* [PATCH v1 1/9] sysctl: Fixes nf_conntrack_max bounds
2025-01-27 14:19 [PATCH v1 0/9] Fixes multiple sysctl bound checks nicolas.bouchinet
@ 2025-01-27 14:19 ` nicolas.bouchinet
2025-01-28 23:00 ` Pablo Neira Ayuso
2025-01-27 14:19 ` [PATCH v1 2/9] sysctl: Fixes nf_conntrack_expect_max bounds nicolas.bouchinet
` (10 subsequent siblings)
11 siblings, 1 reply; 15+ messages in thread
From: nicolas.bouchinet @ 2025-01-27 14:19 UTC (permalink / raw)
To: linux-kernel, linux-rdma, linux-scsi, codalist, linux-nfs, netdev,
netfilter-devel, coreteam
Cc: Nicolas Bouchinet, Joel Granados, Bart Van Assche,
Leon Romanovsky, Zhu Yanjun, Jason Gunthorpe, Al Viro,
Christian Brauner
From: Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr>
Bound nf_conntrack_max sysctl writings between SYSCTL_ZERO
and SYSCTL_INT_MAX.
The proc_handler has thus been updated to proc_dointvec_minmax.
Signed-off-by: Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr>
---
net/netfilter/nf_conntrack_standalone.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index 7d4f0fa8b609d..40ed3ef9cb22d 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -619,7 +619,9 @@ static struct ctl_table nf_ct_sysctl_table[] = {
.data = &nf_conntrack_max,
.maxlen = sizeof(int),
.mode = 0644,
- .proc_handler = proc_dointvec,
+ .proc_handler = proc_dointvec_minmax,
+ .extra1 = SYSCTL_ZERO,
+ .extra2 = SYSCTL_INT_MAX,
},
[NF_SYSCTL_CT_COUNT] = {
.procname = "nf_conntrack_count",
@@ -948,7 +950,9 @@ static struct ctl_table nf_ct_netfilter_table[] = {
.data = &nf_conntrack_max,
.maxlen = sizeof(int),
.mode = 0644,
- .proc_handler = proc_dointvec,
+ .proc_handler = proc_dointvec_minmax,
+ .extra1 = SYSCTL_ZERO,
+ .extra2 = SYSCTL_INT_MAX,
},
};
--
2.48.1
^ permalink raw reply related [flat|nested] 15+ messages in thread* Re: [PATCH v1 1/9] sysctl: Fixes nf_conntrack_max bounds
2025-01-27 14:19 ` [PATCH v1 1/9] sysctl: Fixes nf_conntrack_max bounds nicolas.bouchinet
@ 2025-01-28 23:00 ` Pablo Neira Ayuso
0 siblings, 0 replies; 15+ messages in thread
From: Pablo Neira Ayuso @ 2025-01-28 23:00 UTC (permalink / raw)
To: nicolas.bouchinet; +Cc: netdev, netfilter-devel, coreteam
Hi,
Please, collapse patch 1/9 and 2/9 and post it to
netfilter-devel@vger.kernel.org targeting at the nf-next tree.
Thanks.
On Mon, Jan 27, 2025 at 03:19:58PM +0100, nicolas.bouchinet@clip-os.org wrote:
> From: Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr>
>
> Bound nf_conntrack_max sysctl writings between SYSCTL_ZERO
> and SYSCTL_INT_MAX.
>
> The proc_handler has thus been updated to proc_dointvec_minmax.
