sysctl: simplify unsigned int support

Commit e7d316a02f68 ("sysctl: handle error writing UINT_MAX to u32 fields") added proc_douintvec() to start help adding support for unsigned int, this however was only half the work needed. Two fixes have come in since then for the following issues: o Printing the values shows a negative value, this happens since do_proc_dointvec() and this uses proc_put_long() This was fixed by commit 5380e5644afbba9 ("sysctl: don't print negative flag for proc_douintvec"). o We can easily wrap around the int values: UINT_MAX is 4294967295, if we echo in 4294967295 + 1 we end up with 0, using 4294967295 + 2 we end up with 1. o We echo negative values in and they are accepted This was fixed by commit 425fffd886ba ("sysctl: report EINVAL if value is larger than UINT_MAX for proc_douintvec"). It still also failed to be added to sysctl_check_table()... instead of adding it with the current implementation just provide a proper and simplified unsigned int support without any array unsigned int support with no negative support at all. Historically sysctl proc helpers have supported arrays, due to the complexity this adds though we've taken a step back to evaluate array users to determine if its worth upkeeping for unsigned int. An evaluation using Coccinelle has been done to perform a grammatical search to ask ourselves: o How many sysctl proc_dointvec() (int) users exist which likely should be moved over to proc_douintvec() (unsigned int) ? Answer: about 8 - Of these how many are array users ? Answer: Probably only 1 o How many sysctl array users exist ? Answer: about 12 This last question gives us an idea just how popular arrays: they are not. Array support should probably just be kept for strings. The identified uint ports are: drivers/infiniband/core/ucma.c - max_backlog drivers/infiniband/core/iwcm.c - default_backlog net/core/sysctl_net_core.c - rps_sock_flow_sysctl() net/netfilter/nf_conntrack_timestamp.c - nf_conntrack_timestamp -- bool net/netfilter/nf_conntrack_acct.c nf_conntrack_acct -- bool net/netfilter/nf_conntrack_ecache.c - nf_conntrack_events -- bool net/netfilter/nf_conntrack_helper.c - nf_conntrack_helper -- bool net/phonet/sysctl.c proc_local_port_range() The only possible array users is proc_local_port_range() but it does not seem worth it to add array support just for this given the range support works just as well. Unsigned int support should be desirable more for when you *need* more than INT_MAX or using int min/max support then does not suffice for your ranges. If you forget and by mistake happen to register an unsigned int proc entry with an array, the driver will fail and you will get something as follows: sysctl table check failed: debug/test_sysctl//uint_0002 array now allowed CPU: 2 PID: 1342 Comm: modprobe Tainted: G W E <etc> Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS <etc> Call Trace: dump_stack+0x63/0x81 __register_sysctl_table+0x350/0x650 ? kmem_cache_alloc_trace+0x107/0x240 __register_sysctl_paths+0x1b3/0x1e0 ? 0xffffffffc005f000 register_sysctl_table+0x1f/0x30 test_sysctl_init+0x10/0x1000 [test_sysctl] do_one_initcall+0x52/0x1a0 ? kmem_cache_alloc_trace+0x107/0x240 do_init_module+0x5f/0x200 load_module+0x1867/0x1bd0 ? __symbol_put+0x60/0x60 SYSC_finit_module+0xdf/0x110 SyS_finit_module+0xe/0x10 entry_SYSCALL_64_fastpath+0x1e/0xad RIP: 0033:0x7f042b22d119 <etc> Fixes: e7d316a02f68 ("sysctl: handle error writing UINT_MAX to u32 fields") Link: http://lkml.kernel.org/r/20170519033554.18592-5-mcgrof@kernel.org Signed-off-by: Luis R. Rodriguez <mcgrof@kernel.org> Suggested-by: Alexey Dobriyan <adobriyan@gmail.com> Cc: Subash Abhinov Kasiviswanathan <subashab@codeaurora.org> Cc: Liping Zhang <zlpnobody@gmail.com> Cc: Alexey Dobriyan <adobriyan@gmail.com> Cc: Heinrich Schuchardt <xypron.glpk@gmx.de> Cc: Kees Cook <keescook@chromium.org> Cc: "David S. Miller" <davem@davemloft.net> Cc: Ingo Molnar <mingo@redhat.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Luis R. Rodriguez <mcgrof@kernel.org> 2017-07-12 17:33:36 -0400
committer: Linus Torvalds <torvalds@linux-foundation.org> 2017-07-12 19:26:00 -0400
commit: 4f2fec00afa60aa8e5d1b7f2a8e0526900f55623 (patch)
tree: 0ea7e3021eb356faf6b49543e328c9735acc5da9 /kernel/sysctl.c
parent: d383d48470819e86fe30eb72f0e9494e1ee0e2af (diff)
1 files changed, 146 insertions, 7 deletions
