From: Waiman Long <longman@redhat.com>
To: "Luis R. Rodriguez" <mcgrof@kernel.org>
Cc: Kees Cook <keescook@chromium.org>,
linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
linux-doc@vger.kernel.org, Jonathan Corbet <corbet@lwn.net>,
Andrew Morton <akpm@linux-foundation.org>,
Al Viro <viro@zeniv.linux.org.uk>,
Matthew Wilcox <willy@infradead.org>,
"Eric W. Biederman" <ebiederm@xmission.com>
Subject: Re: [PATCH v5 2/9] proc/sysctl: Provide additional ctl_table.flags checks
Date: Mon, 19 Mar 2018 11:35:19 -0400 [thread overview]
Message-ID: <d616e759-368f-6287-3492-a970d2e8f77a@redhat.com> (raw)
In-Reply-To: <20180317005458.GA4449@wotan.suse.de>
On 03/16/2018 08:54 PM, Luis R. Rodriguez wrote:
> On Fri, Mar 16, 2018 at 02:13:43PM -0400, Waiman Long wrote:
>> Checking code is added to provide the following additional
>> ctl_table.flags checks:
>>
>> 1) No unknown flag is allowed.
>> 2) Minimum of a range cannot be larger than the maximum value.
>> 3) The signed and unsigned flags are mutually exclusive.
>> 4) The proc_handler should be consistent with the signed or unsigned
>> flags.
>>
>> Two new flags are added to indicate if the min/max values are signed
>> or unsigned - CTL_FLAGS_SIGNED_RANGE & CTL_FLAGS_UNSIGNED_RANGE.
>> These 2 flags can be optionally enabled for range checking purpose.
>> But either one of them must be set with CTL_FLAGS_CLAMP_RANGE.
>>
>> Signed-off-by: Waiman Long <longman@redhat.com>
>> ---
>> diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
>> index e446e1f..088f032 100644
>> --- a/include/linux/sysctl.h
>> +++ b/include/linux/sysctl.h
>> @@ -134,14 +134,26 @@ struct ctl_table
>> * the input value. No lower bound or upper bound checking will be
>> * done if the corresponding minimum or maximum value isn't provided.
>> *
>> + * @CTL_FLAGS_SIGNED_RANGE: Set to indicate that the extra1 and extra2
>> + * fields are pointers to minimum and maximum signed values of
>> + * an allowable range.
>> + *
>> + * @CTL_FLAGS_UNSIGNED_RANGE: Set to indicate that the extra1 and extra2
>> + * fields are pointers to minimum and maximum unsigned values of
>> + * an allowable range.
>> + *
>> * At most 16 different flags are allowed.
>> */
>> enum ctl_table_flags {
>> CTL_FLAGS_CLAMP_RANGE = BIT(0),
>> - __CTL_FLAGS_MAX = BIT(1),
>> + CTL_FLAGS_SIGNED_RANGE = BIT(1),
>> + CTL_FLAGS_UNSIGNED_RANGE = BIT(2),
>> + __CTL_FLAGS_MAX = BIT(3),
>> };
> You are adding new flags which the user can set, and yet these are used
> internally.
>
> It would be best if internal flags are just that, not flags that a user can set.
>
> This patch should be folded with the first one.
>
> I'm starting to loose hope on these patch sets.
>
> Luis
In order to do the correct min > max check, I need to know if the
quantity is signed or not. Just looking at the proc_handler alone is not
a reliable indicator if it is signed or unsigned.
Yes, I can put the signed bit into the previous patch.
-Longman
next prev parent reply other threads:[~2018-03-19 15:35 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-03-16 18:13 [PATCH v5 0/9] ipc: Clamp *mni to the real IPCMNI limit & increase that limit Waiman Long
2018-03-16 18:13 ` [PATCH v5 1/9] sysctl: Add flags to support min/max range clamping Waiman Long
2018-03-17 1:10 ` Luis R. Rodriguez
2018-03-19 15:39 ` Waiman Long
2018-03-29 18:15 ` Luis R. Rodriguez
2018-03-29 18:47 ` Waiman Long
2018-03-29 18:56 ` Luis R. Rodriguez
2018-03-16 18:13 ` [PATCH v5 2/9] proc/sysctl: Provide additional ctl_table.flags checks Waiman Long
2018-03-17 0:54 ` Luis R. Rodriguez
2018-03-19 15:35 ` Waiman Long [this message]
2018-03-29 18:16 ` Luis R. Rodriguez
2018-03-16 18:13 ` [PATCH v5 3/9] sysctl: Warn when a clamped sysctl parameter is set out of range Waiman Long
2018-03-16 18:13 ` [PATCH v5 4/9] ipc: Clamp msgmni and shmmni to the real IPCMNI limit Waiman Long
2018-03-16 18:13 ` [PATCH v5 5/9] ipc: Clamp semmni " Waiman Long
2018-03-16 18:13 ` [PATCH v5 6/9] test_sysctl: Add range clamping test Waiman Long
2018-03-16 18:13 ` [PATCH v5 7/9] test_sysctl: Add ctl_table registration failure test Waiman Long
2018-03-16 18:13 ` [PATCH v5 8/9] ipc: Allow boot time extension of IPCMNI from 32k to 2M Waiman Long
2018-03-16 18:13 ` [PATCH v5 9/9] ipc: Conserve sequence numbers in extended IPCMNI mode Waiman Long
2018-03-29 18:19 ` [PATCH v5 0/9] ipc: Clamp *mni to the real IPCMNI limit & increase that limit Luis R. Rodriguez
2018-03-29 18:53 ` Luis R. Rodriguez
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d616e759-368f-6287-3492-a970d2e8f77a@redhat.com \
--to=longman@redhat.com \
--cc=akpm@linux-foundation.org \
--cc=corbet@lwn.net \
--cc=ebiederm@xmission.com \
--cc=keescook@chromium.org \
--cc=linux-doc@vger.kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mcgrof@kernel.org \
--cc=viro@zeniv.linux.org.uk \
--cc=willy@infradead.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).