From: Kees Cook <keescook@chromium.org>
To: Vlastimil Babka <vbabka@suse.cz>
Cc: Luis Chamberlain <mcgrof@kernel.org>,
Iurii Zaikin <yzaikin@google.com>,
linux-kernel@vger.kernel.org, linux-api@vger.kernel.org,
linux-mm@kvack.org, Ivan Teterevkov <ivan.teterevkov@nutanix.com>,
Michal Hocko <mhocko@kernel.org>,
David Rientjes <rientjes@google.com>,
Matthew Wilcox <willy@infradead.org>,
"Eric W . Biederman" <ebiederm@xmission.com>,
"Guilherme G . Piccoli" <gpiccoli@canonical.com>,
Alexey Dobriyan <adobriyan@gmail.com>,
Thomas Gleixner <tglx@linutronix.de>,
Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
Christian Brauner <christian.brauner@ubuntu.com>
Subject: Re: [PATCH 1/3] kernel/sysctl: support setting sysctl parameters from kernel command line
Date: Mon, 30 Mar 2020 10:39:47 -0700 [thread overview]
Message-ID: <202003301035.8688FCE5@keescook> (raw)
In-Reply-To: <20200330115535.3215-2-vbabka@suse.cz>
On Mon, Mar 30, 2020 at 01:55:33PM +0200, Vlastimil Babka wrote:
> A recently proposed patch to add vm_swappiness command line parameter in
> addition to existing sysctl [1] made me wonder why we don't have a general
> support for passing sysctl parameters via command line. Googling found only
> somebody else wondering the same [2], but I haven't found any prior discussion
> with reasons why not to do this.
>
> Settings the vm_swappiness issue aside (the underlying issue might be solved in
> a different way), quick search of kernel-parameters.txt shows there are already
> some that exist as both sysctl and kernel parameter - hung_task_panic,
> nmi_watchdog, numa_zonelist_order, traceoff_on_warning. A general mechanism
> would remove the need to add more of those one-offs and might be handy in
> situations where configuration by e.g. /etc/sysctl.d/ is impractical.
>
> Hence, this patch adds a new parse_args() pass that looks for parameters
> prefixed by 'sysctl.' and tries to interpret them as writes to the
> corresponding sys/ files using an temporary in-kernel procfs mount. This
> mechanism was suggested by Eric W. Biederman [3], as it handles all dynamically
> registered sysctl tables. Errors due to e.g. invalid parameter name or value
> are reported in the kernel log.
>
> The processing is hooked right before the init process is loaded, as some
> handlers might be more complicated than simple setters and might need some
> subsystems to be initialized. At the moment the init process can be started and
> eventually execute a process writing to /proc/sys/ then it should be also fine
> to do that from the kernel.
>
> Sysctls registered later on module load time are not set by this mechanism -
> it's expected that in such scenarios, setting sysctl values from userspace is
> practical enough.
>
> [1] https://lore.kernel.org/r/BL0PR02MB560167492CA4094C91589930E9FC0@BL0PR02MB5601.namprd02.prod.outlook.com/
> [2] https://unix.stackexchange.com/questions/558802/how-to-set-sysctl-using-kernel-command-line-parameter
> [3] https://lore.kernel.org/r/87bloj2skm.fsf@x220.int.ebiederm.org/
>
> Signed-off-by: Vlastimil Babka <vbabka@suse.cz>
> ---
> .../admin-guide/kernel-parameters.txt | 9 ++
> fs/proc/proc_sysctl.c | 100 ++++++++++++++++++
> include/linux/sysctl.h | 4 +
> init/main.c | 2 +
> 4 files changed, 115 insertions(+)
>
> diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt
> index c07815d230bc..81ff626fc700 100644
> --- a/Documentation/admin-guide/kernel-parameters.txt
> +++ b/Documentation/admin-guide/kernel-parameters.txt
> @@ -4793,6 +4793,15 @@
>
> switches= [HW,M68k]
>
> + sysctl.*= [KNL]
> + Set a sysctl parameter, right before loading the init
> + process, as if the value was written to the respective
> + /proc/sys/... file. Both '.' and '/' are recognized as
> + separators. Unrecognized parameters and invalid values
> + are reported in the kernel log. Sysctls registered
> + later by a loaded module cannot be set this way.
