From: ebiederm@xmission.com (Eric W. Biederman)
To: Andrew Morton <akpm@linux-foundation.org>
Cc: Eric Dumazet <eric.dumazet@gmail.com>,
Jiri Slaby <jirislaby@gmail.com>,
linux-kernel@vger.kernel.org, mm-commits@vger.kernel.org,
ML netdev <netdev@vger.kernel.org>,
"David S. Miller" <davem@davemloft.net>
Subject: Re: IPv4: sysctl table check failed [was: mmotm 2010-10-07-14-08 uploaded]
Date: Thu, 07 Oct 2010 17:54:48 -0700 [thread overview]
Message-ID: <m1y6a95wrr.fsf@fess.ebiederm.org> (raw)
In-Reply-To: <20101007152806.119d1522.akpm@linux-foundation.org> (Andrew Morton's message of "Thu, 7 Oct 2010 15:28:06 -0700")
Andrew Morton <akpm@linux-foundation.org> writes:
> On Fri, 08 Oct 2010 00:22:15 +0200
> Eric Dumazet <eric.dumazet@gmail.com> wrote:
>
>> Le vendredi 08 octobre 2010 __ 00:06 +0200, Jiri Slaby a __crit :
>> > On 10/07/2010 11:08 PM, akpm@linux-foundation.org wrote:
>> > > The mm-of-the-moment snapshot 2010-10-07-14-08 has been uploaded to
>> >
>> > Hi, I got bunch of "sysctl table check failed" below. All seem to be
>> > related to ipv4:
>>
>> I would say, sysctl check is buggy :(
>>
>> min/max are optional
>>
>> [PATCH] sysctl: min/max bounds are optional
>>
>> sysctl check complains when proc_doulongvec_minmax or
>> proc_doulongvec_ms_jiffies_minmax are used by a vector of longs (with
>> more than one element), with no min or max value specified.
>>
>> This is unexpected, given we had a bug on this min/max handling :)
>>
>> Reported-by: Jiri Slaby <jirislaby@gmail.com>
>> Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
>> ---
>> kernel/sysctl_check.c | 9 ---------
>> 1 file changed, 9 deletions(-)
>>
>> diff --git a/kernel/sysctl_check.c b/kernel/sysctl_check.c
>> index 04cdcf7..10b90d8 100644
>> --- a/kernel/sysctl_check.c
>> +++ b/kernel/sysctl_check.c
>> @@ -143,15 +143,6 @@ int sysctl_check_table(struct nsproxy *namespaces, struct ctl_table *table)
>> if (!table->maxlen)
>> set_fail(&fail, table, "No maxlen");
>> }
>> - if ((table->proc_handler == proc_doulongvec_minmax) ||
>> - (table->proc_handler == proc_doulongvec_ms_jiffies_minmax)) {
>> - if (table->maxlen > sizeof (unsigned long)) {
>> - if (!table->extra1)
>> - set_fail(&fail, table, "No min");
>> - if (!table->extra2)
>> - set_fail(&fail, table, "No max");
>> - }
>> - }
>> #ifdef CONFIG_PROC_SYSCTL
>> if (table->procname && !table->proc_handler)
>> set_fail(&fail, table, "No proc_handler");
>
> That will probably fix it ;)
>
> net-avoid-limits-overflow.patch is dependent on this patch. Unless
> Eric B squeaks I'll plan on sending this patch in for 2.6.37.
Oh. I see. I actually had a sanity check for the case that was failing.
I probably spotted the buggy code and wanted to see if there was
anything that cared.
So sysctl_check was perfectly correct until the bug was removed from
proc_doulongvec_minmax. Which also means we have been auditing the
kernel for quite a while to make certain that it is safe not to
increment min and max.
Eric
next prev parent reply other threads:[~2010-10-08 0:54 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-10-07 21:08 mmotm 2010-10-07-14-08 uploaded akpm
2010-10-07 22:06 ` IPv4: sysctl table check failed [was: mmotm 2010-10-07-14-08 uploaded] Jiri Slaby
2010-10-07 22:22 ` Eric Dumazet
2010-10-07 22:28 ` Andrew Morton
2010-10-08 0:54 ` Eric W. Biederman [this message]
2010-10-08 16:30 ` Américo Wang
2010-10-07 22:22 ` Andrew Morton
2010-10-07 22:09 ` mmotm 2010-10-07-14-08 uploaded Valdis.Kletnieks
2010-10-08 6:58 ` make oldconfig warnings [was: mmotm 2010-10-07-14-08 uploaded] Jiri Slaby
2010-10-08 0:17 ` mmotm 2010-10-07-14-08 uploaded Zimny Lech
2010-10-08 0:22 ` Greg KH
2010-10-11 13:57 ` Bob Beers
2010-10-11 14:11 ` Greg KH
2010-10-08 19:18 ` Zimny Lech
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=m1y6a95wrr.fsf@fess.ebiederm.org \
--to=ebiederm@xmission.com \
--cc=akpm@linux-foundation.org \
--cc=davem@davemloft.net \
--cc=eric.dumazet@gmail.com \
--cc=jirislaby@gmail.com \
--cc=linux-kernel@vger.kernel.org \
--cc=mm-commits@vger.kernel.org \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.