The patch titled
Subject: kernel/sysctl.c: warn when a clamped sysctl parameter is set out of range
has been removed from the -mm tree. Its filename was
sysctl-warn-when-a-clamped-sysctl-parameter-is-set-out-of-range.patch
This patch was dropped because an updated version will be merged
------------------------------------------------------
From: Waiman Long <longman@xxxxxxxxxx>
Subject: kernel/sysctl.c: warn when a clamped sysctl parameter is set out of range
Even with clamped sysctl parameters, it is still not that straight forward
to figure out the exact range of those parameters. One may try to write
extreme parameter values to see if they get clamped. To make it easier, a
warning with the expected range will now be printed into the kernel ring
buffer when a clamped sysctl parameter receives an out of range value.
The pr_warn_ratelimited() macro is used to limit the number of warning
messages that can be printed within a given period of time.
Link: http://lkml.kernel.org/r/1520885744-1546-4-git-send-email-longman@xxxxxxxxxx
Signed-off-by: Waiman Long <longman@xxxxxxxxxx>
Reviewed-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
Cc: Alexey Dobriyan <adobriyan@xxxxxxxxx>
Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Cc: Davidlohr Bueso <dave@xxxxxxxxxxxx>
Cc: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
Cc: Kees Cook <keescook@xxxxxxxxxxxx>
Cc: "Luis R. Rodriguez" <mcgrof@xxxxxxxxxx>
Cc: Manfred Spraul <manfred@xxxxxxxxxxxxxxxx>
Cc: Matthew Wilcox <willy@xxxxxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
kernel/sysctl.c | 48 ++++++++++++++++++++++++++++++++++++++--------
1 file changed, 40 insertions(+), 8 deletions(-)
diff -puN kernel/sysctl.c~sysctl-warn-when-a-clamped-sysctl-parameter-is-set-out-of-range kernel/sysctl.c
--- a/kernel/sysctl.c~sysctl-warn-when-a-clamped-sysctl-parameter-is-set-out-of-range
+++ a/kernel/sysctl.c
@@ -2505,6 +2505,7 @@ static int proc_dointvec_minmax_sysadmin
* @min: pointer to minimum allowable value
* @max: pointer to maximum allowable value
* @flags: pointer to flags
+ * @name: sysctl parameter name
*
* The do_proc_dointvec_minmax_conv_param structure provides the
* minimum and maximum values for doing range checking for those sysctl
@@ -2514,31 +2515,48 @@ struct do_proc_dointvec_minmax_conv_para
int *min;
int *max;
unsigned int *flags;
+ const char *name;
};
+#ifdef pr_fmt
+#undef pr_fmt
+#endif
+#define pr_fmt(fmt) "sysctl: " fmt
+
static int do_proc_dointvec_minmax_conv(bool *negp, unsigned long *lvalp,
int *valp,
int write, void *data)
{
struct do_proc_dointvec_minmax_conv_param *param = data;
+
if (write) {
int val = *negp ? -*lvalp : *lvalp;
+ bool clamped = false;
bool clamp = param->flags &&
(*param->flags & CTL_FLAGS_CLAMP_RANGE);
if (param->min && *param->min > val) {
- if (clamp)
+ if (clamp) {
val = *param->min;
- else
+ clamped = true;
+ } else {
return -EINVAL;
+ }
}
if (param->max && *param->max < val) {
- if (clamp)
+ if (clamp) {
val = *param->max;
- else
+ clamped = true;
+ } else {
return -EINVAL;
+ }
}
*valp = val;
+ if (clamped && param->name)
+ pr_warn_ratelimited("\"%s\" was set out of range [%d, %d], clamped to %d.\n",
+ param->name,
+ param->min ? *param->min : -INT_MAX,
+ param->max ? *param->max : INT_MAX, val);
} else {
int val = *valp;
if (val < 0) {
@@ -2576,6 +2594,7 @@ int proc_dointvec_minmax(struct ctl_tabl
.min = (int *) table->extra1,
.max = (int *) table->extra2,
.flags = &table->flags,
+ .name = table->procname,
};
return do_proc_dointvec(table, write, buffer, lenp, ppos,
do_proc_dointvec_minmax_conv, ¶m);
@@ -2586,6 +2605,7 @@ int proc_dointvec_minmax(struct ctl_tabl
* @min: pointer to minimum allowable value
* @max: pointer to maximum allowable value
* @flags: pointer to flags
+ * @name: sysctl parameter name
*
* The do_proc_douintvec_minmax_conv_param structure provides the
* minimum and maximum values for doing range checking for those sysctl
@@ -2595,6 +2615,7 @@ struct do_proc_douintvec_minmax_conv_par
unsigned int *min;
unsigned int *max;
unsigned int *flags;
+ const char *name;
};
static int do_proc_douintvec_minmax_conv(unsigned long *lvalp,
@@ -2605,6 +2626,7 @@ static int do_proc_douintvec_minmax_conv
if (write) {
unsigned int val = *lvalp;
+ bool clamped = false;
bool clamp = param->flags &&
(*param->flags & CTL_FLAGS_CLAMP_RANGE);
@@ -2612,18 +2634,27 @@ static int do_proc_douintvec_minmax_conv
return -EINVAL;
if (param->min && *param->min > val) {
- if (clamp)
+ if (clamp) {
val = *param->min;
- else
+ clamped = true;
+ } else {
return -ERANGE;
+ }
}
if (param->max && *param->max < val) {
- if (clamp)
+ if (clamp) {
val = *param->max;
- else
+ clamped = true;
+ } else {
return -ERANGE;
+ }
}
*valp = val;
+ if (clamped && param->name)
+ pr_warn_ratelimited("\"%s\" was set out of range [%u, %u], clamped to %u.\n",
+ param->name,
+ param->min ? *param->min : 0,
+ param->max ? *param->max : UINT_MAX, val);
} else {
unsigned int val = *valp;
*lvalp = (unsigned long) val;
@@ -2659,6 +2690,7 @@ int proc_douintvec_minmax(struct ctl_tab
.min = (unsigned int *) table->extra1,
.max = (unsigned int *) table->extra2,
.flags = &table->flags,
+ .name = table->procname,
};
return do_proc_douintvec(table, write, buffer, lenp, ppos,
do_proc_douintvec_minmax_conv, ¶m);
_
Patches currently in -mm which might be from longman@xxxxxxxxxx are
list_lru-prefetch-neighboring-list-entries-before-acquiring-lock.patch
proc-sysctl-fix-typo-in-sysctl_check_table_array.patch
sysctl-add-kdoc-comments-to-do_proc_douintvec_minmax_conv_param.patch
ipc-clamp-msgmni-and-shmmni-to-the-real-ipcmni-limit.patch
ipc-clamp-semmni-to-the-real-ipcmni-limit.patch
test_sysctl-add-range-clamping-test.patch
--
To unsubscribe from this list: send the line "unsubscribe mm-commits" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
