ipv4: make ip_local_reserved_ports per netns

ip_local_port_range is already per netns, so should ip_local_reserved_ports
be. And since it is none by default we don't actually need it when we don't
enable CONFIG_SYSCTL.

By the way, rename inet_is_reserved_local_port() to inet_is_local_reserved_port()

Cc: "David S. Miller" <davem@davemloft.net>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

6 files changed, 21 insertions, 32 deletions

diff --git a/net/ipv4/af_inet.c b/net/ipv4/af_inet.c
index 211c0cc6c3d3..279132bcadd9 100644
--- a/net/ipv4/af_inet.c
+++ b/net/ipv4/af_inet.c
@@ -1705,13 +1705,9 @@ static int __init inet_init(void)
 
         BUILD_BUG_ON(sizeof(struct inet_skb_parm) > FIELD_SIZEOF(struct sk_buff, cb));
 
-        sysctl_local_reserved_ports = kzalloc(65536 / 8, GFP_KERNEL);
-        if (!sysctl_local_reserved_ports)
-                goto out;
-
         rc = proto_register(&tcp_prot, 1);
         if (rc)
-                goto out_free_reserved_ports;
+                goto out;
 
         rc = proto_register(&udp_prot, 1);
         if (rc)
@@ -1821,8 +1817,6 @@ out_unregister_udp_proto:
         proto_unregister(&udp_prot);
 out_unregister_tcp_proto:
         proto_unregister(&tcp_prot);
-out_free_reserved_ports:
-        kfree(sysctl_local_reserved_ports);
         goto out;
 }
 
diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
index 12e502cbfdc7..14d02ea905b6 100644
--- a/net/ipv4/inet_connection_sock.c
+++ b/net/ipv4/inet_connection_sock.c
@@ -29,9 +29,6 @@ const char inet_csk_timer_bug_msg[] = "inet_csk BUG: unknown timer value\n";
 EXPORT_SYMBOL(inet_csk_timer_bug_msg);
 #endif
 
-unsigned long *sysctl_local_reserved_ports;
-EXPORT_SYMBOL(sysctl_local_reserved_ports);
-
 void inet_get_local_port_range(struct net *net, int *low, int *high)
 {
         unsigned int seq;
@@ -113,7 +110,7 @@ again:
 
                 smallest_size = -1;
                 do {
-                        if (inet_is_reserved_local_port(rover))
+                        if (inet_is_local_reserved_port(net, rover))
                                 goto next_nolock;
                         head = &hashinfo->bhash[inet_bhashfn(net, rover,
                                         hashinfo->bhash_size)];
diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
index 8b9cf279450d..83331f1b86ac 100644
--- a/net/ipv4/inet_hashtables.c
+++ b/net/ipv4/inet_hashtables.c
@@ -500,7 +500,7 @@ int __inet_hash_connect(struct inet_timewait_death_row *death_row,
                 local_bh_disable();
                 for (i = 1; i <= remaining; i++) {
                         port = low + (i + offset) % remaining;
-                        if (inet_is_reserved_local_port(port))
+                        if (inet_is_local_reserved_port(net, port))
                                 continue;
                         head = &hinfo->bhash[inet_bhashfn(net, port,
                                         hinfo->bhash_size)];
diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
index a33b9fbc1d80..79a007c52558 100644
--- a/net/ipv4/sysctl_net_ipv4.c
+++ b/net/ipv4/sysctl_net_ipv4.c
@@ -437,13 +437,6 @@ static struct ctl_table ipv4_table[] = {
                 .proc_handler   = proc_dointvec
         },
         {
-                .procname       = "ip_local_reserved_ports",
-                .data           = NULL, /* initialized in sysctl_ipv4_init */
-                .maxlen         = 65536,
-                .mode           = 0644,
-                .proc_handler   = proc_do_large_bitmap,
-        },
-        {
                 .procname       = "igmp_max_memberships",
                 .data           = &sysctl_igmp_max_memberships,
                 .maxlen         = sizeof(int),
@@ -825,6 +818,13 @@ static struct ctl_table ipv4_net_table[] = {
                 .proc_handler   = ipv4_local_port_range,
         },
         {
+                .procname       = "ip_local_reserved_ports",
+                .data           = &init_net.ipv4.sysctl_local_reserved_ports,
+                .maxlen         = 65536,
+                .mode           = 0644,
+                .proc_handler   = proc_do_large_bitmap,
+        },
+        {
                 .procname       = "ip_no_pmtu_disc",
                 .data           = &init_net.ipv4.sysctl_ip_no_pmtu_disc,
                 .maxlen         = sizeof(int),
@@ -876,8 +876,14 @@ static __net_init int ipv4_sysctl_init_net(struct net *net)
         if (net->ipv4.ipv4_hdr == NULL)
                 goto err_reg;
 