>
> Signed-off-by: Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr>
> ---
> net/netfilter/nf_conntrack_standalone.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
> index 7d4f0fa8b609d..40ed3ef9cb22d 100644
> --- a/net/netfilter/nf_conntrack_standalone.c
> +++ b/net/netfilter/nf_conntrack_standalone.c
> @@ -619,7 +619,9 @@ static struct ctl_table nf_ct_sysctl_table[] = {
> .data = &nf_conntrack_max,
> .maxlen = sizeof(int),
> .mode = 0644,
> - .proc_handler = proc_dointvec,
> + .proc_handler = proc_dointvec_minmax,
> + .extra1 = SYSCTL_ZERO,
> + .extra2 = SYSCTL_INT_MAX,
> },
> [NF_SYSCTL_CT_COUNT] = {
> .procname = "nf_conntrack_count",
> @@ -948,7 +950,9 @@ static struct ctl_table nf_ct_netfilter_table[] = {
> .data = &nf_conntrack_max,
> .maxlen = sizeof(int),
> .mode = 0644,
> - .proc_handler = proc_dointvec,
> + .proc_handler = proc_dointvec_minmax,
> + .extra1 = SYSCTL_ZERO,
> + .extra2 = SYSCTL_INT_MAX,
> },
> };
>
> --
> 2.48.1
>
>
^ permalink raw reply [flat|nested] 15+ messages in thread
* [PATCH v1 2/9] sysctl: Fixes nf_conntrack_expect_max bounds
2025-01-27 14:19 [PATCH v1 0/9] Fixes multiple sysctl bound checks nicolas.bouchinet
2025-01-27 14:19 ` [PATCH v1 1/9] sysctl: Fixes nf_conntrack_max bounds nicolas.bouchinet
@ 2025-01-27 14:19 ` nicolas.bouchinet
2025-01-27 14:20 ` [PATCH v1 3/9] sysctl: Fixes gc_thresh bounds nicolas.bouchinet
` (9 subsequent siblings)
11 siblings, 0 replies; 15+ messages in thread
From: nicolas.bouchinet @ 2025-01-27 14:19 UTC (permalink / raw)
To: linux-kernel, linux-rdma, linux-scsi, codalist, linux-nfs, netdev,
netfilter-devel, coreteam
Cc: Nicolas Bouchinet, Joel Granados, Bart Van Assche,
Leon Romanovsky, Zhu Yanjun, Jason Gunthorpe, Al Viro,
Christian Brauner
From: Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr>
Bound nf_conntrack_expect_max sysctl writings between SYSCTL_ONE
and SYSCTL_INT_MAX.
The proc_handler has thus been updated to proc_dointvec_minmax.
The lower bound is SYSCTL_ONE as defined in the sysctl documentation.
Signed-off-by: Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr>
---
net/netfilter/nf_conntrack_standalone.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/netfilter/nf_conntrack_standalone.c b/net/netfilter/nf_conntrack_standalone.c
index 40ed3ef9cb22d..3ea60ff7a6a49 100644
--- a/net/netfilter/nf_conntrack_standalone.c
+++ b/net/netfilter/nf_conntrack_standalone.c
@@ -657,7 +657,9 @@ static struct ctl_table nf_ct_sysctl_table[] = {
.data = &nf_ct_expect_max,
.maxlen = sizeof(int),
.mode = 0644,
- .proc_handler = proc_dointvec,
+ .proc_handler = proc_dointvec_minmax,
+ .extra1 = SYSCTL_ONE,
+ .extra2 = SYSCTL_INT_MAX,
},
[NF_SYSCTL_CT_ACCT] = {
.procname = "nf_conntrack_acct",
--
2.48.1
^ permalink raw reply related [flat|nested] 15+ messages in thread* [PATCH v1 3/9] sysctl: Fixes gc_thresh bounds
2025-01-27 14:19 [PATCH v1 0/9] Fixes multiple sysctl bound checks nicolas.bouchinet
2025-01-27 14:19 ` [PATCH v1 1/9] sysctl: Fixes nf_conntrack_max bounds nicolas.bouchinet
2025-01-27 14:19 ` [PATCH v1 2/9] sysctl: Fixes nf_conntrack_expect_max bounds nicolas.bouchinet
@ 2025-01-27 14:20 ` nicolas.bouchinet
2025-01-27 14:20 ` [PATCH v1 4/9] sysctl: Fixes idmap_cache_timeout bounds nicolas.bouchinet
` (8 subsequent siblings)
11 siblings, 0 replies; 15+ messages in thread
From: nicolas.bouchinet @ 2025-01-27 14:20 UTC (permalink / raw)
To: linux-kernel, linux-rdma, linux-scsi, codalist, linux-nfs, netdev,
netfilter-devel, coreteam
Cc: Nicolas Bouchinet, Joel Granados, Bart Van Assche,
Leon Romanovsky, Zhu Yanjun, Jason Gunthorpe, Al Viro,
Christian Brauner
From: Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr>
Bound ipv4, ipv6 and xfrm6 gc_thresh sysctl writings between SYSCTL_ZERO
and SYSCTL_INT_MAX.
The proc_handler has thus been updated to proc_dointvec_minmax.
