2011-06-09 17:19:54

by Alexey Dobriyan

[permalink] [raw]
Subject: Re: + sysctl-add-proc_dointvec_unsigned-handler-update.patch added to -mm tree

On Wed, Jun 8, 2011 at 11:45 PM, <[email protected]> wrote:
> --- a/kernel/sysctl.c~sysctl-add-proc_dointvec_unsigned-handler-update
> +++ a/kernel/sysctl.c
> @@ -2515,6 +2515,7 @@ int proc_dointvec_unsigned(struct ctl_ta
> ?{
> ? ? ? ?struct do_proc_dointvec_minmax_conv_param param = {
> ? ? ? ? ? ? ? ?.min = &zero,
> + ? ? ? ? ? ? ? .max = (int *) table->extra2,
> ? ? ? ?};
> ? ? ? ?return do_proc_dointvec(table, write, buffer, lenp, ppos,
> ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?do_proc_dointvec_minmax_conv, &param);

This is still buggybecause "zero" is only 1 variable and max can be an array.
Sysctl boundary comparisons are done element-by-element.


2011-06-10 09:51:54

by Dave Young

[permalink] [raw]
Subject: Re: + sysctl-add-proc_dointvec_unsigned-handler-update.patch added to -mm tree

On Fri, Jun 10, 2011 at 1:19 AM, Alexey Dobriyan <[email protected]> wrote:
> On Wed, Jun 8, 2011 at 11:45 PM,  <[email protected]> wrote:
>> --- a/kernel/sysctl.c~sysctl-add-proc_dointvec_unsigned-handler-update
>> +++ a/kernel/sysctl.c
>> @@ -2515,6 +2515,7 @@ int proc_dointvec_unsigned(struct ctl_ta
>>  {
>>        struct do_proc_dointvec_minmax_conv_param param = {
>>                .min = &zero,
>> +               .max = (int *) table->extra2,
>>        };
>>        return do_proc_dointvec(table, write, buffer, lenp, ppos,
>>                                do_proc_dointvec_minmax_conv, &param);
>
> This is still buggybecause "zero" is only 1 variable and max can be an array.
> Sysctl boundary comparisons are done element-by-element.

Where's the array use case?

--
Regards
dave