Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp118646imm; Tue, 16 Oct 2018 19:20:29 -0700 (PDT) X-Google-Smtp-Source: ACcGV60uUum4ba8Wa0UarTCvzS4EoT54mJjoQ6r62ZNamDA4b88J3wSVODYX8EvMTKnvaG0S33Qk X-Received: by 2002:a17:902:1004:: with SMTP id b4-v6mr8597906pla.172.1539742829240; Tue, 16 Oct 2018 19:20:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539742829; cv=none; d=google.com; s=arc-20160816; b=WW4B1s2p/p9TvoADtYs+jN8Jtx5ZEF2oOqrKVaNZT3k1on3tc+9BmfXrVAJGxcVMXO Y27xk8U5IKJXbZnGJC0/y8hRTcnL+koka0r8N3kzEOapbp9poZg0eXD376eV5hZ5vnJz nvUyhh38l4YaFnFg20UyBC1zk/0RV+i3xmV/niUiSVL7bXBFgNv1qvcAzmxRFcE5L5Li HyMUb23zVThpFiNSStS5WgFld+tVXG7m8ZRe9qwC0Q2gR5uH4uBDo2K7J+1PFKXd7sv0 TPKGvko/1zvzNvxmWB8DF8jWwnbv6zozyaSj74StXxT99i4gqmHUpm41pmV0wmmLAnD1 N6Kg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :references:in-reply-to:mime-version:dkim-signature; bh=fmS4tWhzloUUJqiAdoh6mxdsNrq3Rd/E5QAg9bsl7MY=; b=J7I5OjMTGRs0nh7BGgec4ksFUw9iekAKt+7jOwnUbb/0qYa2Bb5C/t/jmf2c2ZXnIT +e8fhlFiDrIPq6gsAea8JNJj5OwhFFky1nVIPeQFSKxY4iHgvYfp8XsvIG1BxnJLCBfi wYvwvMOqtaRohqwCmpW5RqKcDAenwuxFVb7R3Ki5cgip2nGGg2FtTzZ2QDqCPTXn67t6 Mv4mJpef1mwRddK3GbQIoEDLkLmrltU2jsXUYIzO3S0aAvLLLF8c7V9fcy2VJUJ3wKff 6fGivgi+DhZwyZ+qyuBM6X8ub3LZpsfGDF0Fh9sf2qivSe8r7pScRWxs2diPn8yp/oI6 uZug== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b="AF/qJh14"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id j30-v6si15488767pgl.4.2018.10.16.19.20.13; Tue, 16 Oct 2018 19:20:29 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b="AF/qJh14"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727332AbeJQKNB (ORCPT + 99 others); Wed, 17 Oct 2018 06:13:01 -0400 Received: from mail-yb1-f196.google.com ([209.85.219.196]:38730 "EHLO mail-yb1-f196.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727178AbeJQKNB (ORCPT ); Wed, 17 Oct 2018 06:13:01 -0400 Received: by mail-yb1-f196.google.com with SMTP id e190-v6so9736015ybb.5 for ; Tue, 16 Oct 2018 19:19:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=fmS4tWhzloUUJqiAdoh6mxdsNrq3Rd/E5QAg9bsl7MY=; b=AF/qJh146laykI9gT6QmcZWIHVJxCD2AZAkPEtWCVqQq5RSZ70L2xSkX7iaPiYjujZ G2SS+CyVnnROkoz6ywljm0XS7V3tdffI16BPqi7Scy4zzRHQQ3B8HLO+hX/JIlte2ee+ mI9U4HLV1cYuProy3SDHrZC6W08VtGVRX6mpc= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=fmS4tWhzloUUJqiAdoh6mxdsNrq3Rd/E5QAg9bsl7MY=; b=uXvdbUgKvfta8xCfLevji3ibuI5V4wLvJbb6gRZu9g2DtmrCngqLufmH42bxTHI7QA SSWohJK7oZZulx0e3sO+bsgwmZ9ozjmqWlfLJF9/TVBDPg3LVkGYPZi23L0PN2H6/ShJ GThGlRqrvULqlSFJfcmvq3VVlwplqQ4PmYhloAhffnrUR6+ys06aH/ryGH2aPNa8bgKL TWelj/EaR7ZGdTRSnKkyeTOkUZyCLmN9o4Te60A/ChMEfp5cxSVkaqArb1I1dVnw6+KY evKIm/vB/b1Be69TVlO3KKFyKKBzWtHokzYBkzQQQaobY6j2l1V5Ae0s/hCcv6QCab0A HkaQ== X-Gm-Message-State: ABuFfoinOAacjfIt9J8x1I0XSPsi1iS28RE6VWfxH+EOfD24HrWF6dBx kJ3cjmxr7Psd2+YBVh+0+AZK2exOUlk= X-Received: by 2002:a25:4982:: with SMTP id w124-v6mr12662842yba.85.1539742778334; Tue, 16 Oct 2018 19:19:38 -0700 (PDT) Received: from mail-yb1-f182.google.com (mail-yb1-f182.google.com. [209.85.219.182]) by smtp.gmail.com with ESMTPSA id q2-v6sm3840666ywg.87.2018.10.16.19.19.36 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 16 Oct 2018 19:19:37 -0700 (PDT) Received: by mail-yb1-f182.google.com with SMTP id e190-v6so9735987ybb.5 for ; Tue, 16 Oct 2018 19:19:36 -0700 (PDT) X-Received: by 2002:a25:bcc6:: with SMTP id l6-v6mr2427739ybm.171.1539742776434; Tue, 16 Oct 2018 19:19:36 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a25:d116:0:0:0:0:0 with HTTP; Tue, 16 Oct 2018 19:19:35 -0700 (PDT) In-Reply-To: References: <20181016223322.16844-1-christian@brauner.io> <20181016223322.16844-2-christian@brauner.io> <877eihjw0n.fsf@xmission.com> From: Kees Cook Date: Tue, 16 Oct 2018 19:19:35 -0700 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v3 1/2] sysctl: handle overflow in proc_get_long To: Christian Brauner Cc: "Eric W . Biederman" , LKML , "Luis R. Rodriguez" , Andrew Morton , Joe Lawrence , Waiman Long , Dominik Brodowski , Al Viro , Alexey Dobriyan , Linux API Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Tue, Oct 16, 2018 at 5:24 PM, Christian Brauner wrote: > Right, but if you write a value that exceeds the buffer of 22 chars that is used > to parse you already get EINVAL back on current kernels. > So it didn't feel like returning EOVERFLOW or ERANGE might make sense. > I saw a change in 4.10 or 4.11 as well that used EINVAL on UINT_MAX overflow > or something. EINVAL might be enough information for userspace here ?/. I'd agree: I think there is more precedent for EINVAL. -Kees -- Kees Cook Pixel Security