4 files changed, 57 insertions, 25 deletions

diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
index 24141b4d1a11..c1e0cf408af9 100644
--- a/include/linux/sysctl.h
+++ b/include/linux/sysctl.h
@@ -947,6 +947,16 @@ struct ctl_table;
 struct nsproxy;
 struct ctl_table_root;
 
+struct ctl_table_set {
+        struct list_head list;
+        struct ctl_table_set *parent;
+        int (*is_seen)(struct ctl_table_set *);
+};
+
+extern void setup_sysctl_set(struct ctl_table_set *p,
+        struct ctl_table_set *parent,
+        int (*is_seen)(struct ctl_table_set *));
+
 extern struct ctl_table_header *sysctl_head_next(struct ctl_table_header *prev);
 extern struct ctl_table_header *__sysctl_head_next(struct nsproxy *namespaces,
                                                 struct ctl_table_header *prev);
@@ -1049,8 +1059,8 @@ struct ctl_table
 
 struct ctl_table_root {
         struct list_head root_list;
-        struct list_head header_list;
-        struct list_head *(*lookup)(struct ctl_table_root *root,
+        struct ctl_table_set default_set;
+        struct ctl_table_set *(*lookup)(struct ctl_table_root *root,
                                            struct nsproxy *namespaces);
         int (*permissions)(struct ctl_table_root *root,
                         struct nsproxy *namespaces, struct ctl_table *table);
@@ -1066,6 +1076,7 @@ struct ctl_table_header
         struct completion *unregistering;
         struct ctl_table *ctl_table_arg;
         struct ctl_table_root *root;
+        struct ctl_table_set *set;
 };
 
 /* struct ctl_path describes where in the hierarchy a table is added */
diff --git a/include/net/net_namespace.h b/include/net/net_namespace.h
index 3855620b78a9..a8eb43cf0c7e 100644
--- a/include/net/net_namespace.h
+++ b/include/net/net_namespace.h
@@ -38,7 +38,9 @@ struct net {
         struct proc_dir_entry   *proc_net;
         struct proc_dir_entry   *proc_net_stat;
 
-        struct list_head        sysctl_table_headers;
+#ifdef CONFIG_SYSCTL
+        struct ctl_table_set    sysctls;
+#endif
 
         struct net_device       *loopback_dev;          /* The loopback */
 
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 35a50db9b6ce..8ee4a0619fbb 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -160,12 +160,13 @@ static struct ctl_table root_table[];
 static struct ctl_table_root sysctl_table_root;
 static struct ctl_table_header root_table_header = {
         .ctl_table = root_table,
-        .ctl_entry = LIST_HEAD_INIT(sysctl_table_root.header_list),
+        .ctl_entry = LIST_HEAD_INIT(sysctl_table_root.default_set.list),
         .root = &sysctl_table_root,
+        .set = &sysctl_table_root.default_set,
 };
 static struct ctl_table_root sysctl_table_root = {
         .root_list = LIST_HEAD_INIT(sysctl_table_root.root_list),
-        .header_list = LIST_HEAD_INIT(root_table_header.ctl_entry),
+        .default_set.list = LIST_HEAD_INIT(root_table_header.ctl_entry),
 };
 
 static struct ctl_table kern_table[];
@@ -1403,14 +1404,20 @@ void sysctl_head_finish(struct ctl_table_header *head)
         spin_unlock(&sysctl_lock);
 }
 
+static struct ctl_table_set *
+lookup_header_set(struct ctl_table_root *root, struct nsproxy *namespaces)
+{
+        struct ctl_table_set *set = &root->default_set;
+        if (root->lookup)
+                set = root->lookup(root, namespaces);
+        return set;
+}
+
 static struct list_head *
 lookup_header_list(struct ctl_table_root *root, struct nsproxy *namespaces)
 {
-        struct list_head *header_list;
-        header_list = &root->header_list;
-        if (root->lookup)
-                header_list = root->lookup(root, namespaces);
-        return header_list;
+        struct ctl_table_set *set = lookup_header_set(root, namespaces);
+        return &set->list;
 }
 
