Re: [PATCH v1 0/9] Fixes multiple sysctl bound checks

From: Jakub Kicinski
Date: Mon Jan 27 2025 - 15:00:32 EST

Next message: André Almeida: "[PATCH v12 0/2] drm/atomic: Ease async flip restrictions"
Previous message: James Houghton: "Re: [PATCH v8 06/11] KVM: x86/mmu: Only check gfn age in shadow MMU if indirect_shadow_pages > 0"
In reply to: Nicolas Bouchinet: "Re: [PATCH v1 0/9] Fixes multiple sysctl bound checks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Mon, 27 Jan 2025 15:19:57 +0100 nicolas.bouchinet@xxxxxxxxxxx wrote:
> This patchset adds some bound checks to sysctls to avoid negative
> value writes.
>
> The patched sysctls were storing the result of the proc_dointvec
> proc_handler into an unsigned int data. proc_dointvec being able to
> parse negative value, and it return value being a signed int, this could
> lead to undefined behaviors.
> This has led to kernel crash in the past as described in commit
> 3b3376f222e3 ("sysctl.c: fix underflow value setting risk in vm_table")
>
> Most of them are now bounded between SYSCTL_ZERO and SYSCTL_INT_MAX.
> nf_conntrack_expect_max is bounded between SYSCTL_ONE and SYSCTL_INT_MAX
> as defined by its documentation.
>
> This patchset has been written over sysctl-testing branch [1].
> See [2] for similar sysctl fixes currently in review.

Please don't group patches for different subsystems in a series
if there are no dependencies between them.

Only patch 3 seems relevant for netdev@ / core networking.

Please repost patch 3 separately with extended impact analysis and
a Fixes tag (as requested by Joe).
--
pw-bot: cr

Next message: André Almeida: "[PATCH v12 0/2] drm/atomic: Ease async flip restrictions"
Previous message: James Houghton: "Re: [PATCH v8 06/11] KVM: x86/mmu: Only check gfn age in shadow MMU if indirect_shadow_pages > 0"
In reply to: Nicolas Bouchinet: "Re: [PATCH v1 0/9] Fixes multiple sysctl bound checks"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]