From: Dominik Brodowski <linux@dominikbrodowski.net>
To: Christian Brauner <christian@brauner.io>
Cc: akpm@linux-foundation.org, keescook@chromium.org,
linux-kernel@vger.kernel.org, ebiederm@xmission.com,
mcgrof@kernel.org, joe.lawrence@redhat.com, longman@redhat.com,
viro@zeniv.linux.org.uk, adobriyan@gmail.com,
linux-api@vger.kernel.org
Subject: Re: [RESEND PATCH v3 2/2] sysctl: handle overflow for file-max
Date: Thu, 10 Jan 2019 15:55:59 +0100 [thread overview]
Message-ID: <20190110145559.relfx37ocq5xu4by@isilmar-4.linta.de> (raw)
In-Reply-To: <20190110145004.zhc2t42aasni7wnq@brauner.io>
On Thu, Jan 10, 2019 at 03:50:05PM +0100, Christian Brauner wrote:
> On Tue, Jan 08, 2019 at 08:01:10AM +0100, Dominik Brodowski wrote:
> > On Mon, Jan 07, 2019 at 11:27:00PM +0100, Christian Brauner wrote:
> > > @@ -2833,6 +2836,10 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int
> > > break;
> > > if (neg)
> > > continue;
> > > + if ((max && val > *max) || (min && val < *min)) {
> > > + err = -EINVAL;
> > > + break;
> > > + }
> > > val = convmul * val / convdiv;
> > > if ((min && val < *min) || (max && val > *max))
> > > continue;
> >
> > This is a generic change which affects all users of
> > do_proc_doulongvec_minmax() that have extra1 or extra2 set. In sysctl.c, I
> > do not see another user of proc_doulongvec_minmax() that has extra1 or
> > extra2 set. However, have you verified whether your patch changes the
> > behaviour for other files that make use of proc_doulongvec_minmax() or
> > proc_doulongvec_ms_jiffies_minmax(), and not only of the file-max sysctl?
>
> Sorry for the delayed reply. I did look at the callers. The functions
> that are of interest afaict are:
>
> proc_doulongvec_ms_jiffies_minmax
> proc_doulongvec_minmax
>
> So this could be visible when users write values that would overflow the
> type used in the kernel.
>
> I guess your point is whether we are venturing into userspace break
> territory. Hm... We should probably make sure that we're not regressing
> anyone else! What do you think if instead of the above patch we did:
Hm, I prefer the original patch -- as the same (valid) reasons which apply
for the file-max sysctl might also apply to other users of this function
where extra1 and/or2 extra2 are set.
If there are no other users of this function where extra1 or extra2 are set,
just add a comment in the commit message:
While this changes the behaviour of __do_proc_doulongvec_minmax(),
no other existing users in the kernel are affected by this change.
If there are other users of this function where extra1 or extra2 are set,
you would need to generalize the commit message overall.
Thanks,
Dominik
next prev parent reply other threads:[~2019-01-10 14:55 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-01-07 22:26 [RESEND PATCH v3 0/2] sysctl: handle overflow for file-max Christian Brauner
2019-01-07 22:26 ` [RESEND PATCH v3 1/2] sysctl: handle overflow in proc_get_long Christian Brauner
2019-01-07 22:27 ` [RESEND PATCH v3 2/2] sysctl: handle overflow for file-max Christian Brauner
2019-01-08 7:01 ` Dominik Brodowski
2019-01-10 14:50 ` Christian Brauner
2019-01-10 14:55 ` Dominik Brodowski [this message]
2019-01-10 15:00 ` Christian Brauner
2019-01-11 14:51 ` Christian Brauner
2019-01-07 23:16 ` [RESEND PATCH v3 0/2] " Kees Cook
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20190110145559.relfx37ocq5xu4by@isilmar-4.linta.de \
--to=linux@dominikbrodowski.net \
--cc=adobriyan@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=christian@brauner.io \
--cc=ebiederm@xmission.com \
--cc=joe.lawrence@redhat.com \
--cc=keescook@chromium.org \
--cc=linux-api@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=longman@redhat.com \
--cc=mcgrof@kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).