10 files changed, 146 insertions, 58 deletions
diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c
index 9ffb9987450a..2e641b255db4 100644
--- a/drivers/infiniband/core/cma.c
+++ b/drivers/infiniband/core/cma.c
@@ -1866,13 +1866,14 @@ err1:
 static int cma_alloc_any_port(struct idr *ps, struct rdma_id_private *id_priv)
 {
        struct rdma_bind_list *bind_list;
-        int port, ret;
+        int port, ret, low, high;
        bind_list = kzalloc(sizeof *bind_list, GFP_KERNEL);
        if (!bind_list)
                return -ENOMEM;
 retry:
+        /* FIXME: add proper port randomization per like inet_csk_get_port */
        do {
                ret = idr_get_new_above(ps, bind_list, next_port, &port);
        } while ((ret == -EAGAIN) && idr_pre_get(ps, GFP_KERNEL));
@@ -1880,18 +1881,19 @@ retry:
        if (ret)
                goto err1;
-        if (port > sysctl_local_port_range[1]) {
+        inet_get_local_port_range(&low, &high);
-                if (next_port != sysctl_local_port_range[0]) {
+        if (port > high) {
+                if (next_port != low) {
                        idr_remove(ps, port);
-                        next_port = sysctl_local_port_range[0];
+                        next_port = low;
                        goto retry;
                }
                ret = -EADDRNOTAVAIL;
                goto err2;
        }
-        if (port == sysctl_local_port_range[1])
+        if (port == high)
-                next_port = sysctl_local_port_range[0];
+                next_port = low;
        else
                next_port = port + 1;
@@ -2769,12 +2771,12 @@ static void cma_remove_one(struct ib_device *device)
 static int cma_init(void)
 {
-        int ret;
+        int ret, low, high;
        get_random_bytes(&next_port, sizeof next_port);
-        next_port = ((unsigned int) next_port %
+        inet_get_local_port_range(&low, &high);
-                    (sysctl_local_port_range[1] - sysctl_local_port_range[0])) +
+        next_port = ((unsigned int) next_port % (high - low)) + low;
-                    sysctl_local_port_range[0];
        cma_wq = create_singlethread_workqueue("rdma_cm");
        if (!cma_wq)
                return -ENOMEM;
diff --git a/include/net/ip.h b/include/net/ip.h
index abf2820a1125..3af3ed9d320b 100644
--- a/include/net/ip.h
+++ b/include/net/ip.h
@@ -171,7 +171,8 @@ extern unsigned long snmp_fold_field(void *mib[], int offt);
 extern int snmp_mib_init(void *ptr[2], size_t mibsize, size_t mibalign);
 extern void snmp_mib_free(void *ptr[2]);
-extern int sysctl_local_port_range[2];
+extern void inet_get_local_port_range(int *low, int *high);
 extern int sysctl_ip_default_ttl;
 extern int sysctl_ip_nonlocal_bind;
diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
index fbe7714f21d0..3cef12835c4b 100644
--- a/net/ipv4/inet_connection_sock.c
+++ b/net/ipv4/inet_connection_sock.c
@@ -33,6 +33,19 @@ EXPORT_SYMBOL(inet_csk_timer_bug_msg);
 * This array holds the first and last local port number.
