From: Joel Granados <joel.granados@kernel.org>
To: Alexander Viro <viro@zeniv.linux.org.uk>,
Christian Brauner <brauner@kernel.org>, Jan Kara <jack@suse.cz>,
Kees Cook <kees@kernel.org>
Cc: linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
Joel Granados <joel.granados@kernel.org>
Subject: [PATCH 8/8] sysctl: Add optional range checking to SYSCTL_INT_CONV_CUSTOM
Date: Mon, 13 Oct 2025 15:24:58 +0200 [thread overview]
Message-ID: <20251013-jag-sysctl_conv-v1-8-4dc35ceae733@kernel.org> (raw)
In-Reply-To: <20251013-jag-sysctl_conv-v1-0-4dc35ceae733@kernel.org>
Extend the SYSCTL_INT_CONV_CUSTOM macro with a k_ptr_range_check
parameter to conditionally generate range validation code. When enabled,
validation is done against table->extra1 (min) and table->extra2 (max)
bounds before assignment. Add base minmax and ms_jiffies_minmax
converter instances that utilize the range checking functionality.
Signed-off-by: Joel Granados <joel.granados@kernel.org>
---
kernel/sysctl.c | 106 +++++++++++++++++++++-----------------------------------
1 file changed, 40 insertions(+), 66 deletions(-)
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index e7dc4b79e93ea9ab929ce0465143aed74be444e5..60f7618083516a24530f46f6eabccd108e90c74f 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -402,6 +402,34 @@ int sysctl_kern_to_user_int_conv##name(bool *negp, \
return 0; \
}
+/**
+ * To range check on a converted value, use a temp k_ptr
+ * When checking range, value should be within (tbl->extra1, tbl->extra2)
+ */
+#define SYSCTL_INT_CONV_CUSTOM(name, user_to_kern, kern_to_user, \
+ k_ptr_range_check) \
+int do_proc_int_conv##name(bool *negp, unsigned long *u_ptr, int *k_ptr,\
+ int dir, const struct ctl_table *tbl) \
+{ \
+ if (SYSCTL_KERN_TO_USER(dir)) \
+ return kern_to_user(negp, u_ptr, k_ptr); \
+ \
+ if (k_ptr_range_check) { \
+ int tmp_k, ret; \
+ if (!tbl) \
+ return -EINVAL; \
+ ret = user_to_kern(negp, u_ptr, &tmp_k); \
+ if (ret) \
+ return ret; \
+ if ((tbl->extra1 && *(int *)tbl->extra1 > tmp_k) || \
+ (tbl->extra2 && *(int *)tbl->extra2 < tmp_k)) \
+ return -EINVAL; \
+ WRITE_ONCE(*k_ptr, tmp_k); \
+ } else \
+ return user_to_kern(negp, u_ptr, k_ptr); \
+ return 0; \
+}
+
#define SYSCTL_CONV_IDENTITY(val) val
#define SYSCTL_CONV_MULT_HZ(val) ((val) * HZ)
#define SYSCTL_CONV_DIV_HZ(val) ((val) / HZ)
@@ -418,24 +446,21 @@ static SYSCTL_KERN_TO_USER_INT_CONV(_userhz, jiffies_to_clock_t)
static SYSCTL_USER_TO_KERN_INT_CONV(_ms, msecs_to_jiffies)
static SYSCTL_KERN_TO_USER_INT_CONV(_ms, jiffies_to_msecs)
-#define SYSCTL_INT_CONV_CUSTOM(name, user_to_kern, kern_to_user) \
-int do_proc_int_conv##name(bool *negp, unsigned long *u_ptr, int *k_ptr,\
- int dir, const struct ctl_table *table) \
-{ \
- if (SYSCTL_USER_TO_KERN(dir)) \
- return user_to_kern(negp, u_ptr, k_ptr); \
- return kern_to_user(negp, u_ptr, k_ptr); \
-}
-
static SYSCTL_INT_CONV_CUSTOM(, sysctl_user_to_kern_int_conv,
- sysctl_kern_to_user_int_conv)
+ sysctl_kern_to_user_int_conv, false)
static SYSCTL_INT_CONV_CUSTOM(_jiffies, sysctl_user_to_kern_int_conv_hz,
- sysctl_kern_to_user_int_conv_hz)
+ sysctl_kern_to_user_int_conv_hz, false)
static SYSCTL_INT_CONV_CUSTOM(_userhz_jiffies,
sysctl_user_to_kern_int_conv_userhz,
- sysctl_kern_to_user_int_conv_userhz)
+ sysctl_kern_to_user_int_conv_userhz, false)
static SYSCTL_INT_CONV_CUSTOM(_ms_jiffies, sysctl_user_to_kern_int_conv_ms,
- sysctl_kern_to_user_int_conv_ms)
+ sysctl_kern_to_user_int_conv_ms, false)
+
+static SYSCTL_INT_CONV_CUSTOM(_minmax, sysctl_user_to_kern_int_conv,
+ sysctl_kern_to_user_int_conv, true)
+static SYSCTL_INT_CONV_CUSTOM(_ms_jiffies_minmax,
+ sysctl_user_to_kern_int_conv_ms,
+ sysctl_kern_to_user_int_conv_ms, true)
static int do_proc_douintvec_conv(unsigned long *u_ptr,
unsigned int *k_ptr, int dir,
@@ -721,32 +746,6 @@ int proc_douintvec(const struct ctl_table *table, int dir, void *buffer,
do_proc_douintvec_conv);
}
-static int do_proc_dointvec_minmax_conv(bool *negp, unsigned long *u_ptr,
- int *k_ptr, int dir,
- const struct ctl_table *table)
-{
- int tmp, ret, *min, *max;
- /*
- * If writing to a kernel variable, first do so via a temporary
- * local int so we can bounds-check it before touching *k_ptr.
