lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 07 Oct 2010 17:54:48 -0700 From: ebiederm@...ssion.com (Eric W. Biederman) To: Andrew Morton <akpm@...ux-foundation.org> Cc: Eric Dumazet <eric.dumazet@...il.com>, Jiri Slaby <jirislaby@...il.com>, linux-kernel@...r.kernel.org, mm-commits@...r.kernel.org, ML netdev <netdev@...r.kernel.org>, "David S. Miller" <davem@...emloft.net> Subject: Re: IPv4: sysctl table check failed [was: mmotm 2010-10-07-14-08 uploaded] Andrew Morton <akpm@...ux-foundation.org> writes: > On Fri, 08 Oct 2010 00:22:15 +0200 > Eric Dumazet <eric.dumazet@...il.com> wrote: > >> Le vendredi 08 octobre 2010 __ 00:06 +0200, Jiri Slaby a __crit : >> > On 10/07/2010 11:08 PM, akpm@...ux-foundation.org wrote: >> > > The mm-of-the-moment snapshot 2010-10-07-14-08 has been uploaded to >> > >> > Hi, I got bunch of "sysctl table check failed" below. All seem to be >> > related to ipv4: >> >> I would say, sysctl check is buggy :( >> >> min/max are optional >> >> [PATCH] sysctl: min/max bounds are optional >> >> sysctl check complains when proc_doulongvec_minmax or >> proc_doulongvec_ms_jiffies_minmax are used by a vector of longs (with >> more than one element), with no min or max value specified. >> >> This is unexpected, given we had a bug on this min/max handling :) >> >> Reported-by: Jiri Slaby <jirislaby@...il.com> >> Signed-off-by: Eric Dumazet <eric.dumazet@...il.com> >> --- >> kernel/sysctl_check.c | 9 --------- >> 1 file changed, 9 deletions(-) >> >> diff --git a/kernel/sysctl_check.c b/kernel/sysctl_check.c >> index 04cdcf7..10b90d8 100644 >> --- a/kernel/sysctl_check.c >> +++ b/kernel/sysctl_check.c >> @@ -143,15 +143,6 @@ int sysctl_check_table(struct nsproxy *namespaces, struct ctl_table *table) >> if (!table->maxlen) >> set_fail(&fail, table, "No maxlen"); >> } >> - if ((table->proc_handler == proc_doulongvec_minmax) || >> - (table->proc_handler == proc_doulongvec_ms_jiffies_minmax)) { >> - if (table->maxlen > sizeof (unsigned long)) { >> - if (!table->extra1) >> - set_fail(&fail, table, "No min"); >> - if (!table->extra2) >> - set_fail(&fail, table, "No max"); >> - } >> - } >> #ifdef CONFIG_PROC_SYSCTL >> if (table->procname && !table->proc_handler) >> set_fail(&fail, table, "No proc_handler"); > > That will probably fix it ;) > > net-avoid-limits-overflow.patch is dependent on this patch. Unless > Eric B squeaks I'll plan on sending this patch in for 2.6.37. Oh. I see. I actually had a sanity check for the case that was failing. I probably spotted the buggy code and wanted to see if there was anything that cared. So sysctl_check was perfectly correct until the bug was removed from proc_doulongvec_minmax. Which also means we have been auditing the kernel for quite a while to make certain that it is safe not to increment min and max. Eric -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists