Looks good to me This patch depends on 53f3811dfd5e39507ee3aaea1be09aabce8f9c98 "sysctl: Use ctl_table_size as stopping criteria for list macro" and 1e887723545e037b5e200e77edf79802f58fc818 "sysctl: Add ctl_table_size to ctl_table_header" which are both in 6.7 and 6.6. Best On Fri, Feb 02, 2024 at 08:02:50PM -0800, Greg Kroah-Hartman wrote: > 6.7-stable review patch. If anyone has any objections, please let me know. > > ------------------ > > From: Joel Granados <j.granados@xxxxxxxxxxx> > > [ Upstream commit 315552310c7de92baea4e570967066569937a843 ] > > When registering tables to the sysctl subsystem there is a check to see > if header is a permanently empty directory (used for mounts). This check > evaluates the first element of the ctl_table. This results in an out of > bounds evaluation when registering empty directories. > > The function register_sysctl_mount_point now passes a ctl_table of size > 1 instead of size 0. It now relies solely on the type to identify > a permanently empty register. > > Make sure that the ctl_table has at least one element before testing for > permanent emptiness. > > Signed-off-by: Joel Granados <j.granados@xxxxxxxxxxx> > Reported-by: kernel test robot <oliver.sang@xxxxxxxxx> > Closes: https://lore.kernel.org/oe-lkp/202311201431.57aae8f3-oliver.sang@xxxxxxxxx > Signed-off-by: Luis Chamberlain <mcgrof@xxxxxxxxxx> > Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx> > --- > fs/proc/proc_sysctl.c | 9 +++++++-- > 1 file changed, 7 insertions(+), 2 deletions(-) > > diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c > index 8064ea76f80b..84abf98340a0 100644 > --- a/fs/proc/proc_sysctl.c > +++ b/fs/proc/proc_sysctl.c > @@ -44,7 +44,7 @@ static struct ctl_table sysctl_mount_point[] = { > */ > struct ctl_table_header *register_sysctl_mount_point(const char *path) > { > - return register_sysctl_sz(path, sysctl_mount_point, 0); > + return register_sysctl(path, sysctl_mount_point); > } > EXPORT_SYMBOL(register_sysctl_mount_point); > > @@ -233,7 +233,8 @@ static int insert_header(struct ctl_dir *dir, struct ctl_table_header *header) > return -EROFS; > > /* Am I creating a permanently empty directory? */ > - if (sysctl_is_perm_empty_ctl_table(header->ctl_table)) { > + if (header->ctl_table_size > 0 && > + sysctl_is_perm_empty_ctl_table(header->ctl_table)) { > if (!RB_EMPTY_ROOT(&dir->root)) > return -EINVAL; > sysctl_set_perm_empty_ctl_header(dir_h); > @@ -1213,6 +1214,10 @@ static bool get_links(struct ctl_dir *dir, > struct ctl_table_header *tmp_head; > struct ctl_table *entry, *link; > > + if (header->ctl_table_size == 0 || > + sysctl_is_perm_empty_ctl_table(header->ctl_table)) > + return true; > + > /* Are there links available for every entry in table? */ > list_for_each_table_entry(entry, header) { > const char *procname = entry->procname; > -- > 2.43.0 > > > -- Joel Granados
Attachment:
signature.asc
Description: PGP signature
