| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 2 Feb 2023 16:33:40 -0800
From: Eric Biggers <ebiggers@...nel.org>
To: stable@...r.kernel.org
Cc: Harshit Mogalapalli <harshit.m.mogalapalli@...cle.com>,
Kees Cook <keescook@...omium.org>,
SeongJae Park <sj@...nel.org>,
Seth Jenkins <sethjenkins@...gle.com>,
Jann Horn <jannh@...gle.com>,
"Eric W . Biederman" <ebiederm@...ssion.com>,
linux-hardening@...r.kernel.org, linux-kernel@...r.kernel.org,
Iurii Zaikin <yzaikin@...gle.com>,
Peter Zijlstra <peterz@...radead.org>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Paul Turner <pjt@...gle.com>,
Andy Shevchenko <andriy.shevchenko@...ux.intel.com>,
Sebastian Reichel <sre@...nel.org>,
Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>,
Petr Mladek <pmladek@...e.com>,
Sergey Senozhatsky <senozhatsky@...omium.org>,
Qing Wang <wangqing@...o.com>,
Benjamin LaHaise <bcrl@...ck.org>,
Al Viro <viro@...iv.linux.org.uk>, Jan Kara <jack@...e.cz>,
Amir Goldstein <amir73il@...il.com>,
Stephen Kitt <steve@....org>, Antti Palosaari <crope@....fi>,
Arnd Bergmann <arnd@...db.de>,
Benjamin Herrenschmidt <benh@...nel.crashing.org>,
Clemens Ladisch <clemens@...isch.de>,
David Airlie <airlied@...ux.ie>,
Jani Nikula <jani.nikula@...ux.intel.com>,
Joel Becker <jlbec@...lplan.org>,
Joonas Lahtinen <joonas.lahtinen@...ux.intel.com>,
Joseph Qi <joseph.qi@...ux.alibaba.com>,
Julia Lawall <julia.lawall@...ia.fr>,
Lukas Middendorf <kernel@...force.de>,
Mark Fasheh <mark@...heh.com>,
Phillip Potter <phil@...lpotter.co.uk>,
Rodrigo Vivi <rodrigo.vivi@...el.com>,
Douglas Gilbert <dgilbert@...erlog.com>,
"James E . J . Bottomley" <jejb@...ux.ibm.com>,
Jani Nikula <jani.nikula@...el.com>,
John Ogness <john.ogness@...utronix.de>,
"Martin K . Petersen" <martin.petersen@...cle.com>,
"Rafael J. Wysocki" <rafael@...nel.org>,
Steven Rostedt <rostedt@...dmis.org>,
Suren Baghdasaryan <surenb@...gle.com>,
"Theodore Ts'o" <tytso@....edu>,
Xiaoming Ni <nixiaoming@...wei.com>,
Luis Chamberlain <mcgrof@...nel.org>,
Andrew Morton <akpm@...ux-foundation.org>,
Linus Torvalds <torvalds@...ux-foundation.org>
Subject: [PATCH 4.14 v2 01/15] sysctl: add a new register_sysctl_init() interface
From: Xiaoming Ni <nixiaoming@...wei.com>
commit 3ddd9a808cee7284931312f2f3e854c9617f44b2 upstream.
Patch series "sysctl: first set of kernel/sysctl cleanups", v2.
Finally had time to respin the series of the work we had started last
year on cleaning up the kernel/sysct.c kitchen sink. People keeps
stuffing their sysctls in that file and this creates a maintenance
burden. So this effort is aimed at placing sysctls where they actually
belong.
I'm going to split patches up into series as there is quite a bit of
work.
This first set adds register_sysctl_init() for uses of registerting a
sysctl on the init path, adds const where missing to a few places,
generalizes common values so to be more easy to share, and starts the
move of a few kernel/sysctl.c out where they belong.
The majority of rework on v2 in this first patch set is 0-day fixes.
Eric Biederman's feedback is later addressed in subsequent patch sets.
I'll only post the first two patch sets for now. We can address the
rest once the first two patch sets get completely reviewed / Acked.
This patch (of 9):
The kernel/sysctl.c is a kitchen sink where everyone leaves their dirty
dishes, this makes it very difficult to maintain.
To help with this maintenance let's start by moving sysctls to places
where they actually belong. The proc sysctl maintainers do not want to
know what sysctl knobs you wish to add for your own piece of code, we
just care about the core logic.
Today though folks heavily rely on tables on kernel/sysctl.c so they can
easily just extend this table with their needed sysctls. In order to
help users move their sysctls out we need to provide a helper which can
be used during code initialization.
We special-case the initialization use of register_sysctl() since it
*is* safe to fail, given all that sysctls do is provide a dynamic
interface to query or modify at runtime an existing variable. So the
use case of register_sysctl() on init should *not* stop if the sysctls
don't end up getting registered. It would be counter productive to stop
boot if a simple sysctl registration failed.
Provide a helper for init then, and document the recommended init levels
to use for callers of this routine. We will later use this in
subsequent patches to start slimming down kernel/sysctl.c tables and
moving sysctl registration to the code which actually needs these
sysctls.
