From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: xu xin <xu.xin16@zte.com.cn>, Zeal Robot <zealci@zte.com.cn>,
Joanne Koong <joannekoong@fb.com>,
"David S . Miller" <davem@davemloft.net>,
Sasha Levin <sashal@kernel.org>,
kuba@kernel.org, daniel@iogearbox.net, dsahern@kernel.org,
edumazet@google.com, yajun.deng@linux.dev,
chinagar@codeaurora.org, roopa@nvidia.com,
netdev@vger.kernel.org
Subject: [PATCH AUTOSEL 4.14 30/56] net: Enable neighbor sysctls that is save for userns root
Date: Mon, 17 Jan 2022 21:48:42 -0500 [thread overview]
Message-ID: <20220118024908.1953673-30-sashal@kernel.org> (raw)
In-Reply-To: <20220118024908.1953673-1-sashal@kernel.org>
From: xu xin <xu.xin16@zte.com.cn>
[ Upstream commit 8c8b7aa7fb0cf9e1cc9204e6bc6e1353b8393502 ]
Inside netns owned by non-init userns, sysctls about ARP/neighbor is
currently not visible and configurable.
For the attributes these sysctls correspond to, any modifications make
effects on the performance of networking(ARP, especilly) only in the
scope of netns, which does not affect other netns.
Actually, some tools via netlink can modify these attribute. iproute2 is
an example. see as follows:
$ unshare -ur -n
$ cat /proc/sys/net/ipv4/neigh/lo/retrans_time
cat: can't open '/proc/sys/net/ipv4/neigh/lo/retrans_time': No such file
or directory
$ ip ntable show dev lo
inet arp_cache
dev lo
refcnt 1 reachable 19494 base_reachable 30000 retrans 1000
gc_stale 60000 delay_probe 5000 queue 101
app_probes 0 ucast_probes 3 mcast_probes 3
anycast_delay 1000 proxy_delay 800 proxy_queue 64 locktime 1000
inet6 ndisc_cache
dev lo
refcnt 1 reachable 42394 base_reachable 30000 retrans 1000
gc_stale 60000 delay_probe 5000 queue 101
app_probes 0 ucast_probes 3 mcast_probes 3
anycast_delay 1000 proxy_delay 800 proxy_queue 64 locktime 0
$ ip ntable change name arp_cache dev <if> retrans 2000
inet arp_cache
dev lo
refcnt 1 reachable 22917 base_reachable 30000 retrans 2000
gc_stale 60000 delay_probe 5000 queue 101
app_probes 0 ucast_probes 3 mcast_probes 3
anycast_delay 1000 proxy_delay 800 proxy_queue 64 locktime 1000
inet6 ndisc_cache
dev lo
refcnt 1 reachable 35524 base_reachable 30000 retrans 1000
gc_stale 60000 delay_probe 5000 queue 101
app_probes 0 ucast_probes 3 mcast_probes 3
anycast_delay 1000 proxy_delay 800 proxy_queue 64 locktime 0
Reported-by: Zeal Robot <zealci@zte.com.cn>
Signed-off-by: xu xin <xu.xin16@zte.com.cn>
Acked-by: Joanne Koong <joannekoong@fb.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/core/neighbour.c | 4 ----
1 file changed, 4 deletions(-)
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index 358e84af0210b..48bd9f4002b4e 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -3251,10 +3251,6 @@ int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p,
neigh_proc_base_reachable_time;
}
- /* Don't export sysctls to unprivileged users */
- if (neigh_parms_net(p)->user_ns != &init_user_ns)
- t->neigh_vars[0].procname = NULL;
-
switch (neigh_parms_family(p)) {
case AF_INET:
p_name = "ipv4";
--
2.34.1
next prev parent reply other threads:[~2022-01-18 2:57 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-01-18 2:48 [PATCH AUTOSEL 4.14 01/56] Bluetooth: Fix debugfs entry leak in hci_register_dev() Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 03/56] ar5523: Fix null-ptr-deref with unexpected WDCMSG_TARGET_START reply Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 06/56] amd: a2065/ariadne: use eth_hw_addr_set() Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 07/56] amd: hplance: " Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 08/56] amd: atarilance: " Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 09/56] amd: mvme147: " Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 10/56] 8390: hydra: " Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 11/56] 8390: mac8390: " Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 12/56] cirrus: mac89x0: " Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 15/56] 82596: " Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 17/56] mlxsw: pci: Add shutdown method in PCI driver Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 21/56] mwifiex: Fix skb_over_panic in mwifiex_usb_recv() Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 27/56] iwlwifi: mvm: synchronize with FW after multicast commands Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 28/56] ath10k: Fix tx hanging Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 29/56] net-sysfs: update the queue counts in the unregistration path Sasha Levin
2022-01-18 2:48 ` Sasha Levin [this message]
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 31/56] net: bonding: debug: avoid printing debug logs when bond is not notifying peers Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 32/56] bpf: Do not WARN in bpf_warn_invalid_xdp_action() Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 38/56] ath9k: Fix out-of-bound memcpy in ath9k_hif_usb_rx_stream Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 39/56] iwlwifi: fix leaks/bad data after failed firmware load Sasha Levin
2022-01-18 2:48 ` [PATCH AUTOSEL 4.14 40/56] iwlwifi: remove module loading failure message Sasha Levin
2022-01-18 2:49 ` [PATCH AUTOSEL 4.14 49/56] net: mdio: Demote probed message to debug print Sasha Levin
2022-01-18 2:49 ` [PATCH AUTOSEL 4.14 50/56] mac80211: allow non-standard VHT MCS-10/11 Sasha Levin
2022-01-18 2:49 ` [PATCH AUTOSEL 4.14 53/56] net: phy: marvell: configure RGMII delays for 88E1118 Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220118024908.1953673-30-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=chinagar@codeaurora.org \
--cc=daniel@iogearbox.net \
--cc=davem@davemloft.net \
--cc=dsahern@kernel.org \
--cc=edumazet@google.com \
--cc=joannekoong@fb.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=roopa@nvidia.com \
--cc=stable@vger.kernel.org \
--cc=xu.xin16@zte.com.cn \
--cc=yajun.deng@linux.dev \
--cc=zealci@zte.com.cn \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).