 */
 int sysctl_local_port_range[2] = { 32768, 61000 };
+DEFINE_SEQLOCK(sysctl_port_range_lock);
+void inet_get_local_port_range(int *low, int *high)
+{
+        unsigned seq;
+        do {
+                seq = read_seqbegin(&sysctl_port_range_lock);
+                *low = sysctl_local_port_range[0];
+                *high = sysctl_local_port_range[1];
+        } while (read_seqretry(&sysctl_port_range_lock, seq));
+}
+EXPORT_SYMBOL(inet_get_local_port_range);
 int inet_csk_bind_conflict(const struct sock *sk,
                           const struct inet_bind_bucket *tb)
@@ -77,10 +90,11 @@ int inet_csk_get_port(struct inet_hashinfo *hashinfo,
        local_bh_disable();
        if (!snum) {
-                int low = sysctl_local_port_range[0];
+                int remaining, rover, low, high;
-                int high = sysctl_local_port_range[1];
-                int remaining = (high - low) + 1;
+                inet_get_local_port_range(&low, &high);
-                int rover = net_random() % (high - low) + low;
+                remaining = high - low;
+                rover = net_random() % remaining + low;
                do {
                        head = &hashinfo->bhash[inet_bhashfn(rover, hashinfo->bhash_size)];
diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c
index fb662621c54e..fac6398e4367 100644
--- a/net/ipv4/inet_hashtables.c
+++ b/net/ipv4/inet_hashtables.c
@@ -279,19 +279,18 @@ int inet_hash_connect(struct inet_timewait_death_row *death_row,
        int ret;
        if (!snum) {
-                int low = sysctl_local_port_range[0];
+                int i, remaining, low, high, port;
-                int high = sysctl_local_port_range[1];
-                int range = high - low;
-                int i;
-                int port;
                static u32 hint;
                u32 offset = hint + inet_sk_port_offset(sk);
                struct hlist_node *node;
                struct inet_timewait_sock *tw = NULL;
+                inet_get_local_port_range(&low, &high);
+                remaining = high - low;
                local_bh_disable();
-                for (i = 1; i <= range; i++) {
+                for (i = 1; i <= remaining; i++) {
-                        port = low + (i + offset) % range;
+                        port = low + (i + offset) % remaining;
                        head = &hinfo->bhash[inet_bhashfn(port, hinfo->bhash_size)];
                        spin_lock(&head->lock);
diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c
index 53ef0f4bbdaa..eb286abcf5dc 100644
--- a/net/ipv4/sysctl_net_ipv4.c
+++ b/net/ipv4/sysctl_net_ipv4.c
@@ -12,6 +12,7 @@
 #include <linux/sysctl.h>
 #include <linux/igmp.h>
 #include <linux/inetdevice.h>
+#include <linux/seqlock.h>
 #include <net/snmp.h>
 #include <net/icmp.h>
 #include <net/ip.h>
@@ -89,6 +90,74 @@ static int ipv4_sysctl_forward_strategy(ctl_table *table,
        return 1;
 }
+extern seqlock_t sysctl_port_range_lock;
+extern int sysctl_local_port_range[2];
+/* Update system visible IP port range */
+static void set_local_port_range(int range[2])
+{
+        write_seqlock(&sysctl_port_range_lock);
+        sysctl_local_port_range[0] = range[0];
+        sysctl_local_port_range[1] = range[1];
+        write_sequnlock(&sysctl_port_range_lock);
+}
+/* Validate changes from /proc interface. */
+static int ipv4_local_port_range(ctl_table *table, int write, struct file *filp,
+                                 void __user *buffer,
+                                 size_t *lenp, loff_t *ppos)
+{
+        int ret;
+        int range[2] = { sysctl_local_port_range[0],
+                         sysctl_local_port_range[1] };
+        ctl_table tmp = {
+                .data = &range,
+                .maxlen = sizeof(range),
+                .mode = table->mode,
+                .extra1 = &ip_local_port_range_min,
+                .extra2 = &ip_local_port_range_max,
+        };
+        ret = proc_dointvec_minmax(&tmp, write, filp, buffer, lenp, ppos);
+        if (write && ret == 0) {
+                if (range[1] <= range[0])
+                        ret = -EINVAL;
+                else
+                        set_local_port_range(range);
+        }
+        return ret;
+}
+/* Validate changes from sysctl interface. */
+static int ipv4_sysctl_local_port_range(ctl_table *table, int __user *name,
+                                         int nlen, void __user *oldval,
+                                         size_t __user *oldlenp,
+                                        void __user *newval, size_t newlen)
+{
+        int ret;
+        int range[2] = { sysctl_local_port_range[0],
+                         sysctl_local_port_range[1] };
+        ctl_table tmp = {
+                .data = &range,
+                .maxlen = sizeof(range),
+                .mode = table->mode,
+                .extra1 = &ip_local_port_range_min,
+                .extra2 = &ip_local_port_range_max,
+        };
