Received: by 10.213.65.68 with SMTP id h4csp284607imn;
        Mon, 12 Mar 2018 13:47:28 -0700 (PDT)
X-Google-Smtp-Source: AG47ELv4B+cGg2Irw5855w4aPLdCANmuRP+0SymYqrvNny+09n9xsqQmmU8x9j17QYiA6pgX16Tj
X-Received: by 2002:a17:902:167:: with SMTP id 94-v6mr9522573plb.294.1520887648457;
        Mon, 12 Mar 2018 13:47:28 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1520887648; cv=none;
        d=google.com; s=arc-20160816;
        b=t3iJGZIQp1fkpxCiMZBiAdxRumUPEDJ/Q0AwosVKCfGlvV4phPmQpWCTJCRTWovzaG
         dU/E3qfYObU75e3Rm0xrCqgOyPEFv+hK8nLYQUX0UG8/xjfjVFdTk9DsiFdqLuZsKyeh
         U0o21rezV/OPg5ZSbPYd4zmKkoeSMBiJum0+gAncuDGq1ak6NRJJviGi6yOW9vW9LFSS
         k0b/8cXafnPwkJapXFwmOeiEwyEeFDKmOvTdE0qx1OvGaF/yUFyvFM7oU5Xq1XTgtecx
         sZjEYHmm5BKAjv9NzTyujko6zvSBlSBvZd2g++F+0oRXv+69u+PBTNA1+L6XEsLpnA6o
         qbIw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date:arc-authentication-results;
        bh=/7TsR00LAIljC1XyX9yyS7sbc5+Wjrjmku0IU8yQR5I=;
        b=k4uSWXwrwz71XGxuQSfjkOko0aWiMlYbNtD4FIowdDdqugq53fWN98+nZ3vxEol0HD
         w29LkqGwge469jLhEvW/LJ/2IWhpgRtjb4VT7HtFbFIt3vpeGXXoJSfc2MDnVNvbGfgS
         k2KdJyzfR2UVyWijxRpZoMcUX8eWvS/MO9r3NmfmeMjWupTea5J8dI8pmF/9T8pfT3WZ
         AXoHuBMRfsCAsT1b8123DzxGGwFOSm2buG3R4tPD562JE0TtfC1Xb6Sf0aEYX1zU1fLt
         MG/U6K3AkBMsH6Ml5QzAXDnXzfj29rnlOvk0cetGfWVa+XVwPej0ML4JT2CZEKSv8Wfp
         m0pg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id e3-v6si2977998pls.530.2018.03.12.13.47.11;
        Mon, 12 Mar 2018 13:47:28 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S932322AbeCLUqQ (ORCPT <rfc822;ablacktshirt@gmail.com>
        + 99 others); Mon, 12 Mar 2018 16:46:16 -0400
Received: from mx2.suse.de ([195.135.220.15]:47672 "EHLO mx2.suse.de"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S932247AbeCLUqP (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 12 Mar 2018 16:46:15 -0400
X-Virus-Scanned: by amavisd-new at test-mx.suse.de
Received: from relay1.suse.de (charybdis-ext.suse.de [195.135.220.254])
        by mx2.suse.de (Postfix) with ESMTP id 4665CAEF9;
        Mon, 12 Mar 2018 20:46:14 +0000 (UTC)
Date:   Mon, 12 Mar 2018 20:46:14 +0000
From:   "Luis R. Rodriguez" <mcgrof@kernel.org>
To:     Waiman Long <longman@redhat.com>
Cc:     "Luis R. Rodriguez" <mcgrof@kernel.org>,
        Kees Cook <keescook@chromium.org>,
        linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org,
        Andrew Morton <akpm@linux-foundation.org>,
        Al Viro <viro@zeniv.linux.org.uk>,
        Matthew Wilcox <willy@infradead.org>
Subject: Re: [PATCH v4 2/6] proc/sysctl: Check for invalid flags bits
Message-ID: <20180312204614.GZ4449@wotan.suse.de>
References: <1520885744-1546-1-git-send-email-longman@redhat.com>
 <1520885744-1546-3-git-send-email-longman@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <1520885744-1546-3-git-send-email-longman@redhat.com>
User-Agent: Mutt/1.6.0 (2016-04-01)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Mon, Mar 12, 2018 at 04:15:40PM -0400, Waiman Long wrote:
> Checking code is added to check for invalid flags in the ctl_table
> and return error if an unknown flag is used.

This should be merged with the first patch otherwise there are atomic
points in time on the commit log history where invalid values are allowed
and that makes no sense.

This can probably be expanded to verify semantics further. Details
below.
> 
> Signed-off-by: Waiman Long <longman@redhat.com>
> ---
>  fs/proc/proc_sysctl.c | 12 ++++++++++++
>  1 file changed, 12 insertions(+)
> 
> diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
> index 493c975..67c0c82 100644
> --- a/fs/proc/proc_sysctl.c
> +++ b/fs/proc/proc_sysctl.c
> @@ -1092,6 +1092,16 @@ static int sysctl_check_table_array(const char *path, struct ctl_table *table)
>  	return err;
>  }
>  
> +static int sysctl_check_flags(const char *path, struct ctl_table *table)
> +{
> +	int err = 0;
> +
> +	if (table->flags & ~CTL_TABLE_FLAGS_ALL)
> +		err = sysctl_err(path, table, "invalid flags");

What if a range for the upper limit is set but not the lower limit and
the user goes over the lower limit?

How about the inverse?

Do we need both ranges set?

  Luis