From: Alexey Gladkov <legion@kernel.org>
To: Dan Carpenter <dan.carpenter@oracle.com>
Cc: kbuild@lists.01.org, LKML <linux-kernel@vger.kernel.org>,
Linux Containers <containers@lists.linux.dev>,
lkp@intel.com, kbuild-all@lists.01.org,
"Eric W . Biederman" <ebiederm@xmission.com>
Subject: Re: [PATCH v1 2/2] ucounts: Move rlimit max values from ucounts max
Date: Fri, 3 Dec 2021 14:57:38 +0100 [thread overview]
Message-ID: <20211203135738.ywxjw63ljskzfp2e@example.org> (raw)
In-Reply-To: <202111280022.ugxpiKpA-lkp@intel.com>
On Fri, Dec 03, 2021 at 04:33:25PM +0300, Dan Carpenter wrote:
> Hi Alexey,
>
> url: https://github.com/0day-ci/linux/commits/Alexey-Gladkov/ucounts-Fix-rlimit-max-values-check/20211126-224059
> base: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git 136057256686de39cc3a07c2e39ef6bc43003ff6
> config: i386-randconfig-m021-20211126 (https://download.01.org/0day-ci/archive/20211128/202111280022.ugxpiKpA-lkp@intel.com/config)
> compiler: gcc-9 (Debian 9.3.0-22) 9.3.0
>
> If you fix the issue, kindly add following tag as appropriate
> Reported-by: kernel test robot <lkp@intel.com>
> Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
>
> smatch warnings:
> kernel/ucount.c:109 setup_userns_sysctls() error: buffer overflow 'ns->ucount_max' 10 <= 13
>
> vim +109 kernel/ucount.c
>
> dbec28460a89aa Eric W. Biederman 2016-07-30 98 bool setup_userns_sysctls(struct user_namespace *ns)
> dbec28460a89aa Eric W. Biederman 2016-07-30 99 {
> dbec28460a89aa Eric W. Biederman 2016-07-30 100 #ifdef CONFIG_SYSCTL
> dbec28460a89aa Eric W. Biederman 2016-07-30 101 struct ctl_table *tbl;
> 0f538e3e712a51 Jan Kara 2020-04-07 102
> 0f538e3e712a51 Jan Kara 2020-04-07 103 BUILD_BUG_ON(ARRAY_SIZE(user_table) != UCOUNT_COUNTS + 1);
> dbec28460a89aa Eric W. Biederman 2016-07-30 104 setup_sysctl_set(&ns->set, &set_root, set_is_seen);
> f6b2db1a3e8d14 Eric W. Biederman 2016-08-08 105 tbl = kmemdup(user_table, sizeof(user_table), GFP_KERNEL);
> dbec28460a89aa Eric W. Biederman 2016-07-30 106 if (tbl) {
> 25f9c0817c535a Eric W. Biederman 2016-08-08 107 int i;
> 25f9c0817c535a Eric W. Biederman 2016-08-08 108 for (i = 0; i < UCOUNT_COUNTS; i++) {
> 25f9c0817c535a Eric W. Biederman 2016-08-08 @109 tbl[i].data = &ns->ucount_max[i];
>
> The patch changes the size of ->ucount_max[] to MAX_PER_NAMESPACE_UCOUNTS
> but this loop still goes up to UCOUNT_COUNTS.
>
> 25f9c0817c535a Eric W. Biederman 2016-08-08 110 }
> f6b2db1a3e8d14 Eric W. Biederman 2016-08-08 111 ns->sysctls = __register_sysctl_table(&ns->set, "user", tbl);
> dbec28460a89aa Eric W. Biederman 2016-07-30 112 }
> dbec28460a89aa Eric W. Biederman 2016-07-30 113 if (!ns->sysctls) {
> dbec28460a89aa Eric W. Biederman 2016-07-30 114 kfree(tbl);
> dbec28460a89aa Eric W. Biederman 2016-07-30 115 retire_sysctl_set(&ns->set);
> dbec28460a89aa Eric W. Biederman 2016-07-30 116 return false;
> dbec28460a89aa Eric W. Biederman 2016-07-30 117 }
> dbec28460a89aa Eric W. Biederman 2016-07-30 118 #endif
> dbec28460a89aa Eric W. Biederman 2016-07-30 119 return true;
> dbec28460a89aa Eric W. Biederman 2016-07-30 120 }
>
> ---
> 0-DAY CI Kernel Test Service, Intel Corporation
> https://lists.01.org/hyperkitty/list/kbuild-all@lists.01.org
>
Thanks! But a few days ago I already post a new version of this changeset
with fix:
https://lore.kernel.org/containers/24c87e225c7950bf2ea1ff4b4a8f237348808241.1638218242.git.legion@kernel.org/
--
Rgrds, legion
prev parent reply other threads:[~2021-12-03 13:57 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-11-26 14:37 [PATCH v1 0/2] ucounts: Fix rlimit max values check Alexey Gladkov
2021-11-26 14:37 ` [PATCH v1 1/2] " Alexey Gladkov
2021-11-26 14:37 ` [PATCH v1 2/2] ucounts: Move rlimit max values from ucounts max Alexey Gladkov
2021-11-29 7:47 ` [ucounts] dc7e5f9d41: UBSAN:array-index-out-of-bounds_in_kernel/ucount.c kernel test robot
2021-11-29 20:37 ` [PATCH v2 0/2] ucounts: Fix rlimit max values check Alexey Gladkov
2021-11-29 20:37 ` [PATCH v2 1/2] " Alexey Gladkov
2021-11-29 20:37 ` [PATCH v2 2/2] ucounts: Move rlimit max values from ucounts max Alexey Gladkov
2021-12-13 15:50 ` Eric W. Biederman
2021-12-17 14:48 ` [PATCH v3] ucounts: Split rlimit and ucount values and max values Alexey Gladkov
2021-12-19 19:54 ` Eric W. Biederman
2021-12-03 13:33 ` [PATCH v1 2/2] ucounts: Move rlimit max values from ucounts max Dan Carpenter
2021-12-03 13:54 ` Alexey Gladkov
2021-12-03 14:19 ` David Laight
2021-12-03 13:57 ` Alexey Gladkov [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20211203135738.ywxjw63ljskzfp2e@example.org \
--to=legion@kernel.org \
--cc=containers@lists.linux.dev \
--cc=dan.carpenter@oracle.com \
--cc=ebiederm@xmission.com \
--cc=kbuild-all@lists.01.org \
--cc=kbuild@lists.01.org \
--cc=linux-kernel@vger.kernel.org \
--cc=lkp@intel.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).