On Tue, 12 Jan 2021 11:31:55 +0800 Xiaoming Ni <nixiaoming@xxxxxxxxxx> wrote:
The process_sysctl_arg() does not check whether val is empty before
invoking strlen(val). If the command line parameter () is incorrectly
configured and val is empty, oops is triggered.
--- a/fs/proc/proc_sysctl.c
+++ b/fs/proc/proc_sysctl.c
@@ -1770,6 +1770,9 @@ static int process_sysctl_arg(char *param, char *val,
return 0;
}
+ if (!val)
+ return -EINVAL;
+
I think v2 (return 0) was preferable. Because all the other error-out
cases in process_sysctl_arg() also do a `return 0'.
However, are the logs generated by process_sysctl_arg() clearer and more accurate than parse_args()? Should the logs generated by process_sysctl_arg() be deleted?
If we're going to do a separate "patch: make process_sysctl_arg()
return an errno instead of 0" then fine, we can discuss that. But it's
conceptually a different work from fixing this situation.
.