> + Example: sysctl.vm.swappiness=40
> +
> sysfs.deprecated=0|1 [KNL]
> Enable/disable old style sysfs layout for old udev
> on older distributions. When this option is enabled
> diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
> index c75bb4632ed1..653188c9c4c9 100644
> --- a/fs/proc/proc_sysctl.c
> +++ b/fs/proc/proc_sysctl.c
> @@ -14,6 +14,7 @@
> #include <linux/mm.h>
> #include <linux/module.h>
> #include <linux/bpf-cgroup.h>
> +#include <linux/mount.h>
> #include "internal.h"
>
> static const struct dentry_operations proc_sys_dentry_operations;
> @@ -1725,3 +1726,102 @@ int __init proc_sys_init(void)
>
> return sysctl_init();
> }
> +
> +/* Set sysctl value passed on kernel command line. */
> +static int process_sysctl_arg(char *param, char *val,
> + const char *unused, void *arg)
> +{
> + char *path;
> + struct vfsmount *proc_mnt = *((struct vfsmount **)arg);
I would just make this:
struct vfsmount **proc_mnt = (struct vfsmount **)arg;
> + struct file_system_type *proc_fs_type;
> + struct file *file;
> + int len;
> + int err;
> + loff_t pos = 0;
> + ssize_t wret;
> +
> + if (strncmp(param, "sysctl", sizeof("sysctl") - 1))
> + return 0;
> +
> + param += sizeof("sysctl") - 1;
> +
> + if (param[0] != '/' && param[0] != '.')
> + return 0;
> +
> + param++;
> +
> + if (!proc_mnt) {
if (!*proc_mnt) {
I would also add a comment here to explain that this is doing an
on-demand mount so that it doesn't have to mount proc if there are not
sysctl parameters.
> + proc_fs_type = get_fs_type("proc");
> + if (!proc_fs_type) {
> + pr_err("Failed to find procfs to set sysctl from command line");
> + return 0;
> + }
> + proc_mnt = kern_mount(proc_fs_type);
*proc_mnt = kern_mount(proc_fs_type);
> + put_filesystem(proc_fs_type);
> + if (IS_ERR(proc_mnt)) {
if (IS_ERR(*proc_mnt)) {
> + pr_err("Failed to mount procfs to set sysctl from command line");
> + return 0;
> + }
> + *((struct vfsmount **)arg) = proc_mnt;
Then drop this line.
> + }
> +
> + path = kasprintf(GFP_KERNEL, "sys/%s", param);
> + if (!path)
> + panic("%s: Failed to allocate path for %s\n", __func__, param);
> + strreplace(path, '.', '/');
> +
> + file = file_open_root(proc_mnt->mnt_root, proc_mnt, path, O_WRONLY, 0);
file = file_open_root((*proc_mnt)->mnt_root, *proc_mnt, path, O_WRONLY, 0);
> + if (IS_ERR(file)) {
> + err = PTR_ERR(file);
> + if (err == -ENOENT)
> + pr_err("Failed to set sysctl parameter '%s=%s': parameter not found",
> + param, val);
> + else if (err == -EACCES)
> + pr_err("Failed to set sysctl parameter '%s=%s': permission denied (read-only?)",
> + param, val);
> + else
> + pr_err("Error %pe opening proc file to set sysctl parameter '%s=%s'",
> + file, param, val);
> + goto out;
> + }
> + len = strlen(val);
> + wret = kernel_write(file, val, len, &pos);
> + if (wret < 0) {
> + err = wret;
> + if (err == -EINVAL)
> + pr_err("Failed to set sysctl parameter '%s=%s': invalid value",
> + param, val);
> + else
> + pr_err("Error %pe writing to proc file to set sysctl parameter '%s=%s'",
> + ERR_PTR(err), param, val);
> + } else if (wret != len) {
> + pr_err("Wrote only %ld bytes of %d writing to proc file %s to set sysctl parameter '%s=%s'",
> + wret, len, path, param, val);
> + }
> +
> + err = filp_close(file, NULL);
> + if (err)
> + pr_err("Error %pe closing proc file to set sysctl parameter '%s=%s'",
> + ERR_PTR(err), param, val);
> +out:
> + kfree(path);
> + return 0;
> +}
> +
> +void do_sysctl_args(void)
> +{
> + char *command_line;
> + struct vfsmount *proc_mnt = NULL;
> +
