Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp3787799yba; Tue, 16 Apr 2019 20:18:39 -0700 (PDT) X-Google-Smtp-Source: APXvYqwDMwyA3kgZK9yUgo/pEHWF5p8HWMQ0xkZGzdrorsQhSkQM9/ktdSuIQCiY18xs7OSokFI5 X-Received: by 2002:aa7:87c5:: with SMTP id i5mr81691174pfo.20.1555471119362; Tue, 16 Apr 2019 20:18:39 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1555471119; cv=none; d=google.com; s=arc-20160816; b=l+LM2QGUOhl7RE1WqI0rHlNG3HkvxEL3IYPhvhxS+2z3zcPhnvW5EOZk16J4EvKBVH P0Cvz5utLa+IyeIsEC+MEsImrYO5/HiW8MNB0rTQMF5+QhNGxZ2B+GU5E3jfKcz8mUdL UL4iQlh+HXaGksf6KALH1qSH8LEa18+gB70rwV9pQ3FkZXcbT6u6qWP8ooNvaqxymbpM N281hUjZUztfPaX3cIjeWWfWRNeHTkRP21pYXtC7SEmoWIUUUkACyTRJDkl+OoB2TFia U0QVuTLKts/oXAYXE+1VFgIcjnT+GJdyk/l5cPH9soMPBLbR5RFsU4bFSq5uTiyJSk1l 67Xw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :references:in-reply-to:message-id:subject:cc:to:from:date; bh=tmv1OIoHLD43Xpwojw8+fU1amBozKGygG0uEbQCdeHY=; b=DMKeSi3erKn+93cs4nRc8QLwr3Az3AiYFEsTO7waDB2xVtMeGqEzHxSswg44hi+qd6 y1tWwCxX5gBicqUDFe3HiQPbR9z/AnyyPXOBPpqHggCdBeeFPaTM1Z7f0grTZwL8309O mdFefbsPnEidUT/wv4JO6NitJ8TDL7Aen2oWpyoqwZ9Ggn9bhPGmquly/jeZyFzUiXdC QK2cPxuy8E4BYNXvxJTwlNOq9DMBU5roDHiLSc6HKShEX0Ezn4LHr7E/+u6vE3NFK2Ys Hz0FY5OQRJYdqR2Wr15dQCZJisGdctoE5fCf4EJyxTrrvxHby1Uzn8sRYx0WGKIKBpcM rc5w== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id k5si103423pgq.193.2019.04.16.20.18.23; Tue, 16 Apr 2019 20:18:39 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729901AbfDQDRn (ORCPT + 99 others); Tue, 16 Apr 2019 23:17:43 -0400 Received: from mail.linuxfoundation.org ([140.211.169.12]:59140 "EHLO mail.linuxfoundation.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728083AbfDQDRn (ORCPT ); Tue, 16 Apr 2019 23:17:43 -0400 Received: from localhost.localdomain (c-73-223-200-170.hsd1.ca.comcast.net [73.223.200.170]) by mail.linuxfoundation.org (Postfix) with ESMTPSA id 6056CA70; Wed, 17 Apr 2019 03:17:42 +0000 (UTC) Date: Tue, 16 Apr 2019 20:17:41 -0700 From: Andrew Morton To: Matteo Croce Cc: LKML , linux-fsdevel@vger.kernel.org, Kees Cook Subject: Re: [PATCH v2] proc/sysctl: add shared variables for range check Message-Id: <20190416201741.19395c715a1cb0f2130e795a@linux-foundation.org> In-Reply-To: <20190417005943.17448-1-mcroce@redhat.com> References: <20190417005943.17448-1-mcroce@redhat.com> X-Mailer: Sylpheed 3.5.1 (GTK+ 2.24.31; x86_64-pc-linux-gnu) Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Wed, 17 Apr 2019 02:59:43 +0200 Matteo Croce wrote: > In the sysctl code the proc_dointvec_minmax() function is often used to > validate the user supplied value between an allowed range. This function > uses the extra1 and extra2 members from struct ctl_table as minimum and > maximum allowed value. > > On sysctl handler declaration, in every source file there are some readonly > variables containing just an integer which address is assigned to the > extra1 and extra2 members, so the sysctl range is enforced. > > The special values 0, 1 and INT_MAX are very often used as range boundary, > leading duplication of variables like zero=0, one=1, int_max=INT_MAX in > different source files: > > $ git grep -E '\.extra[12].*&(zero|one|int_max)\b' |wc -l > 245 > > This patch adds three const variables for the most commonly used values, > and use them instead of creating a local one for every object file. > Nice. A few thoughts: > --- a/arch/s390/appldata/appldata_base.c > +++ b/arch/s390/appldata/appldata_base.c > @@ -220,15 +220,13 @@ appldata_timer_handler(struct ctl_table *ctl, int write, > void __user *buffer, size_t *lenp, loff_t *ppos) > { > int timer_active = appldata_timer_active; > - int zero = 0; > - int one = 1; > int rc; > struct ctl_table ctl_entry = { > .procname = ctl->procname, > .data = &timer_active, > .maxlen = sizeof(int), > - .extra1 = &zero, > - .extra2 = &one, > + .extra1 = (void *)&sysctl_zero, > + .extra2 = (void *)&sysctl_one, The casts are ugly, and by casting away constness they introduce the risk that some errant could could change the value of 0, 1 and INT_MAX! Maybe - perhaps trying to do that would cause a segv but still, they're ugly. A proper fix would require changing extra1 and extra2 to const void *. Perhaps that would be unfeasibly extensive? > ... > > --- a/fs/proc/proc_sysctl.c > +++ b/fs/proc/proc_sysctl.c > @@ -21,6 +21,11 @@ static const struct inode_operations proc_sys_inode_operations; > static const struct file_operations proc_sys_dir_file_operations; > static const struct inode_operations proc_sys_dir_operations; > > +/* shared constants to be used in various sysctls */ > +const int sysctl_zero = 0; > +const int sysctl_one = 1; > +const int sysctl_int_max = INT_MAX; Don't these require EXPORT_SYMBOL()?