lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <d56pptdshudhgubqmgcag5gwfadwzntg2tz3av6wfijn77lvui@dxtbse27guev>
Date: Fri, 21 Feb 2025 09:23:14 +0100
From: Joel Granados <joel.granados@...nel.org>
To: nicolas.bouchinet@...p-os.org
Cc: linux-kernel@...r.kernel.org, linux-rdma@...r.kernel.org, 
	linux-scsi@...r.kernel.org, codalist@...a.cs.cmu.edu, linux-nfs@...r.kernel.org, 
	netdev@...r.kernel.org, netfilter-devel@...r.kernel.org, coreteam@...filter.org, 
	Nicolas Bouchinet <nicolas.bouchinet@....gouv.fr>, Joel Granados <j.granados@...sung.com>, 
	Bart Van Assche <bvanassche@....org>, Leon Romanovsky <leon@...nel.org>, 
	Zhu Yanjun <yanjun.zhu@...ux.dev>, Jason Gunthorpe <jgg@...pe.ca>, 
	Al Viro <viro@...iv.linux.org.uk>, Christian Brauner <brauner@...nel.org>
Subject: Re: [PATCH v1 0/9] Fixes multiple sysctl bound checks

On Mon, Jan 27, 2025 at 03:19:57PM +0100, nicolas.bouchinet@...p-os.org wrote:
> From: Nicolas Bouchinet <nicolas.bouchinet@....gouv.fr>
> 
> Hi,
> 
> This patchset adds some bound checks to sysctls to avoid negative
> value writes.
> 
> The patched sysctls were storing the result of the proc_dointvec
> proc_handler into an unsigned int data. proc_dointvec being able to
> parse negative value, and it return value being a signed int, this could
> lead to undefined behaviors.
> This has led to kernel crash in the past as described in commit
> 3b3376f222e3 ("sysctl.c: fix underflow value setting risk in vm_table")
> 
> Most of them are now bounded between SYSCTL_ZERO and SYSCTL_INT_MAX.
> nf_conntrack_expect_max is bounded between SYSCTL_ONE and SYSCTL_INT_MAX
> as defined by its documentation.
> 
> This patchset has been written over sysctl-testing branch [1].
> See [2] for similar sysctl fixes currently in review.
> 
> [1]: https://git.kernel.org/pub/scm/linux/kernel/git/sysctl/sysctl.git/log/?h=sysctl-testing
> [2]: https://lore.kernel.org/all/20250115132211.25400-1-nicolas.bouchinet@clip-os.org/
> 
> Best regards,
> 
> Nicolas
I see that you have received several reviews suggesting that you post
some of the patches in this series separately. Please remove these for
your V2 so we do not duplicate efforts.

Thx

> 
> ---
> 
> Nicolas Bouchinet (9):
>   sysctl: Fixes nf_conntrack_max bounds
>   sysctl: Fixes nf_conntrack_expect_max bounds
>   sysctl: Fixes gc_thresh bounds
>   sysctl: Fixes idmap_cache_timeout bounds
>   sysctl: Fixes nsm_local_state bounds
>   sysctl/coda: Fixes timeout bounds
>   sysctl: Fixes scsi_logging_level bounds
>   sysctl/infiniband: Fixes infiniband sysctl bounds
>   sysctl: Fixes max-user-freq bounds
> 
>  drivers/char/hpet.c                     |  4 +++-
>  drivers/infiniband/core/iwcm.c          |  4 +++-
>  drivers/infiniband/core/ucma.c          |  4 +++-
>  drivers/scsi/scsi_sysctl.c              |  4 +++-
>  fs/coda/sysctl.c                        |  4 +++-
>  fs/lockd/svc.c                          |  4 +++-
>  fs/nfs/nfs4sysctl.c                     |  4 +++-
>  net/ipv4/route.c                        |  4 +++-
>  net/ipv6/route.c                        |  4 +++-
>  net/ipv6/xfrm6_policy.c                 |  4 +++-
>  net/netfilter/nf_conntrack_standalone.c | 12 +++++++++---
>  11 files changed, 39 insertions(+), 13 deletions(-)
> 
> -- 
> 2.48.1
> 

-- 

Joel Granados

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