+        ret = sysctl_intvec(&tmp, name, nlen, oldval, oldlenp, newval, newlen);
+        if (ret == 0 && newval && newlen) {
+                if (range[1] <= range[0])
+                        ret = -EINVAL;
+                else
+                        set_local_port_range(range);
+        }
+        return ret;
+}
 static int proc_tcp_congestion_control(ctl_table *ctl, int write, struct file * filp,
                                       void __user *buffer, size_t *lenp, loff_t *ppos)
 {
@@ -427,10 +496,8 @@ ctl_table ipv4_table[] = {
                .data           = &sysctl_local_port_range,
                .maxlen         = sizeof(sysctl_local_port_range),
                .mode           = 0644,
-                .proc_handler   = &proc_dointvec_minmax,
+                .proc_handler   = &ipv4_local_port_range,
-                .strategy       = &sysctl_intvec,
+                .strategy       = &ipv4_sysctl_local_port_range,
-                .extra1         = ip_local_port_range_min,
-                .extra2         = ip_local_port_range_max
        },
        {
                .ctl_name       = NET_IPV4_ICMP_ECHO_IGNORE_ALL,
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 8855e640e958..38cf73a56731 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -2470,6 +2470,5 @@ EXPORT_SYMBOL(tcp_v4_syn_recv_sock);
 EXPORT_SYMBOL(tcp_proc_register);
 EXPORT_SYMBOL(tcp_proc_unregister);
 #endif
-EXPORT_SYMBOL(sysctl_local_port_range);
 EXPORT_SYMBOL(sysctl_tcp_low_latency);
diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c
index ef4d901ee9ad..cb9fc58efb2f 100644
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -147,11 +147,11 @@ int __udp_lib_get_port(struct sock *sk, unsigned short snum,
        write_lock_bh(&udp_hash_lock);
        if (!snum) {
-                int i;
+                int i, low, high;
-                int low = sysctl_local_port_range[0];
-                int high = sysctl_local_port_range[1];
                unsigned rover, best, best_size_so_far;
+                inet_get_local_port_range(&low, &high);
                best_size_so_far = UINT_MAX;
                best = rover = net_random() % (high - low) + low;
diff --git a/net/ipv6/inet6_hashtables.c b/net/ipv6/inet6_hashtables.c
index ae6b0e7eb488..1c2c27655435 100644
--- a/net/ipv6/inet6_hashtables.c
+++ b/net/ipv6/inet6_hashtables.c
@@ -254,18 +254,18 @@ int inet6_hash_connect(struct inet_timewait_death_row *death_row,
        int ret;
        if (snum == 0) {
-                const int low = sysctl_local_port_range[0];
+                int i, port, low, high, remaining;
-                const int high = sysctl_local_port_range[1];
-                const int range = high - low;
-                int i, port;
                static u32 hint;
                const u32 offset = hint + inet6_sk_port_offset(sk);
                struct hlist_node *node;
                struct inet_timewait_sock *tw = NULL;
+                inet_get_local_port_range(&low, &high);
+                remaining = high - low;
                local_bh_disable();
-                for (i = 1; i <= range; i++) {
+                for (i = 1; i <= remaining; i++) {
-                        port = low + (i + offset) % range;
+                        port = low + (i + offset) % remaining;
                        head = &hinfo->bhash[inet_bhashfn(port, hinfo->bhash_size)];
                        spin_lock(&head->lock);
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index 7cd58ef84eda..9c6a4b5f6264 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -5315,11 +5315,12 @@ static long sctp_get_port_local(struct sock *sk, union sctp_addr *addr)
        if (snum == 0) {
                /* Search for an available port. */
-                unsigned int low = sysctl_local_port_range[0];
+                int low, high, remaining, index;
-                unsigned int high = sysctl_local_port_range[1];
+                unsigned int rover;
-                unsigned int remaining = (high - low) + 1;
-                unsigned int rover = net_random() % remaining + low;
+                inet_get_local_port_range(&low, &high);
-                int index;
+                remaining = (high - low) + 1;
+                rover = net_random() % remaining + low;
                do {
                        rover++;
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 0753b20e23fe..3c3fff33d1ce 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -47,7 +47,7 @@
 #include <linux/netfilter_ipv6.h>
 #include <linux/tty.h>
 #include <net/icmp.h>
-#include <net/ip.h>             /* for sysctl_local_port_range[] */
+#include <net/ip.h>             /* for local_port_range[] */
 #include <net/tcp.h>            /* struct or_callable used in sock_rcv_skb */
 #include <asm/uaccess.h>
 #include <asm/ioctls.h>
@@ -3232,8 +3232,6 @@ static int selinux_socket_post_create(struct socket *sock, int family,
 /* Range of port numbers used to automatically bind.
