Received: by 2002:a05:6a10:f347:0:0:0:0 with SMTP id d7csp5686785pxu; Wed, 23 Dec 2020 02:58:10 -0800 (PST) X-Google-Smtp-Source: ABdhPJwwvOF73TAB8QiNXK/8Wm7Y5qNDNdo4tq3SxApHrOBYkee346E440Nkzz8g4mm6PUxPUrPx X-Received: by 2002:a05:6402:2292:: with SMTP id cw18mr24549170edb.336.1608721090508; Wed, 23 Dec 2020 02:58:10 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1608721090; cv=none; d=google.com; s=arc-20160816; b=vuj7WvrsP+hsF3QEejD1rCCNM53fqqBAnKXBZQQ8TBOs0+ZCUFtOUZ7uEnwYtteLjY lYOQA7AuoSn+fnRQDxeB3jNzT2sRKB2m7EI4Crh9h90rEPgSnchT4Nceqypm/NM0imPi 3YhLjEH4Qeu3VNcSHk8b7nP1VvqMeCY4CNVTE8gfLvz8xi6KU8i9ekGUt6m7DNJF9IKP Zdon2VgA4s38vqyQ1K/HKZNono15voMqpzNHClIEHEcpBrqM9pLvewKzmXE+Qpkij2KV DhkuHaojxw4M8yiOi4imhFZvIE5edICBOTik8K6xcyrPbTckRpb2y6tbHjLeuUNUgag4 CUSw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :message-id:date:subject:cc:to:from; bh=8AxkpYRHECKyUvguTLlBCicfKO1MCdvP3A1zDjTya6A=; b=MT+2VZbWjkhYZirsmT+BkqtUoMupNPTF6+VXfz6lBQMLKv082RgsM+3MnB4sIIbw8y X7odykp64XRSsd3VQ/xBQNAIisuYNFmK0+ahjXO6LDoiw1dL4aGcihWR1FFq/cDfepZ2 efGXPcwTzoiRGGKJZ6UU3yav4m/wGm5/epA3qIHEjC0LBzE94Zl2qYi+XZ9fIfhBcbYr qBphf17Oan9SJEMKqcxKh6+Z44ybAKdfQ2MbDG1GvoMA1HgqUJ+XKsbBh43GuJK4AZTE IZipslcTomI++QYAFE0VxiKt2t7am5yY3jgFYyefXsabwPXkYljfgxYVfCXhZhJmi0gy ItFg== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id j13si11711847ejc.454.2020.12.23.02.57.47; Wed, 23 Dec 2020 02:58:10 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728278AbgLWK5C (ORCPT + 99 others); Wed, 23 Dec 2020 05:57:02 -0500 Received: from mail.wangsu.com ([123.103.51.227]:56178 "EHLO wangsu.com" rhost-flags-OK-FAIL-OK-FAIL) by vger.kernel.org with ESMTP id S1726022AbgLWK5B (ORCPT ); Wed, 23 Dec 2020 05:57:01 -0500 Received: from fedora31.wangsu.com (unknown [59.61.78.237]) by app2 (Coremail) with SMTP id 4zNnewDHz2MqIuNf_mYEAA--.4681S2; Wed, 23 Dec 2020 18:55:45 +0800 (CST) From: Lin Feng To: linux-mm@kvack.org Cc: linux-kernel@vger.kernel.org, akpm@linux-foundation.org, linf@wangsu.com Subject: [PATCH] sysctl.c: fix underflow value setting risk in vm_table Date: Wed, 23 Dec 2020 18:55:35 +0800 Message-Id: <20201223105535.2875-1-linf@wangsu.com> X-Mailer: git-send-email 2.25.4 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-CM-TRANSID: 4zNnewDHz2MqIuNf_mYEAA--.4681S2 X-Coremail-Antispam: 1UD129KBjvJXoW7Aw1xAFWkWF17ur4rGFWxJFb_yoW8CrWxpF 9xXryUKF45WF1SvasayF4a9F17u3ykGr47t3ZFgrySk3y3XrZ5JFn5Z347try5KFWSyF1j q3Wjvrs8uan5AFDanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2 9KBjDU0xBIdaVrnRJUUUyK1xkIjI8I6I8E6xAIw20EY4v20xvaj40_Wr0E3s1l8cAvFVAK 