Signed-off-by: Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr>
---
net/ipv4/route.c | 4 +++-
net/ipv6/route.c | 4 +++-
net/ipv6/xfrm6_policy.c | 4 +++-
3 files changed, 9 insertions(+), 3 deletions(-)
diff --git a/net/ipv4/route.c b/net/ipv4/route.c
index 0fbec35096186..f13b25b7f0071 100644
--- a/net/ipv4/route.c
+++ b/net/ipv4/route.c
@@ -3453,7 +3453,9 @@ static struct ctl_table ipv4_route_table[] = {
.data = &ipv4_dst_ops.gc_thresh,
.maxlen = sizeof(int),
.mode = 0644,
- .proc_handler = proc_dointvec,
+ .proc_handler = proc_dointvec_minmax,
+ .extra1 = SYSCTL_ZERO,
+ .extra2 = SYSCTL_INT_MAX,
},
{
.procname = "max_size",
diff --git a/net/ipv6/route.c b/net/ipv6/route.c
index 67ff16c047180..3542a9d7b0f3f 100644
--- a/net/ipv6/route.c
+++ b/net/ipv6/route.c
@@ -6379,7 +6379,9 @@ static struct ctl_table ipv6_route_table_template[] = {
.data = &ip6_dst_ops_template.gc_thresh,
.maxlen = sizeof(int),
.mode = 0644,
- .proc_handler = proc_dointvec,
+ .proc_handler = proc_dointvec_minmax,
+ .extra1 = SYSCTL_ZERO,
+ .extra2 = SYSCTL_INT_MAX,
},
{
.procname = "flush",
diff --git a/net/ipv6/xfrm6_policy.c b/net/ipv6/xfrm6_policy.c
index 1f19b6f14484c..37f0aafd31c41 100644
--- a/net/ipv6/xfrm6_policy.c
+++ b/net/ipv6/xfrm6_policy.c
@@ -189,7 +189,9 @@ static struct ctl_table xfrm6_policy_table[] = {
.data = &init_net.xfrm.xfrm6_dst_ops.gc_thresh,
.maxlen = sizeof(int),
.mode = 0644,
- .proc_handler = proc_dointvec,
+ .proc_handler = proc_dointvec_minmax,
+ .extra1 = SYSCTL_ZERO,
+ .extra2 = SYSCTL_INT_MAX,
},
};
--
2.48.1
^ permalink raw reply related [flat|nested] 15+ messages in thread* [PATCH v1 4/9] sysctl: Fixes idmap_cache_timeout bounds
2025-01-27 14:19 [PATCH v1 0/9] Fixes multiple sysctl bound checks nicolas.bouchinet
` (2 preceding siblings ...)
2025-01-27 14:20 ` [PATCH v1 3/9] sysctl: Fixes gc_thresh bounds nicolas.bouchinet
@ 2025-01-27 14:20 ` nicolas.bouchinet
2025-01-27 14:20 ` [PATCH v1 5/9] sysctl: Fixes nsm_local_state bounds nicolas.bouchinet
` (7 subsequent siblings)
11 siblings, 0 replies; 15+ messages in thread
From: nicolas.bouchinet @ 2025-01-27 14:20 UTC (permalink / raw)
To: linux-kernel, linux-rdma, linux-scsi, codalist, linux-nfs, netdev,
netfilter-devel, coreteam
Cc: Nicolas Bouchinet, Joel Granados, Bart Van Assche,
Leon Romanovsky, Zhu Yanjun, Jason Gunthorpe, Al Viro,
Christian Brauner
From: Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr>
Bound idmap_cache_timeout sysctl writings between SYSCTL_ZERO
and SYSCTL_INT_MAX.
The proc_handler has thus been updated to proc_dointvec_minmax.
Signed-off-by: Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr>
---
fs/nfs/nfs4sysctl.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/fs/nfs/nfs4sysctl.c b/fs/nfs/nfs4sysctl.c
index 886a7c4c60b35..19c1b7ff89f74 100644
--- a/fs/nfs/nfs4sysctl.c
+++ b/fs/nfs/nfs4sysctl.c
@@ -32,7 +32,9 @@ static struct ctl_table nfs4_cb_sysctls[] = {
.data = &nfs_idmap_cache_timeout,
.maxlen = sizeof(int),
.mode = 0644,
- .proc_handler = proc_dointvec,
+ .proc_handler = proc_dointvec_minmax,
+ .extra1 = SYSCTL_ZERO,
+ .extra2 = SYSCTL_INT_MAX,
},
};
--
2.48.1
^ permalink raw reply related [flat|nested] 15+ messages in thread* [PATCH v1 5/9] sysctl: Fixes nsm_local_state bounds
2025-01-27 14:19 [PATCH v1 0/9] Fixes multiple sysctl bound checks nicolas.bouchinet
` (3 preceding siblings ...)
