tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

net: relax SO_TXTIME CAP_NET_ADMIN check

Now sch_fq has horizon feature, we want to allow QUIC/UDP applications
to use EDT model so that pacing can be offloaded to the kernel (sch_fq)
or the NIC.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Cc: Willem de Bruijn <willemb@google.com>
Acked-by: Willem de Bruijn <willemb@google.com>
Acked-by: Vinicius Costa Gomes <vinicius.gomes@intel.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Eric Dumazet and committed by
David S. Miller 790709f2 738fea32

+18 -10
+18 -10
net/core/sock.c
··· 1152 1152 break; 1153 1153 1154 1154 case SO_TXTIME: 1155 - if (!ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) { 1156 - ret = -EPERM; 1157 - } else if (optlen != sizeof(struct sock_txtime)) { 1155 + if (optlen != sizeof(struct sock_txtime)) { 1158 1156 ret = -EINVAL; 1157 + break; 1159 1158 } else if (copy_from_user(&sk_txtime, optval, 1160 1159 sizeof(struct sock_txtime))) { 1161 1160 ret = -EFAULT; 1161 + break; 1162 1162 } else if (sk_txtime.flags & ~SOF_TXTIME_FLAGS_MASK) { 1163 1163 ret = -EINVAL; 1164 - } else { 1165 - sock_valbool_flag(sk, SOCK_TXTIME, true); 1166 - sk->sk_clockid = sk_txtime.clockid; 1167 - sk->sk_txtime_deadline_mode = 1168 - !!(sk_txtime.flags & SOF_TXTIME_DEADLINE_MODE); 1169 - sk->sk_txtime_report_errors = 1170 - !!(sk_txtime.flags & SOF_TXTIME_REPORT_ERRORS); 1164 + break; 1171 1165 } 1166 + /* CLOCK_MONOTONIC is only used by sch_fq, and this packet 1167 + * scheduler has enough safe guards. 1168 + */ 1169 + if (sk_txtime.clockid != CLOCK_MONOTONIC && 1170 + !ns_capable(sock_net(sk)->user_ns, CAP_NET_ADMIN)) { 1171 + ret = -EPERM; 1172 + break; 1173 + } 1174 + sock_valbool_flag(sk, SOCK_TXTIME, true); 1175 + sk->sk_clockid = sk_txtime.clockid; 1176 + sk->sk_txtime_deadline_mode = 1177 + !!(sk_txtime.flags & SOF_TXTIME_DEADLINE_MODE); 1178 + sk->sk_txtime_report_errors = 1179 + !!(sk_txtime.flags & SOF_TXTIME_REPORT_ERRORS); 1172 1180 break; 1173 1181 1174 1182 case SO_BINDTOIFINDEX: