Re: [PATCH v3] proc_sysctl: fix oops caused by incorrect command parameters.

[Xiaoming Ni]

On 2021/1/12 12:33, Andrew Morton wrote:
> On Tue, 12 Jan 2021 11:31:55 +0800 Xiaoming Ni <nixiaoming@xxxxxxxxxx> wrote:
>
> > The process_sysctl_arg() does not check whether val is empty before
> >   invoking strlen(val). If the command line parameter () is incorrectly
> >   configured and val is empty, oops is triggered.
> >
> > --- a/fs/proc/proc_sysctl.c
> > +++ b/fs/proc/proc_sysctl.c
> > @@ -1770,6 +1770,9 @@ static int process_sysctl_arg(char *param, char *val,
> >   			return 0;
> >   	}
> >   
> > +	if (!val)
> > +		return -EINVAL;
> > +
>
> I think v2 (return 0) was preferable.  Because all the other error-out
> cases in process_sysctl_arg() also do a `return 0'.

https://lore.kernel.org/lkml/bc098af4-c0cd-212e-d09d-46d617d0acab@xxxxxxxxxx/

patch4:
    +++ b/fs/proc/proc_sysctl.c
    @@ -1757,6 +1757,9 @@ static int process_sysctl_arg(char *param, 
char *val,
            loff_t pos = 0;
            ssize_t wret;

    +       if (!val)
    +               return 0;
    +
            if (strncmp(param, "sysctl", sizeof("sysctl") - 1) == 0) {
                    param += sizeof("sysctl") - 1;

Is this the version you're talking about?

> If we're going to do a separate "patch: make process_sysctl_arg()
> return an errno instead of 0" then fine, we can discuss that.  But it's
> conceptually a different work from fixing this situation.
> .
However, are the logs generated by process_sysctl_arg() clearer and more 
accurate than parse_args()? Should the logs generated by 
process_sysctl_arg() be deleted?

Thanks
Xiaoming Ni