* Re: [PATCH next] sysctl: add proc_dointvec_jiffies_minmax to limit the min/max write value [not found] ` <d5138655-41a8-0177-ae0d-c4674112bf56@huawei.com> @ 2019-05-15 17:06 ` Kees Cook 2019-06-04 15:27 ` Zhiqiang Liu 0 siblings, 1 reply; 4+ messages in thread From: Kees Cook @ 2019-05-15 17:06 UTC (permalink / raw) To: Zhiqiang Liu Cc: mcgrof, linux-kernel, linux-fsdevel, ebiederm, pbonzini, viro, adobriyan, mingfangsen, wangxiaogang3, Zhoukang (A), netdev, akpm On Wed, May 15, 2019 at 10:53:55PM +0800, Zhiqiang Liu wrote: > Friendly ping... > > 在 2019/4/24 12:04, Zhiqiang Liu 写道: > > > > Friendly ping... Hi! (Please include akpm on CC for next versions of this, as he's likely the person to take this patch.) > > > >> From: Zhiqiang Liu <liuzhiqiang26@huawei.com> > >> > >> In proc_dointvec_jiffies func, the write value is only checked > >> whether it is larger than INT_MAX. If the write value is less > >> than zero, it can also be successfully writen in the data. This appears to be "be design", but I see many "unsigned int" users that might be tricked into giant values... (for example, see net/netfilter/nf_conntrack_standalone.c) Should proc_dointvec_jiffies() just be fixed to disallow negative values entirely? Looking at the implementation, it seems to be very intentional about accepting negative values. However, when I looked through a handful of proc_dointvec_jiffies() users, it looks like they're all expecting a positive value. Many in the networking subsystem are, in fact, writing to unsigned long variables, as I mentioned. Are there real-world cases of wanting to set a negative jiffie value via proc_dointvec_jiffies()? > >> > >> However, in some scenarios, users would adopt the data to > >> set timers or check whether time is expired. Generally, the data > >> will be cast to an unsigned type variable, then the negative data > >> becomes a very large unsigned value, which leads to long waits > >> or other unpredictable problems. > >> > >> Here, we add a new func, proc_dointvec_jiffies_minmax, to limit the > >> min/max write value, which is similar to the proc_dointvec_minmax func. > >> > >> Signed-off-by: Zhiqiang Liu <liuzhiqiang26@huawei.com> > >> Reported-by: Qiang Ning <ningqiang1@huawei.com> > >> Reviewed-by: Jie Liu <liujie165@huawei.com> If proc_dointvec_jiffies() can't just be fixed, where will the new function get used? It seems all the "unsigned int" users could benefit. -- Kees Cook ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH next] sysctl: add proc_dointvec_jiffies_minmax to limit the min/max write value 2019-05-15 17:06 ` [PATCH next] sysctl: add proc_dointvec_jiffies_minmax to limit the min/max write value Kees Cook @ 2019-06-04 15:27 ` Zhiqiang Liu 2019-07-01 8:06 ` Zhiqiang Liu 2019-07-02 19:32 ` Luis Chamberlain 0 siblings, 2 replies; 4+ messages in thread From: Zhiqiang Liu @ 2019-06-04 15:27 UTC (permalink / raw) To: Kees Cook, akpm Cc: mcgrof, linux-kernel, linux-fsdevel, ebiederm, pbonzini, viro, adobriyan, mingfangsen, wangxiaogang3, Zhoukang (A), netdev, netdev > On Wed, May 15, 2019 at 10:53:55PM +0800, Zhiqiang Liu wrote: > > (Please include akpm on CC for next versions of this, as he's likely > the person to take this patch.) Thanks for your advice. And sorry to reply you so late. >>>> In proc_dointvec_jiffies func, the write value is only checked >>>> whether it is larger than INT_MAX. If the write value is less >>>> than zero, it can also be successfully writen in the data. > > This appears to be "be design", but I see many "unsigned int" users > that might be tricked into giant values... (for example, see > net/netfilter/nf_conntrack_standalone.c) > > Should proc_dointvec_jiffies() just be fixed to disallow negative values > entirely? Looking at the implementation, it seems to be very intentional > about accepting negative values. > > However, when I looked through a handful of proc_dointvec_jiffies() > users, it looks like they're all expecting a positive value. Many in the > networking subsystem are, in fact, writing to unsigned long variables, > as I mentioned. > I totally agree with you. And I also cannot find an scenario that expects negative values. Consideing the "negative" scenario may be exist, I add the proc_dointvec_jiffies_minmax like proc_dointvec_minmax. > Are there real-world cases of wanting to set a negative jiffie value > via proc_dointvec_jiffies()? Until now, I do not find such cases. >>>> >>>> Here, we add a new func, proc_dointvec_jiffies_minmax, to limit the >>>> min/max write value, which is similar to the proc_dointvec_minmax func. >>>> > > If proc_dointvec_jiffies() can't just be fixed, where will the new > function get used? It seems all the "unsigned int" users could benefit. > I tend to add the proc_dointvec_jiffies_minmax func to provide more choices and not change the previous use of proc_dointvec_jiffies func. Thanks for your reply again. ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH next] sysctl: add proc_dointvec_jiffies_minmax to limit the min/max write value 2019-06-04 15:27 ` Zhiqiang Liu @ 2019-07-01 8:06 ` Zhiqiang Liu 2019-07-02 19:32 ` Luis Chamberlain 1 sibling, 0 replies; 4+ messages in thread From: Zhiqiang Liu @ 2019-07-01 8:06 UTC (permalink / raw) To: Kees Cook, akpm Cc: mcgrof, linux-kernel, linux-fsdevel, ebiederm, pbonzini, viro, adobriyan, mingfangsen, wangxiaogang3, Zhoukang (A), netdev friendly ping ... On 2019/6/4 23:27, Zhiqiang Liu wrote: >> On Wed, May 15, 2019 at 10:53:55PM +0800, Zhiqiang Liu wrote: >> >> (Please include akpm on CC for next versions of this, as he's likely >> the person to take this patch.) > Thanks for your advice. And sorry to reply you so late. > >>>>> In proc_dointvec_jiffies func, the write value is only checked >>>>> whether it is larger than INT_MAX. If the write value is less >>>>> than zero, it can also be successfully writen in the data. >> >> This appears to be "be design", but I see many "unsigned int" users >> that might be tricked into giant values... (for example, see >> net/netfilter/nf_conntrack_standalone.c) >> >> Should proc_dointvec_jiffies() just be fixed to disallow negative values >> entirely? Looking at the implementation, it seems to be very intentional >> about accepting negative values. >> >> However, when I looked through a handful of proc_dointvec_jiffies() >> users, it looks like they're all expecting a positive value. Many in the >> networking subsystem are, in fact, writing to unsigned long variables, >> as I mentioned. >> > I totally agree with you. And I also cannot find an scenario that expects > negative values. Consideing the "negative" scenario may be exist, I add the > proc_dointvec_jiffies_minmax like proc_dointvec_minmax. > >> Are there real-world cases of wanting to set a negative jiffie value >> via proc_dointvec_jiffies()? > Until now, I do not find such cases. > >>>>> >>>>> Here, we add a new func, proc_dointvec_jiffies_minmax, to limit the >>>>> min/max write value, which is similar to the proc_dointvec_minmax func. >>>>> >> >> If proc_dointvec_jiffies() can't just be fixed, where will the new >> function get used? It seems all the "unsigned int" users could benefit. >> > I tend to add the proc_dointvec_jiffies_minmax func to provide more choices and > not change the previous use of proc_dointvec_jiffies func. > > Thanks for your reply again. > > > . > ^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH next] sysctl: add proc_dointvec_jiffies_minmax to limit the min/max write value 2019-06-04 15:27 ` Zhiqiang Liu 2019-07-01 8:06 ` Zhiqiang Liu @ 2019-07-02 19:32 ` Luis Chamberlain 1 sibling, 0 replies; 4+ messages in thread From: Luis Chamberlain @ 2019-07-02 19:32 UTC (permalink / raw) To: Zhiqiang Liu Cc: Kees Cook, akpm, linux-kernel, linux-fsdevel, ebiederm, pbonzini, viro, adobriyan, mingfangsen, wangxiaogang3, Zhoukang (A), netdev On Tue, Jun 04, 2019 at 11:27:51PM +0800, Zhiqiang Liu wrote: > > On Wed, May 15, 2019 at 10:53:55PM +0800, Zhiqiang Liu wrote: > >>>> In proc_dointvec_jiffies func, the write value is only checked > >>>> whether it is larger than INT_MAX. If the write value is less > >>>> than zero, it can also be successfully writen in the data. > > > > This appears to be "be design", but I see many "unsigned int" users > > that might be tricked into giant values... (for example, see > > net/netfilter/nf_conntrack_standalone.c) > > > > Should proc_dointvec_jiffies() just be fixed to disallow negative values > > entirely? Looking at the implementation, it seems to be very intentional > > about accepting negative values. > > > > However, when I looked through a handful of proc_dointvec_jiffies() > > users, it looks like they're all expecting a positive value. Many in the > > networking subsystem are, in fact, writing to unsigned long variables, > > as I mentioned. > > > I totally agree with you. And I also cannot find an scenario that expects > negative values. Consideing the "negative" scenario may be exist, I add the > proc_dointvec_jiffies_minmax like proc_dointvec_minmax. If no negative values exist, and there is no real point to it, then just rename the existing one and update the docs. Luis ^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-07-02 19:32 UTC | newest] Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- [not found] <032e024f-2b1b-a980-1b53-d903bc8db297@huawei.com> [not found] ` <3e421384-a9cb-e534-3370-953c56883516@huawei.com> [not found] ` <d5138655-41a8-0177-ae0d-c4674112bf56@huawei.com> 2019-05-15 17:06 ` [PATCH next] sysctl: add proc_dointvec_jiffies_minmax to limit the min/max write value Kees Cook 2019-06-04 15:27 ` Zhiqiang Liu 2019-07-01 8:06 ` Zhiqiang Liu 2019-07-02 19:32 ` Luis Chamberlain
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).