2025-01-27 14:20 ` [PATCH v1 4/9] sysctl: Fixes idmap_cache_timeout bounds nicolas.bouchinet
@ 2025-01-27 14:20 ` nicolas.bouchinet
2025-01-27 14:20 ` [PATCH v1 6/9] sysctl/coda: Fixes timeout bounds nicolas.bouchinet
` (6 subsequent siblings)
11 siblings, 0 replies; 15+ messages in thread
From: nicolas.bouchinet @ 2025-01-27 14:20 UTC (permalink / raw)
To: linux-kernel, linux-rdma, linux-scsi, codalist, linux-nfs, netdev,
netfilter-devel, coreteam
Cc: Nicolas Bouchinet, Joel Granados, Bart Van Assche,
Leon Romanovsky, Zhu Yanjun, Jason Gunthorpe, Al Viro,
Christian Brauner
From: Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr>
Bound nsm_local_state sysctl writings between SYSCTL_ZERO
and SYSCTL_INT_MAX.
The proc_handler has thus been updated to proc_dointvec_minmax.
Signed-off-by: Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr>
---
fs/lockd/svc.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/fs/lockd/svc.c b/fs/lockd/svc.c
index 4ec22c2f2ea3c..84752d27d0072 100644
--- a/fs/lockd/svc.c
+++ b/fs/lockd/svc.c
@@ -468,7 +468,9 @@ static struct ctl_table nlm_sysctls[] = {
.data = &nsm_local_state,
.maxlen = sizeof(int),
.mode = 0644,
- .proc_handler = proc_dointvec,
+ .proc_handler = proc_dointvec_minmax,
+ .extra1 = SYSCTL_ZERO,
+ .extra2 = SYSCTL_INT_MAX,
},
};
--
2.48.1
^ permalink raw reply related [flat|nested] 15+ messages in thread* [PATCH v1 6/9] sysctl/coda: Fixes timeout bounds
2025-01-27 14:19 [PATCH v1 0/9] Fixes multiple sysctl bound checks nicolas.bouchinet
` (4 preceding siblings ...)
2025-01-27 14:20 ` [PATCH v1 5/9] sysctl: Fixes nsm_local_state bounds nicolas.bouchinet
@ 2025-01-27 14:20 ` nicolas.bouchinet
2025-01-27 14:20 ` [PATCH v1 7/9] sysctl: Fixes scsi_logging_level bounds nicolas.bouchinet
` (5 subsequent siblings)
11 siblings, 0 replies; 15+ messages in thread
From: nicolas.bouchinet @ 2025-01-27 14:20 UTC (permalink / raw)
To: linux-kernel, linux-rdma, linux-scsi, codalist, linux-nfs, netdev,
netfilter-devel, coreteam
Cc: Nicolas Bouchinet, Joel Granados, Bart Van Assche,
Leon Romanovsky, Zhu Yanjun, Jason Gunthorpe, Al Viro,
Christian Brauner
From: Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr>
Bound coda timeout sysctl writings between SYSCTL_ZERO
and SYSCTL_INT_MAX.
The proc_handler has thus been updated to proc_dointvec_minmax.
Signed-off-by: Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr>
---
fs/coda/sysctl.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/fs/coda/sysctl.c b/fs/coda/sysctl.c
index 9f2d5743e2c89..2cba42c46ff10 100644
--- a/fs/coda/sysctl.c
+++ b/fs/coda/sysctl.c
@@ -20,7 +20,9 @@ static struct ctl_table coda_table[] = {
.data = &coda_timeout,
.maxlen = sizeof(int),
.mode = 0644,
- .proc_handler = proc_dointvec
+ .proc_handler = proc_dointvec_minmax,
+ .extra1 = SYSCTL_ZERO,
+ .extra2 = SYSCTL_INT_MAX,
},
{
.procname = "hard",
--
2.48.1
^ permalink raw reply related [flat|nested] 15+ messages in thread* [PATCH v1 7/9] sysctl: Fixes scsi_logging_level bounds
2025-01-27 14:19 [PATCH v1 0/9] Fixes multiple sysctl bound checks nicolas.bouchinet
` (5 preceding siblings ...)
