From: "Luis R. Rodriguez" <mcgrof@kernel.org>
To: viro@zeniv.linux.org.uk, akpm@linux-foundation.org,
ebiederm@xmission.com, keescook@chromium.org, acme@redhat.com,
mingo@kernel.org, mgorman@suse.de, subashab@codeaurora.org
Cc: jeyu@redhat.com, rusty@rustcorp.com.au, swhiteho@redhat.com,
deepa.kernel@gmail.com, matt@codeblueprint.co.uk,
adobriyan@gmail.com, bp@suse.de, dmitry.torokhov@gmail.com,
shuah@kernel.org, torvalds@linux-foundation.org,
linux@roeck-us.net, linux-kselftest@vger.kernel.org,
linux-kernel@vger.kernel.org,
"Luis R. Rodriguez" <mcgrof@kernel.org>
Subject: [PATCH v2 1/9] sysctl: fix lax sysctl_check_table() sanity check
Date: Fri, 10 Feb 2017 16:36:06 -0800 [thread overview]
Message-ID: <20170211003614.6579-2-mcgrof@kernel.org> (raw)
In-Reply-To: <20170211003614.6579-1-mcgrof@kernel.org>
Commit 7c60c48f58a7 ("sysctl: Improve the sysctl sanity checks")
improved sanity checks considerbly, however the enhancements on
sysctl_check_table() meant adding a functional change so that
only the last table entry's sanity error is propagated. It also
changed the way errors were propagated so that each new check
reset the err value, this means only last sanity check computed
is used for an error. This has been in the kernel since v3.4 days.
Fix this by carrying on errors from previous checks and iterations
as we traverse the table and ensuring we keep any error from previous
checks. We keep iterating on the table even if an error is found so
we can complain for all errors found in one shot. This works as
-EINVAL is always returned on error anyway, and the check for error
is any non-zero value.
Fixes: 7c60c48f58a7 ("sysctl: Improve the sysctl sanity checks")
Signed-off-by: Luis R. Rodriguez <mcgrof@kernel.org>
---
fs/proc/proc_sysctl.c | 10 +++++-----
1 file changed, 5 insertions(+), 5 deletions(-)
diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
index d4e37acd4821..d22ee738d2eb 100644
--- a/fs/proc/proc_sysctl.c
+++ b/fs/proc/proc_sysctl.c
@@ -1036,7 +1036,7 @@ static int sysctl_check_table(const char *path, struct ctl_table *table)
int err = 0;
for (; table->procname; table++) {
if (table->child)
- err = sysctl_err(path, table, "Not a file");
+ err |= sysctl_err(path, table, "Not a file");
if ((table->proc_handler == proc_dostring) ||
(table->proc_handler == proc_dointvec) ||
@@ -1047,15 +1047,15 @@ static int sysctl_check_table(const char *path, struct ctl_table *table)
(table->proc_handler == proc_doulongvec_minmax) ||
(table->proc_handler == proc_doulongvec_ms_jiffies_minmax)) {
if (!table->data)
- err = sysctl_err(path, table, "No data");
+ err |= sysctl_err(path, table, "No data");
if (!table->maxlen)
- err = sysctl_err(path, table, "No maxlen");
+ err |= sysctl_err(path, table, "No maxlen");
}
if (!table->proc_handler)
- err = sysctl_err(path, table, "No proc_handler");
+ err |= sysctl_err(path, table, "No proc_handler");
if ((table->mode & (S_IRUGO|S_IWUGO)) != table->mode)
- err = sysctl_err(path, table, "bogus .mode 0%o",
+ err |= sysctl_err(path, table, "bogus .mode 0%o",
table->mode);
}
return err;
--
2.11.0