   Need to determine whether we should perform a name_bind
   permission check between the socket and the port number. */
-#define ip_local_port_range_0 sysctl_local_port_range[0]
-#define ip_local_port_range_1 sysctl_local_port_range[1]
 static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, int addrlen)
 {
@@ -3276,20 +3274,27 @@ static int selinux_socket_bind(struct socket *sock, struct sockaddr *address, in
                        addrp = (char *)&addr6->sin6_addr.s6_addr;
                }
-                if (snum&&(snum < max(PROT_SOCK,ip_local_port_range_0) ||
+                if (snum) {
-                           snum > ip_local_port_range_1)) {
+                        int low, high;
-                        err = security_port_sid(sk->sk_family, sk->sk_type,
-                                                sk->sk_protocol, snum, &sid);
+                        inet_get_local_port_range(&low, &high);
-                        if (err)
-                                goto out;
+                        if (snum < max(PROT_SOCK, low) || snum > high) {
-                        AVC_AUDIT_DATA_INIT(&ad,NET);
+                                err = security_port_sid(sk->sk_family,
-                        ad.u.net.sport = htons(snum);
+                                                        sk->sk_type,
-                        ad.u.net.family = family;
+                                                        sk->sk_protocol, snum,
-                        err = avc_has_perm(isec->sid, sid,
+                                                        &sid);
-                                           isec->sclass,
+                                if (err)
-                                           SOCKET__NAME_BIND, &ad);
+                                        goto out;
-                        if (err)
+                                AVC_AUDIT_DATA_INIT(&ad,NET);
-                                goto out;
+                                ad.u.net.sport = htons(snum);
+                                ad.u.net.family = family;
+                                err = avc_has_perm(isec->sid, sid,
+                                                   isec->sclass,
+                                                   SOCKET__NAME_BIND, &ad);
+                                if (err)
+                                        goto out;
+                        }
                }
                
                switch(isec->sclass) {

diff --git a/drivers/infiniband/core/cma.c b/drivers/infiniband/core/cma.c index 9ffb9987450a..2e641b255db4 100644 --- a/drivers/infiniband/core/cma.c +++ b/drivers/infiniband/core/cma.c
@@ -1866,13 +1866,14 @@ err1:
1866	static int cma_alloc_any_port(struct idr ps, struct rdma_id_private id_priv)	1866	static int cma_alloc_any_port(struct idr ps, struct rdma_id_private id_priv)
1867	{	1867	{
1868	struct rdma_bind_list *bind_list;	1868	struct rdma_bind_list *bind_list;
1869	int port, ret;	1869	int port, ret, low, high;
1870		1870
1871	bind_list = kzalloc(sizeof *bind_list, GFP_KERNEL);	1871	bind_list = kzalloc(sizeof *bind_list, GFP_KERNEL);
1872	if (!bind_list)	1872	if (!bind_list)
1873	return -ENOMEM;	1873	return -ENOMEM;
1874		1874
1875	retry:	1875	retry:
		1876	/* FIXME: add proper port randomization per like inet_csk_get_port */
1876	do {	1877	do {
1877	ret = idr_get_new_above(ps, bind_list, next_port, &port);	1878	ret = idr_get_new_above(ps, bind_list, next_port, &port);
1878	} while ((ret == -EAGAIN) && idr_pre_get(ps, GFP_KERNEL));	1879	} while ((ret == -EAGAIN) && idr_pre_get(ps, GFP_KERNEL));
@@ -1880,18 +1881,19 @@ retry:
1880	if (ret)	1881	if (ret)
1881	goto err1;	1882	goto err1;
1882		1883
