Revision e7d316a02f683864a12389f8808570e37fb90aa3 authored by Subash Abhinov Kasiviswanathan on 25 August 2016, 22:16:51 UTC, committed by Linus Torvalds on 27 August 2016, 00:39:35 UTC
We have scripts which write to certain fields on 3.18 kernels but this
seems to be failing on 4.4 kernels. An entry which we write to here is
xfrm_aevent_rseqth which is u32.
echo 4294967295 > /proc/sys/net/core/xfrm_aevent_rseqth
Commit 230633d109e3 ("kernel/sysctl.c: detect overflows when converting
to int") prevented writing to sysctl entries when integer overflow
occurs. However, this does not apply to unsigned integers.
Heinrich suggested that we introduce a new option to handle 64 bit
limits and set min as 0 and max as UINT_MAX. This might not work as it
leads to issues similar to __do_proc_doulongvec_minmax. Alternatively,
we would need to change the datatype of the entry to 64 bit.
static int __do_proc_doulongvec_minmax(void *data, struct ctl_table
{
i = (unsigned long *) data; //This cast is causing to read beyond the size of data (u32)
vleft = table->maxlen / sizeof(unsigned long); //vleft is 0 because maxlen is sizeof(u32) which is lesser than sizeof(unsigned long) on x86_64.
Introduce a new proc handler proc_douintvec. Individual proc entries
will need to be updated to use the new handler.
[akpm@linux-foundation.org: coding-style fixes]
Fixes: 230633d109e3 ("kernel/sysctl.c:detect overflows when converting to int")
Link: http://lkml.kernel.org/r/1471479806-5252-1-git-send-email-subashab@codeaurora.org
Signed-off-by: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org>
Cc: Heinrich Schuchardt <xypron.glpk@gmx.de>
Cc: Kees Cook <keescook@chromium.org>
Cc: "David S. Miller" <davem@davemloft.net>
Cc: Ingo Molnar <mingo@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
1 parent 8582fb5
| File | Mode | Size |
|---|---|---|
| Kconfig | -rw-r--r-- | 1.1 KB |
| Makefile | -rw-r--r-- | 411 bytes |
| addr.c | -rw-r--r-- | 4.2 KB |
| addr.h | -rw-r--r-- | 2.7 KB |
| bcast.c | -rw-r--r-- | 11.1 KB |
| bcast.h | -rw-r--r-- | 3.2 KB |
| bearer.c | -rw-r--r-- | 26.4 KB |
| bearer.h | -rw-r--r-- | 8.0 KB |
| core.c | -rw-r--r-- | 4.5 KB |
| core.h | -rw-r--r-- | 4.6 KB |
| discover.c | -rw-r--r-- | 10.2 KB |
| discover.h | -rw-r--r-- | 2.3 KB |
| eth_media.c | -rw-r--r-- | 3.6 KB |
| ib_media.c | -rw-r--r-- | 3.6 KB |
| link.c | -rw-r--r-- | 54.2 KB |
| link.h | -rw-r--r-- | 6.1 KB |
| monitor.c | -rw-r--r-- | 20.9 KB |
| monitor.h | -rw-r--r-- | 3.5 KB |
| msg.c | -rw-r--r-- | 17.1 KB |
| msg.h | -rw-r--r-- | 19.9 KB |
| name_distr.c | -rw-r--r-- | 10.9 KB |
| name_distr.h | -rw-r--r-- | 3.2 KB |
| name_table.c | -rw-r--r-- | 27.9 KB |
| name_table.h | -rw-r--r-- | 5.0 KB |
| net.c | -rw-r--r-- | 8.0 KB |
| net.h | -rw-r--r-- | 2.1 KB |
| netlink.c | -rw-r--r-- | 8.1 KB |
| netlink.h | -rw-r--r-- | 2.7 KB |
| netlink_compat.c | -rw-r--r-- | 31.7 KB |
| node.c | -rw-r--r-- | 51.7 KB |
| node.h | -rw-r--r-- | 3.9 KB |
| server.c | -rw-r--r-- | 15.2 KB |
| server.h | -rw-r--r-- | 3.6 KB |
| socket.c | -rw-r--r-- | 74.2 KB |
| socket.h | -rw-r--r-- | 2.7 KB |
| subscr.c | -rw-r--r-- | 11.3 KB |
| subscr.h | -rw-r--r-- | 3.3 KB |
| sysctl.c | -rw-r--r-- | 2.5 KB |
| udp_media.c | -rw-r--r-- | 12.6 KB |
Computing file changes ...