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 6f3bb1f099fa..d12078fc215f 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -2175,19 +2175,18 @@ static int do_proc_dointvec_conv(bool *negp, unsigned long *lvalp,
        return 0;
 }
-static int do_proc_douintvec_conv(bool *negp, unsigned long *lvalp,
+static int do_proc_douintvec_conv(unsigned long *lvalp,
-                                 int *valp,
+                                  unsigned int *valp,
-                                 int write, void *data)
+                                  int write, void *data)
 {
        if (write) {
-                if (*negp)
+                if (*lvalp > UINT_MAX)
                        return -EINVAL;
                if (*lvalp > UINT_MAX)
                        return -EINVAL;
                *valp = *lvalp;
        } else {
                unsigned int val = *valp;
-                *negp = false;
                *lvalp = (unsigned long)val;
        }
        return 0;
@@ -2287,6 +2286,146 @@ static int do_proc_dointvec(struct ctl_table *table, int write,
                        buffer, lenp, ppos, conv, data);
 }
+static int do_proc_douintvec_w(unsigned int *tbl_data,
+                               struct ctl_table *table,
+                               void __user *buffer,
+                               size_t *lenp, loff_t *ppos,
+                               int (*conv)(unsigned long *lvalp,
+                                           unsigned int *valp,
+                                           int write, void *data),
+                               void *data)
+{
+        unsigned long lval;
+        int err = 0;
+        size_t left;
+        bool neg;
+        char *kbuf = NULL, *p;
+        left = *lenp;
+        if (proc_first_pos_non_zero_ignore(ppos, table))
+                goto bail_early;
+        if (left > PAGE_SIZE - 1)
+                left = PAGE_SIZE - 1;
+        p = kbuf = memdup_user_nul(buffer, left);
+        if (IS_ERR(kbuf))
+                return -EINVAL;
+        left -= proc_skip_spaces(&p);
+        if (!left) {
+                err = -EINVAL;
+                goto out_free;
+        }
+        err = proc_get_long(&p, &left, &lval, &neg,
+                             proc_wspace_sep,
+                             sizeof(proc_wspace_sep), NULL);
+        if (err || neg) {
+                err = -EINVAL;
+                goto out_free;
+        }
+        if (conv(&lval, tbl_data, 1, data)) {
+                err = -EINVAL;
+                goto out_free;
+        }
+        if (!err && left)
+                left -= proc_skip_spaces(&p);
+out_free:
+        kfree(kbuf);
+        if (err)
+                return -EINVAL;
+        return 0;
+        /* This is in keeping with old __do_proc_dointvec() */
+bail_early:
+        *ppos += *lenp;
+        return err;
+}
+static int do_proc_douintvec_r(unsigned int *tbl_data, void __user *buffer,
+                               size_t *lenp, loff_t *ppos,
+                               int (*conv)(unsigned long *lvalp,
+                                           unsigned int *valp,
+                                           int write, void *data),
+                               void *data)
+{
+        unsigned long lval;
+        int err = 0;
+        size_t left;
+        left = *lenp;
+        if (conv(&lval, tbl_data, 0, data)) {
+                err = -EINVAL;
+                goto out;
+        }
+        err = proc_put_long(&buffer, &left, lval, false);
+        if (err || !left)
+                goto out;
+        err = proc_put_char(&buffer, &left, '\n');
+out:
+        *lenp -= left;
+        *ppos += *lenp;
+        return err;
+}
+static int __do_proc_douintvec(void *tbl_data, struct ctl_table *table,
+                               int write, void __user *buffer,
+                               size_t *lenp, loff_t *ppos,
+                               int (*conv)(unsigned long *lvalp,
+                                           unsigned int *valp,
+                                           int write, void *data),
+                               void *data)
+{
+        unsigned int *i, vleft;
+        if (!tbl_data || !table->maxlen || !*lenp || (*ppos && !write)) {
+                *lenp = 0;
+                return 0;
+        }
+        i = (unsigned int *) tbl_data;
+        vleft = table->maxlen / sizeof(*i);
+        /*
+         * Arrays are not supported, keep this simple. *Do not* add
+         * support for them.
