From: "Luis R. Rodriguez" <mcgrof@kernel.org>
To: Waiman Long <longman@redhat.com>
Cc: "Luis R. Rodriguez" <mcgrof@kernel.org>,
Kees Cook <keescook@chromium.org>,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-doc@vger.kernel.org, Jonathan Corbet <corbet@lwn.net>,
Andrew Morton <akpm@linux-foundation.org>,
Al Viro <viro@zeniv.linux.org.uk>,
Matthew Wilcox <willy@infradead.org>,
"Eric W. Biederman" <ebiederm@xmission.com>
Subject: Re: [PATCH v5 2/9] proc/sysctl: Provide additional ctl_table.flags checks
Date: Sat, 17 Mar 2018 00:54:58 +0000 [thread overview]
Message-ID: <20180317005458.GA4449@wotan.suse.de> (raw)
In-Reply-To: <1521224030-2185-3-git-send-email-longman@redhat.com>
On Fri, Mar 16, 2018 at 02:13:43PM -0400, Waiman Long wrote:
> Checking code is added to provide the following additional
> ctl_table.flags checks:
>
> 1) No unknown flag is allowed.
> 2) Minimum of a range cannot be larger than the maximum value.
> 3) The signed and unsigned flags are mutually exclusive.
> 4) The proc_handler should be consistent with the signed or unsigned
> flags.
>
> Two new flags are added to indicate if the min/max values are signed
> or unsigned - CTL_FLAGS_SIGNED_RANGE & CTL_FLAGS_UNSIGNED_RANGE.
> These 2 flags can be optionally enabled for range checking purpose.
> But either one of them must be set with CTL_FLAGS_CLAMP_RANGE.
>
> Signed-off-by: Waiman Long <longman@redhat.com>
> ---
> diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
> index e446e1f..088f032 100644
> --- a/include/linux/sysctl.h
> +++ b/include/linux/sysctl.h
> @@ -134,14 +134,26 @@ struct ctl_table
> * the input value. No lower bound or upper bound checking will be
> * done if the corresponding minimum or maximum value isn't provided.
> *
> + * @CTL_FLAGS_SIGNED_RANGE: Set to indicate that the extra1 and extra2
> + * fields are pointers to minimum and maximum signed values of
> + * an allowable range.
> + *
> + * @CTL_FLAGS_UNSIGNED_RANGE: Set to indicate that the extra1 and extra2
> + * fields are pointers to minimum and maximum unsigned values of
> + * an allowable range.
> + *
> * At most 16 different flags are allowed.
> */
> enum ctl_table_flags {
> CTL_FLAGS_CLAMP_RANGE = BIT(0),
> - __CTL_FLAGS_MAX = BIT(1),
> + CTL_FLAGS_SIGNED_RANGE = BIT(1),
> + CTL_FLAGS_UNSIGNED_RANGE = BIT(2),
> + __CTL_FLAGS_MAX = BIT(3),
> };
You are adding new flags which the user can set, and yet these are used
internally.
It would be best if internal flags are just that, not flags that a user can set.
This patch should be folded with the first one.
I'm starting to loose hope on these patch sets.
Luis
next prev parent reply other threads:[~2018-03-17 0:55 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-16 18:13 [PATCH v5 0/9] ipc: Clamp *mni to the real IPCMNI limit & increase that limit Waiman Long
2018-03-16 18:13 ` [PATCH v5 1/9] sysctl: Add flags to support min/max range clamping Waiman Long
2018-03-17 1:10 ` Luis R. Rodriguez
2018-03-19 15:39 ` Waiman Long
2018-03-29 18:15 ` Luis R. Rodriguez
2018-03-29 18:47 ` Waiman Long
2018-03-29 18:56 ` Luis R. Rodriguez
2018-03-16 18:13 ` [PATCH v5 2/9] proc/sysctl: Provide additional ctl_table.flags checks Waiman Long
2018-03-17 0:54 ` Luis R. Rodriguez [this message]
2018-03-19 15:35 ` Waiman Long
2018-03-29 18:16 ` Luis R. Rodriguez
2018-03-16 18:13 ` [PATCH v5 3/9] sysctl: Warn when a clamped sysctl parameter is set out of range Waiman Long
2018-03-16 18:13 ` [PATCH v5 4/9] ipc: Clamp msgmni and shmmni to the real IPCMNI limit Waiman Long
2018-03-16 18:13 ` [PATCH v5 5/9] ipc: Clamp semmni " Waiman Long
2018-03-16 18:13 ` [PATCH v5 6/9] test_sysctl: Add range clamping test Waiman Long
2018-03-16 18:13 ` [PATCH v5 7/9] test_sysctl: Add ctl_table registration failure test Waiman Long
2018-03-16 18:13 ` [PATCH v5 8/9] ipc: Allow boot time extension of IPCMNI from 32k to 2M Waiman Long
2018-03-16 18:13 ` [PATCH v5 9/9] ipc: Conserve sequence numbers in extended IPCMNI mode Waiman Long
2018-03-29 18:19 ` [PATCH v5 0/9] ipc: Clamp *mni to the real IPCMNI limit & increase that limit Luis R. Rodriguez
2018-03-29 18:53 ` Luis R. Rodriguez
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180317005458.GA4449@wotan.suse.de \
--to=mcgrof@kernel.org \
--cc=akpm@linux-foundation.org \
--cc=corbet@lwn.net \
--cc=ebiederm@xmission.com \
--cc=keescook@chromium.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=longman@redhat.com \
--cc=viro@zeniv.linux.org.uk \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).