+ proc-add-and-remove-proc-entry-create-checks.patch added to -mm tree

akpm@xxxxxxxxxxxxxxxxxxxx · Tue, 08 Jul 2014 15:55:06 -0700

The patch titled
     Subject: proc: add and remove /proc entry create checks
has been added to the -mm tree.  Its filename is
     proc-add-and-remove-proc-entry-create-checks.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/proc-add-and-remove-proc-entry-create-checks.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/proc-add-and-remove-proc-entry-create-checks.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/SubmitChecklist when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Alexey Dobriyan <adobriyan@xxxxxxxxx>
Subject: proc: add and remove /proc entry create checks

* remove proc_create(NULL, ...) check, let it oops

* warn about proc_create("", ...) and proc_create("very very long name", ...)
  proc code keeps length as u8, no 256+ name length possible

* warn about proc_create("123", ...)
  /proc/$PID and /proc/misc namespaces are separate things,
  but dumb module might create funky a-la $PID entry.

* remove post mortem strchr('/') check
  Triggering it implies either strchr() is buggy or memory corruption.
  It should be VFS check anyway.

In reality, none of these checks will ever trigger,
it is preparation for the next patch.

Based on patch from Al Viro.

Signed-off-by: Alexey Dobriyan <adobriyan@xxxxxxxxx>
Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---

 fs/proc/base.c     |    4 ++--
 fs/proc/fd.c       |    2 +-
 fs/proc/generic.c  |   30 +++++++++++++++---------------
 fs/proc/internal.h |    6 +++---
 4 files changed, 21 insertions(+), 21 deletions(-)

diff -puN fs/proc/base.c~proc-add-and-remove-proc-entry-create-checks fs/proc/base.c

--- a/fs/proc/base.c~proc-add-and-remove-proc-entry-create-checks
+++ a/fs/proc/base.c
@@ -2785,7 +2785,7 @@ struct dentry *proc_pid_lookup(struct in
 	unsigned tgid;
 	struct pid_namespace *ns;
 
-	tgid = name_to_int(dentry);
+	tgid = name_to_int(&dentry->d_name);
 	if (tgid == ~0U)
 		goto out;
 
@@ -3033,7 +3033,7 @@ static struct dentry *proc_task_lookup(s
 	if (!leader)
 		goto out_no_task;
 
-	tid = name_to_int(dentry);
+	tid = name_to_int(&dentry->d_name);
 	if (tid == ~0U)
 		goto out;
 
diff -puN fs/proc/fd.c~proc-add-and-remove-proc-entry-create-checks fs/proc/fd.c
--- a/fs/proc/fd.c~proc-add-and-remove-proc-entry-create-checks
+++ a/fs/proc/fd.c
@@ -206,7 +206,7 @@ static struct dentry *proc_lookupfd_comm
 {
 	struct task_struct *task = get_proc_task(dir);
 	int result = -ENOENT;
-	unsigned fd = name_to_int(dentry);
+	unsigned fd = name_to_int(&dentry->d_name);
 
 	if (!task)
 		goto out_no_task;
diff -puN fs/proc/generic.c~proc-add-and-remove-proc-entry-create-checks fs/proc/generic.c
--- a/fs/proc/generic.c~proc-add-and-remove-proc-entry-create-checks
+++ a/fs/proc/generic.c
@@ -330,28 +330,28 @@ static struct proc_dir_entry *__proc_cre
 					  nlink_t nlink)
 {
 	struct proc_dir_entry *ent = NULL;
-	const char *fn = name;
-	unsigned int len;
-
-	/* make sure name is valid */
-	if (!name || !strlen(name))
-		goto out;
+	const char *fn;
+	struct qstr qstr;
 
 	if (xlate_proc_name(name, parent, &fn) != 0)
 		goto out;
+	qstr.name = fn;
+	qstr.len = strlen(fn);
+	if (qstr.len == 0 || qstr.len >= 256) {
+		WARN(1, "name len %u\n", qstr.len);
+		return NULL;
+	}
+	if (*parent == &proc_root && name_to_int(&qstr) != ~0U) {
+		WARN(1, "create '/proc/%s' by hand\n", qstr.name);
+		return NULL;
+	}
 
-	/* At this point there must not be any '/' characters beyond *fn */
-	if (strchr(fn, '/'))
-		goto out;
-
-	len = strlen(fn);
-
-	ent = kzalloc(sizeof(struct proc_dir_entry) + len + 1, GFP_KERNEL);
+	ent = kzalloc(sizeof(struct proc_dir_entry) + qstr.len + 1, GFP_KERNEL);
 	if (!ent)
 		goto out;
 
-	memcpy(ent->name, fn, len + 1);
-	ent->namelen = len;
+	memcpy(ent->name, fn, qstr.len + 1);
+	ent->namelen = qstr.len;
 	ent->mode = mode;
 	ent->nlink = nlink;
 	atomic_set(&ent->count, 1);
diff -puN fs/proc/internal.h~proc-add-and-remove-proc-entry-create-checks fs/proc/internal.h
--- a/fs/proc/internal.h~proc-add-and-remove-proc-entry-create-checks
+++ a/fs/proc/internal.h
@@ -112,10 +112,10 @@ static inline int task_dumpable(struct t
 	return 0;
 }
 
-static inline unsigned name_to_int(struct dentry *dentry)
+static inline unsigned name_to_int(const struct qstr *qstr)
 {
-	const char *name = dentry->d_name.name;
-	int len = dentry->d_name.len;
+	const char *name = qstr->name;
+	int len = qstr->len;
 	unsigned n = 0;
 
 	if (len > 1 && *name == '0')
_

Patches currently in -mm which might be from adobriyan@xxxxxxxxx are

lib-test-kstrtoxc-use-array_size-instead-of-sizeof-sizeof.patch
proc-add-and-remove-proc-entry-create-checks.patch
proc-faster-proc-pid-lookup.patch
proc-make-proc_subdir_lock-static.patch
proc-remove-proc_tty_ldisc-variable.patch
proc-remove-proc_tty_ldisc-variable-fix.patch

--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html







