Commit 7058cb02 authored by Eric W. Biederman's avatar Eric W. Biederman Committed by Linus Torvalds

sysctl: deprecate sys_sysctl in a user space visible fashion.

After adding checking to register_sysctl_table and finding a whole new set
of bugs.  Missed by countless code reviews and testers I have finally lost
patience with the binary sysctl interface.

The binary sysctl interface has been sort of deprecated for years and
finding a user space program that uses the syscall is more difficult then
finding a needle in a haystack.  Problems continue to crop up, with the in
kernel implementation.  So since supporting something that no one uses is
silly, deprecate sys_sysctl with a sufficient grace period and notice that
the handful of user space applications that care can be fixed or replaced.

The /proc/sys sysctl interface that people use will continue to be
supported indefinitely.

This patch moves the tested warning about sysctls from the path where
sys_sysctl to a separate path called from both implementations of
sys_sysctl, and it adds a proper entry into
Documentation/feature-removal-schedule.

Allowing us to revisit this in a couple years time and actually kill
sys_sysctl.

[lethal@linux-sh.org: sysctl: Fix syscall disabled build]
Signed-off-by: default avatarEric W. Biederman <ebiederm@xmission.com>
Signed-off-by: default avatarPaul Mundt <lethal@linux-sh.org>
Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
parent 8ada720d
...@@ -82,6 +82,41 @@ Who: Dominik Brodowski <linux@brodo.de> ...@@ -82,6 +82,41 @@ Who: Dominik Brodowski <linux@brodo.de>
--------------------------- ---------------------------
What: sys_sysctl
When: September 2010
Option: CONFIG_SYSCTL_SYSCALL
Why: The same information is available in a more convenient from
/proc/sys, and none of the sysctl variables appear to be
important performance wise.
Binary sysctls are a long standing source of subtle kernel
bugs and security issues.
When I looked several months ago all I could find after
searching several distributions were 5 user space programs and
glibc (which falls back to /proc/sys) using this syscall.
The man page for sysctl(2) documents it as unusable for user
space programs.
sysctl(2) is not generally ABI compatible to a 32bit user
space application on a 64bit and a 32bit kernel.
For the last several months the policy has been no new binary
sysctls and no one has put forward an argument to use them.
Binary sysctls issues seem to keep happening appearing so
properly deprecating them (with a warning to user space) and a
2 year grace warning period will mean eventually we can kill
them and end the pain.
In the mean time individual binary sysctls can be dealt with
in a piecewise fashion.
Who: Eric Biederman <ebiederm@xmission.com>
---------------------------
What: a.out interpreter support for ELF executables What: a.out interpreter support for ELF executables
When: 2.6.25 When: 2.6.25
Files: fs/binfmt_elf.c Files: fs/binfmt_elf.c
......
...@@ -55,6 +55,8 @@ ...@@ -55,6 +55,8 @@
#include <asm/stacktrace.h> #include <asm/stacktrace.h>
#endif #endif
static int deprecated_sysctl_warning(struct __sysctl_args *args);
#if defined(CONFIG_SYSCTL) #if defined(CONFIG_SYSCTL)
/* External variables not in a header file. */ /* External variables not in a header file. */
...@@ -1347,10 +1349,15 @@ asmlinkage long sys_sysctl(struct __sysctl_args __user *args) ...@@ -1347,10 +1349,15 @@ asmlinkage long sys_sysctl(struct __sysctl_args __user *args)
if (copy_from_user(&tmp, args, sizeof(tmp))) if (copy_from_user(&tmp, args, sizeof(tmp)))
return -EFAULT; return -EFAULT;
error = deprecated_sysctl_warning(&tmp);
if (error)
goto out;
lock_kernel(); lock_kernel();
error = do_sysctl(tmp.name, tmp.nlen, tmp.oldval, tmp.oldlenp, error = do_sysctl(tmp.name, tmp.nlen, tmp.oldval, tmp.oldlenp,
tmp.newval, tmp.newlen); tmp.newval, tmp.newlen);
unlock_kernel(); unlock_kernel();
out:
return error; return error;
} }
#endif /* CONFIG_SYSCTL_SYSCALL */ #endif /* CONFIG_SYSCTL_SYSCALL */
...@@ -2540,35 +2547,19 @@ int sysctl_ms_jiffies(struct ctl_table *table, int __user *name, int nlen, ...@@ -2540,35 +2547,19 @@ int sysctl_ms_jiffies(struct ctl_table *table, int __user *name, int nlen,
asmlinkage long sys_sysctl(struct __sysctl_args __user *args) asmlinkage long sys_sysctl(struct __sysctl_args __user *args)
{ {
static int msg_count;
struct __sysctl_args tmp; struct __sysctl_args tmp;
int name[CTL_MAXNAME]; int error;
int i;
/* Read in the sysctl name for better debug message logging */
if (copy_from_user(&tmp, args, sizeof(tmp))) if (copy_from_user(&tmp, args, sizeof(tmp)))
return -EFAULT; return -EFAULT;
if (tmp.nlen <= 0 || tmp.nlen >= CTL_MAXNAME)
return -ENOTDIR;
for (i = 0; i < tmp.nlen; i++)
if (get_user(name[i], tmp.name + i))
return -EFAULT;
/* Ignore accesses to kernel.version */ error = deprecated_sysctl_warning(&tmp);
if ((tmp.nlen == 2) && (name[0] == CTL_KERN) && (name[1] == KERN_VERSION))
goto out;
if (msg_count < 5) { /* If no error reading the parameters then just -ENOSYS ... */
msg_count++; if (!error)
printk(KERN_INFO error = -ENOSYS;
"warning: process `%s' used the removed sysctl "
"system call with ", current->comm); return error;
for (i = 0; i < tmp.nlen; i++)
printk("%d.", name[i]);
printk("\n");
}
out:
return -ENOSYS;
} }
int sysctl_data(struct ctl_table *table, int __user *name, int nlen, int sysctl_data(struct ctl_table *table, int __user *name, int nlen,
...@@ -2608,6 +2599,33 @@ int sysctl_ms_jiffies(struct ctl_table *table, int __user *name, int nlen, ...@@ -2608,6 +2599,33 @@ int sysctl_ms_jiffies(struct ctl_table *table, int __user *name, int nlen,
#endif /* CONFIG_SYSCTL_SYSCALL */ #endif /* CONFIG_SYSCTL_SYSCALL */
static int deprecated_sysctl_warning(struct __sysctl_args *args)
{
static int msg_count;
int name[CTL_MAXNAME];
int i;
/* Read in the sysctl name for better debug message logging */
for (i = 0; i < args->nlen; i++)
if (get_user(name[i], args->name + i))
return -EFAULT;
/* Ignore accesses to kernel.version */
if ((args->nlen == 2) && (name[0] == CTL_KERN) && (name[1] == KERN_VERSION))
return 0;
if (msg_count < 5) {
msg_count++;
printk(KERN_INFO
"warning: process `%s' used the deprecated sysctl "
"system call with ", current->comm);
for (i = 0; i < args->nlen; i++)
printk("%d.", name[i]);
printk("\n");
}
return 0;
}
/* /*
* No sense putting this after each symbol definition, twice, * No sense putting this after each symbol definition, twice,
* exception granted :-) * exception granted :-)
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment