diff options
| author | Wen Yang <[email protected]> | 2024-04-19 11:36:39 +0800 |
|---|---|---|
| committer | Joel Granados <[email protected]> | 2024-06-03 15:14:34 +0200 |
| commit | b5ffbd1396885f76bf87e67d590a3ef063e6d831 (patch) | |
| tree | 88316c84f782ef7fe3e1861204d4852877ffd232 /lib/dynamic_debug.c | |
| parent | 98ca62ba9e2be5863c7d069f84f7166b45a5b2f4 (diff) | |
sysctl: move the extra1/2 boundary check of u8 to sysctl_check_table_array
Move boundary checking for proc_dou8ved_minmax into module loading, thereby
reporting errors in advance. And add a kunit test case ensuring the
boundary check is done correctly.
The boundary check in proc_dou8vec_minmax done to the extra elements in
the ctl_table struct is currently performed at runtime. This allows buggy
kernel modules to be loaded normally without any errors only to fail
when used.
This is a buggy example module:
#include <linux/kernel.h>
#include <linux/module.h>
#include <linux/sysctl.h>
static struct ctl_table_header *_table_header = NULL;
static unsigned char _data = 0;
struct ctl_table table[] = {
{
.procname = "foo",
.data = &_data,
.maxlen = sizeof(u8),
.mode = 0644,
.proc_handler = proc_dou8vec_minmax,
.extra1 = SYSCTL_ZERO,
.extra2 = SYSCTL_ONE_THOUSAND,
},
};
static int init_demo(void) {
_table_header = register_sysctl("kernel", table);
if (!_table_header)
return -ENOMEM;
return 0;
}
module_init(init_demo);
MODULE_LICENSE("GPL");
And this is the result:
# insmod test.ko
# cat /proc/sys/kernel/foo
cat: /proc/sys/kernel/foo: Invalid argument
Suggested-by: Joel Granados <[email protected]>
Signed-off-by: Wen Yang <[email protected]>
Cc: Luis Chamberlain <[email protected]>
Cc: Kees Cook <[email protected]>
Cc: Joel Granados <[email protected]>
Cc: Eric W. Biederman <[email protected]>
Cc: Christian Brauner <[email protected]>
Cc: [email protected]
Reviewed-by: Joel Granados <[email protected]>
Signed-off-by: Joel Granados <[email protected]>
Diffstat (limited to 'lib/dynamic_debug.c')
0 files changed, 0 insertions, 0 deletions