT	336	{
1da177e4 LT	337	.procname = "wmem_default",
	338	.data = &sysctl_wmem_default,
	339	.maxlen = sizeof(int),
	340	.mode = 0644,
cdda8891	341	.proc_handler = proc_dointvec_minmax,
b1cb59cf	342	.extra1 = &min_sndbuf,
1da177e4 LT	343	},
1da177e4 LT	344	{
1da177e4 LT	345	.procname = "rmem_default",
	346	.data = &sysctl_rmem_default,
	347	.maxlen = sizeof(int),
	348	.mode = 0644,
cdda8891	349	.proc_handler = proc_dointvec_minmax,
b1cb59cf	350	.extra1 = &min_rcvbuf,
1da177e4 LT	351	},
1da177e4 LT	352	{
1da177e4 LT	353	.procname = "dev_weight",
	354	.data = &weight_p,
	355	.maxlen = sizeof(int),
	356	.mode = 0644,
3d48b53f MT	357	.proc_handler = proc_do_dev_weight,
	358	},
	359	{
	360	.procname = "dev_weight_rx_bias",
	361	.data = &dev_weight_rx_bias,
	362	.maxlen = sizeof(int),
	363	.mode = 0644,
	364	.proc_handler = proc_do_dev_weight,
	365	},
	366	{
	367	.procname = "dev_weight_tx_bias",
	368	.data = &dev_weight_tx_bias,
	369	.maxlen = sizeof(int),
	370	.mode = 0644,
	371	.proc_handler = proc_do_dev_weight,
1da177e4 LT	372	},
1da177e4 LT	373	{
1da177e4 LT	374	.procname = "netdev_max_backlog",
	375	.data = &netdev_max_backlog,
	376	.maxlen = sizeof(int),
	377	.mode = 0644,
6d9f239a	378	.proc_handler = proc_dointvec
1da177e4	379	},
960fb622 ED	380	{
	381	.procname = "netdev_rss_key",
	382	.data = &netdev_rss_key,
	383	.maxlen = sizeof(int),
	384	.mode = 0444,
	385	.proc_handler = proc_do_rss_key,
	386	},
0a14842f ED	387	#ifdef CONFIG_BPF_JIT
	388	{
	389	.procname = "bpf_jit_enable",
	390	.data = &bpf_jit_enable,
	391	.maxlen = sizeof(int),
	392	.mode = 0644,
2e4a3098	393	.proc_handler = proc_dointvec_minmax_bpf_enable,
fa9dd599	394	# ifdef CONFIG_BPF_JIT_ALWAYS_ON
eec4844f MC	395	.extra1 = SYSCTL_ONE,
eec4844f MC	396	.extra2 = SYSCTL_ONE,
fa9dd599	397	# else
eec4844f	398	.extra1 = SYSCTL_ZERO,
bd8a5367	399	.extra2 = SYSCTL_TWO,
fa9dd599	400	# endif
0a14842f	401	},
4f3446bb DB	402	# ifdef CONFIG_HAVE_EBPF_JIT
	403	{
	404	.procname = "bpf_jit_harden",
	405	.data = &bpf_jit_harden,
	406	.maxlen = sizeof(int),
	407	.mode = 0600,
2e4a3098	408	.proc_handler = proc_dointvec_minmax_bpf_restricted,
eec4844f	409	.extra1 = SYSCTL_ZERO,
bd8a5367	410	.extra2 = SYSCTL_TWO,
4f3446bb	411	},
74451e66 DB	412	{
	413	.procname = "bpf_jit_kallsyms",
	414	.data = &bpf_jit_kallsyms,
	415	.maxlen = sizeof(int),
	416	.mode = 0600,
2e4a3098	417	.proc_handler = proc_dointvec_minmax_bpf_restricted,
eec4844f MC	418	.extra1 = SYSCTL_ZERO,
eec4844f MC	419	.extra2 = SYSCTL_ONE,
74451e66	420	},
4f3446bb	421	# endif
ede95a63 DB	422	{
	423	.procname = "bpf_jit_limit",
	424	.data = &bpf_jit_limit,
fdadd049	425	.maxlen = sizeof(long),
ede95a63	426	.mode = 0600,
