lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20170211003614.6579-1-mcgrof@kernel.org>
Date:   Fri, 10 Feb 2017 16:36:05 -0800
From:   "Luis R. Rodriguez" <mcgrof@...nel.org>
To:     viro@...iv.linux.org.uk, akpm@...ux-foundation.org,
        ebiederm@...ssion.com, keescook@...omium.org, acme@...hat.com,
        mingo@...nel.org, mgorman@...e.de, subashab@...eaurora.org
Cc:     jeyu@...hat.com, rusty@...tcorp.com.au, swhiteho@...hat.com,
        deepa.kernel@...il.com, matt@...eblueprint.co.uk,
        adobriyan@...il.com, bp@...e.de, dmitry.torokhov@...il.com,
        shuah@...nel.org, torvalds@...ux-foundation.org,
        linux@...ck-us.net, linux-kselftest@...r.kernel.org,
        linux-kernel@...r.kernel.org,
        "Luis R. Rodriguez" <mcgrof@...nel.org>
Subject: [PATCH v2 0/9] sysctl: add and fix proper unsigned int support

On this v2 I've taken Alexey's recommendation and looked at array users
of the proc sysctl interface which complicate the interfece to see if
we can instead just simplify the unsigned int implementation. I could
not find any clear candidate. As such I've just ripped out array
support.

Since some future unsigned int proc sysctl users might think there is
array support I've taken measures to do sanity checks on initialization
and warn the kernel if such users creep up. To validate this I ended up
just writing a simple test driver, and extending our tests. In doing this
I also found a really old issue with sysctl_check_table(), and yet another
issue with the first incarnation of proc_douintvec().

I hammered on proc_douintvec() as much as I could, and extended tests for
this to ensure we don't regress should some int users convert over.

I noticed one more issue but I did not fix as I figured it was worth
discussing: proc_doi*_minmax() handlers have historically allowed users
to register even if their own data does not match the expressed min/max
values. When this happens the value is exposed on /proc/sys but reading
or writing does not work against it. I'm of the opinion that
sysctl_check_table() should just validate this and bail preventing such
entries from ever creeping up. The only reason I didn't do this is this
*could* mean some tables don't get registered in some cases -- I haven't
done the vetting. If we're fine with this I can add it later.

Luis R. Rodriguez (9):
  sysctl: fix lax sysctl_check_table() sanity check
  sysctl: add proper unsigned int support
  sysctl: add unsigned int range support
  test_sysctl: add dedicated proc sysctl test driver
  test_sysctl: add generic script to expand on tests
  test_sysctl: test against PAGE_SIZE for int
  test_sysctl: add simple proc_dointvec() case
  test_sysctl: add simple proc_douintvec() case
  test_sysctl: test against int proc_dointvec() array support

 fs/proc/proc_sysctl.c                           |  27 +-
 include/linux/sysctl.h                          |   3 +
 kernel/sysctl.c                                 | 227 +++++++-
 lib/Kconfig.debug                               |  11 +
 lib/Makefile                                    |   1 +
 lib/test_sysctl.c                               | 141 +++++
 tools/testing/selftests/sysctl/Makefile         |   3 +-
 tools/testing/selftests/sysctl/common_tests     | 109 ----
 tools/testing/selftests/sysctl/config           |   1 +
 tools/testing/selftests/sysctl/run_numerictests |  10 -
 tools/testing/selftests/sysctl/run_stringtests  |  77 ---
 tools/testing/selftests/sysctl/sysctl.sh        | 738 ++++++++++++++++++++++++
 12 files changed, 1139 insertions(+), 209 deletions(-)
 create mode 100644 lib/test_sysctl.c
 delete mode 100644 tools/testing/selftests/sysctl/common_tests
 create mode 100644 tools/testing/selftests/sysctl/config
 delete mode 100755 tools/testing/selftests/sysctl/run_numerictests
 delete mode 100755 tools/testing/selftests/sysctl/run_stringtests
 create mode 100755 tools/testing/selftests/sysctl/sysctl.sh

-- 
2.11.0

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