@@ -24,11 +24,6 @@ struct local_ports {
bool warned;
};
-struct ping_group_range {
- seqlock_t lock;
- kgid_t range[2];
-};
-
struct inet_hashinfo;
struct inet_timewait_death_row {
@@ -190,8 +185,6 @@ struct netns_ipv4 {
int sysctl_igmp_llm_reports;
int sysctl_igmp_qrv;
- struct ping_group_range ping_group_range;
-
atomic_t dev_addr_genid;
#ifdef CONFIG_SYSCTL
@@ -1814,14 +1814,6 @@ static __net_init int inet_init_net(struct net *net)
net->ipv4.ip_local_ports.range[0] = 32768;
net->ipv4.ip_local_ports.range[1] = 60999;
- seqlock_init(&net->ipv4.ping_group_range.lock);
- /*
- * Sane defaults - nobody may create ping sockets.
- * Boot scripts should set this to distro-specific group.
- */
- net->ipv4.ping_group_range.range[0] = make_kgid(&init_user_ns, 1);
- net->ipv4.ping_group_range.range[1] = make_kgid(&init_user_ns, 0);
-
/* Default values for sysctl-controlled parameters.
* We set them here, in case sysctl is not compiled.
*/
@@ -234,50 +234,13 @@ static struct sock *ping_lookup(struct net *net, struct sk_buff *skb, u16 ident)
return sk;
}
-static void inet_get_ping_group_range_net(struct net *net, kgid_t *low,
- kgid_t *high)
-{
- kgid_t *data = net->ipv4.ping_group_range.range;
- unsigned int seq;
-
- do {
- seq = read_seqbegin(&net->ipv4.ping_group_range.lock);
-
- *low = data[0];
- *high = data[1];
- } while (read_seqretry(&net->ipv4.ping_group_range.lock, seq));
-}
-
int ping_init_sock(struct sock *sk)
{
- struct net *net = sock_net(sk);
- kgid_t group = current_egid();
- struct group_info *group_info;
- int i;
- kgid_t low, high;
- int ret = 0;
-
if (sk->sk_family == AF_INET6)
sk->sk_ipv6only = 1;
- inet_get_ping_group_range_net(net, &low, &high);
- if (gid_lte(low, group) && gid_lte(group, high))
- return 0;
-
- group_info = get_current_groups();
- for (i = 0; i < group_info->ngroups; i++) {
- kgid_t gid = group_info->gid[i];
-
- if (gid_lte(low, gid) && gid_lte(gid, high))
- goto out_release_group;
- }
-
- ret = -EACCES;
-
-out_release_group:
- put_group_info(group_info);
- return ret;
+ return 0;
}
EXPORT_SYMBOL_GPL(ping_init_sock);
@@ -45,8 +45,6 @@ static int ip_ttl_min = 1;
static int ip_ttl_max = 255;
static int tcp_syn_retries_min = 1;
static int tcp_syn_retries_max = MAX_TCP_SYNCNT;
-static int ip_ping_group_range_min[] = { 0, 0 };
-static int ip_ping_group_range_max[] = { GID_T_MAX, GID_T_MAX };
static int comp_sack_nr_max = 255;
static u32 u32_max_div_HZ = UINT_MAX / HZ;
static int one_day_secs = 24 * 3600;
@@ -140,69 +138,6 @@ static int ipv4_privileged_ports(struct ctl_table *table, int write,
return ret;
}
-static void inet_get_ping_group_range_table(struct ctl_table *table, kgid_t *low, kgid_t *high)
-{
- kgid_t *data = table->data;
- struct net *net =
- container_of(table->data, struct net, ipv4.ping_group_range.range);
- unsigned int seq;
- do {
- seq = read_seqbegin(&net->ipv4.ping_group_range.lock);
-
- *low = data[0];
- *high = data[1];
- } while (read_seqretry(&net->ipv4.ping_group_range.lock, seq));
-}
-
-/* Update system visible IP port range */
-static void set_ping_group_range(struct ctl_table *table, kgid_t low, kgid_t high)
-{
- kgid_t *data = table->data;
- struct net *net =
- container_of(table->data, struct net, ipv4.ping_group_range.range);
- write_seqlock(&net->ipv4.ping_group_range.lock);
- data[0] = low;
- data[1] = high;
- write_sequnlock(&net->ipv4.ping_group_range.lock);
-}
-
-/* Validate changes from /proc interface. */
-static int ipv4_ping_group_range(struct ctl_table *table, int write,
- void __user *buffer,
- size_t *lenp, loff_t *ppos)
-{
- struct user_namespace *user_ns = current_user_ns();
- int ret;
- gid_t urange[2];
- kgid_t low, high;
- struct ctl_table tmp = {
- .data = &urange,
- .maxlen = sizeof(urange),
- .mode = table->mode,
- .extra1 = &ip_ping_group_range_min,
- .extra2 = &ip_ping_group_range_max,
- };
-
- inet_get_ping_group_range_table(table, &low, &high);
- urange[0] = from_kgid_munged(user_ns, low);
- urange[1] = from_kgid_munged(user_ns, high);
- ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos);
-
- if (write && ret == 0) {
- low = make_kgid(user_ns, urange[0]);
- high = make_kgid(user_ns, urange[1]);
- if (!gid_valid(low) || !gid_valid(high))
- return -EINVAL;
- if (urange[1] < urange[0] || gid_lt(high, low)) {
- low = make_kgid(&init_user_ns, 1);
- high = make_kgid(&init_user_ns, 0);
- }
- set_ping_group_range(table, low, high);
- }
-
- return ret;
-}
-
static int ipv4_fwd_update_priority(struct ctl_table *table, int write,
void __user *buffer,
size_t *lenp, loff_t *ppos)
@@ -658,13 +593,6 @@ static struct ctl_table ipv4_net_table[] = {
.mode = 0644,
.proc_handler = proc_dointvec
},
- {
- .procname = "ping_group_range",
- .data = &init_net.ipv4.ping_group_range.range,
- .maxlen = sizeof(gid_t)*2,
- .mode = 0644,
- .proc_handler = ipv4_ping_group_range,
- },
#ifdef CONFIG_NET_L3_MASTER_DEV
{
.procname = "raw_l3mdev_accept",