fdadd049	427	.proc_handler = proc_dolongvec_minmax_bpf_restricted,
bd8a5367	428	.extra1 = SYSCTL_LONG_ONE,
fadb7ff1	429	.extra2 = &bpf_jit_limit_max,
ede95a63	430	},
0a14842f	431	#endif
3b098e2d ED	432	{
	433	.procname = "netdev_tstamp_prequeue",
	434	.data = &netdev_tstamp_prequeue,
	435	.maxlen = sizeof(int),
	436	.mode = 0644,
	437	.proc_handler = proc_dointvec
	438	},
1da177e4	439	{
1da177e4	440	.procname = "message_cost",
717115e1	441	.data = &net_ratelimit_state.interval,
1da177e4 LT	442	.maxlen = sizeof(int),
1da177e4 LT	443	.mode = 0644,
6d9f239a	444	.proc_handler = proc_dointvec_jiffies,
1da177e4 LT	445	},
1da177e4 LT	446	{
1da177e4	447	.procname = "message_burst",
717115e1	448	.data = &net_ratelimit_state.burst,
1da177e4 LT	449	.maxlen = sizeof(int),
1da177e4 LT	450	.mode = 0644,
6d9f239a	451	.proc_handler = proc_dointvec,
1da177e4 LT	452	},
1da177e4 LT	453	{
1da177e4 LT	454	.procname = "optmem_max",
	455	.data = &sysctl_optmem_max,
	456	.maxlen = sizeof(int),
	457	.mode = 0644,
6d9f239a	458	.proc_handler = proc_dointvec
1da177e4	459	},
b245be1f WB	460	{
	461	.procname = "tstamp_allow_data",
	462	.data = &sysctl_tstamp_allow_data,
	463	.maxlen = sizeof(int),
	464	.mode = 0644,
	465	.proc_handler = proc_dointvec_minmax,
eec4844f MC	466	.extra1 = SYSCTL_ZERO,
eec4844f MC	467	.extra2 = SYSCTL_ONE
b245be1f	468	},
fec5e652 TH	469	#ifdef CONFIG_RPS
	470	{
	471	.procname = "rps_sock_flow_entries",
	472	.maxlen = sizeof(int),
	473	.mode = 0644,
	474	.proc_handler = rps_sock_flow_sysctl
	475	},
	476	#endif
99bbc707 WB	477	#ifdef CONFIG_NET_FLOW_LIMIT
	478	{
	479	.procname = "flow_limit_cpu_bitmap",
	480	.mode = 0644,
	481	.proc_handler = flow_limit_cpu_sysctl
	482	},
	483	{
	484	.procname = "flow_limit_table_len",
	485	.data = &netdev_flow_limit_table_len,
	486	.maxlen = sizeof(int),
	487	.mode = 0644,
	488	.proc_handler = flow_limit_table_len_sysctl
	489	},
	490	#endif /* CONFIG_NET_FLOW_LIMIT */
e0d1095a	491	#ifdef CONFIG_NET_RX_BUSY_POLL
06021292	492	{
64b0dc51 ET	493	.procname = "busy_poll",
64b0dc51 ET	494	.data = &sysctl_net_busy_poll,
eb6db622	495	.maxlen = sizeof(unsigned int),
06021292	496	.mode = 0644,
95f25521	497	.proc_handler = proc_dointvec_minmax,
eec4844f	498	.extra1 = SYSCTL_ZERO,
06021292	499	},
2d48d67f	500	{
64b0dc51 ET	501	.procname = "busy_read",
64b0dc51 ET	502	.data = &sysctl_net_busy_read,
2d48d67f ET	503	.maxlen = sizeof(unsigned int),
2d48d67f ET	504	.mode = 0644,
95f25521	505	.proc_handler = proc_dointvec_minmax,
eec4844f	506	.extra1 = SYSCTL_ZERO,
2d48d67f	507	},
6da7c8fc	508	#endif
	509	#ifdef CONFIG_NET_SCHED
	510	{
	511	.procname = "default_qdisc",
	512	.mode = 0644,
	513	.maxlen = IFNAMSIZ,