+        net->ipv4.sysctl_local_reserved_ports = kzalloc(65536 / 8, GFP_KERNEL);
+        if (!net->ipv4.sysctl_local_reserved_ports)
+                goto err_ports;
+
         return 0;
 
+err_ports:
+        unregister_net_sysctl_table(net->ipv4.ipv4_hdr);
 err_reg:
         if (!net_eq(net, &init_net))
                 kfree(table);
@@ -889,6 +895,7 @@ static __net_exit void ipv4_sysctl_exit_net(struct net *net)
 {
         struct ctl_table *table;
 
+        kfree(net->ipv4.sysctl_local_reserved_ports);
         table = net->ipv4.ipv4_hdr->ctl_table_arg;
         unregister_net_sysctl_table(net->ipv4.ipv4_hdr);
         kfree(table);
@@ -902,16 +909,6 @@ static __net_initdata struct pernet_operations ipv4_sysctl_ops = {
 static __init int sysctl_ipv4_init(void)
 {
         struct ctl_table_header *hdr;
-        struct ctl_table *i;
-
-        for (i = ipv4_table; i->procname; i++) {
-                if (strcmp(i->procname, "ip_local_reserved_ports") == 0) {
-                        i->data = sysctl_local_reserved_ports;
-                        break;
-                }
-        }
-        if (!i->procname)
-                return -EINVAL;
 
         hdr = register_net_sysctl(&init_net, "net/ipv4", ipv4_table);
         if (hdr == NULL)
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
index 54ea0a3a48f1..6729ea97a59d 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -246,7 +246,7 @@ int udp_lib_get_port(struct sock *sk, unsigned short snum,
                         do {
                                 if (low <= snum && snum <= high &&
                                     !test_bit(snum >> udptable->log, bitmap) &&
-                                    !inet_is_reserved_local_port(snum))
+                                    !inet_is_local_reserved_port(net, snum))
                                         goto found;
                                 snum += rand;
                         } while (snum != first);
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index e37b2cbbf177..2af76eaba8f7 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -5946,8 +5946,9 @@ static long sctp_get_port_local(struct sock *sk, union sctp_addr *addr)
                 /* Search for an available port. */
                 int low, high, remaining, index;
                 unsigned int rover;
+                struct net *net = sock_net(sk);
 
-                inet_get_local_port_range(sock_net(sk), &low, &high);
+                inet_get_local_port_range(net, &low, &high);
                 remaining = (high - low) + 1;
                 rover = prandom_u32() % remaining + low;
 
@@ -5955,7 +5956,7 @@ static long sctp_get_port_local(struct sock *sk, union sctp_addr *addr)
                         rover++;
                         if ((rover < low) || (rover > high))
                                 rover = low;
-                        if (inet_is_reserved_local_port(rover))
+                        if (inet_is_local_reserved_port(net, rover))
                                 continue;
                         index = sctp_phashfn(sock_net(sk), rover);
                         head = &sctp_port_hashtable[index];