From: Jakub Kicinski <kuba@kernel.org>
To: nicolas.bouchinet@clip-os.org
Cc: linux-kernel@vger.kernel.org, linux-rdma@vger.kernel.org,
linux-scsi@vger.kernel.org, codalist@coda.cs.cmu.edu,
linux-nfs@vger.kernel.org, netdev@vger.kernel.org,
netfilter-devel@vger.kernel.org, coreteam@netfilter.org,
Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr>,
Joel Granados <j.granados@samsung.com>,
Bart Van Assche <bvanassche@acm.org>,
Leon Romanovsky <leon@kernel.org>,
Zhu Yanjun <yanjun.zhu@linux.dev>, Jason Gunthorpe <jgg@ziepe.ca>,
Al Viro <viro@zeniv.linux.org.uk>,
Christian Brauner <brauner@kernel.org>
Subject: Re: [PATCH v1 0/9] Fixes multiple sysctl bound checks
Date: Mon, 27 Jan 2025 12:00:15 -0800 [thread overview]
Message-ID: <20250127120015.1dd5c039@kernel.org> (raw)
In-Reply-To: <20250127142014.37834-1-nicolas.bouchinet@clip-os.org>
On Mon, 27 Jan 2025 15:19:57 +0100 nicolas.bouchinet@clip-os.org wrote:
> This patchset adds some bound checks to sysctls to avoid negative
> value writes.
>
> The patched sysctls were storing the result of the proc_dointvec
> proc_handler into an unsigned int data. proc_dointvec being able to
> parse negative value, and it return value being a signed int, this could
> lead to undefined behaviors.
> This has led to kernel crash in the past as described in commit
> 3b3376f222e3 ("sysctl.c: fix underflow value setting risk in vm_table")
>
> Most of them are now bounded between SYSCTL_ZERO and SYSCTL_INT_MAX.
> nf_conntrack_expect_max is bounded between SYSCTL_ONE and SYSCTL_INT_MAX
> as defined by its documentation.
>
> This patchset has been written over sysctl-testing branch [1].
> See [2] for similar sysctl fixes currently in review.
Please don't group patches for different subsystems in a series
if there are no dependencies between them.
Only patch 3 seems relevant for netdev@ / core networking.
Please repost patch 3 separately with extended impact analysis and
a Fixes tag (as requested by Joe).
--
pw-bot: cr
next prev parent reply other threads:[~2025-01-27 20:00 UTC|newest]
Thread overview: 15+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-01-27 14:19 [PATCH v1 0/9] Fixes multiple sysctl bound checks nicolas.bouchinet
2025-01-27 14:19 ` [PATCH v1 1/9] sysctl: Fixes nf_conntrack_max bounds nicolas.bouchinet
2025-01-28 23:00 ` Pablo Neira Ayuso
2025-01-27 14:19 ` [PATCH v1 2/9] sysctl: Fixes nf_conntrack_expect_max bounds nicolas.bouchinet
2025-01-27 14:20 ` [PATCH v1 3/9] sysctl: Fixes gc_thresh bounds nicolas.bouchinet
2025-01-27 14:20 ` [PATCH v1 4/9] sysctl: Fixes idmap_cache_timeout bounds nicolas.bouchinet
2025-01-27 14:20 ` [PATCH v1 5/9] sysctl: Fixes nsm_local_state bounds nicolas.bouchinet
2025-01-27 14:20 ` [PATCH v1 6/9] sysctl/coda: Fixes timeout bounds nicolas.bouchinet
2025-01-27 14:20 ` [PATCH v1 7/9] sysctl: Fixes scsi_logging_level bounds nicolas.bouchinet
2025-01-27 14:20 ` [PATCH v1 8/9] sysctl/infiniband: Fixes infiniband sysctl bounds nicolas.bouchinet
2025-01-27 14:20 ` [PATCH v1 9/9] sysctl: Fixes max-user-freq bounds nicolas.bouchinet
2025-01-27 18:05 ` [PATCH v1 0/9] Fixes multiple sysctl bound checks Joe Damato
2025-01-28 9:43 ` Nicolas Bouchinet
2025-01-27 20:00 ` Jakub Kicinski [this message]
2025-02-21 8:23 ` Joel Granados
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250127120015.1dd5c039@kernel.org \
--to=kuba@kernel.org \
--cc=brauner@kernel.org \
--cc=bvanassche@acm.org \
--cc=codalist@coda.cs.cmu.edu \
--cc=coreteam@netfilter.org \
--cc=j.granados@samsung.com \
--cc=jgg@ziepe.ca \
--cc=leon@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-nfs@vger.kernel.org \
--cc=linux-rdma@vger.kernel.org \
--cc=linux-scsi@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=nicolas.bouchinet@clip-os.org \
--cc=nicolas.bouchinet@ssi.gouv.fr \
--cc=viro@zeniv.linux.org.uk \
--cc=yanjun.zhu@linux.dev \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.