0II2c7xJM28CjxkF64kEwVA0rcxSw2x7M28EF7xvwVC0I7IYx2IY67AKxVWDJVCq3wA2z4 x0Y4vE2Ix0cI8IcVCY1x0267AKxVWxJr0_GcWl84ACjcxK6I8E87Iv67AKxVW0oVCq3wA2 z4x0Y4vEx4A2jsIEc7CjxVAFwI0_GcCE3s1le2I262IYc4CY6c8Ij28IcVAaY2xG8wAqx4 xG64xvF2IEw4CE5I8CrVC2j2WlYx0E74AGY7Cv6cx26r48McIj6xkF7I0En7xvr7AKxVWx JVW8Jr1lOx8S6xCaFVCjc4AY6r1j6r4UM4x0Y48IcxkI7VAKI48JM4x0x7Aq67IIx4CEVc 8vx2IErcIFxwCY02Avz4vE14v_Gw1l42xK82IYc2Ij64vIr41l42xK82IY6x8ErcxFaVAv 8VW8GwCFx2IqxVCFs4IE7xkEbVWUJVW8JwC20s026c02F40E14v26r1j6r18MI8I3I0E74 80Y4vE14v26r106r1rMI8E67AF67kF1VAFwI0_JF0_Jw1lIxkGc2Ij64vIr41lIxAIcVC0 I7IYx2IY67AKxVWUJVWUCwCI42IY6xIIjxv20xvEc7CjxVAFwI0_Jr0_Gr1lIxAIcVCF04 k26cxKx2IYs7xG6rW3Jr0E3s1lIxAIcVC2z280aVAFwI0_Jr0_Gr1lIxAIcVC2z280aVCY 1x0267AKxVWUJVW8JbIYCTnIWIevJa73UjIFyTuYvjfUcbAwDUUUU X-CM-SenderInfo: holqwq5zdqw23xof0z/ Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Apart from subsystem specific .proc_handler handler, all ctl_tables with extra1 and extra2 members set should use proc_dointvec_minmax instead of proc_dointvec, or the limit set in extra* never work and potentially echo underflow values(negative numbers) is likely make system unstable. Especially vfs_cache_pressure and zone_reclaim_mode, -1 is apparently not a valid value, but we can set to them. And then kernel may crash. # echo -1 > /proc/sys/vm/vfs_cache_pressure Signed-off-by: Lin Feng --- kernel/sysctl.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/kernel/sysctl.c b/kernel/sysctl.c index c9fbdd848138..62fbd09b5dc1 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c @@ -2962,7 +2962,7 @@ static struct ctl_table vm_table[] = { .data = &block_dump, .maxlen = sizeof(block_dump), .mode = 0644, - .proc_handler = proc_dointvec, + .proc_handler = proc_dointvec_minmax, .extra1 = SYSCTL_ZERO, }, { @@ -2970,7 +2970,7 @@ static struct ctl_table vm_table[] = { .data = &sysctl_vfs_cache_pressure, .maxlen = sizeof(sysctl_vfs_cache_pressure), .mode = 0644, - .proc_handler = proc_dointvec, + .proc_handler = proc_dointvec_minmax, .extra1 = SYSCTL_ZERO, }, #if defined(HAVE_ARCH_PICK_MMAP_LAYOUT) || \ @@ -2980,7 +2980,7 @@ static struct ctl_table vm_table[] = { .data = &sysctl_legacy_va_layout, .maxlen = sizeof(sysctl_legacy_va_layout), .mode = 0644, - .proc_handler = proc_dointvec, + .proc_handler = proc_dointvec_minmax, .extra1 = SYSCTL_ZERO, }, #endif @@ -2990,7 +2990,7 @@ static struct ctl_table vm_table[] = { .data = &node_reclaim_mode, .maxlen = sizeof(node_reclaim_mode), .mode = 0644, - .proc_handler = proc_dointvec, + .proc_handler = proc_dointvec_minmax, .extra1 = SYSCTL_ZERO, }, { -- 2.25.4