[mcgrof@...nel.org: major commit log and documentation rephrasing also moved to fs/proc/proc_sysctl.c ]
Link: https://lkml.kernel.org/r/20211123202347.818157-1-mcgrof@kernel.org
Link: https://lkml.kernel.org/r/20211123202347.818157-2-mcgrof@kernel.org
Signed-off-by: Xiaoming Ni <nixiaoming@...wei.com>
Signed-off-by: Luis Chamberlain <mcgrof@...nel.org>
Reviewed-by: Kees Cook <keescook@...omium.org>
Cc: Iurii Zaikin <yzaikin@...gle.com>
Cc: "Eric W. Biederman" <ebiederm@...ssion.com>
Cc: Peter Zijlstra <peterz@...radead.org>
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Cc: Paul Turner <pjt@...gle.com>
Cc: Andy Shevchenko <andriy.shevchenko@...ux.intel.com>
Cc: Sebastian Reichel <sre@...nel.org>
Cc: Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>
Cc: Petr Mladek <pmladek@...e.com>
Cc: Sergey Senozhatsky <senozhatsky@...omium.org>
Cc: Qing Wang <wangqing@...o.com>
Cc: Benjamin LaHaise <bcrl@...ck.org>
Cc: Al Viro <viro@...iv.linux.org.uk>
Cc: Jan Kara <jack@...e.cz>
Cc: Amir Goldstein <amir73il@...il.com>
Cc: Stephen Kitt <steve@....org>
Cc: Antti Palosaari <crope@....fi>
Cc: Arnd Bergmann <arnd@...db.de>
Cc: Benjamin Herrenschmidt <benh@...nel.crashing.org>
Cc: Clemens Ladisch <clemens@...isch.de>
Cc: David Airlie <airlied@...ux.ie>
Cc: Jani Nikula <jani.nikula@...ux.intel.com>
Cc: Joel Becker <jlbec@...lplan.org>
Cc: Joonas Lahtinen <joonas.lahtinen@...ux.intel.com>
Cc: Joseph Qi <joseph.qi@...ux.alibaba.com>
Cc: Julia Lawall <julia.lawall@...ia.fr>
Cc: Lukas Middendorf <kernel@...force.de>
Cc: Mark Fasheh <mark@...heh.com>
Cc: Phillip Potter <phil@...lpotter.co.uk>
Cc: Rodrigo Vivi <rodrigo.vivi@...el.com>
Cc: Douglas Gilbert <dgilbert@...erlog.com>
Cc: James E.J. Bottomley <jejb@...ux.ibm.com>
Cc: Jani Nikula <jani.nikula@...el.com>
Cc: John Ogness <john.ogness@...utronix.de>
Cc: Martin K. Petersen <martin.petersen@...cle.com>
Cc: "Rafael J. Wysocki" <rafael@...nel.org>
Cc: Steven Rostedt (VMware) <rostedt@...dmis.org>
Cc: Suren Baghdasaryan <surenb@...gle.com>
Cc: "Theodore Ts'o" <tytso@....edu>
Signed-off-by: Andrew Morton <akpm@...ux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@...ux-foundation.org>
Signed-off-by: Eric Biggers <ebiggers@...gle.com>
---
fs/proc/proc_sysctl.c | 33 +++++++++++++++++++++++++++++++++
include/linux/sysctl.h | 3 +++
2 files changed, 36 insertions(+)
diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
index 12bac452738df..f4b46f796901c 100644
--- a/fs/proc/proc_sysctl.c
+++ b/fs/proc/proc_sysctl.c
@@ -13,6 +13,7 @@
#include <linux/namei.h>
#include <linux/mm.h>
#include <linux/module.h>
+#include <linux/kmemleak.h>
#include "internal.h"
static const struct dentry_operations proc_sys_dentry_operations;
@@ -1370,6 +1371,38 @@ struct ctl_table_header *register_sysctl(const char *path, struct ctl_table *tab
}
EXPORT_SYMBOL(register_sysctl);
+/**
+ * __register_sysctl_init() - register sysctl table to path
+ * @path: path name for sysctl base
+ * @table: This is the sysctl table that needs to be registered to the path
+ * @table_name: The name of sysctl table, only used for log printing when
+ * registration fails
+ *
+ * The sysctl interface is used by userspace to query or modify at runtime
+ * a predefined value set on a variable. These variables however have default
+ * values pre-set. Code which depends on these variables will always work even
+ * if register_sysctl() fails. If register_sysctl() fails you'd just loose the
+ * ability to query or modify the sysctls dynamically at run time. Chances of
+ * register_sysctl() failing on init are extremely low, and so for both reasons
+ * this function does not return any error as it is used by initialization code.
+ *
+ * Context: Can only be called after your respective sysctl base path has been
+ * registered. So for instance, most base directories are registered early on
+ * init before init levels are processed through proc_sys_init() and
+ * sysctl_init().
+ */
+void __init __register_sysctl_init(const char *path, struct ctl_table *table,
+ const char *table_name)
+{
+ struct ctl_table_header *hdr = register_sysctl(path, table);
+
+ if (unlikely(!hdr)) {
+ pr_err("failed when register_sysctl %s to %s\n", table_name, path);
+ return;
+ }
+ kmemleak_not_leak(hdr);
+}
+
static char *append_path(const char *path, char *pos, const char *name)
{
int namelen;
diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
index b769ecfcc3bd4..0a980aecc8f02 100644
--- a/include/linux/sysctl.h
+++ b/include/linux/sysctl.h
@@ -198,6 +198,9 @@ struct ctl_table_header *register_sysctl_paths(const struct ctl_path *path,
void unregister_sysctl_table(struct ctl_table_header * table);
extern int sysctl_init(void);
+extern void __register_sysctl_init(const char *path, struct ctl_table *table,
+ const char *table_name);
+#define register_sysctl_init(path, table) __register_sysctl_init(path, table, #table)
extern struct ctl_table sysctl_mount_point[];
--
2.39.1
Powered by blists - more mailing lists