next prev parent reply other threads:[~2017-02-11 0:38 UTC|newest]
Thread overview: 34+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-01-29 19:29 [PATCH] sysctl: add proper unsigned int support Luis R. Rodriguez
2017-01-30 12:56 ` Alexey Dobriyan
2017-02-01 19:56 ` Luis R. Rodriguez
2017-02-09 1:28 ` Luis R. Rodriguez
2017-02-09 1:32 ` Luis R. Rodriguez
2017-02-11 0:36 ` [PATCH v2 0/9] sysctl: add and fix " Luis R. Rodriguez
2017-02-11 0:36 ` Luis R. Rodriguez [this message]
2017-02-13 20:13 ` [PATCH v2 1/9] sysctl: fix lax sysctl_check_table() sanity check Kees Cook
2017-02-11 0:36 ` [PATCH v2 2/9] sysctl: add proper unsigned int support Luis R. Rodriguez
2017-02-13 20:19 ` Kees Cook
2017-05-16 22:25 ` Luis R. Rodriguez
2017-02-11 0:36 ` [PATCH v2 3/9] sysctl: add unsigned int range support Luis R. Rodriguez
2017-02-13 20:21 ` Kees Cook
2017-02-11 0:36 ` [PATCH v2 4/9] test_sysctl: add dedicated proc sysctl test driver Luis R. Rodriguez
2017-02-13 20:27 ` Kees Cook
2017-02-11 0:36 ` [PATCH v2 5/9] test_sysctl: add generic script to expand on tests Luis R. Rodriguez
2017-02-13 20:30 ` Kees Cook
2017-05-16 22:55 ` Luis R. Rodriguez
2017-02-11 0:36 ` [PATCH v2 6/9] test_sysctl: test against PAGE_SIZE for int Luis R. Rodriguez
2017-02-11 0:36 ` [PATCH v2 7/9] test_sysctl: add simple proc_dointvec() case Luis R. Rodriguez
2017-02-13 22:00 ` Kees Cook
2017-05-16 22:46 ` Luis R. Rodriguez
2017-02-11 0:36 ` [PATCH v2 8/9] test_sysctl: add simple proc_douintvec() case Luis R. Rodriguez
2017-02-11 0:36 ` [PATCH v2 9/9] test_sysctl: test against int proc_dointvec() array support Luis R. Rodriguez
2017-02-13 22:07 ` Kees Cook
2017-05-16 22:40 ` Luis R. Rodriguez
2017-02-13 20:11 ` [PATCH v2 0/9] sysctl: add and fix proper unsigned int support Kees Cook
2017-05-19 3:35 ` [PATCH v3 0/5] sysctl: few fixes Luis R. Rodriguez
2017-05-19 3:35 ` [PATCH v3 1/5] sysctl: fix lax sysctl_check_table() sanity check Luis R. Rodriguez
2017-05-22 22:40 ` Andrew Morton
2017-05-19 3:35 ` [PATCH v3 2/5] sysctl: kdoc'ify sysctl_writes_strict Luis R. Rodriguez
2017-05-19 3:35 ` [PATCH v3 3/5] sysctl: fold sysctl_writes_strict checks into helper Luis R. Rodriguez
2017-05-19 3:35 ` [PATCH v3 4/5] sysctl: simplify unsigned int support Luis R. Rodriguez
2017-05-19 3:35 ` [PATCH v3 5/5] sysctl: add unsigned int range support Luis R. Rodriguez
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20170211003614.6579-2-mcgrof@kernel.org \
--to=mcgrof@kernel.org \
--cc=acme@redhat.com \
--cc=adobriyan@gmail.com \
--cc=akpm@linux-foundation.org \
--cc=bp@suse.de \
--cc=deepa.kernel@gmail.com \
--cc=dmitry.torokhov@gmail.com \
--cc=ebiederm@xmission.com \
--cc=jeyu@redhat.com \
--cc=keescook@chromium.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-kselftest@vger.kernel.org \
--cc=linux@roeck-us.net \
--cc=matt@codeblueprint.co.uk \
--cc=mgorman@suse.de \
--cc=mingo@kernel.org \
--cc=rusty@rustcorp.com.au \
--cc=shuah@kernel.org \
--cc=subashab@codeaurora.org \
--cc=swhiteho@redhat.com \
--cc=torvalds@linux-foundation.org \
--cc=viro@zeniv.linux.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).