aboutsummaryrefslogtreecommitdiffstats
path: root/net/core/neighbour.c
diff options
context:
space:
mode:
Diffstat (limited to 'net/core/neighbour.c')
-rw-r--r--net/core/neighbour.c20
1 files changed, 15 insertions, 5 deletions
diff --git a/net/core/neighbour.c b/net/core/neighbour.c
index 22571488730a..c815f285e5ab 100644
--- a/net/core/neighbour.c
+++ b/net/core/neighbour.c
@@ -1787,8 +1787,7 @@ static int neightbl_fill_parms(struct sk_buff *skb, struct neigh_parms *parms)
1787 nla_put_u32(skb, NDTPA_QUEUE_LENBYTES, parms->queue_len_bytes) || 1787 nla_put_u32(skb, NDTPA_QUEUE_LENBYTES, parms->queue_len_bytes) ||
1788 /* approximative value for deprecated QUEUE_LEN (in packets) */ 1788 /* approximative value for deprecated QUEUE_LEN (in packets) */
1789 nla_put_u32(skb, NDTPA_QUEUE_LEN, 1789 nla_put_u32(skb, NDTPA_QUEUE_LEN,
1790 DIV_ROUND_UP(parms->queue_len_bytes, 1790 parms->queue_len_bytes / SKB_TRUESIZE(ETH_FRAME_LEN)) ||
1791 SKB_TRUESIZE(ETH_FRAME_LEN))) ||
1792 nla_put_u32(skb, NDTPA_PROXY_QLEN, parms->proxy_qlen) || 1791 nla_put_u32(skb, NDTPA_PROXY_QLEN, parms->proxy_qlen) ||
1793 nla_put_u32(skb, NDTPA_APP_PROBES, parms->app_probes) || 1792 nla_put_u32(skb, NDTPA_APP_PROBES, parms->app_probes) ||
1794 nla_put_u32(skb, NDTPA_UCAST_PROBES, parms->ucast_probes) || 1793 nla_put_u32(skb, NDTPA_UCAST_PROBES, parms->ucast_probes) ||
@@ -2770,6 +2769,8 @@ EXPORT_SYMBOL(neigh_app_ns);
2770#endif /* CONFIG_ARPD */ 2769#endif /* CONFIG_ARPD */
2771 2770
2772#ifdef CONFIG_SYSCTL 2771#ifdef CONFIG_SYSCTL
2772static int zero;
2773static int unres_qlen_max = INT_MAX / SKB_TRUESIZE(ETH_FRAME_LEN);
2773 2774
2774static int proc_unres_qlen(ctl_table *ctl, int write, void __user *buffer, 2775static int proc_unres_qlen(ctl_table *ctl, int write, void __user *buffer,
2775 size_t *lenp, loff_t *ppos) 2776 size_t *lenp, loff_t *ppos)
@@ -2777,9 +2778,13 @@ static int proc_unres_qlen(ctl_table *ctl, int write, void __user *buffer,
2777 int size, ret; 2778 int size, ret;
2778 ctl_table tmp = *ctl; 2779 ctl_table tmp = *ctl;
2779 2780
2781 tmp.extra1 = &zero;
2782 tmp.extra2 = &unres_qlen_max;
2780 tmp.data = &size; 2783 tmp.data = &size;
2781 size = DIV_ROUND_UP(*(int *)ctl->data, SKB_TRUESIZE(ETH_FRAME_LEN)); 2784
2782 ret = proc_dointvec(&tmp, write, buffer, lenp, ppos); 2785 size = *(int *)ctl->data / SKB_TRUESIZE(ETH_FRAME_LEN);
2786 ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
2787
2783 if (write && !ret) 2788 if (write && !ret)
2784 *(int *)ctl->data = size * SKB_TRUESIZE(ETH_FRAME_LEN); 2789 *(int *)ctl->data = size * SKB_TRUESIZE(ETH_FRAME_LEN);
2785 return ret; 2790 return ret;
@@ -2865,7 +2870,8 @@ static struct neigh_sysctl_table {
2865 .procname = "unres_qlen_bytes", 2870 .procname = "unres_qlen_bytes",
2866 .maxlen = sizeof(int), 2871 .maxlen = sizeof(int),
2867 .mode = 0644, 2872 .mode = 0644,
2868 .proc_handler = proc_dointvec, 2873 .extra1 = &zero,
2874 .proc_handler = proc_dointvec_minmax,
2869 }, 2875 },
2870 [NEIGH_VAR_PROXY_QLEN] = { 2876 [NEIGH_VAR_PROXY_QLEN] = {
2871 .procname = "proxy_qlen", 2877 .procname = "proxy_qlen",
@@ -2987,6 +2993,10 @@ int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p,
2987 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].extra1 = dev; 2993 t->neigh_vars[NEIGH_VAR_BASE_REACHABLE_TIME_MS].extra1 = dev;
2988 } 2994 }
2989 2995
2996 /* Don't export sysctls to unprivileged users */
2997 if (neigh_parms_net(p)->user_ns != &init_user_ns)
2998 t->neigh_vars[0].procname = NULL;
2999
2990 snprintf(neigh_path, sizeof(neigh_path), "net/%s/neigh/%s", 3000 snprintf(neigh_path, sizeof(neigh_path), "net/%s/neigh/%s",
2991 p_name, dev_name_source); 3001 p_name, dev_name_source);
2992 t->sysctl_header = 3002 t->sysctl_header =
generated by cgit v1.2.2 (git 2.25.0) at 2026-01-06 15:36:48 -0500