| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <42t2lpwwwihg4heu4ogudt4fe5uz7trg3y2lsoqvmjnzmhnjmy@pebnborzqodv>
Date: Mon, 3 Mar 2025 15:12:57 +0100
From: Joel Granados <joel.granados@...nel.org>
To: Chuck Lever <chuck.lever@...cle.com>
Cc: nicolas.bouchinet@...p-os.org, linux-kernel@...r.kernel.org,
linux-rdma@...r.kernel.org, linux-scsi@...r.kernel.org, codalist@...a.cs.cmu.edu,
linux-nfs@...r.kernel.org, Nicolas Bouchinet <nicolas.bouchinet@....gouv.fr>,
Joel Granados <j.granados@...sung.com>, Clemens Ladisch <clemens@...isch.de>,
Arnd Bergmann <arnd@...db.de>, Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
Jason Gunthorpe <jgg@...pe.ca>, Leon Romanovsky <leon@...nel.org>,
"James E.J. Bottomley" <James.Bottomley@...senpartnership.com>, "Martin K. Petersen" <martin.petersen@...cle.com>,
Jan Harkes <jaharkes@...cmu.edu>, Jeff Layton <jlayton@...nel.org>, Neil Brown <neilb@...e.de>,
Olga Kornievskaia <okorniev@...hat.com>, Dai Ngo <Dai.Ngo@...cle.com>, Tom Talpey <tom@...pey.com>,
Trond Myklebust <trondmy@...nel.org>, Anna Schumaker <anna@...nel.org>,
Bart Van Assche <bvanassche@....org>, Zhu Yanjun <yanjun.zhu@...ux.dev>,
Al Viro <viro@...iv.linux.org.uk>, Christian Brauner <brauner@...nel.org>
Subject: Re: [PATCH v2 2/6] sysctl: Fixes nsm_local_state bounds
On Mon, Feb 24, 2025 at 09:38:17AM -0500, Chuck Lever wrote:
> On 2/24/25 4:58 AM, nicolas.bouchinet@...p-os.org wrote:
> > From: Nicolas Bouchinet <nicolas.bouchinet@....gouv.fr>
> >
> > Bound nsm_local_state sysctl writings between SYSCTL_ZERO
> > and SYSCTL_INT_MAX.
> >
> > The proc_handler has thus been updated to proc_dointvec_minmax.
> >
> > Signed-off-by: Nicolas Bouchinet <nicolas.bouchinet@....gouv.fr>
> > ---
> > fs/lockd/svc.c | 4 +++-
> > 1 file changed, 3 insertions(+), 1 deletion(-)
> >
> > diff --git a/fs/lockd/svc.c b/fs/lockd/svc.c
> > index 2c8eedc6c2cc9..984ab233af8b6 100644
> > --- a/fs/lockd/svc.c
> > +++ b/fs/lockd/svc.c
> > @@ -461,7 +461,9 @@ static const struct ctl_table nlm_sysctls[] = {
> > .data = &nsm_local_state,
> > .maxlen = sizeof(int),
> > .mode = 0644,
> > - .proc_handler = proc_dointvec,
> > + .proc_handler = proc_dointvec_minmax,
> > + .extra1 = SYSCTL_ZERO,
> > + .extra2 = SYSCTL_INT_MAX,
> > },
> > };
> >
>
> Hi Nicolas -
>
> nsm_local_state is an unsigned 32-bit integer. The type of that value is
> defined by spec, because this value is exchanged between peers on the
> network.
>
> Perhaps this patch should replace proc_dointvec with proc_douintvec
> instead.
As Nicolas stated, that is completely up to how you used the variable.
Things to notice:
1. If you want the full range of a unsigned long, then you should stop
using proc_dointvec as it will upper limit the value to INT_MAX.
2. If you want to keep using nsm_local_state as unsigned int, then
please add SYSCTL_ZERO as a lower bound to avoid assigning negative
values
3. Having SYSCTL_INT_MAX is not necessary as it is already capped by
proc_dointvec{_minmax,}, but it is nice to have as it makes explicit
what is happening.
Let me know if you take this through your trees so I can remove it from
sysctl.
Reviewed-by: Joel Granados <joel.granados@...nel.org>
Best
>
>
> --
> Chuck Lever
--
Joel Granados
Powered by blists - more mailing lists