+         */
+        if (vleft != 1) {
+                *lenp = 0;
+                return -EINVAL;
+        }
+        if (!conv)
+                conv = do_proc_douintvec_conv;
+        if (write)
+                return do_proc_douintvec_w(i, table, buffer, lenp, ppos,
+                                           conv, data);
+        return do_proc_douintvec_r(i, buffer, lenp, ppos, conv, data);
+}
+static int do_proc_douintvec(struct ctl_table *table, int write,
+                             void __user *buffer, size_t *lenp, loff_t *ppos,
+                             int (*conv)(unsigned long *lvalp,
+                                         unsigned int *valp,
+                                         int write, void *data),
+                             void *data)
+{
+        return __do_proc_douintvec(table->data, table, write,
+                                   buffer, lenp, ppos, conv, data);
+}
 /**
 * proc_dointvec - read a vector of integers
 * @table: the sysctl table
@@ -2322,8 +2461,8 @@ int proc_dointvec(struct ctl_table *table, int write,
 int proc_douintvec(struct ctl_table *table, int write,
                     void __user *buffer, size_t *lenp, loff_t *ppos)
 {
-        return do_proc_dointvec(table, write, buffer, lenp, ppos,
+        return do_proc_douintvec(table, write, buffer, lenp, ppos,
-                                do_proc_douintvec_conv, NULL);
+                                 do_proc_douintvec_conv, NULL);
 }
 /*
author	Luis R. Rodriguez <mcgrof@kernel.org>	2017-07-12 17:33:36 -0400
committer	Linus Torvalds <torvalds@linux-foundation.org>	2017-07-12 19:26:00 -0400
commit	4f2fec00afa60aa8e5d1b7f2a8e0526900f55623 (patch)
tree	0ea7e3021eb356faf6b49543e328c9735acc5da9 /kernel/sysctl.c
parent	d383d48470819e86fe30eb72f0e9494e1ee0e2af (diff)

diff --git a/kernel/sysctl.c b/kernel/sysctl.c index 6f3bb1f099fa..d12078fc215f 100644 --- a/kernel/sysctl.c +++ b/kernel/sysctl.c
@@ -2175,19 +2175,18 @@ static int do_proc_dointvec_conv(bool negp, unsigned long lvalp,
2175	return 0;	2175	return 0;
2176	}	2176	}
2177		2177
2178	static int do_proc_douintvec_conv(bool negp, unsigned long lvalp,	2178	static int do_proc_douintvec_conv(unsigned long *lvalp,
2179	int *valp,	2179	unsigned int *valp,
2180	int write, void *data)	2180	int write, void *data)
2181	{	2181	{
2182	if (write) {	2182	if (write) {
2183	if (*negp)	2183	if (*lvalp > UINT_MAX)
2184	return -EINVAL;	2184	return -EINVAL;
2185	if (*lvalp > UINT_MAX)	2185	if (*lvalp > UINT_MAX)
2186	return -EINVAL;	2186	return -EINVAL;
2187	valp = lvalp;	2187	valp = lvalp;
2188	} else {	2188	} else {
2189	unsigned int val = *valp;	2189	unsigned int val = *valp;
2190	*negp = false;
2191	*lvalp = (unsigned long)val;	2190	*lvalp = (unsigned long)val;
2192	}	2191	}
2193	return 0;	2192	return 0;
@@ -2287,6 +2286,146 @@ static int do_proc_dointvec(struct ctl_table *table, int write,
2287	buffer, lenp, ppos, conv, data);	2286	buffer, lenp, ppos, conv, data);
2288	}	2287	}
2289		2288
		2289	static int do_proc_douintvec_w(unsigned int *tbl_data,
		2290	struct ctl_table *table,
		2291	void __user *buffer,
		2292	size_t lenp, loff_t ppos,
		2293	int (conv)(unsigned long lvalp,
		2294	unsigned int *valp,
		2295	int write, void *data),
		2296	void *data)
		2297	{
		2298	unsigned long lval;
		2299	int err = 0;
		2300	size_t left;
		2301	bool neg;
		2302	char kbuf = NULL, p;
		2303
		2304	left = *lenp;
		2305
		2306	if (proc_first_pos_non_zero_ignore(ppos, table))
		2307	goto bail_early;
		2308
		2309	if (left > PAGE_SIZE - 1)
		2310	left = PAGE_SIZE - 1;
		2311
		2312	p = kbuf = memdup_user_nul(buffer, left);
		2313	if (IS_ERR(kbuf))
		2314	return -EINVAL;
		2315
		2316	left -= proc_skip_spaces(&p);
		2317	if (!left) {
		2318	err = -EINVAL;
		2319	goto out_free;
		2320	}
		2321
		2322	err = proc_get_long(&p, &left, &lval, &neg,
		2323	proc_wspace_sep,
		2324	sizeof(proc_wspace_sep), NULL);
		2325	if (err \|\| neg) {
		2326	err = -EINVAL;
		2327	goto out_free;
		2328	}
		2329
		2330	if (conv(&lval, tbl_data, 1, data)) {
		2331	err = -EINVAL;
		2332	goto out_free;
		2333	}
		2334
		2335	if (!err && left)
		2336	left -= proc_skip_spaces(&p);
		2337
		2338	out_free:
		2339	kfree(kbuf);
		2340	if (err)
		2341	return -EINVAL;
		2342
		2343	return 0;
		2344
		2345	/* This is in keeping with old __do_proc_dointvec() */
		2346	bail_early:
		2347	ppos += lenp;
		2348	return err;
		2349	}
		2350
		2351	static int do_proc_douintvec_r(unsigned int tbl_data, void __user buffer,
		2352	size_t lenp, loff_t ppos,
		2353	int (conv)(unsigned long lvalp,
		2354	unsigned int *valp,
		2355	int write, void *data),
		2356	void *data)
		2357	{
		2358	unsigned long lval;
		2359	int err = 0;
		2360	size_t left;
		2361
		2362	left = *lenp;
		2363
		2364	if (conv(&lval, tbl_data, 0, data)) {
		2365	err = -EINVAL;
		2366	goto out;
		2367	}
		2368
		2369	err = proc_put_long(&buffer, &left, lval, false);
		2370	if (err \|\| !left)
		2371	goto out;
		2372
		2373	err = proc_put_char(&buffer, &left, '\n');
		2374
		2375	out:
		2376	*lenp -= left;
		2377	ppos += lenp;
		2378
		2379	return err;
		2380	}
		2381
		2382	static int __do_proc_douintvec(void tbl_data, struct ctl_table table,
		2383	int write, void __user *buffer,
		2384	size_t lenp, loff_t ppos,
		2385	int (conv)(unsigned long lvalp,
		2386	unsigned int *valp,
		2387	int write, void *data),
		2388	void *data)
		2389	{
		2390	unsigned int *i, vleft;
		2391
		2392	if (!tbl_data \|\| !table->maxlen \|\| !lenp \|\| (ppos && !write)) {
		2393	*lenp = 0;
		2394	return 0;
		2395	}
		2396
		2397	i = (unsigned int *) tbl_data;
		2398	vleft = table->maxlen / sizeof(*i);
		2399
		2400	/*
		2401	* Arrays are not supported, keep this simple. Do not add
		2402	* support for them.
		2403	*/
		2404	if (vleft != 1) {
		2405	*lenp = 0;
		2406	return -EINVAL;
		2407	}
		2408
		2409	if (!conv)
		2410	conv = do_proc_douintvec_conv;
		2411
		2412	if (write)
		2413	return do_proc_douintvec_w(i, table, buffer, lenp, ppos,
		2414	conv, data);
		2415	return do_proc_douintvec_r(i, buffer, lenp, ppos, conv, data);
		2416	}
		2417
		2418	static int do_proc_douintvec(struct ctl_table *table, int write,
		2419	void __user buffer, size_t lenp, loff_t *ppos,
		2420	int (conv)(unsigned long lvalp,
		2421	unsigned int *valp,
		2422	int write, void *data),
		2423	void *data)
		2424	{
		2425	return __do_proc_douintvec(table->data, table, write,
		2426	buffer, lenp, ppos, conv, data);
		2427	}
		2428
2290	/**	2429	/**
2291	* proc_dointvec - read a vector of integers	2430	* proc_dointvec - read a vector of integers
2292	* @table: the sysctl table	2431	* @table: the sysctl table
@@ -2322,8 +2461,8 @@ int proc_dointvec(struct ctl_table *table, int write,
2322	int proc_douintvec(struct ctl_table *table, int write,	2461	int proc_douintvec(struct ctl_table *table, int write,
2323	void __user buffer, size_t lenp, loff_t *ppos)	2462	void __user buffer, size_t lenp, loff_t *ppos)
2324	{	2463	{
2325	return do_proc_dointvec(table, write, buffer, lenp, ppos,	2464	return do_proc_douintvec(table, write, buffer, lenp, ppos,
2326	do_proc_douintvec_conv, NULL);	2465	do_proc_douintvec_conv, NULL);
2327	}	2466	}
2328		2467
2329	/*	2468	/*