Linux-Fsdevel Archive on lore.kernel.org
 help / Atom feed
* [PATCH 0/2] sysctl: fix range-checking in do_proc_dointvec_minmax_conv()
@ 2018-12-27 11:12 Zev Weiss
  2018-12-27 11:12 ` [PATCH 1/2] test_sysctl: add tests for >32-bit values written to 32-bit integers Zev Weiss
                   ` (2 more replies)
  0 siblings, 3 replies; 13+ messages in thread
From: Zev Weiss @ 2018-12-27 11:12 UTC (permalink / raw)
  To: Luis Chamberlain, Kees Cook; +Cc: linux-kernel, linux-fsdevel

Hello,

After being left with an unusable system after a typo executing
something like 'echo $((1<<24)) > /proc/sys/vm/max_map_count', I found
that do_proc_dointvec_minmax_conv() was missing a check to ensure that
the converted value actually fits in an int.

The first of the following patches enhances the sysctl selftest such
that it detects this problem; the second fixes it (wasn't entirely
sure if this would meet the criteria of something that should be sent
to -stable; input welcome).


Thanks,
Zev Weiss

^ permalink raw reply	[flat|nested] 13+ messages in thread
* Re: [PATCH 1/2] test_sysctl: add tests for >32-bit values written to 32-bit integers
@ 2019-02-06 19:52 Luis Chamberlain
  0 siblings, 0 replies; 13+ messages in thread
From: Luis Chamberlain @ 2019-02-06 19:52 UTC (permalink / raw)
  To: Zev Weiss
  Cc: Kees Cook, linux-kernel, linux-fsdevel, Shuah Khan,
	linux-kselftest, akpm, yzaikin, brendanhiggins

Thanks for the patches, please include akpm@linux-foundation.org in the
future, as we can merge the changes through Andrew as well.

Also please Cc yzaikin@google.com, brendanhiggins@google.com in follow
ups for now.  They are looking at the sysctl testing code as well.

Some feedback below:

In-Reply-To: <20181227111231.12912-2-zev@bewilderbeest.net>

On Thu, Dec 27, 2018 at 05:12:29AM -0600, Zev Weiss wrote:
> +run_wideint_tests()
> +{
> +	# check negative and positive 64-bit values, with and without
> +	# bits set in the lower 31, and with and without bit 31 (sign
> +	# bit of a 32-bit int) set.  None of these are representable
> +	# in 32 bits, and hence all should fail.
> +	check_failure 0x0000010000000000
> +	check_failure 0x0000010080000000
> +	check_failure 0x000001ff7fffffff
> +	check_failure 0x000001ffffffffff
> +	check_failure 0xffffffff7fffffff


> +	check_failure 0xffffffffffffffff

This s64 version of -1

> +	check_failure 0xffffff0000000000
> +	check_failure 0xffffff0080000000
> +}

It was still unclear from the comments and manually looking at the
values why they are clear candidates to always test from all respective
64-bit values. A comment per each would be useful.

  Luis

^ permalink raw reply	[flat|nested] 13+ messages in thread

end of thread, back to index

Thread overview: 13+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-12-27 11:12 [PATCH 0/2] sysctl: fix range-checking in do_proc_dointvec_minmax_conv() Zev Weiss
2018-12-27 11:12 ` [PATCH 1/2] test_sysctl: add tests for >32-bit values written to 32-bit integers Zev Weiss
2018-12-27 11:12 ` [PATCH 2/2] kernel/sysctl.c: define minmax conv functions in terms of non-minmax versions Zev Weiss
2019-02-06 19:58   ` Luis Chamberlain
2019-02-07 12:34     ` [PATCH v2 0/3] sysctl: fix range-checking in do_proc_dointvec_minmax_conv() Zev Weiss
2019-02-07 12:34       ` [PATCH v2 1/3] test_sysctl: add tests for >32-bit values written to 32-bit integers Zev Weiss
2019-02-07 12:34       ` [PATCH v2 2/3] kernel/sysctl.c: add missing range check in do_proc_dointvec_minmax_conv Zev Weiss
2019-02-07 12:34       ` [PATCH v2 3/3] kernel/sysctl.c: define minmax conv functions in terms of non-minmax versions Zev Weiss
2019-02-07 15:51       ` [PATCH v2 0/3] sysctl: fix range-checking in do_proc_dointvec_minmax_conv() Luis Chamberlain
2019-02-07 16:54         ` Zev Weiss
2019-02-07 16:51       ` [PATCH v2 3/3] kernel/sysctl.c: define minmax conv functions in terms of non-minmax versions Zev Weiss
2019-02-05 16:23 ` [PATCH 0/2] sysctl: fix range-checking in do_proc_dointvec_minmax_conv() Zev Weiss
2019-02-06 19:52 [PATCH 1/2] test_sysctl: add tests for >32-bit values written to 32-bit integers Luis Chamberlain

Linux-Fsdevel Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-fsdevel/0 linux-fsdevel/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-fsdevel linux-fsdevel/ https://lore.kernel.org/linux-fsdevel \
		linux-fsdevel@vger.kernel.org linux-fsdevel@archiver.kernel.org
	public-inbox-index linux-fsdevel


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-fsdevel


AGPL code for this site: git clone https://public-inbox.org/ public-inbox