2025-01-27 14:20 ` [PATCH v1 6/9] sysctl/coda: Fixes timeout bounds nicolas.bouchinet
@ 2025-01-27 14:20 ` nicolas.bouchinet
2025-01-27 14:20 ` [PATCH v1 8/9] sysctl/infiniband: Fixes infiniband sysctl bounds nicolas.bouchinet
` (4 subsequent siblings)
11 siblings, 0 replies; 15+ messages in thread
From: nicolas.bouchinet @ 2025-01-27 14:20 UTC (permalink / raw)
To: linux-kernel, linux-rdma, linux-scsi, codalist, linux-nfs, netdev,
netfilter-devel, coreteam
Cc: Nicolas Bouchinet, Joel Granados, Bart Van Assche,
Leon Romanovsky, Zhu Yanjun, Jason Gunthorpe, Al Viro,
Christian Brauner
From: Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr>
Bound scsi_logging_level sysctl writings between SYSCTL_ZERO
and SYSCTL_INT_MAX.
The proc_handler has thus been updated to proc_dointvec_minmax.
Signed-off-by: Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr>
---
drivers/scsi/scsi_sysctl.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/scsi/scsi_sysctl.c b/drivers/scsi/scsi_sysctl.c
index 093774d775346..daa160459c9b3 100644
--- a/drivers/scsi/scsi_sysctl.c
+++ b/drivers/scsi/scsi_sysctl.c
@@ -17,7 +17,9 @@ static struct ctl_table scsi_table[] = {
.data = &scsi_logging_level,
.maxlen = sizeof(scsi_logging_level),
.mode = 0644,
- .proc_handler = proc_dointvec },
+ .proc_handler = proc_dointvec_minmax,
+ .extra1 = SYSCTL_ZERO,
+ .extra2 = SYSCTL_INT_MAX },
};
static struct ctl_table_header *scsi_table_header;
--
2.48.1
^ permalink raw reply related [flat|nested] 15+ messages in thread* [PATCH v1 8/9] sysctl/infiniband: Fixes infiniband sysctl bounds
2025-01-27 14:19 [PATCH v1 0/9] Fixes multiple sysctl bound checks nicolas.bouchinet
` (6 preceding siblings ...)
2025-01-27 14:20 ` [PATCH v1 7/9] sysctl: Fixes scsi_logging_level bounds nicolas.bouchinet
@ 2025-01-27 14:20 ` nicolas.bouchinet
2025-01-27 14:20 ` [PATCH v1 9/9] sysctl: Fixes max-user-freq bounds nicolas.bouchinet
` (3 subsequent siblings)
11 siblings, 0 replies; 15+ messages in thread
From: nicolas.bouchinet @ 2025-01-27 14:20 UTC (permalink / raw)
To: linux-kernel, linux-rdma, linux-scsi, codalist, linux-nfs, netdev,
netfilter-devel, coreteam
Cc: Nicolas Bouchinet, Joel Granados, Bart Van Assche,
Leon Romanovsky, Zhu Yanjun, Jason Gunthorpe, Al Viro,
Christian Brauner
From: Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr>
Bound infiniband iwcm and ucma sysctl writings between SYSCTL_ZERO
and SYSCTL_INT_MAX.
The proc_handler has thus been updated to proc_dointvec_minmax.
Signed-off-by: Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr>
---
drivers/infiniband/core/iwcm.c | 4 +++-
drivers/infiniband/core/ucma.c | 4 +++-
2 files changed, 6 insertions(+), 2 deletions(-)
diff --git a/drivers/infiniband/core/iwcm.c b/drivers/infiniband/core/iwcm.c
index 7e3a55349e107..f4486cbd8f45a 100644
--- a/drivers/infiniband/core/iwcm.c
+++ b/drivers/infiniband/core/iwcm.c
@@ -109,7 +109,9 @@ static struct ctl_table iwcm_ctl_table[] = {
.data = &default_backlog,
.maxlen = sizeof(default_backlog),
.mode = 0644,
- .proc_handler = proc_dointvec,
+ .proc_handler = proc_dointvec_minmax,
+ .extra1 = SYSCTL_ZERO,
+ .extra2 = SYSCTL_INT_MAX,
},
};
diff --git a/drivers/infiniband/core/ucma.c b/drivers/infiniband/core/ucma.c
index 02f1666f3cbab..6e700b9740331 100644
--- a/drivers/infiniband/core/ucma.c
+++ b/drivers/infiniband/core/ucma.c
@@ -69,7 +69,9 @@ static struct ctl_table ucma_ctl_table[] = {
.data = &max_backlog,
.maxlen = sizeof max_backlog,
.mode = 0644,
- .proc_handler = proc_dointvec,
+ .proc_handler = proc_dointvec_minmax,
+ .extra1 = SYSCTL_ZERO,
+ .extra2 = SYSCTL_INT_MAX,
},
};
--
2.48.1
^ permalink raw reply related [flat|nested] 15+ messages in thread* [PATCH v1 9/9] sysctl: Fixes max-user-freq bounds
2025-01-27 14:19 [PATCH v1 0/9] Fixes multiple sysctl bound checks nicolas.bouchinet
` (7 preceding siblings ...)
