From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754949AbdESDgE (ORCPT ); Thu, 18 May 2017 23:36:04 -0400 Received: from mail.kernel.org ([198.145.29.99]:48276 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1753478AbdESDgA (ORCPT ); Thu, 18 May 2017 23:36:00 -0400 DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 9750C239E4 Authentication-Results: mail.kernel.org; dmarc=none (p=none dis=none) header.from=kernel.org Authentication-Results: mail.kernel.org; spf=none smtp.mailfrom=mcgrof@kernel.org From: "Luis R. Rodriguez" To: viro@zeniv.linux.org.uk, akpm@linux-foundation.org, ebiederm@xmission.com, keescook@chromium.org, acme@redhat.com, mingo@kernel.org, mgorman@suse.de, subashab@codeaurora.org Cc: jeyu@redhat.com, rusty@rustcorp.com.au, swhiteho@redhat.com, deepa.kernel@gmail.com, matt@codeblueprint.co.uk, adobriyan@gmail.com, bp@suse.de, zlpnobody@gmail.com, dmitry.torokhov@gmail.com, shuah@kernel.org, torvalds@linux-foundation.org, linux@roeck-us.net, linux-kernel@vger.kernel.org, "Luis R. Rodriguez" Subject: [PATCH v3 1/5] sysctl: fix lax sysctl_check_table() sanity check Date: Thu, 18 May 2017 20:35:50 -0700 Message-Id: <20170519033554.18592-2-mcgrof@kernel.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20170519033554.18592-1-mcgrof@kernel.org> References: <20170211003614.6579-1-mcgrof@kernel.org> <20170519033554.18592-1-mcgrof@kernel.org> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Commit 7c60c48f58a7 ("sysctl: Improve the sysctl sanity checks") improved sanity checks considerbly, however the enhancements on sysctl_check_table() meant adding a functional change so that only the last table entry's sanity error is propagated. It also changed the way errors were propagated so that each new check reset the err value, this means only last sanity check computed is used for an error. This has been in the kernel since v3.4 days. Fix this by carrying on errors from previous checks and iterations as we traverse the table and ensuring we keep any error from previous checks. We keep iterating on the table even if an error is found so we can complain for all errors found in one shot. This works as -EINVAL is always returned on error anyway, and the check for error is any non-zero value. Fixes: 7c60c48f58a7 ("sysctl: Improve the sysctl sanity checks") Signed-off-by: Luis R. Rodriguez --- fs/proc/proc_sysctl.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c index 67985a7233c2..32c9c5630507 100644 --- a/fs/proc/proc_sysctl.c +++ b/fs/proc/proc_sysctl.c @@ -1066,7 +1066,7 @@ static int sysctl_check_table(const char *path, struct ctl_table *table) int err = 0; for (; table->procname; table++) { if (table->child) - err = sysctl_err(path, table, "Not a file"); + err |= sysctl_err(path, table, "Not a file"); if ((table->proc_handler == proc_dostring) || (table->proc_handler == proc_dointvec) || @@ -1078,15 +1078,15 @@ static int sysctl_check_table(const char *path, struct ctl_table *table) (table->proc_handler == proc_doulongvec_minmax) || (table->proc_handler == proc_doulongvec_ms_jiffies_minmax)) { if (!table->data) - err = sysctl_err(path, table, "No data"); + err |= sysctl_err(path, table, "No data"); if (!table->maxlen) - err = sysctl_err(path, table, "No maxlen"); + err |= sysctl_err(path, table, "No maxlen"); } if (!table->proc_handler) - err = sysctl_err(path, table, "No proc_handler"); + err |= sysctl_err(path, table, "No proc_handler"); if ((table->mode & (S_IRUGO|S_IWUGO)) != table->mode) - err = sysctl_err(path, table, "bogus .mode 0%o", + err |= sysctl_err(path, table, "bogus .mode 0%o", table->mode); } return err; -- 2.11.0