Re: [PATCH] proc_sysctl: clamp sizes using table->maxlen

From: Alex Xu (Hello71)
Date: Sat Feb 27 2021 - 09:46:34 EST

Next message: Steven Rostedt: "Re: [blktrace] c055908abe: WARNING:at_kernel/trace/trace.c:#create_trace_option_files"
Previous message: Tebanibe Guidayema: "Hello"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Excerpts from Christoph Hellwig's message of February 16, 2021 3:47 am:
> How do these maxlen = 0 entries even survive the sysctl_check_table
> check?

maxlen!=0 is only checked for "default" handlers, e.g. proc_dostring,
proc_dointvec. it is not checked for non-default handlers, because some
of them use fixed lengths.

my patch is not correct though because some drivers neither set proper
maxlen nor use memcpy themselves; instead, they construct a ctl_table on
the stack and call proc_*.

> Please split this into one patch each each subsystem that sets maxlen
> to 0 and the actual change to proc_sysctl.c.

I will do this with a new patch version once I figure out a way to
comprehensively fix all the drivers setting bogus values for maxlen
(sometimes maxlen=0 is valid if only blank writes are permitted, and
some drivers set random values which have no relation to the actual read
size).

Thank you for the review.

Next message: Steven Rostedt: "Re: [blktrace] c055908abe: WARNING:at_kernel/trace/trace.c:#create_trace_option_files"
Previous message: Tebanibe Guidayema: "Hello"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]