1883	if (port > sysctl_local_port_range[1]) {	1884	inet_get_local_port_range(&low, &high);
1884	if (next_port != sysctl_local_port_range[0]) {	1885	if (port > high) {
		1886	if (next_port != low) {
1885	idr_remove(ps, port);	1887	idr_remove(ps, port);
1886	next_port = sysctl_local_port_range[0];	1888	next_port = low;
1887	goto retry;	1889	goto retry;
1888	}	1890	}
1889	ret = -EADDRNOTAVAIL;	1891	ret = -EADDRNOTAVAIL;
1890	goto err2;	1892	goto err2;
1891	}	1893	}
1892		1894
1893	if (port == sysctl_local_port_range[1])	1895	if (port == high)
1894	next_port = sysctl_local_port_range[0];	1896	next_port = low;
1895	else	1897	else
1896	next_port = port + 1;	1898	next_port = port + 1;
1897		1899
@@ -2769,12 +2771,12 @@ static void cma_remove_one(struct ib_device *device)
2769		2771
2770	static int cma_init(void)	2772	static int cma_init(void)
2771	{	2773	{
2772	int ret;	2774	int ret, low, high;
2773		2775
2774	get_random_bytes(&next_port, sizeof next_port);	2776	get_random_bytes(&next_port, sizeof next_port);
2775	next_port = ((unsigned int) next_port %	2777	inet_get_local_port_range(&low, &high);
2776	(sysctl_local_port_range[1] - sysctl_local_port_range[0])) +	2778	next_port = ((unsigned int) next_port % (high - low)) + low;
2777	sysctl_local_port_range[0];	2779
2778	cma_wq = create_singlethread_workqueue("rdma_cm");	2780	cma_wq = create_singlethread_workqueue("rdma_cm");
2779	if (!cma_wq)	2781	if (!cma_wq)
2780	return -ENOMEM;	2782	return -ENOMEM;


diff --git a/include/net/ip.h b/include/net/ip.h index abf2820a1125..3af3ed9d320b 100644 --- a/include/net/ip.h +++ b/include/net/ip.h
@@ -171,7 +171,8 @@ extern unsigned long snmp_fold_field(void *mib[], int offt);
171	extern int snmp_mib_init(void *ptr[2], size_t mibsize, size_t mibalign);	171	extern int snmp_mib_init(void *ptr[2], size_t mibsize, size_t mibalign);
172	extern void snmp_mib_free(void *ptr[2]);	172	extern void snmp_mib_free(void *ptr[2]);
173		173
174	extern int sysctl_local_port_range[2];	174	extern void inet_get_local_port_range(int low, int high);
		175
175	extern int sysctl_ip_default_ttl;	176	extern int sysctl_ip_default_ttl;
176	extern int sysctl_ip_nonlocal_bind;	177	extern int sysctl_ip_nonlocal_bind;
177		178


diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c index fbe7714f21d0..3cef12835c4b 100644 --- a/net/ipv4/inet_connection_sock.c +++ b/net/ipv4/inet_connection_sock.c
@@ -33,6 +33,19 @@ EXPORT_SYMBOL(inet_csk_timer_bug_msg);
33	* This array holds the first and last local port number.	33	* This array holds the first and last local port number.
34	*/	34	*/
35	int sysctl_local_port_range[2] = { 32768, 61000 };	35	int sysctl_local_port_range[2] = { 32768, 61000 };
		36	DEFINE_SEQLOCK(sysctl_port_range_lock);
		37
		38	void inet_get_local_port_range(int low, int high)
		39	{
		40	unsigned seq;
		41	do {
		42	seq = read_seqbegin(&sysctl_port_range_lock);
		43
		44	*low = sysctl_local_port_range[0];
		45	*high = sysctl_local_port_range[1];
		46	} while (read_seqretry(&sysctl_port_range_lock, seq));
		47	}
		48	EXPORT_SYMBOL(inet_get_local_port_range);
36		49
37	int inet_csk_bind_conflict(const struct sock *sk,	50	int inet_csk_bind_conflict(const struct sock *sk,
38	const struct inet_bind_bucket *tb)	51	const struct inet_bind_bucket *tb)
@@ -77,10 +90,11 @@ int inet_csk_get_port(struct inet_hashinfo *hashinfo,
77		90
78	local_bh_disable();	91	local_bh_disable();
79	if (!snum) {	92	if (!snum) {
80	int low = sysctl_local_port_range[0];	93	int remaining, rover, low, high;
81	int high = sysctl_local_port_range[1];	94
82	int remaining = (high - low) + 1;	95	inet_get_local_port_range(&low, &high);
83	int rover = net_random() % (high - low) + low;	96	remaining = high - low;
		97	rover = net_random() % remaining + low;
84		98
85	do {	99	do {