- */
- int *ip = SYSCTL_USER_TO_KERN(dir) ? &tmp : k_ptr;
-
- ret = do_proc_int_conv(negp, u_ptr, ip, dir, table);
- if (ret)
- return ret;
-
- if (SYSCTL_USER_TO_KERN(dir)) {
- min = (int *) table->extra1;
- max = (int *) table->extra2;
- if ((min && *min > tmp) || (max && *max < tmp))
- return -EINVAL;
- WRITE_ONCE(*k_ptr, tmp);
- }
-
- return 0;
-}
-
/**
* proc_dointvec_minmax - read a vector of integers with min/max values
* @table: the sysctl table
@@ -768,7 +767,7 @@ int proc_dointvec_minmax(const struct ctl_table *table, int dir,
void *buffer, size_t *lenp, loff_t *ppos)
{
return do_proc_dointvec(table, dir, buffer, lenp, ppos,
- do_proc_dointvec_minmax_conv);
+ do_proc_int_conv_minmax);
}
static int do_proc_douintvec_minmax_conv(unsigned long *u_ptr,
@@ -994,31 +993,6 @@ int proc_doulongvec_ms_jiffies_minmax(const struct ctl_table *table, int dir,
lenp, ppos, HZ, 1000l);
}
-static int do_proc_dointvec_ms_jiffies_minmax_conv(bool *negp, unsigned long *u_ptr,
- int *k_ptr, int dir,
- const struct ctl_table *table)
-{
- int tmp, ret, *min, *max;
- /*
- * If writing to a kernel var, first do so via a temporary local
- * int so we can bounds-check it before touching *k_ptr.
- */
- int *ip = SYSCTL_USER_TO_KERN(dir) ? &tmp : k_ptr;
-
- ret = do_proc_int_conv_ms_jiffies(negp, u_ptr, ip, dir, table);
- if (ret)
- return ret;
-
- if (SYSCTL_USER_TO_KERN(dir)) {
- min = (int *) table->extra1;
- max = (int *) table->extra2;
- if ((min && *min > tmp) || (max && *max < tmp))
- return -EINVAL;
- *k_ptr = tmp;
- }
- return 0;
-}
-
/**
* proc_dointvec_jiffies - read a vector of integers as seconds
* @table: the sysctl table
@@ -1045,7 +1019,7 @@ int proc_dointvec_ms_jiffies_minmax(const struct ctl_table *table, int dir,
void *buffer, size_t *lenp, loff_t *ppos)
{
return do_proc_dointvec(table, dir, buffer, lenp, ppos,
- do_proc_dointvec_ms_jiffies_minmax_conv);
+ do_proc_int_conv_ms_jiffies_minmax);
}
/**
--
2.50.1
prev parent reply other threads:[~2025-10-13 13:25 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-10-13 13:24 [PATCH 0/8] sysctl: Generalize proc handler converter creation Joel Granados
2025-10-13 13:24 ` [PATCH 1/8] sysctl: Replace void pointer with const pointer to ctl_table Joel Granados
2025-10-13 13:24 ` [PATCH 2/8] sysctl: Remove superfluous tbl_data param from "dovec" functions Joel Granados
2025-10-13 13:24 ` [PATCH 3/8] sysctl: Remove superfluous __do_proc_* indirection Joel Granados
2025-10-13 13:24 ` [PATCH 4/8] sysctl: Indicate the direction of operation with macro names Joel Granados
2025-10-13 13:24 ` [PATCH 5/8] sysctl: Discriminate between kernel and user converter params Joel Granados
2025-10-13 13:24 ` [PATCH 6/8] sysctl: Create converter functions with two new macros Joel Granados
2025-10-13 13:24 ` [PATCH 7/8] sysctl: Create integer converters with one macro Joel Granados
2025-10-13 13:24 ` Joel Granados [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20251013-jag-sysctl_conv-v1-8-4dc35ceae733@kernel.org \
--to=joel.granados@kernel.org \
--cc=brauner@kernel.org \
--cc=jack@suse.cz \
--cc=kees@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).