Revision e7d316a02f683864a12389f8808570e37fb90aa3 authored by Subash Abhinov Kasiviswanathan on 25 August 2016, 22:16:51 UTC, committed by Linus Torvalds on 27 August 2016, 00:39:35 UTC
We have scripts which write to certain fields on 3.18 kernels but this seems to be failing on 4.4 kernels. An entry which we write to here is xfrm_aevent_rseqth which is u32. echo 4294967295 > /proc/sys/net/core/xfrm_aevent_rseqth Commit 230633d109e3 ("kernel/sysctl.c: detect overflows when converting to int") prevented writing to sysctl entries when integer overflow occurs. However, this does not apply to unsigned integers. Heinrich suggested that we introduce a new option to handle 64 bit limits and set min as 0 and max as UINT_MAX. This might not work as it leads to issues similar to __do_proc_doulongvec_minmax. Alternatively, we would need to change the datatype of the entry to 64 bit. static int __do_proc_doulongvec_minmax(void *data, struct ctl_table { i = (unsigned long *) data; //This cast is causing to read beyond the size of data (u32) vleft = table->maxlen / sizeof(unsigned long); //vleft is 0 because maxlen is sizeof(u32) which is lesser than sizeof(unsigned long) on x86_64. Introduce a new proc handler proc_douintvec. Individual proc entries will need to be updated to use the new handler. [akpm@linux-foundation.org: coding-style fixes] Fixes: 230633d109e3 ("kernel/sysctl.c:detect overflows when converting to int") Link: http://lkml.kernel.org/r/1471479806-5252-1-git-send-email-subashab@codeaurora.org Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org> Cc: Heinrich Schuchardt <xypron.glpk@gmx.de> Cc: Kees Cook <keescook@chromium.org> Cc: "David S. Miller" <davem@davemloft.net> Cc: Ingo Molnar <mingo@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1 parent 8582fb5
Kconfig
#
# IPX configuration
#
config IPX
tristate "The IPX protocol"
select LLC
---help---
This is support for the Novell networking protocol, IPX, commonly
used for local networks of Windows machines. You need it if you
want to access Novell NetWare file or print servers using the Linux
Novell client ncpfs (available from
<ftp://platan.vc.cvut.cz/pub/linux/ncpfs/>) or from
within the Linux DOS emulator DOSEMU (read the DOSEMU-HOWTO,
available from <http://www.tldp.org/docs.html#howto>). In order
to do the former, you'll also have to say Y to "NCP file system
support", below.
IPX is similar in scope to IP, while SPX, which runs on top of IPX,
is similar to TCP.
To turn your Linux box into a fully featured NetWare file server and
IPX router, say Y here and fetch either lwared from
<ftp://ibiblio.org/pub/Linux/system/network/daemons/> or
mars_nwe from <ftp://www.compu-art.de/mars_nwe/>. For more
information, read the IPX-HOWTO available from
<http://www.tldp.org/docs.html#howto>.
The IPX driver would enlarge your kernel by about 16 KB. To compile
this driver as a module, choose M here: the module will be called ipx.
Unless you want to integrate your Linux box with a local Novell
network, say N.
config IPX_INTERN
bool "IPX: Full internal IPX network"
depends on IPX
---help---
Every IPX network has an address that identifies it. Sometimes it is
useful to give an IPX "network" address to your Linux box as well
(for example if your box is acting as a file server for different
IPX networks: it will then be accessible from everywhere using the
same address). The way this is done is to create a virtual internal
"network" inside your box and to assign an IPX address to this
network. Say Y here if you want to do this; read the IPX-HOWTO at
<http://www.tldp.org/docs.html#howto> for details.
The full internal IPX network enables you to allocate sockets on
different virtual nodes of the internal network. This is done by
evaluating the field sipx_node of the socket address given to the
bind call. So applications should always initialize the node field
to 0 when binding a socket on the primary network. In this case the
socket is assigned the default node that has been given to the
kernel when the internal network was created. By enabling the full
internal IPX network the cross-forwarding of packets targeted at
'special' sockets to sockets listening on the primary network is
disabled. This might break existing applications, especially RIP/SAP
daemons. A RIP/SAP daemon that works well with the full internal net
can be found on <ftp://ftp.gwdg.de/pub/linux/misc/ncpfs/>.
If you don't know what you are doing, say N.
Computing file changes ...