 struct ctl_table_header *__sysctl_head_next(struct nsproxy *namespaces,
@@ -1720,7 +1727,6 @@ struct ctl_table_header *__register_sysctl_paths(
         struct nsproxy *namespaces,
         const struct ctl_path *path, struct ctl_table *table)
 {
-        struct list_head *header_list;
         struct ctl_table_header *header;
         struct ctl_table *new, **prevp;
         unsigned int n, npath;
@@ -1772,8 +1778,8 @@ struct ctl_table_header *__register_sysctl_paths(
         }
 #endif
         spin_lock(&sysctl_lock);
-        header_list = lookup_header_list(root, namespaces);
-        list_add_tail(&header->ctl_entry, header_list);
+        header->set = lookup_header_set(root, namespaces);
+        list_add_tail(&header->ctl_entry, &header->set->list);
         spin_unlock(&sysctl_lock);
 
         return header;
@@ -1832,6 +1838,15 @@ void unregister_sysctl_table(struct ctl_table_header * header)
         kfree(header);
 }
 
+void setup_sysctl_set(struct ctl_table_set *p,
+        struct ctl_table_set *parent,
+        int (*is_seen)(struct ctl_table_set *))
+{
+        INIT_LIST_HEAD(&p->list);
+        p->parent = parent ? parent : &sysctl_table_root.default_set;
+        p->is_seen = is_seen;
+}
+
 #else /* !CONFIG_SYSCTL */
 struct ctl_table_header *register_sysctl_table(struct ctl_table * table)
 {
@@ -1848,6 +1863,12 @@ void unregister_sysctl_table(struct ctl_table_header * table)
 {
 }
 
+void setup_sysctl_set(struct ctl_table_set *p,
+        struct ctl_table_set *parent,
+        int (*is_seen)(struct ctl_table_set *))
+{
+}
+
 #endif /* CONFIG_SYSCTL */
 
 /*
diff --git a/net/sysctl_net.c b/net/sysctl_net.c
index 63ada437fc2f..cefbc367d8be 100644
--- a/net/sysctl_net.c
+++ b/net/sysctl_net.c
@@ -29,10 +29,15 @@
 #include <linux/if_tr.h>
 #endif
 
-static struct list_head *
+static struct ctl_table_set *
 net_ctl_header_lookup(struct ctl_table_root *root, struct nsproxy *namespaces)
 {
-        return &namespaces->net_ns->sysctl_table_headers;
+        return &namespaces->net_ns->sysctls;
+}
+
+static int is_seen(struct ctl_table_set *set)
+{
+        return &current->nsproxy->net_ns->sysctls == set;
 }
 
 /* Return standard mode bits for table entry. */
@@ -53,13 +58,6 @@ static struct ctl_table_root net_sysctl_root = {
         .permissions = net_ctl_permissions,
 };
 
-static LIST_HEAD(net_sysctl_ro_tables);
-static struct list_head *net_ctl_ro_header_lookup(struct ctl_table_root *root,
-                struct nsproxy *namespaces)
-{
-        return &net_sysctl_ro_tables;
-}
-
 static int net_ctl_ro_header_perms(struct ctl_table_root *root,
                 struct nsproxy *namespaces, struct ctl_table *table)
 {
@@ -70,19 +68,18 @@ static int net_ctl_ro_header_perms(struct ctl_table_root *root,
 }
 
 static struct ctl_table_root net_sysctl_ro_root = {
-        .lookup = net_ctl_ro_header_lookup,
         .permissions = net_ctl_ro_header_perms,
 };
 
 static int sysctl_net_init(struct net *net)
 {
-        INIT_LIST_HEAD(&net->sysctl_table_headers);
+        setup_sysctl_set(&net->sysctls, NULL, is_seen);
         return 0;
 }
 
 static void sysctl_net_exit(struct net *net)
 {
-        WARN_ON(!list_empty(&net->sysctl_table_headers));
+        WARN_ON(!list_empty(&net->sysctls.list));
         return;
 }
 
@@ -98,6 +95,7 @@ static __init int sysctl_init(void)
         if (ret)
                 goto out;
         register_sysctl_root(&net_sysctl_root);
+        setup_sysctl_set(&net_sysctl_ro_root.default_set, NULL, NULL);
         register_sysctl_root(&net_sysctl_ro_root);
 out:
         return ret;