Received: by 10.213.65.68 with SMTP id h4csp288527imn; Mon, 12 Mar 2018 13:56:22 -0700 (PDT) X-Google-Smtp-Source: AG47ELsjMOEFY4oFUg2KMVH+tlTN04N039ONJU1T18bg7AoVdv8c/B5/8xfIWQflb9ZJ4rxdpW3Z X-Received: by 10.167.128.80 with SMTP id y16mr9186741pfm.91.1520888182923; Mon, 12 Mar 2018 13:56:22 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1520888182; cv=none; d=google.com; s=arc-20160816; b=Dxce3rZp8phWK6DT6k40RHakos6tkwwMPxeCoCXeTDo3tII+dOQTuExI2hQqQL6gXp 30GVoSVNcxx7Uv0kudN8uLD97O9IB+G5rMXEyn8rQCZW2C7AFMa9pXQGLqEzpMK8mU1F hdEoZrNdA4horEnwcGru12HdJZQ4rxRWmcK/WvJaoMc78wmteWVr5FCHWoQxu3Uh7Zum hCBBwWpy00bEySR5z7sTR/LO6apOKrk8/4lDCHma0Ag06K43i06pcH14Vgz11ketRRg/ nMPZAQpW7PQrHFO6gIoSEI/6W3L3Z6pIhC5hz7xNQnksJDthDLWeQcYeuirdjxH1mfKc 11cQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-language :content-transfer-encoding:in-reply-to:mime-version:user-agent:date :message-id:organization:from:references:cc:to:subject :arc-authentication-results; bh=noz3isIY6ofwDHKcLdGCxLkhpMhOIlxDcpZFm/MzFFI=; b=Sn6qBunZ3LJ5uL6X7Xg+3efILi6ZQy2oILSGjFNevBGlugbQTgP4CXGjPrikhNzcqZ ZPXVqTHgxzxsZsyd0Vj/Bolwc1dB529c4r47x9xSWwomntF0hEiFzDJ1m9TEqyqancGr 78ROigjJWRrSCX8B9RJ4KOOJfAeKaUFiYn3BMV/cbSaK9RbsZEcSqy8LdBpVR7LsSayc Usp8RuB58AEr1EEsejYF3fP4xUuvxNSfxqueHD3UcqHLoDU3x20h/KLAc9WyhEAbUtnp CNJDbPd6Wo8VfFOTLF7pTMCppSghSfTf7uxfkiyO8cNnNhfXyCu47MgNGk9HGS4SzakH AJbg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id a89-v6si6561360pla.611.2018.03.12.13.56.03; Mon, 12 Mar 2018 13:56:22 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932469AbeCLUyx convert rfc822-to-8bit (ORCPT + 99 others); Mon, 12 Mar 2018 16:54:53 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:57286 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S932326AbeCLUyw (ORCPT ); Mon, 12 Mar 2018 16:54:52 -0400 Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.rdu2.redhat.com [10.11.54.4]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id C761B406E8B9; Mon, 12 Mar 2018 20:54:51 +0000 (UTC) Received: from llong.remote.csb (dhcp-17-75.bos.redhat.com [10.18.17.75]) by smtp.corp.redhat.com (Postfix) with ESMTP id 7DDF02026E03; Mon, 12 Mar 2018 20:54:51 +0000 (UTC) Subject: Re: [PATCH v4 2/6] proc/sysctl: Check for invalid flags bits To: "Luis R. Rodriguez" Cc: Kees Cook , linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Andrew Morton , Al Viro , Matthew Wilcox References: <1520885744-1546-1-git-send-email-longman@redhat.com> <1520885744-1546-3-git-send-email-longman@redhat.com> <20180312204614.GZ4449@wotan.suse.de> From: Waiman Long Organization: Red Hat Message-ID: <2621ea58-174f-bfe9-8c34-12501bb775fa@redhat.com> Date: Mon, 12 Mar 2018 16:54:51 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.0 MIME-Version: 1.0 In-Reply-To: <20180312204614.GZ4449@wotan.suse.de> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8BIT Content-Language: en-US X-Scanned-By: MIMEDefang 2.78 on 10.11.54.4 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Mon, 12 Mar 2018 20:54:51 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.7]); Mon, 12 Mar 2018 20:54:51 +0000 (UTC) for IP:'10.11.54.4' DOMAIN:'int-mx04.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'longman@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On 03/12/2018 04:46 PM, Luis R. Rodriguez wrote: > On Mon, Mar 12, 2018 at 04:15:40PM -0400, Waiman Long wrote: >> Checking code is added to check for invalid flags in the ctl_table >> and return error if an unknown flag is used. > This should be merged with the first patch otherwise there are atomic > points in time on the commit log history where invalid values are allowed > and that makes no sense. > > This can probably be expanded to verify semantics further. Details > below. >> Signed-off-by: Waiman Long >> --- >> fs/proc/proc_sysctl.c | 12 ++++++++++++ >> 1 file changed, 12 insertions(+) >> >> diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c >> index 493c975..67c0c82 100644 >> --- a/fs/proc/proc_sysctl.c >> +++ b/fs/proc/proc_sysctl.c >> @@ -1092,6 +1092,16 @@ static int sysctl_check_table_array(const char *path, struct ctl_table *table) >> return err; >> } >> >> +static int sysctl_check_flags(const char *path, struct ctl_table *table) >> +{ >> + int err = 0; >> + >> + if (table->flags & ~CTL_TABLE_FLAGS_ALL) >> + err = sysctl_err(path, table, "invalid flags"); > What if a range for the upper limit is set but not the lower limit and > the user goes over the lower limit? > > How about the inverse? > > Do we need both ranges set? > > Luis This check is just to make sure that no invalid flag bit is set. Range clamping is just one of flag bits, though this is the only one currently supported. In fact, it is allowed that the minimum or maximum can be left unspecified. In this case, no minimum or maximum checking will be done. So I don't see anything related to range checking should be put here. Cheers, Longman