diff options
| author | Wen Yang <[email protected]> | 2024-04-19 11:36:39 +0800 | 
|---|---|---|
| committer | Joel Granados <[email protected]> | 2024-06-03 15:14:34 +0200 | 
| commit | b5ffbd1396885f76bf87e67d590a3ef063e6d831 (patch) | |
| tree | 88316c84f782ef7fe3e1861204d4852877ffd232 /rust/kernel/alloc.rs | |
| parent | 98ca62ba9e2be5863c7d069f84f7166b45a5b2f4 (diff) | |
sysctl: move the extra1/2 boundary check of u8 to sysctl_check_table_array
Move boundary checking for proc_dou8ved_minmax into module loading, thereby
reporting errors in advance. And add a kunit test case ensuring the
boundary check is done correctly.
The boundary check in proc_dou8vec_minmax done to the extra elements in
the ctl_table struct is currently performed at runtime. This allows buggy
kernel modules to be loaded normally without any errors only to fail
when used.
This is a buggy example module:
	#include <linux/kernel.h>
	#include <linux/module.h>
	#include <linux/sysctl.h>
	static struct ctl_table_header *_table_header = NULL;
	static unsigned char _data = 0;
	struct ctl_table table[] = {
		{
			.procname       = "foo",
			.data           = &_data,
			.maxlen         = sizeof(u8),
			.mode           = 0644,
			.proc_handler   = proc_dou8vec_minmax,
			.extra1         = SYSCTL_ZERO,
			.extra2         = SYSCTL_ONE_THOUSAND,
		},
	};
	static int init_demo(void) {
		_table_header = register_sysctl("kernel", table);
		if (!_table_header)
			return -ENOMEM;
		return 0;
	}
	module_init(init_demo);
	MODULE_LICENSE("GPL");
And this is the result:
        # insmod test.ko
        # cat /proc/sys/kernel/foo
        cat: /proc/sys/kernel/foo: Invalid argument
Suggested-by: Joel Granados <[email protected]>
Signed-off-by: Wen Yang <[email protected]>
Cc: Luis Chamberlain <[email protected]>
Cc: Kees Cook <[email protected]>
Cc: Joel Granados <[email protected]>
Cc: Eric W. Biederman <[email protected]>
Cc: Christian Brauner <[email protected]>
Cc: [email protected]
Reviewed-by: Joel Granados <[email protected]>
Signed-off-by: Joel Granados <[email protected]>
Diffstat (limited to 'rust/kernel/alloc.rs')
0 files changed, 0 insertions, 0 deletions