Re: [PATCH 2/3] sysctl: Warn when a clamped sysctl parameter is set out of range

From: Andrew Morton
Date: Tue Feb 20 2018 - 18:17:13 EST


On Mon, 19 Feb 2018 11:53:50 -0500 Waiman Long <longman@xxxxxxxxxx> wrote:

> Even with clamped sysctl parameters, it is still not that straight
> forward to figure out the exact range of those parameters. One may
> try to write extreme parameter values to see if they get clamped.
> To make it easier, a warning with the expected range will now be
> printed in the kernel ring buffer when a clamped sysctl parameter
> receives an out of range value.

This assumes that do_proc_dointvec_minmax_conv() and
do_proc_douintvec_minmax_conv() are only ever called by privileged
userspace. Because we mustn't give unprivileged applications a way to
spam the kernel logs.

That's presumably true in the case of the caller you just added, but I
don't see what we can do to guarantee this in the future, so perhaps we
should add some permission check to the pr_warn()?