* [PATCH net-next v2 0/2] Fix overflow errors in /proc/sys/net/ipv4/neigh/ @ 2013-07-24 14:52 Francesco Fusco 2013-07-24 14:52 ` [PATCH net-next v2 1/2] neigh: prevent overflowing params " Francesco Fusco 2013-07-24 14:52 ` [PATCH net-next v2 2/2] sysctl: range checking in do_proc_dointvec_ms_jiffies_conv Francesco Fusco 0 siblings, 2 replies; 3+ messages in thread From: Francesco Fusco @ 2013-07-24 14:52 UTC (permalink / raw) To: davem; +Cc: netdev These two patches fix possible overflow errors in /proc/sys/net/ipv4/neigh/. Francesco Fusco (2): neigh: prevent overflowing params in /proc/sys/net/ipv4/neigh/ sysctl: range checking in do_proc_dointvec_ms_jiffies_conv kernel/sysctl.c | 6 +++++- net/core/neighbour.c | 29 ++++++++++++++++++++++------- 2 files changed, 27 insertions(+), 8 deletions(-) -- 1.8.3.1 ^ permalink raw reply [flat|nested] 3+ messages in thread
* [PATCH net-next v2 1/2] neigh: prevent overflowing params in /proc/sys/net/ipv4/neigh/ 2013-07-24 14:52 [PATCH net-next v2 0/2] Fix overflow errors in /proc/sys/net/ipv4/neigh/ Francesco Fusco @ 2013-07-24 14:52 ` Francesco Fusco 2013-07-24 14:52 ` [PATCH net-next v2 2/2] sysctl: range checking in do_proc_dointvec_ms_jiffies_conv Francesco Fusco 1 sibling, 0 replies; 3+ messages in thread From: Francesco Fusco @ 2013-07-24 14:52 UTC (permalink / raw) To: davem; +Cc: netdev Without this patch, the fields app_solicit, gc_thresh1, gc_thresh2, gc_thresh3, proxy_qlen, ucast_solicit, mcast_solicit could have assumed negative values when setting large numbers. Signed-off-by: Francesco Fusco <ffusco@redhat.com> --- net/core/neighbour.c | 29 ++++++++++++++++++++++------- 1 file changed, 22 insertions(+), 7 deletions(-) diff --git a/net/core/neighbour.c b/net/core/neighbour.c index b7de821..9232c68 100644 --- a/net/core/neighbour.c +++ b/net/core/neighbour.c @@ -2767,6 +2767,7 @@ EXPORT_SYMBOL(neigh_app_ns); #ifdef CONFIG_SYSCTL static int zero; +static int int_max = INT_MAX; static int unres_qlen_max = INT_MAX / SKB_TRUESIZE(ETH_FRAME_LEN); static int proc_unres_qlen(struct ctl_table *ctl, int write, @@ -2819,19 +2820,25 @@ static struct neigh_sysctl_table { .procname = "mcast_solicit", .maxlen = sizeof(int), .mode = 0644, - .proc_handler = proc_dointvec, + .extra1 = &zero, + .extra2 = &int_max, + .proc_handler = proc_dointvec_minmax, }, [NEIGH_VAR_UCAST_PROBE] = { .procname = "ucast_solicit", .maxlen = sizeof(int), .mode = 0644, - .proc_handler = proc_dointvec, + .extra1 = &zero, + .extra2 = &int_max, + .proc_handler = proc_dointvec_minmax, }, [NEIGH_VAR_APP_PROBE] = { .procname = "app_solicit", .maxlen = sizeof(int), .mode = 0644, - .proc_handler = proc_dointvec, + .extra1 = &zero, + .extra2 = &int_max, + .proc_handler = proc_dointvec_minmax, }, [NEIGH_VAR_RETRANS_TIME] = { .procname = "retrans_time", @@ -2874,7 +2881,9 @@ static struct neigh_sysctl_table { .procname = "proxy_qlen", .maxlen = sizeof(int), .mode = 0644, - .proc_handler = proc_dointvec, + .extra1 = &zero, + .extra2 = &int_max, + .proc_handler = proc_dointvec_minmax, }, [NEIGH_VAR_ANYCAST_DELAY] = { .procname = "anycast_delay", @@ -2916,19 +2925,25 @@ static struct neigh_sysctl_table { .procname = "gc_thresh1", .maxlen = sizeof(int), .mode = 0644, - .proc_handler = proc_dointvec, + .extra1 = &zero, + .extra2 = &int_max, + .proc_handler = proc_dointvec_minmax, }, [NEIGH_VAR_GC_THRESH2] = { .procname = "gc_thresh2", .maxlen = sizeof(int), .mode = 0644, - .proc_handler = proc_dointvec, + .extra1 = &zero, + .extra2 = &int_max, + .proc_handler = proc_dointvec_minmax, }, [NEIGH_VAR_GC_THRESH3] = { .procname = "gc_thresh3", .maxlen = sizeof(int), .mode = 0644, - .proc_handler = proc_dointvec, + .extra1 = &zero, + .extra2 = &int_max, + .proc_handler = proc_dointvec_minmax, }, {}, }, -- 1.8.3.1 ^ permalink raw reply related [flat|nested] 3+ messages in thread
* [PATCH net-next v2 2/2] sysctl: range checking in do_proc_dointvec_ms_jiffies_conv 2013-07-24 14:52 [PATCH net-next v2 0/2] Fix overflow errors in /proc/sys/net/ipv4/neigh/ Francesco Fusco 2013-07-24 14:52 ` [PATCH net-next v2 1/2] neigh: prevent overflowing params " Francesco Fusco @ 2013-07-24 14:52 ` Francesco Fusco 1 sibling, 0 replies; 3+ messages in thread From: Francesco Fusco @ 2013-07-24 14:52 UTC (permalink / raw) To: davem; +Cc: netdev, Andrew Morton, linux-kernel When (integer) sysctl values are expressed in ms and have to be represented internally as jiffies. The msecs_to_jiffies function returns an unsigned long, which gets assigned to the integer. This patch prevents the value to be assigned if bigger than INT_MAX, done in a similar way as in cba9f3 ("Range checking in do_proc_dointvec_(userhz_)jiffies_conv"). Signed-off-by: Francesco Fusco <ffusco@redhat.com> CC: Andrew Morton <akpm@linux-foundation.org> CC: linux-kernel@vger.kernel.org --- v1 => v2 - fix style suggested by Sergei Shtylyov kernel/sysctl.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/kernel/sysctl.c b/kernel/sysctl.c index ac09d98..07f6fc4 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -2346,7 +2346,11 @@ static int do_proc_dointvec_ms_jiffies_conv(bool *negp, unsigned long *lvalp, int write, void *data) { if (write) { - *valp = msecs_to_jiffies(*negp ? -*lvalp : *lvalp); + unsigned long jif = msecs_to_jiffies(*negp ? -*lvalp : *lvalp); + + if (jif > INT_MAX) + return 1; + *valp = (int)jif; } else { int val = *valp; unsigned long lval; -- 1.8.3.1 ^ permalink raw reply related [flat|nested] 3+ messages in thread
end of thread, other threads:[~2013-07-24 14:52 UTC | newest] Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2013-07-24 14:52 [PATCH net-next v2 0/2] Fix overflow errors in /proc/sys/net/ipv4/neigh/ Francesco Fusco 2013-07-24 14:52 ` [PATCH net-next v2 1/2] neigh: prevent overflowing params " Francesco Fusco 2013-07-24 14:52 ` [PATCH net-next v2 2/2] sysctl: range checking in do_proc_dointvec_ms_jiffies_conv Francesco Fusco
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).