	514	.proc_handler = set_default_qdisc
	515	},
06021292	516	#endif
51b0bded	517	{
51b0bded SH	518	.procname = "netdev_budget",
	519	.data = &netdev_budget,
	520	.maxlen = sizeof(int),
	521	.mode = 0644,
6d9f239a	522	.proc_handler = proc_dointvec
51b0bded	523	},
a2a316fd	524	{
a2a316fd SH	525	.procname = "warnings",
	526	.data = &net_msg_warn,
	527	.maxlen = sizeof(int),
	528	.mode = 0644,
6d9f239a	529	.proc_handler = proc_dointvec
a2a316fd	530	},
5f74f82e HWR	531	{
	532	.procname = "max_skb_frags",
	533	.data = &sysctl_max_skb_frags,
	534	.maxlen = sizeof(int),
	535	.mode = 0644,
	536	.proc_handler = proc_dointvec_minmax,
eec4844f	537	.extra1 = SYSCTL_ONE,
5f74f82e HWR	538	.extra2 = &max_skb_frags,
5f74f82e HWR	539	},
7acf8a1e MW	540	{
	541	.procname = "netdev_budget_usecs",
	542	.data = &netdev_budget_usecs,
	543	.maxlen = sizeof(unsigned int),
	544	.mode = 0644,
	545	.proc_handler = proc_dointvec_minmax,
eec4844f	546	.extra1 = SYSCTL_ZERO,
7acf8a1e	547	},
79134e6c ED	548	{
	549	.procname = "fb_tunnels_only_for_init_net",
	550	.data = &sysctl_fb_tunnels_only_for_init_net,
	551	.maxlen = sizeof(int),
	552	.mode = 0644,
	553	.proc_handler = proc_dointvec_minmax,
eec4844f	554	.extra1 = SYSCTL_ZERO,
bd8a5367	555	.extra2 = SYSCTL_TWO,
79134e6c	556	},
856c395c CW	557	{
	558	.procname = "devconf_inherit_init_net",
	559	.data = &sysctl_devconf_inherit_init_net,
	560	.maxlen = sizeof(int),
	561	.mode = 0644,
	562	.proc_handler = proc_dointvec_minmax,
eec4844f	563	.extra1 = SYSCTL_ZERO,
4c7f24f8	564	.extra2 = SYSCTL_THREE,
856c395c	565	},
ce27ec60 ED	566	{
	567	.procname = "high_order_alloc_disable",
	568	.data = &net_high_order_alloc_disable_key.key,
	569	.maxlen = sizeof(net_high_order_alloc_disable_key),
	570	.mode = 0644,
	571	.proc_handler = proc_do_static_key,
	572	},
323ebb61 EC	573	{
	574	.procname = "gro_normal_batch",
	575	.data = &gro_normal_batch,
	576	.maxlen = sizeof(unsigned int),
	577	.mode = 0644,
	578	.proc_handler = proc_dointvec_minmax,
	579	.extra1 = SYSCTL_ONE,
	580	},
5aa3afe1 DV	581	{
	582	.procname = "netdev_unregister_timeout_secs",
	583	.data = &netdev_unregister_timeout_secs,
	584	.maxlen = sizeof(unsigned int),
	585	.mode = 0644,
	586	.proc_handler = proc_dointvec_minmax,
6c996e19	587	.extra1 = SYSCTL_ONE,
5aa3afe1 DV	588	.extra2 = &int_3600,
5aa3afe1 DV	589	},
39564c3f ED	590	{
	591	.procname = "skb_defer_max",
	592	.data = &sysctl_skb_defer_max,
	593	.maxlen = sizeof(unsigned int),
	594	.mode = 0644,
	595	.proc_handler = proc_dointvec_minmax,
	596	.extra1 = SYSCTL_ZERO,
	597	},
f8572d8f	598	{ }
1da177e4	599	};
33eb9cfc	600
d5a4502e PE	601	static struct ctl_table netns_core_table[] = {
d5a4502e PE	602	{