86	head = &hashinfo->bhash[inet_bhashfn(rover, hashinfo->bhash_size)];	100	head = &hashinfo->bhash[inet_bhashfn(rover, hashinfo->bhash_size)];


diff --git a/net/ipv4/inet_hashtables.c b/net/ipv4/inet_hashtables.c index fb662621c54e..fac6398e4367 100644 --- a/net/ipv4/inet_hashtables.c +++ b/net/ipv4/inet_hashtables.c
@@ -279,19 +279,18 @@ int inet_hash_connect(struct inet_timewait_death_row *death_row,
279	int ret;	279	int ret;
280		280
281	if (!snum) {	281	if (!snum) {
282	int low = sysctl_local_port_range[0];	282	int i, remaining, low, high, port;
283	int high = sysctl_local_port_range[1];
284	int range = high - low;
285	int i;
286	int port;
287	static u32 hint;	283	static u32 hint;
288	u32 offset = hint + inet_sk_port_offset(sk);	284	u32 offset = hint + inet_sk_port_offset(sk);
289	struct hlist_node *node;	285	struct hlist_node *node;
290	struct inet_timewait_sock *tw = NULL;	286	struct inet_timewait_sock *tw = NULL;
291		287
		288	inet_get_local_port_range(&low, &high);
		289	remaining = high - low;
		290
292	local_bh_disable();	291	local_bh_disable();
293	for (i = 1; i <= range; i++) {	292	for (i = 1; i <= remaining; i++) {
294	port = low + (i + offset) % range;	293	port = low + (i + offset) % remaining;
295	head = &hinfo->bhash[inet_bhashfn(port, hinfo->bhash_size)];	294	head = &hinfo->bhash[inet_bhashfn(port, hinfo->bhash_size)];
296	spin_lock(&head->lock);	295	spin_lock(&head->lock);
297		296


diff --git a/net/ipv4/sysctl_net_ipv4.c b/net/ipv4/sysctl_net_ipv4.c index 53ef0f4bbdaa..eb286abcf5dc 100644 --- a/net/ipv4/sysctl_net_ipv4.c +++ b/net/ipv4/sysctl_net_ipv4.c
@@ -12,6 +12,7 @@
12	#include <linux/sysctl.h>	12	#include <linux/sysctl.h>
13	#include <linux/igmp.h>	13	#include <linux/igmp.h>
14	#include <linux/inetdevice.h>	14	#include <linux/inetdevice.h>
		15	#include <linux/seqlock.h>
15	#include <net/snmp.h>	16	#include <net/snmp.h>
16	#include <net/icmp.h>	17	#include <net/icmp.h>
17	#include <net/ip.h>	18	#include <net/ip.h>
@@ -89,6 +90,74 @@ static int ipv4_sysctl_forward_strategy(ctl_table *table,
89	return 1;	90	return 1;
90	}	91	}
91		92
		93	extern seqlock_t sysctl_port_range_lock;
		94	extern int sysctl_local_port_range[2];
		95
		96	/* Update system visible IP port range */
		97	static void set_local_port_range(int range[2])
		98	{
		99	write_seqlock(&sysctl_port_range_lock);
		100	sysctl_local_port_range[0] = range[0];
		101	sysctl_local_port_range[1] = range[1];
		102	write_sequnlock(&sysctl_port_range_lock);
		103	}
		104
		105	/* Validate changes from /proc interface. */
		106	static int ipv4_local_port_range(ctl_table table, int write, struct file filp,
		107	void __user *buffer,
		108	size_t lenp, loff_t ppos)
		109	{
		110	int ret;
		111	int range[2] = { sysctl_local_port_range[0],
		112	sysctl_local_port_range[1] };
		113	ctl_table tmp = {
		114	.data = &range,
		115	.maxlen = sizeof(range),
		116	.mode = table->mode,
		117	.extra1 = &ip_local_port_range_min,
		118	.extra2 = &ip_local_port_range_max,
		119	};
		120
		121	ret = proc_dointvec_minmax(&tmp, write, filp, buffer, lenp, ppos);
		122
		123	if (write && ret == 0) {
		124	if (range[1] <= range[0])
		125	ret = -EINVAL;
		126	else
		127	set_local_port_range(range);
		128	}
		129
		130	return ret;
		131	}
		132
		133	/* Validate changes from sysctl interface. */
		134	static int ipv4_sysctl_local_port_range(ctl_table table, int __user name,
		135	int nlen, void __user *oldval,
		136	size_t __user *oldlenp,
		137	void __user *newval, size_t newlen)
		138	{
		139	int ret;
		140	int range[2] = { sysctl_local_port_range[0],
		141	sysctl_local_port_range[1] };
		142	ctl_table tmp = {
		143	.data = &range,
		144	.maxlen = sizeof(range),
		145	.mode = table->mode,
		146	.extra1 = &ip_local_port_range_min,
