From: Marc Buerg <buermarc@googlemail.com>
To: ps.report@gmx.net
Cc: buermarc@googlemail.com, elias.rw2@gmail.com,
joel.granados@kernel.org, kees@kernel.org,
linux-fsdevel@vger.kernel.org, linux-kernel@vger.kernel.org,
stable@vger.kernel.org
Subject: Re: [PATCH ] sysctl: fix uninitialized variable in proc_do_large_bitmap
Date: Sat, 14 Mar 2026 10:37:25 +0100 [thread overview]
Message-ID: <20260314093725.12429-1-buermarc@googlemail.com> (raw)
In-Reply-To: <20260313121708.137dae22@pc-1>
Hello Peter,
Thanks for your feedback and the idea. You are correct proc_get_long()
does not set @tr if @size is zero, therefore, left in
proc_do_large_bitmap() should be zero when we expect @tr to not be
written to and c still being uninitialized.
> Would the better fix be:
>
> diff --git a/kernel/sysctl.c b/kernel/sysctl.c
> index 354a2d294f52..89db88552987 100644
> --- a/kernel/sysctl.c
> +++ b/kernel/sysctl.c
> @@ -1427,7 +1427,7 @@ int proc_do_large_bitmap(struct ctl_table *table, in=
> t write,
> left--;
> }
>
> - if (c == '-') {
> + if (left && c == '-') {
> err = proc_get_long(&p, &left, &val_b,
> &neg, tr_b, sizeof(tr_b),
> &c);
This would explicitly fix the problem as it enforces that we only check
if we know c contains what we want to check for. Fixing it like you
proposed seems better to me.
I am somewhat conflicted because leaving c uninitialized allows that a
similar problematic access of c could be made in the future.
Initializing c could prevent that. I also do not see an immediate
downside, but that could just be my naivety. Further, that part would
now behave similar to when we apply the default hardening configuration,
if my understanding is correct.
On the other hand, we do not read c later on, and I do not see a reason
why the function would change significantly. Still, it feels more
defensive to me to also set c to 0.
In the end, I am not so used to the kernel coding style. Is there
anything that can be argued against providing both? If you think this is
unnecessary I am happy to follow your reasoning and go with only the
check for left being non-zero.
Kind Regards,
Marc
next prev parent reply other threads:[~2026-03-14 9:37 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-03-12 15:42 [PATCH] sysctl: fix uninitialized variable in proc_do_large_bitmap Marc Buerg
2026-03-13 11:17 ` Peter Seiderer
2026-03-14 9:37 ` Marc Buerg [this message]
2026-03-15 14:26 ` [PATCH ] " Peter Seiderer
2026-03-17 21:32 ` buermarc
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260314093725.12429-1-buermarc@googlemail.com \
--to=buermarc@googlemail.com \
--cc=elias.rw2@gmail.com \
--cc=joel.granados@kernel.org \
--cc=kees@kernel.org \
--cc=linux-fsdevel@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=ps.report@gmx.net \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox