From: Maciej Żenczykowski <[email protected]>
Writing to an unallocated bitmap (with echo) results in an infinite
loop - although I'm not clear if this is in kernel or in userspace.
We return ENOMEDIUM 'No medium found', because it's the best error
I could come up with to describe the situation.
(Note: I'm not aware of any actual way to hit this with current
kernel code, I hit this while testing new code, but it still seems
like it should be fixed, especially since it prevented my machine
from booting, and didn't even have the dignity to crash...)
Cc: Luis Chamberlain <[email protected]>
Cc: Kees Cook <[email protected]>
Cc: Iurii Zaikin <[email protected]>
Cc: Linux Kernel Mailing List <[email protected]>
Cc: Linus FS Devel Mailing List <[email protected]>
Signed-off-by: Maciej Żenczykowski <[email protected]>
---
kernel/sysctl.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 2c3958d2f463..431966967c99 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -3174,6 +3174,11 @@ int proc_do_large_bitmap(struct ctl_table *table, int write,
unsigned long *tmp_bitmap = NULL;
char tr_a[] = { '-', ',', '\n' }, tr_b[] = { ',', '\n', 0 }, c;
+ if (write && (!bitmap || !bitmap_len))
+ /* returning 0 could cause an infinite loop */
+ return -ENOMEDIUM;
+ }
+
if (!bitmap || !bitmap_len || !left || (*ppos && !write)) {
*lenp = 0;
return 0;
--
2.24.0.432.g9d3f5f5b63-goog
On Wed, Nov 27, 2019 at 4:44 AM Luis Chamberlain <[email protected]> wrote:
>
>Can you also extend the tools/testing/selftests/sysctl and respectful lib/test_sysctl.c if needed with a test to cover this case or other cases you can think of to trigger this issue?
+1
On Wed, Nov 27, 2019 at 1:55 AM Maciej Żenczykowski
<[email protected]> wrote:
> We return ENOMEDIUM 'No medium found', because it's the best error
> I could come up with to describe the situation.
EFAULT for bitmap == NULL and
EINVAL for bitmap_len == 0?