[PATCH] sysctl: do not allow a 64bit value write in a 32bit knob

linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] sysctl: do not allow a 64bit value write in a 32bit knob
@ 2018-08-27 20:27 Aristeu Rozanski
  2018-08-28  4:43 ` kbuild test robot
  2018-08-28  7:21 ` kbuild test robot
  0 siblings, 2 replies; 3+ messages in thread
From: Aristeu Rozanski @ 2018-08-27 20:27 UTC (permalink / raw)
  To: linux-kernel; +Cc: Luis R. Rodriguez, Kees Cook

Writing to a sysctl file that uses proc_dointvec_minmax like user/max_uts_namespaces
a larger than 32 bit value won't cause an error as expected but instead will zero
its value:
	# echo 214748364800000 > max_uts_namespaces
	# cat max_uts_namespaces
	0

This patches fixes it.

Signed-off-by: Aristeu Rozanski <aris@redhat.com>
Cc: "Luis R. Rodriguez" <mcgrof@kernel.org>
Cc: Kees Cook <keescook@chromium.org>

diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 4ac9b9a..243f277 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -2486,7 +2486,8 @@ static int do_proc_dointvec_minmax_conv(bool *negp, unsigned long *lvalp,
 	if (write) {
 		int val = *negp ? -*lvalp : *lvalp;
 		if ((param->min && *param->min > val) ||
-		    (param->max && *param->max < val))
+		    (param->max && *param->max < val) ||
+		    *lvalp >> (sizeof(int) * 8))
 			return -EINVAL;
 		*valp = val;
 	} else {

^ permalink raw reply related	[flat|nested] 3+ messages in thread

* Re: [PATCH] sysctl: do not allow a 64bit value write in a 32bit knob
  2018-08-27 20:27 [PATCH] sysctl: do not allow a 64bit value write in a 32bit knob Aristeu Rozanski
@ 2018-08-28  4:43 ` kbuild test robot
  2018-08-28  7:21 ` kbuild test robot
  1 sibling, 0 replies; 3+ messages in thread
From: kbuild test robot @ 2018-08-28  4:43 UTC (permalink / raw)
  To: Aristeu Rozanski; +Cc: kbuild-all, linux-kernel, Luis R. Rodriguez, Kees Cook

[-- Attachment #1: Type: text/plain, Size: 1958 bytes --]

Hi Aristeu,

Thank you for the patch! Perhaps something to improve:

[auto build test WARNING on linus/master]
[also build test WARNING on v4.19-rc1 next-20180827]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]

url:    https://github.com/0day-ci/linux/commits/Aristeu-Rozanski/sysctl-do-not-allow-a-64bit-value-write-in-a-32bit-knob/20180828-043801
config: microblaze-mmu_defconfig (attached as .config)
compiler: microblaze-linux-gcc (GCC) 8.1.0
reproduce:
        wget https://raw.githubusercontent.com/intel/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
        chmod +x ~/bin/make.cross
        # save the attached .config to linux build tree
        GCC_VERSION=8.1.0 make.cross ARCH=microblaze 

All warnings (new ones prefixed by >>):

   kernel/sysctl.c: In function 'do_proc_dointvec_minmax_conv':
>> kernel/sysctl.c:2558:14: warning: right shift count >= width of type [-Wshift-count-overflow]
          *lvalp >> (sizeof(int) * 8))
                 ^~

vim +2558 kernel/sysctl.c

  2548	
  2549	static int do_proc_dointvec_minmax_conv(bool *negp, unsigned long *lvalp,
  2550						int *valp,
  2551						int write, void *data)
  2552	{
  2553		struct do_proc_dointvec_minmax_conv_param *param = data;
  2554		if (write) {
  2555			int val = *negp ? -*lvalp : *lvalp;
  2556			if ((param->min && *param->min > val) ||
  2557			    (param->max && *param->max < val) ||
> 2558			    *lvalp >> (sizeof(int) * 8))
  2559				return -EINVAL;
  2560			*valp = val;
  2561		} else {
  2562			int val = *valp;
  2563			if (val < 0) {
  2564				*negp = true;
  2565				*lvalp = -(unsigned long)val;
  2566			} else {
  2567				*negp = false;
  2568				*lvalp = (unsigned long)val;
  2569			}
  2570		}
  2571		return 0;
  2572	}
  2573	

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation

[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 12811 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] sysctl: do not allow a 64bit value write in a 32bit knob
  2018-08-27 20:27 [PATCH] sysctl: do not allow a 64bit value write in a 32bit knob Aristeu Rozanski
  2018-08-28  4:43 ` kbuild test robot
@ 2018-08-28  7:21 ` kbuild test robot
  1 sibling, 0 replies; 3+ messages in thread
From: kbuild test robot @ 2018-08-28  7:21 UTC (permalink / raw)
  To: Aristeu Rozanski; +Cc: kbuild-all, linux-kernel, Luis R. Rodriguez, Kees Cook

[-- Attachment #1: Type: text/plain, Size: 4436 bytes --]

Hi Aristeu,

Thank you for the patch! Perhaps something to improve:

