The patch titled
Subject: sysctl: warn when a clamped sysctl parameter is set out of range
has been added to the -mm tree. Its filename is
sysctl-warn-when-a-clamped-sysctl-parameter-is-set-out-of-range.patch
This patch should soon appear at
http://ozlabs.org/~akpm/mmots/broken-out/sysctl-warn-when-a-clamped-sysctl-parameter-is-set-out-of-range.patch
and later at
http://ozlabs.org/~akpm/mmotm/broken-out/sysctl-warn-when-a-clamped-sysctl-parameter-is-set-out-of-range.patch
Before you just go and hit "reply", please:
a) Consider who else should be cc'ed
b) Prefer to cc a suitable mailing list as well
c) Ideally: find the original patch on the mailing list and do a
reply-to-all to that, adding suitable additional cc's
*** Remember to use Documentation/SubmitChecklist when testing your code ***
The -mm tree is included into linux-next and is updated
there every 3-4 working days
------------------------------------------------------
From: Waiman Long <longman@xxxxxxxxxx>
Subject: sysctl: warn when a clamped sysctl parameter is set out of range
Even with clamped sysctl parameters, it is still not that straightforward
to figure out the exact range of those parameters. One may try to write
extreme parameter values to see if they get clamped. To make it easier, a
warning with the expected range will now be printed in the kernel ring
buffer when a clamped sysctl parameter receives an out of range value.
Link: http://lkml.kernel.org/r/1519059231-2456-3-git-send-email-longman@xxxxxxxxxx
Signed-off-by: Waiman Long <longman@xxxxxxxxxx>
Reviewed-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
Cc: Davidlohr Bueso <dave@xxxxxxxxxxxx>
Cc: Manfred Spraul <manfred@xxxxxxxxxxxxxxxx>
Cc: "Luis R. Rodriguez" <mcgrof@xxxxxxxxxx>
Cc: Kees Cook <keescook@xxxxxxxxxxxx>
Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
kernel/sysctl.c | 42 ++++++++++++++++++++++++++++++++++--------
1 file changed, 34 insertions(+), 8 deletions(-)
diff -puN kernel/sysctl.c~sysctl-warn-when-a-clamped-sysctl-parameter-is-set-out-of-range kernel/sysctl.c
--- a/kernel/sysctl.c~sysctl-warn-when-a-clamped-sysctl-parameter-is-set-out-of-range
+++ a/kernel/sysctl.c
@@ -2508,6 +2508,7 @@ static int proc_dointvec_minmax_sysadmin
struct do_proc_dointvec_minmax_conv_param {
int *min;
int *max;
+ const char *name;
bool clamp;
};
@@ -2516,21 +2517,33 @@ static int do_proc_dointvec_minmax_conv(
int write, void *data)
{
struct do_proc_dointvec_minmax_conv_param *param = data;
+
if (write) {
int val = *negp ? -*lvalp : *lvalp;
+ bool clamped = false;
+
if (param->min && *param->min > val) {
- if (param->clamp)
+ if (param->clamp) {
val = *param->min;
- else
+ clamped = true;
+ } else {
return -EINVAL;
+ }
}
if (param->max && *param->max < val) {
- if (param->clamp)
+ if (param->clamp) {
val = *param->max;
- else
+ clamped = true;
+ } else {
return -EINVAL;
+ }
}
*valp = val;
+ if (clamped && param->name)
+ pr_warn("Kernel parameter \"%s\" was set out of range [%d, %d], clamped to %d.\n",
+ param->name,
+ param->min ? *param->min : -INT_MAX,
+ param->max ? *param->max : INT_MAX, val);
} else {
int val = *valp;
if (val < 0) {
@@ -2593,6 +2606,7 @@ int proc_dointvec_clamp_minmax(struct ct
struct do_proc_dointvec_minmax_conv_param param = {
.min = (int *) table->extra1,
.max = (int *) table->extra2,
+ .name = table->procname,
.clamp = true,
};
return do_proc_dointvec(table, write, buffer, lenp, ppos,
@@ -2602,6 +2616,7 @@ int proc_dointvec_clamp_minmax(struct ct
struct do_proc_douintvec_minmax_conv_param {
unsigned int *min;
unsigned int *max;
+ const char *name;
bool clamp;
};
@@ -2613,23 +2628,33 @@ static int do_proc_douintvec_minmax_conv
if (write) {
unsigned int val = *lvalp;
+ bool clamped = false;
if (*lvalp > UINT_MAX)
return -EINVAL;
if (param->min && *param->min > val) {
- if (param->clamp)
+ if (param->clamp) {
val = *param->min;
- else
+ clamped = true;
+ } else {
return -ERANGE;
+ }
}
if (param->max && *param->max < val) {
- if (param->clamp)
+ if (param->clamp) {
val = *param->max;
- else
+ clamped = true;
+ } else {
return -ERANGE;
+ }
}
*valp = val;
+ if (clamped && param->name)
+ pr_warn("Kernel parameter \"%s\" was set out of range [%u, %u], clamped to %u.\n",
+ param->name,
+ param->min ? *param->min : 0,
+ param->max ? *param->max : UINT_MAX, val);
} else {
unsigned int val = *valp;
*lvalp = (unsigned long) val;
@@ -2693,6 +2718,7 @@ int proc_douintvec_clamp_minmax(struct c
struct do_proc_douintvec_minmax_conv_param param = {
.min = (unsigned int *) table->extra1,
.max = (unsigned int *) table->extra2,
+ .name = table->procname,
.clamp = true,
};
return do_proc_douintvec(table, write, buffer, lenp, ppos,
_
Patches currently in -mm which might be from longman@xxxxxxxxxx are
list_lru-prefetch-neighboring-list-entries-before-acquiring-lock.patch
sysctl-add-range-clamping-intvec-helper-functions.patch
sysctl-warn-when-a-clamped-sysctl-parameter-is-set-out-of-range.patch
ipc-clamp-msgmni-and-shmmni-to-the-real-ipc_mni-limit.patch
--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