2025-01-27 14:20 ` [PATCH v1 8/9] sysctl/infiniband: Fixes infiniband sysctl bounds nicolas.bouchinet
@ 2025-01-27 14:20 ` nicolas.bouchinet
2025-01-27 18:05 ` [PATCH v1 0/9] Fixes multiple sysctl bound checks Joe Damato
` (2 subsequent siblings)
11 siblings, 0 replies; 15+ messages in thread
From: nicolas.bouchinet @ 2025-01-27 14:20 UTC (permalink / raw)
To: linux-kernel, linux-rdma, linux-scsi, codalist, linux-nfs, netdev,
netfilter-devel, coreteam
Cc: Nicolas Bouchinet, Joel Granados, Bart Van Assche,
Leon Romanovsky, Zhu Yanjun, Jason Gunthorpe, Al Viro,
Christian Brauner
From: Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr>
Bound max-user-freq sysctl writings between SYSCTL_ZERO
and SYSCTL_INT_MAX.
The proc_handler has thus been updated to proc_dointvec_minmax.
Signed-off-by: Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr>
---
drivers/char/hpet.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/drivers/char/hpet.c b/drivers/char/hpet.c
index 48fe96ab46490..02d2e76b7ef7e 100644
--- a/drivers/char/hpet.c
+++ b/drivers/char/hpet.c
@@ -730,7 +730,9 @@ static struct ctl_table hpet_table[] = {
.data = &hpet_max_freq,
.maxlen = sizeof(int),
.mode = 0644,
- .proc_handler = proc_dointvec,
+ .proc_handler = proc_dointvec_minmax,
+ .extra1 = SYSCTL_ZERO,
+ .extra2 = SYSCTL_INT_MAX,
},
};
--
2.48.1
^ permalink raw reply related [flat|nested] 15+ messages in thread* Re: [PATCH v1 0/9] Fixes multiple sysctl bound checks
2025-01-27 14:19 [PATCH v1 0/9] Fixes multiple sysctl bound checks nicolas.bouchinet
` (8 preceding siblings ...)
2025-01-27 14:20 ` [PATCH v1 9/9] sysctl: Fixes max-user-freq bounds nicolas.bouchinet
@ 2025-01-27 18:05 ` Joe Damato
2025-01-28 9:43 ` Nicolas Bouchinet
2025-01-27 20:00 ` Jakub Kicinski
2025-02-21 8:23 ` Joel Granados
11 siblings, 1 reply; 15+ messages in thread
From: Joe Damato @ 2025-01-27 18:05 UTC (permalink / raw)
To: nicolas.bouchinet
Cc: linux-kernel, linux-rdma, linux-scsi, codalist, linux-nfs, netdev,
netfilter-devel, coreteam, Nicolas Bouchinet, Joel Granados,
Bart Van Assche, Leon Romanovsky, Zhu Yanjun, Jason Gunthorpe,
Al Viro, Christian Brauner
On Mon, Jan 27, 2025 at 03:19:57PM +0100, nicolas.bouchinet@clip-os.org wrote:
> From: Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr>
>
> Hi,
>
> This patchset adds some bound checks to sysctls to avoid negative
> value writes.
>
> The patched sysctls were storing the result of the proc_dointvec
> proc_handler into an unsigned int data. proc_dointvec being able to
> parse negative value, and it return value being a signed int, this could
> lead to undefined behaviors.
> This has led to kernel crash in the past as described in commit
> 3b3376f222e3 ("sysctl.c: fix underflow value setting risk in vm_table")
>
> Most of them are now bounded between SYSCTL_ZERO and SYSCTL_INT_MAX.
> nf_conntrack_expect_max is bounded between SYSCTL_ONE and SYSCTL_INT_MAX
> as defined by its documentation.
I noticed that none of the patches have a Fixes tags. Do any of
these fix existing crashes or is this just cleanup?
I am asking because if this is cleanup then it would be "net-next"
material instead of "net" and would need to be resubmit when then
merge window has passed [1].
FWIW, I submit a similar change some time ago and it was submit to
net-next as cleanup [2].
