4 files changed, 38 insertions, 8 deletions

diff --git a/net/ieee802154/reassembly.c b/net/ieee802154/reassembly.c
index 8da635d92a58..f13d4f32e207 100644
--- a/net/ieee802154/reassembly.c
+++ b/net/ieee802154/reassembly.c
@@ -386,20 +386,25 @@ err:
 EXPORT_SYMBOL(lowpan_frag_rcv);
 
 #ifdef CONFIG_SYSCTL
+static int zero;
+
 static struct ctl_table lowpan_frags_ns_ctl_table[] = {
         {
                 .procname       = "6lowpanfrag_high_thresh",
                 .data           = &init_net.ieee802154_lowpan.frags.high_thresh,
                 .maxlen         = sizeof(int),
                 .mode           = 0644,
-                .proc_handler   = proc_dointvec
+                .proc_handler   = proc_dointvec_minmax,
+                .extra1         = &init_net.ieee802154_lowpan.frags.low_thresh
         },
         {
                 .procname       = "6lowpanfrag_low_thresh",
                 .data           = &init_net.ieee802154_lowpan.frags.low_thresh,
                 .maxlen         = sizeof(int),
                 .mode           = 0644,
-                .proc_handler   = proc_dointvec
+                .proc_handler   = proc_dointvec_minmax,
+                .extra1         = &zero,
+                .extra2         = &init_net.ieee802154_lowpan.frags.high_thresh
         },
         {
                 .procname       = "6lowpanfrag_time",
@@ -446,7 +451,10 @@ static int __net_init lowpan_frags_ns_sysctl_register(struct net *net)
                         goto err_alloc;
 
                 table[0].data = &ieee802154_lowpan->frags.high_thresh;
+                table[0].extra1 = &ieee802154_lowpan->frags.low_thresh;
+                table[0].extra2 = &init_net.ieee802154_lowpan.frags.high_thresh;
                 table[1].data = &ieee802154_lowpan->frags.low_thresh;
+                table[1].extra2 = &ieee802154_lowpan->frags.high_thresh;
                 table[2].data = &ieee802154_lowpan->frags.timeout;
                 table[3].data = &ieee802154_lowpan->max_dsize;
 
diff --git a/net/ipv4/ip_fragment.c b/net/ipv4/ip_fragment.c
index ccee68dffd6e..634fc31aa243 100644
--- a/net/ipv4/ip_fragment.c
+++ b/net/ipv4/ip_fragment.c
@@ -700,14 +700,17 @@ static struct ctl_table ip4_frags_ns_ctl_table[] = {
                 .data           = &init_net.ipv4.frags.high_thresh,
                 .maxlen         = sizeof(int),
                 .mode           = 0644,
-                .proc_handler   = proc_dointvec
+                .proc_handler   = proc_dointvec_minmax,
+                .extra1         = &init_net.ipv4.frags.low_thresh
         },
         {
                 .procname       = "ipfrag_low_thresh",
                 .data           = &init_net.ipv4.frags.low_thresh,
                 .maxlen         = sizeof(int),
                 .mode           = 0644,
-                .proc_handler   = proc_dointvec
+                .proc_handler   = proc_dointvec_minmax,
+                .extra1         = &zero,
+                .extra2         = &init_net.ipv4.frags.high_thresh
         },
         {
                 .procname       = "ipfrag_time",
@@ -752,7 +755,10 @@ static int __net_init ip4_frags_ns_ctl_register(struct net *net)
                         goto err_alloc;
 
                 table[0].data = &net->ipv4.frags.high_thresh;
+                table[0].extra1 = &net->ipv4.frags.low_thresh;
+                table[0].extra2 = &init_net.ipv4.frags.high_thresh;
                 table[1].data = &net->ipv4.frags.low_thresh;
+                table[1].extra2 = &net->ipv4.frags.high_thresh;
                 table[2].data = &net->ipv4.frags.timeout;
 
