On Mon, 27 Jan 2025 15:19:57 +0100 nicolas.bouchinet@xxxxxxxxxxx wrote:
> This patchset adds some bound checks to sysctls to avoid negative
> value writes.
>
> The patched sysctls were storing the result of the proc_dointvec
> proc_handler into an unsigned int data. proc_dointvec being able to
> parse negative value, and it return value being a signed int, this could
> lead to undefined behaviors.
> This has led to kernel crash in the past as described in commit
> 3b3376f222e3 ("sysctl.c: fix underflow value setting risk in vm_table")
>
> Most of them are now bounded between SYSCTL_ZERO and SYSCTL_INT_MAX.
> nf_conntrack_expect_max is bounded between SYSCTL_ONE and SYSCTL_INT_MAX
> as defined by its documentation.
>
> This patchset has been written over sysctl-testing branch [1].
> See [2] for similar sysctl fixes currently in review.
Please don't group patches for different subsystems in a series
if there are no dependencies between them.
Only patch 3 seems relevant for netdev@ / core networking.
Please repost patch 3 separately with extended impact analysis and
a Fixes tag (as requested by Joe).
--
pw-bot: cr