[1]: https://lore.kernel.org/netdev/20250117182059.7ce1196f@kernel.org/
[2]: https://lore.kernel.org/netdev/CANn89i+=HiffVo9iv2NKMC2LFT15xFLG16h7wN3MCrTiKT3zQQ@mail.gmail.com/T/
^ permalink raw reply [flat|nested] 15+ messages in thread* Re: [PATCH v1 0/9] Fixes multiple sysctl bound checks
2025-01-27 18:05 ` [PATCH v1 0/9] Fixes multiple sysctl bound checks Joe Damato
@ 2025-01-28 9:43 ` Nicolas Bouchinet
0 siblings, 0 replies; 15+ messages in thread
From: Nicolas Bouchinet @ 2025-01-28 9:43 UTC (permalink / raw)
To: Joe Damato, linux-kernel, linux-rdma, linux-scsi, codalist,
linux-nfs, netdev, netfilter-devel, coreteam, Nicolas Bouchinet,
Joel Granados, Bart Van Assche, Leon Romanovsky, Zhu Yanjun,
Jason Gunthorpe, Al Viro, Christian Brauner
Hi,
Thank's for your reply.
On 1/27/25 19:05, Joe Damato wrote:
> On Mon, Jan 27, 2025 at 03:19:57PM +0100, nicolas.bouchinet@clip-os.org wrote:
>> From: Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr>
>>
>> Hi,
>>
>> This patchset adds some bound checks to sysctls to avoid negative
>> value writes.
>>
>> The patched sysctls were storing the result of the proc_dointvec
>> proc_handler into an unsigned int data. proc_dointvec being able to
>> parse negative value, and it return value being a signed int, this could
>> lead to undefined behaviors.
>> This has led to kernel crash in the past as described in commit
>> 3b3376f222e3 ("sysctl.c: fix underflow value setting risk in vm_table")
>>
>> Most of them are now bounded between SYSCTL_ZERO and SYSCTL_INT_MAX.
>> nf_conntrack_expect_max is bounded between SYSCTL_ONE and SYSCTL_INT_MAX
>> as defined by its documentation.
> I noticed that none of the patches have a Fixes tags. Do any of
> these fix existing crashes or is this just cleanup?
I've just saw that xfrm{4,6}_gc_thresh sysctls where obsolete since 4.14
in the documentation...
Also, ipv4_dst_ops.gc_thresh is set to `~0` since commit 4ff3885262d0
("ipv4: Delete routing cache.").
Wich will be printed as -1 when this syctl is read.
```
$ cat /proc/sys/net/ipv4/route/gc_thresh
-1
```
IIUC, it seems to be used in order to disable the garbage collection,
hence, this patch would make it impossible
to a user to disable it this way.
It should thus be bounded it between SYSCTL_NEG_ONE and SYSCTL_INT_MAX.
Your right, it's only cleanup, I'll push patch 3 separately only on
netdev, with extended impact analyses, sorry for that.
>
> I am asking because if this is cleanup then it would be "net-next"
> material instead of "net" and would need to be resubmit when then
> merge window has passed [1].
>
> FWIW, I submit a similar change some time ago and it was submit to
> net-next as cleanup [2].
>
> [1]: https://lore.kernel.org/netdev/20250117182059.7ce1196f@kernel.org/
> [2]: https://lore.kernel.org/netdev/CANn89i+=HiffVo9iv2NKMC2LFT15xFLG16h7wN3MCrTiKT3zQQ@mail.gmail.com/T/
>
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH v1 0/9] Fixes multiple sysctl bound checks
2025-01-27 14:19 [PATCH v1 0/9] Fixes multiple sysctl bound checks nicolas.bouchinet
` (9 preceding siblings ...)
2025-01-27 18:05 ` [PATCH v1 0/9] Fixes multiple sysctl bound checks Joe Damato
@ 2025-01-27 20:00 ` Jakub Kicinski
2025-02-21 8:23 ` Joel Granados
11 siblings, 0 replies; 15+ messages in thread
From: Jakub Kicinski @ 2025-01-27 20:00 UTC (permalink / raw)
To: nicolas.bouchinet
Cc: linux-kernel, linux-rdma, linux-scsi, codalist, linux-nfs, netdev,
netfilter-devel, coreteam, Nicolas Bouchinet, Joel Granados,
Bart Van Assche, Leon Romanovsky, Zhu Yanjun, Jason Gunthorpe,
Al Viro, Christian Brauner
On Mon, 27 Jan 2025 15:19:57 +0100 nicolas.bouchinet@clip-os.org wrote:
> This patchset adds some bound checks to sysctls to avoid negative
> value writes.
>
> The patched sysctls were storing the result of the proc_dointvec
> proc_handler into an unsigned int data. proc_dointvec being able to
> parse negative value, and it return value being a signed int, this could
> lead to undefined behaviors.