                 /* Don't export sysctls to unprivileged users */
diff --git a/net/ipv6/netfilter/nf_conntrack_reasm.c b/net/ipv6/netfilter/nf_conntrack_reasm.c
index 4d9da1e35f8c..3d4bccf6d67d 100644
--- a/net/ipv6/netfilter/nf_conntrack_reasm.c
+++ b/net/ipv6/netfilter/nf_conntrack_reasm.c
@@ -63,6 +63,8 @@ struct nf_ct_frag6_skb_cb
 static struct inet_frags nf_frags;
 
 #ifdef CONFIG_SYSCTL
+static int zero;
+
 static struct ctl_table nf_ct_frag6_sysctl_table[] = {
         {
                 .procname       = "nf_conntrack_frag6_timeout",
@@ -76,14 +78,17 @@ static struct ctl_table nf_ct_frag6_sysctl_table[] = {
                 .data           = &init_net.nf_frag.frags.low_thresh,
                 .maxlen         = sizeof(unsigned int),
                 .mode           = 0644,
-                .proc_handler   = proc_dointvec,
+                .proc_handler   = proc_dointvec_minmax,
+                .extra1         = &zero,
+                .extra2         = &init_net.nf_frag.frags.high_thresh
         },
         {
                 .procname       = "nf_conntrack_frag6_high_thresh",
                 .data           = &init_net.nf_frag.frags.high_thresh,
                 .maxlen         = sizeof(unsigned int),
                 .mode           = 0644,
-                .proc_handler   = proc_dointvec,
+                .proc_handler   = proc_dointvec_minmax,
+                .extra1         = &init_net.nf_frag.frags.low_thresh
         },
         { }
 };
@@ -102,7 +107,10 @@ static int nf_ct_frag6_sysctl_register(struct net *net)
 
                 table[0].data = &net->nf_frag.frags.timeout;
                 table[1].data = &net->nf_frag.frags.low_thresh;
+                table[1].extra2 = &net->nf_frag.frags.high_thresh;
                 table[2].data = &net->nf_frag.frags.high_thresh;
+                table[2].extra1 = &net->nf_frag.frags.low_thresh;
+                table[2].extra2 = &init_net.nf_frag.frags.high_thresh;
         }
 
         hdr = register_net_sysctl(net, "net/netfilter", table);
diff --git a/net/ipv6/reassembly.c b/net/ipv6/reassembly.c
index 57a9707b2032..f1709c4a289a 100644
--- a/net/ipv6/reassembly.c
+++ b/net/ipv6/reassembly.c
@@ -578,20 +578,25 @@ static const struct inet6_protocol frag_protocol =
 };
 
 #ifdef CONFIG_SYSCTL
+static int zero;
+
 static struct ctl_table ip6_frags_ns_ctl_table[] = {
         {
                 .procname       = "ip6frag_high_thresh",
                 .data           = &init_net.ipv6.frags.high_thresh,
                 .maxlen         = sizeof(int),
                 .mode           = 0644,
-                .proc_handler   = proc_dointvec
+                .proc_handler   = proc_dointvec_minmax,
+                .extra1         = &init_net.ipv6.frags.low_thresh
         },
         {
                 .procname       = "ip6frag_low_thresh",
                 .data           = &init_net.ipv6.frags.low_thresh,
                 .maxlen         = sizeof(int),
                 .mode           = 0644,
-                .proc_handler   = proc_dointvec
+                .proc_handler   = proc_dointvec_minmax,
+                .extra1         = &zero,
+                .extra2         = &init_net.ipv6.frags.high_thresh
         },
         {
                 .procname       = "ip6frag_time",
@@ -628,7 +633,10 @@ static int __net_init ip6_frags_ns_sysctl_register(struct net *net)
                         goto err_alloc;
 
                 table[0].data = &net->ipv6.frags.high_thresh;
+                table[0].extra1 = &net->ipv6.frags.low_thresh;
+                table[0].extra2 = &init_net.ipv6.frags.high_thresh;
                 table[1].data = &net->ipv6.frags.low_thresh;
+                table[1].extra2 = &net->ipv6.frags.high_thresh;
                 table[2].data = &net->ipv6.frags.timeout;
 
                 /* Don't export sysctls to unprivileged users */