[auto build test WARNING on linus/master]
[also build test WARNING on v4.19-rc1 next-20180827]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]

url:    https://github.com/0day-ci/linux/commits/Aristeu-Rozanski/sysctl-do-not-allow-a-64bit-value-write-in-a-32bit-knob/20180828-043801
config: i386-randconfig-x017-201834 (attached as .config)
compiler: gcc-7 (Debian 7.3.0-16) 7.3.0
reproduce:
        # save the attached .config to linux build tree
        make ARCH=i386 

All warnings (new ones prefixed by >>):

   In file included from include/linux/export.h:45:0,
                    from include/linux/linkage.h:7,
                    from include/linux/kernel.h:7,
                    from include/linux/list.h:9,
                    from include/linux/module.h:9,
                    from kernel/sysctl.c:21:
   kernel/sysctl.c: In function 'do_proc_dointvec_minmax_conv':
   kernel/sysctl.c:2558:14: warning: right shift count >= width of type [-Wshift-count-overflow]
          *lvalp >> (sizeof(int) * 8))
                 ^
   include/linux/compiler.h:58:30: note: in definition of macro '__trace_if'
     if (__builtin_constant_p(!!(cond)) ? !!(cond) :   \
                                 ^~~~
>> kernel/sysctl.c:2556:3: note: in expansion of macro 'if'
      if ((param->min && *param->min > val) ||
      ^~
   kernel/sysctl.c:2558:14: warning: right shift count >= width of type [-Wshift-count-overflow]
          *lvalp >> (sizeof(int) * 8))
                 ^
   include/linux/compiler.h:58:42: note: in definition of macro '__trace_if'
     if (__builtin_constant_p(!!(cond)) ? !!(cond) :   \
                                             ^~~~
>> kernel/sysctl.c:2556:3: note: in expansion of macro 'if'
      if ((param->min && *param->min > val) ||
      ^~
   kernel/sysctl.c:2558:14: warning: right shift count >= width of type [-Wshift-count-overflow]
          *lvalp >> (sizeof(int) * 8))
                 ^
   include/linux/compiler.h:69:16: note: in definition of macro '__trace_if'
      ______r = !!(cond);     \
                   ^~~~
>> kernel/sysctl.c:2556:3: note: in expansion of macro 'if'
      if ((param->min && *param->min > val) ||
      ^~

vim +/if +2556 kernel/sysctl.c

^1da177e Linus Torvalds   2005-04-16  2548  
00b7c339 Amerigo Wang     2010-05-05  2549  static int do_proc_dointvec_minmax_conv(bool *negp, unsigned long *lvalp,
^1da177e Linus Torvalds   2005-04-16  2550  					int *valp,
^1da177e Linus Torvalds   2005-04-16  2551  					int write, void *data)
^1da177e Linus Torvalds   2005-04-16  2552  {
^1da177e Linus Torvalds   2005-04-16  2553  	struct do_proc_dointvec_minmax_conv_param *param = data;
^1da177e Linus Torvalds   2005-04-16  2554  	if (write) {
^1da177e Linus Torvalds   2005-04-16  2555  		int val = *negp ? -*lvalp : *lvalp;
^1da177e Linus Torvalds   2005-04-16 @2556  		if ((param->min && *param->min > val) ||
b79ce51f Aristeu Rozanski 2018-08-27  2557  		    (param->max && *param->max < val) ||
b79ce51f Aristeu Rozanski 2018-08-27  2558  		    *lvalp >> (sizeof(int) * 8))
^1da177e Linus Torvalds   2005-04-16  2559  			return -EINVAL;
^1da177e Linus Torvalds   2005-04-16  2560  		*valp = val;
^1da177e Linus Torvalds   2005-04-16  2561  	} else {
^1da177e Linus Torvalds   2005-04-16  2562  		int val = *valp;
^1da177e Linus Torvalds   2005-04-16  2563  		if (val < 0) {
00b7c339 Amerigo Wang     2010-05-05  2564  			*negp = true;
9a5bc726 Ilya Dryomov     2015-09-09  2565  			*lvalp = -(unsigned long)val;
^1da177e Linus Torvalds   2005-04-16  2566  		} else {
00b7c339 Amerigo Wang     2010-05-05  2567  			*negp = false;
^1da177e Linus Torvalds   2005-04-16  2568  			*lvalp = (unsigned long)val;
^1da177e Linus Torvalds   2005-04-16  2569  		}
^1da177e Linus Torvalds   2005-04-16  2570  	}
^1da177e Linus Torvalds   2005-04-16  2571  	return 0;
^1da177e Linus Torvalds   2005-04-16  2572  }
^1da177e Linus Torvalds   2005-04-16  2573  

:::::: The code at line 2556 was first introduced by commit
:::::: 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 Linux-2.6.12-rc2

:::::: TO: Linus Torvalds <torvalds@ppc970.osdl.org>
:::::: CC: Linus Torvalds <torvalds@ppc970.osdl.org>

---
0-DAY kernel test infrastructure                Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all                   Intel Corporation

[-- Attachment #2: .config.gz --]
[-- Type: application/gzip, Size: 30993 bytes --]

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2018-08-28  7:21 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-08-27 20:27 [PATCH] sysctl: do not allow a 64bit value write in a 32bit knob Aristeu Rozanski
2018-08-28  4:43 ` kbuild test robot
2018-08-28  7:21 ` kbuild test robot

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).