> This has led to kernel crash in the past as described in commit
> 3b3376f222e3 ("sysctl.c: fix underflow value setting risk in vm_table")
>
> Most of them are now bounded between SYSCTL_ZERO and SYSCTL_INT_MAX.
> nf_conntrack_expect_max is bounded between SYSCTL_ONE and SYSCTL_INT_MAX
> as defined by its documentation.
>
> This patchset has been written over sysctl-testing branch [1].
> See [2] for similar sysctl fixes currently in review.
Please don't group patches for different subsystems in a series
if there are no dependencies between them.
Only patch 3 seems relevant for netdev@ / core networking.
Please repost patch 3 separately with extended impact analysis and
a Fixes tag (as requested by Joe).
--
pw-bot: cr
^ permalink raw reply [flat|nested] 15+ messages in thread* Re: [PATCH v1 0/9] Fixes multiple sysctl bound checks
2025-01-27 14:19 [PATCH v1 0/9] Fixes multiple sysctl bound checks nicolas.bouchinet
` (10 preceding siblings ...)
2025-01-27 20:00 ` Jakub Kicinski
@ 2025-02-21 8:23 ` Joel Granados
11 siblings, 0 replies; 15+ messages in thread
From: Joel Granados @ 2025-02-21 8:23 UTC (permalink / raw)
To: nicolas.bouchinet
Cc: linux-kernel, linux-rdma, linux-scsi, codalist, linux-nfs, netdev,
netfilter-devel, coreteam, Nicolas Bouchinet, Joel Granados,
Bart Van Assche, Leon Romanovsky, Zhu Yanjun, Jason Gunthorpe,
Al Viro, Christian Brauner
On Mon, Jan 27, 2025 at 03:19:57PM +0100, nicolas.bouchinet@clip-os.org wrote:
> From: Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr>
>
> Hi,
>
> This patchset adds some bound checks to sysctls to avoid negative
> value writes.
>
> The patched sysctls were storing the result of the proc_dointvec
> proc_handler into an unsigned int data. proc_dointvec being able to
> parse negative value, and it return value being a signed int, this could
> lead to undefined behaviors.
> This has led to kernel crash in the past as described in commit
> 3b3376f222e3 ("sysctl.c: fix underflow value setting risk in vm_table")
>
> Most of them are now bounded between SYSCTL_ZERO and SYSCTL_INT_MAX.
> nf_conntrack_expect_max is bounded between SYSCTL_ONE and SYSCTL_INT_MAX
> as defined by its documentation.
>
> This patchset has been written over sysctl-testing branch [1].
> See [2] for similar sysctl fixes currently in review.
>
> [1]: https://git.kernel.org/pub/scm/linux/kernel/git/sysctl/sysctl.git/log/?h=sysctl-testing
> [2]: https://lore.kernel.org/all/20250115132211.25400-1-nicolas.bouchinet@clip-os.org/
>
> Best regards,
>
> Nicolas
I see that you have received several reviews suggesting that you post
some of the patches in this series separately. Please remove these for
your V2 so we do not duplicate efforts.
Thx
>
> ---
>
> Nicolas Bouchinet (9):
> sysctl: Fixes nf_conntrack_max bounds
> sysctl: Fixes nf_conntrack_expect_max bounds
> sysctl: Fixes gc_thresh bounds
> sysctl: Fixes idmap_cache_timeout bounds
> sysctl: Fixes nsm_local_state bounds
> sysctl/coda: Fixes timeout bounds
> sysctl: Fixes scsi_logging_level bounds
> sysctl/infiniband: Fixes infiniband sysctl bounds
> sysctl: Fixes max-user-freq bounds
>
> drivers/char/hpet.c | 4 +++-
> drivers/infiniband/core/iwcm.c | 4 +++-
> drivers/infiniband/core/ucma.c | 4 +++-
> drivers/scsi/scsi_sysctl.c | 4 +++-
> fs/coda/sysctl.c | 4 +++-
> fs/lockd/svc.c | 4 +++-
> fs/nfs/nfs4sysctl.c | 4 +++-
> net/ipv4/route.c | 4 +++-
> net/ipv6/route.c | 4 +++-
> net/ipv6/xfrm6_policy.c | 4 +++-
> net/netfilter/nf_conntrack_standalone.c | 12 +++++++++---
> 11 files changed, 39 insertions(+), 13 deletions(-)
>
> --
> 2.48.1
>
--
Joel Granados
^ permalink raw reply [flat|nested] 15+ messages in thread