Re: [PATCH 2/2] kernel/sysctl.c: define minmax conv functions in terms of non-minmax versions

From: Luis Chamberlain <mcgrof@kernel.org>
To: Zev Weiss <zev@bewilderbeest.net>
Cc: Kees Cook <keescook@chromium.org>,
	linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
	akpm@linux-foundation.org, yzaikin@google.com,
	brendanhiggins@google.com
Subject: Re: [PATCH 2/2] kernel/sysctl.c: define minmax conv functions in terms of non-minmax versions
Date: Wed, 6 Feb 2019 11:58:07 -0800	[thread overview]
Message-ID: <20190206195807.GG11489@garbanzo.do-not-panic.com> (raw)
In-Reply-To: <20181227111231.12912-3-zev@bewilderbeest.net>

On Thu, Dec 27, 2018 at 05:12:30AM -0600, Zev Weiss wrote:
> do_proc_do[u]intvec_minmax_conv() had included open-coded versions of
> do_proc_do[u]intvec_conv(), though the signed one omitted the check
> that the value is in [INT_MIN, INT_MAX].  Rather than increase the
> duplication further by copying the additional check, we can instead
> refactor both to be defined in terms of their non-bounded counterparts
> (plus the added check).

The code below looks fine, however it is a rather intrusive check.
Let's isntead open code the new bound check and Cc stable, and then
after we can get creative with the wrapper use.

Can you confirm the open coded version fixes the issues, and then
the other change does not regress? If you can include an annotation
as to since *when* this was broken by annotating it on your CC stable
note it would be useful for stable maintainers. Likewise if you can
add a respective Fixes: tag that would be appreciated if you can easily
find it.

The stable tag annotation can be placed on top of all the tags, for
instance if the first broken commit was in v4.1 then:

	Cc: <stable@vger.kernel.org> # v4.1+

Thanks for the fix and expanding on the tests!

  Luis