		147	.extra2 = &ip_local_port_range_max,
		148	};
		149
		150	ret = sysctl_intvec(&tmp, name, nlen, oldval, oldlenp, newval, newlen);
		151	if (ret == 0 && newval && newlen) {
		152	if (range[1] <= range[0])
		153	ret = -EINVAL;
		154	else
		155	set_local_port_range(range);
		156	}
		157	return ret;
		158	}
		159
		160
92	static int proc_tcp_congestion_control(ctl_table ctl, int write, struct file filp,	161	static int proc_tcp_congestion_control(ctl_table ctl, int write, struct file filp,
93	void __user buffer, size_t lenp, loff_t *ppos)	162	void __user buffer, size_t lenp, loff_t *ppos)
94	{	163	{
@@ -427,10 +496,8 @@ ctl_table ipv4_table[] = {
427	.data = &sysctl_local_port_range,	496	.data = &sysctl_local_port_range,
428	.maxlen = sizeof(sysctl_local_port_range),	497	.maxlen = sizeof(sysctl_local_port_range),
429	.mode = 0644,	498	.mode = 0644,
430	.proc_handler = &proc_dointvec_minmax,	499	.proc_handler = &ipv4_local_port_range,
431	.strategy = &sysctl_intvec,	500	.strategy = &ipv4_sysctl_local_port_range,
432	.extra1 = ip_local_port_range_min,
433	.extra2 = ip_local_port_range_max
434	},	501	},
435	{	502	{
436	.ctl_name = NET_IPV4_ICMP_ECHO_IGNORE_ALL,	503	.ctl_name = NET_IPV4_ICMP_ECHO_IGNORE_ALL,


diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index 8855e640e958..38cf73a56731 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c
@@ -2470,6 +2470,5 @@ EXPORT_SYMBOL(tcp_v4_syn_recv_sock);
2470	EXPORT_SYMBOL(tcp_proc_register);	2470	EXPORT_SYMBOL(tcp_proc_register);
2471	EXPORT_SYMBOL(tcp_proc_unregister);	2471	EXPORT_SYMBOL(tcp_proc_unregister);
2472	#endif	2472	#endif
2473	EXPORT_SYMBOL(sysctl_local_port_range);
2474	EXPORT_SYMBOL(sysctl_tcp_low_latency);	2473	EXPORT_SYMBOL(sysctl_tcp_low_latency);
2475		2474


diff --git a/net/ipv4/udp.c b/net/ipv4/udp.c index ef4d901ee9ad..cb9fc58efb2f 100644 --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c
@@ -147,11 +147,11 @@ int __udp_lib_get_port(struct sock *sk, unsigned short snum,
147	write_lock_bh(&udp_hash_lock);	147	write_lock_bh(&udp_hash_lock);
148		148
149	if (!snum) {	149	if (!snum) {
150	int i;	150	int i, low, high;
151	int low = sysctl_local_port_range[0];
152	int high = sysctl_local_port_range[1];
153	unsigned rover, best, best_size_so_far;	151	unsigned rover, best, best_size_so_far;
154		152
		153	inet_get_local_port_range(&low, &high);
		154
155	best_size_so_far = UINT_MAX;	155	best_size_so_far = UINT_MAX;
156	best = rover = net_random() % (high - low) + low;	156	best = rover = net_random() % (high - low) + low;
157		157


diff --git a/net/ipv6/inet6_hashtables.c b/net/ipv6/inet6_hashtables.c index ae6b0e7eb488..1c2c27655435 100644 --- a/net/ipv6/inet6_hashtables.c +++ b/net/ipv6/inet6_hashtables.c
@@ -254,18 +254,18 @@ int inet6_hash_connect(struct inet_timewait_death_row *death_row,
254	int ret;	254	int ret;
255		255
256	if (snum == 0) {	256	if (snum == 0) {
257	const int low = sysctl_local_port_range[0];	257	int i, port, low, high, remaining;
258	const int high = sysctl_local_port_range[1];
259	const int range = high - low;
260	int i, port;
261	static u32 hint;	258	static u32 hint;
262	const u32 offset = hint + inet6_sk_port_offset(sk);	259	const u32 offset = hint + inet6_sk_port_offset(sk);
263	struct hlist_node *node;	260	struct hlist_node *node;
264	struct inet_timewait_sock *tw = NULL;	261	struct inet_timewait_sock *tw = NULL;
265		262
		263	inet_get_local_port_range(&low, &high);
		264	remaining = high - low;
		265
266	local_bh_disable();	266	local_bh_disable();
267	for (i = 1; i <= range; i++) {	267	for (i = 1; i <= remaining; i++) {
268	port = low + (i + offset) % range;	268	port = low + (i + offset) % remaining;
269	head = &hinfo->bhash[inet_bhashfn(port, hinfo->bhash_size)];	269	head = &hinfo->bhash[inet_bhashfn(port, hinfo->bhash_size)];