> + command_line = kstrdup(saved_command_line, GFP_KERNEL);
> + if (!command_line)
> + panic("%s: Failed to allocate copy of command line\n", __func__);
> +
> + parse_args("Setting sysctl args", command_line,
> + NULL, 0, -1, -1, &proc_mnt, process_sysctl_arg);
> +
> + if (proc_mnt)
> + kern_unmount(proc_mnt);
> +
> + kfree(command_line);
> +}
> diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
> index 02fa84493f23..5f3f2a00d75f 100644
> --- a/include/linux/sysctl.h
> +++ b/include/linux/sysctl.h
> @@ -206,6 +206,7 @@ struct ctl_table_header *register_sysctl_paths(const struct ctl_path *path,
> void unregister_sysctl_table(struct ctl_table_header * table);
>
> extern int sysctl_init(void);
> +void do_sysctl_args(void);
>
> extern struct ctl_table sysctl_mount_point[];
>
> @@ -236,6 +237,9 @@ static inline void setup_sysctl_set(struct ctl_table_set *p,
> {
> }
>
> +void do_sysctl_args(void)
As with the others in the no-op case:
static inline void do_sysctl_args(void)
> +{
> +}
> #endif /* CONFIG_SYSCTL */
>
> int sysctl_max_threads(struct ctl_table *table, int write,
> diff --git a/init/main.c b/init/main.c
> index ee4947af823f..a91ea166a731 100644
> --- a/init/main.c
> +++ b/init/main.c
> @@ -1367,6 +1367,8 @@ static int __ref kernel_init(void *unused)
>
> rcu_end_inkernel_boot();
>
> + do_sysctl_args();
> +
> if (ramdisk_execute_command) {
> ret = run_init_process(ramdisk_execute_command);
> if (!ret)
> --
> 2.25.1
>
Otherwise, yes, looks good!
--
Kees Cook
next prev parent reply other threads:[~2020-03-30 17:39 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-03-30 11:55 [PATCH 0/3] support setting sysctl parameters from kernel command line Vlastimil Babka
2020-03-30 11:55 ` [PATCH 1/3] kernel/sysctl: " Vlastimil Babka
2020-03-30 16:23 ` Vlastimil Babka
2020-03-30 17:40 ` Kees Cook
2020-03-30 17:39 ` Kees Cook [this message]
2020-03-30 20:15 ` kbuild test robot
2020-03-31 18:29 ` Kees Cook
2020-03-30 22:44 ` Luis Chamberlain
2020-03-31 7:42 ` Vlastimil Babka
2020-03-31 7:48 ` Michal Hocko
2020-03-31 18:26 ` Kees Cook
2020-03-31 14:31 ` Luis Chamberlain
2020-04-01 11:01 ` Vlastimil Babka
2020-04-02 16:04 ` Luis Chamberlain
2020-04-02 17:23 ` Kees Cook
2020-04-02 20:59 ` Luis Chamberlain
2020-04-03 23:57 ` Kees Cook
2020-04-06 14:08 ` Luis Chamberlain
2020-04-06 15:58 ` Kees Cook
2020-04-06 17:08 ` Luis Chamberlain
2020-04-14 11:25 ` Vlastimil Babka
2020-04-15 3:23 ` Masami Hiramatsu
2020-04-15 6:08 ` Luis Chamberlain
2020-03-30 11:55 ` [PATCH 2/3] kernel/sysctl: support handling command line aliases Vlastimil Babka
2020-03-30 17:41 ` Kees Cook
2020-03-31 14:35 ` Luis Chamberlain
2020-03-30 11:55 ` [PATCH 3/3] kernel/hung_task convert hung_task_panic boot parameter to sysctl Vlastimil Babka
2020-03-30 17:43 ` Kees Cook
2020-03-31 0:34 ` John Hubbard
2020-03-31 7:27 ` Vlastimil Babka
2020-03-31 15:49 ` John Hubbard
2020-03-31 23:12 ` Tetsuo Handa
2020-04-01 8:47 ` Vlastimil Babka
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=202003301035.8688FCE5@keescook \
--to=keescook@chromium.org \
--cc=adobriyan@gmail.com \
--cc=christian.brauner@ubuntu.com \
--cc=ebiederm@xmission.com \
--cc=gpiccoli@canonical.com \
--cc=gregkh@linuxfoundation.org \
--cc=ivan.teterevkov@nutanix.com \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-mm@kvack.org \
--cc=mcgrof@kernel.org \
--cc=mhocko@kernel.org \
--cc=rientjes@google.com \
--cc=tglx@linutronix.de \
--cc=vbabka@suse.cz \
--cc=willy@infradead.org \
--cc=yzaikin@google.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.