d5a4502e PE	603	.procname = "somaxconn",
	604	.data = &init_net.core.sysctl_somaxconn,
	605	.maxlen = sizeof(int),
	606	.mode = 0644,
eec4844f	607	.extra1 = SYSCTL_ZERO,
5f671d6b	608	.proc_handler = proc_dointvec_minmax
d5a4502e	609	},
e187013a AK	610	{
	611	.procname = "txrehash",
	612	.data = &init_net.core.sysctl_txrehash,
	613	.maxlen = sizeof(u8),
	614	.mode = 0644,
	615	.extra1 = SYSCTL_ZERO,
	616	.extra2 = SYSCTL_ONE,
	617	.proc_handler = proc_dou8vec_minmax,
	618	},
f8572d8f	619	{ }
d5a4502e PE	620	};
d5a4502e PE	621
316cdaa1 MB	622	static int __init fb_tunnels_only_for_init_net_sysctl_setup(char *str)
	623	{
	624	/* fallback tunnels for initns only */
	625	if (!strncmp(str, "initns", 6))
	626	sysctl_fb_tunnels_only_for_init_net = 1;
	627	/* no fallback tunnels anywhere */
	628	else if (!strncmp(str, "none", 4))
	629	sysctl_fb_tunnels_only_for_init_net = 2;
	630
	631	return 1;
	632	}
	633	__setup("fb_tunnels=", fb_tunnels_only_for_init_net_sysctl_setup);
	634
024626e3	635	static __net_init int sysctl_core_net_init(struct net *net)
33eb9cfc	636	{
e187013a	637	struct ctl_table tbl, tmp;
024626e3	638
d5a4502e	639	tbl = netns_core_table;
09ad9bc7	640	if (!net_eq(net, &init_net)) {
d5a4502e	641	tbl = kmemdup(tbl, sizeof(netns_core_table), GFP_KERNEL);
024626e3 PE	642	if (tbl == NULL)
	643	goto err_dup;
	644
e187013a AK	645	for (tmp = tbl; tmp->procname; tmp++)
e187013a AK	646	tmp->data += (char )net - (char )&init_net;
464dc801 EB	647
	648	/* Don't export any sysctls to unprivileged users */
	649	if (net->user_ns != &init_user_ns) {
	650	tbl[0].procname = NULL;
	651	}
024626e3 PE	652	}
024626e3 PE	653
ec8f23ce	654	net->core.sysctl_hdr = register_net_sysctl(net, "net/core", tbl);
8efa6e93	655	if (net->core.sysctl_hdr == NULL)
024626e3	656	goto err_reg;
33eb9cfc	657
024626e3 PE	658	return 0;
	659
	660	err_reg:
d5a4502e	661	if (tbl != netns_core_table)
024626e3 PE	662	kfree(tbl);
	663	err_dup:
	664	return -ENOMEM;
	665	}
	666
	667	static __net_exit void sysctl_core_net_exit(struct net *net)
	668	{
	669	struct ctl_table *tbl;
	670
8efa6e93 PE	671	tbl = net->core.sysctl_hdr->ctl_table_arg;
8efa6e93 PE	672	unregister_net_sysctl_table(net->core.sysctl_hdr);
d5a4502e	673	BUG_ON(tbl == netns_core_table);
024626e3 PE	674	kfree(tbl);
	675	}
	676
	677	static __net_initdata struct pernet_operations sysctl_core_ops = {
	678	.init = sysctl_core_net_init,
	679	.exit = sysctl_core_net_exit,
	680	};
	681
	682	static __init int sysctl_core_init(void)
	683	{
43444757	684	register_net_sysctl(&init_net, "net/core", net_core_table);
024626e3	685	return register_pernet_subsys(&sysctl_core_ops);
33eb9cfc PE	686	}
33eb9cfc PE	687
b27aeadb	688	fs_initcall(sysctl_core_init);