270	spin_lock(&head->lock);	270	spin_lock(&head->lock);
271		271


diff --git a/net/sctp/socket.c b/net/sctp/socket.c index 7cd58ef84eda..9c6a4b5f6264 100644 --- a/net/sctp/socket.c +++ b/net/sctp/socket.c
@@ -5315,11 +5315,12 @@ static long sctp_get_port_local(struct sock sk, union sctp_addr addr)
5315		5315
5316	if (snum == 0) {	5316	if (snum == 0) {
5317	/* Search for an available port. */	5317	/* Search for an available port. */
5318	unsigned int low = sysctl_local_port_range[0];	5318	int low, high, remaining, index;
5319	unsigned int high = sysctl_local_port_range[1];	5319	unsigned int rover;
5320	unsigned int remaining = (high - low) + 1;	5320
5321	unsigned int rover = net_random() % remaining + low;	5321	inet_get_local_port_range(&low, &high);
5322	int index;	5322	remaining = (high - low) + 1;
		5323	rover = net_random() % remaining + low;
5323		5324
5324	do {	5325	do {
5325	rover++;	5326	rover++;


diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 0753b20e23fe..3c3fff33d1ce 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c
@@ -47,7 +47,7 @@
47	#include <linux/netfilter_ipv6.h>	47	#include <linux/netfilter_ipv6.h>
48	#include <linux/tty.h>	48	#include <linux/tty.h>
49	#include <net/icmp.h>	49	#include <net/icmp.h>
50	#include <net/ip.h> /* for sysctl_local_port_range[] */	50	#include <net/ip.h> /* for local_port_range[] */
51	#include <net/tcp.h> /* struct or_callable used in sock_rcv_skb */	51	#include <net/tcp.h> /* struct or_callable used in sock_rcv_skb */
52	#include <asm/uaccess.h>	52	#include <asm/uaccess.h>
53	#include <asm/ioctls.h>	53	#include <asm/ioctls.h>
@@ -3232,8 +3232,6 @@ static int selinux_socket_post_create(struct socket *sock, int family,
3232	/* Range of port numbers used to automatically bind.	3232	/* Range of port numbers used to automatically bind.
3233	Need to determine whether we should perform a name_bind	3233	Need to determine whether we should perform a name_bind
3234	permission check between the socket and the port number. */	3234	permission check between the socket and the port number. */
3235	#define ip_local_port_range_0 sysctl_local_port_range[0]
3236	#define ip_local_port_range_1 sysctl_local_port_range[1]
3237		3235
3238	static int selinux_socket_bind(struct socket sock, struct sockaddr address, int addrlen)	3236	static int selinux_socket_bind(struct socket sock, struct sockaddr address, int addrlen)
3239	{	3237	{
@@ -3276,20 +3274,27 @@ static int selinux_socket_bind(struct socket sock, struct sockaddr address, in
3276	addrp = (char *)&addr6->sin6_addr.s6_addr;	3274	addrp = (char *)&addr6->sin6_addr.s6_addr;
3277	}	3275	}
3278		3276
3279	if (snum&&(snum < max(PROT_SOCK,ip_local_port_range_0) \|\|	3277	if (snum) {
3280	snum > ip_local_port_range_1)) {	3278	int low, high;
3281	err = security_port_sid(sk->sk_family, sk->sk_type,	3279
3282	sk->sk_protocol, snum, &sid);	3280	inet_get_local_port_range(&low, &high);
3283	if (err)	3281
3284	goto out;	3282	if (snum < max(PROT_SOCK, low) \|\| snum > high) {
3285	AVC_AUDIT_DATA_INIT(&ad,NET);	3283	err = security_port_sid(sk->sk_family,
3286	ad.u.net.sport = htons(snum);	3284	sk->sk_type,
3287	ad.u.net.family = family;	3285	sk->sk_protocol, snum,
3288	err = avc_has_perm(isec->sid, sid,	3286	&sid);
3289	isec->sclass,	3287	if (err)
3290	SOCKET__NAME_BIND, &ad);	3288	goto out;
3291	if (err)	3289	AVC_AUDIT_DATA_INIT(&ad,NET);
3292	goto out;	3290	ad.u.net.sport = htons(snum);
		3291	ad.u.net.family = family;
		3292	err = avc_has_perm(isec->sid, sid,
		3293	isec->sclass,
		3294	SOCKET__NAME_BIND, &ad);
		3295	if (err)
		3296	goto out;
		3297	}
3293	}	3298	}
3294		3299
3295	switch(isec->sclass) {	3300	switch(isec->sclass) {