lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Wed, 23 Nov 2022 17:44:06 +0800
From:   Firo Yang <firo.yang@...e.com>
To:     vyasevich@...il.com, nhorman@...driver.com,
        marcelo.leitner@...il.com
Cc:     mkubecek@...e.com, davem@...emloft.net, edumazet@...gle.com,
        kuba@...nel.org, pabeni@...hat.com, linux-sctp@...r.kernel.org,
        netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
        firogm@...il.com, Firo Yang <firo.yang@...e.com>
Subject: [PATCH 1/1] sctp: sysctl: referring the correct net namespace

Recently, a customer reported that from their container whose
net namespace is different to the host's init_net, they can't set
the container's net.sctp.rto_max to any value smaller than
init_net.sctp.rto_min.

For instance,
Host:
sudo sysctl net.sctp.rto_min
net.sctp.rto_min = 1000

Container:
echo 100 > /mnt/proc-net/sctp/rto_min
echo 400 > /mnt/proc-net/sctp/rto_max
echo: write error: Invalid argument

This is caused by the check made from this'commit 4f3fdf3bc59c
("sctp: add check rto_min and rto_max in sysctl")'
When validating the input value, it's always referring the boundary
value set for the init_net namespace.

Having container's rto_max smaller than host's init_net.sctp.rto_min
does make sense. Considering that the rto between two containers on the
same host is very likely smaller than it for two hosts.

So to fix this problem, just referring the boundary value from the net
namespace where the new input value came from shold be enough.

Signed-off-by: Firo Yang <firo.yang@...e.com>
---
 net/sctp/sysctl.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/net/sctp/sysctl.c b/net/sctp/sysctl.c
index b46a416787ec..e167df4dc60b 100644
--- a/net/sctp/sysctl.c
+++ b/net/sctp/sysctl.c
@@ -429,6 +429,9 @@ static int proc_sctp_do_rto_min(struct ctl_table *ctl, int write,
 	else
 		tbl.data = &net->sctp.rto_min;
 
+	if (net != &init_net)
+		max = net->sctp.rto_max;
+
 	ret = proc_dointvec(&tbl, write, buffer, lenp, ppos);
 	if (write && ret == 0) {
 		if (new_value > max || new_value < min)
@@ -457,6 +460,9 @@ static int proc_sctp_do_rto_max(struct ctl_table *ctl, int write,
 	else
 		tbl.data = &net->sctp.rto_max;
 
+	if (net != &init_net)
+		min = net->sctp.rto_min;
+
 	ret = proc_dointvec(&tbl, write, buffer, lenp, ppos);
 	if (write && ret == 0) {
 		if (new_value > max || new_value < min)
-- 
2.26.2

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