diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2020-06-11 01:05:54 +0200 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2020-06-11 01:05:54 +0200 |
commit | 1c3837266214c1e6fbbb96ff36bee13e923057d8 (patch) | |
tree | df8455bbecf61d15adb4466b920c28e847a593d3 | |
parent | Merge branch 'uaccess.i915' of git://git.kernel.org/pub/scm/linux/kernel/git/... (diff) | |
parent | sysctl: reject gigantic reads/write to sysctl files (diff) | |
download | linux-1c3837266214c1e6fbbb96ff36bee13e923057d8.tar.xz linux-1c3837266214c1e6fbbb96ff36bee13e923057d8.zip |
Merge branch 'work.sysctl' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs
Pull sysctl fixes from Al Viro:
"Fixups to regressions in sysctl series"
* 'work.sysctl' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
sysctl: reject gigantic reads/write to sysctl files
cdrom: fix an incorrect __user annotation on cdrom_sysctl_info
trace: fix an incorrect __user annotation on stack_trace_sysctl
random: fix an incorrect __user annotation on proc_do_entropy
net/sysctl: remove leftover __user annotations on neigh_proc_dointvec*
net/sysctl: use cpumask_parse in flow_limit_cpu_sysctl
-rw-r--r-- | drivers/cdrom/cdrom.c | 2 | ||||
-rw-r--r-- | drivers/char/random.c | 2 | ||||
-rw-r--r-- | fs/proc/proc_sysctl.c | 4 | ||||
-rw-r--r-- | include/linux/ftrace.h | 5 | ||||
-rw-r--r-- | include/net/neighbour.h | 7 | ||||
-rw-r--r-- | kernel/trace/trace_stack.c | 5 | ||||
-rw-r--r-- | net/core/sysctl_net_core.c | 2 |
7 files changed, 14 insertions, 13 deletions
diff --git a/drivers/cdrom/cdrom.c b/drivers/cdrom/cdrom.c index a0a7ae705de8..d82b3b7658bd 100644 --- a/drivers/cdrom/cdrom.c +++ b/drivers/cdrom/cdrom.c @@ -3535,7 +3535,7 @@ static int cdrom_print_info(const char *header, int val, char *info, } static int cdrom_sysctl_info(struct ctl_table *ctl, int write, - void __user *buffer, size_t *lenp, loff_t *ppos) + void *buffer, size_t *lenp, loff_t *ppos) { int pos; char *info = cdrom_sysctl_settings.info; diff --git a/drivers/char/random.c b/drivers/char/random.c index a7cf6aa65908..2a41b21623ae 100644 --- a/drivers/char/random.c +++ b/drivers/char/random.c @@ -2087,7 +2087,7 @@ static int proc_do_uuid(struct ctl_table *table, int write, * Return entropy available scaled to integral bits */ static int proc_do_entropy(struct ctl_table *table, int write, - void __user *buffer, size_t *lenp, loff_t *ppos) + void *buffer, size_t *lenp, loff_t *ppos) { struct ctl_table fake_table; int entropy_count; diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c index 5b405f32971d..42c5128c7d1c 100644 --- a/fs/proc/proc_sysctl.c +++ b/fs/proc/proc_sysctl.c @@ -565,6 +565,10 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *ubuf, if (!table->proc_handler) goto out; + /* don't even try if the size is too large */ + if (count > KMALLOC_MAX_SIZE) + return -ENOMEM; + if (write) { kbuf = memdup_user_nul(ubuf, count); if (IS_ERR(kbuf)) { diff --git a/include/linux/ftrace.h b/include/linux/ftrace.h index dfbbf7a7208b..e339dac91ee6 100644 --- a/include/linux/ftrace.h +++ b/include/linux/ftrace.h @@ -342,9 +342,8 @@ static inline void arch_ftrace_set_direct_caller(struct pt_regs *regs, extern int stack_tracer_enabled; -int stack_trace_sysctl(struct ctl_table *table, int write, - void __user *buffer, size_t *lenp, - loff_t *ppos); +int stack_trace_sysctl(struct ctl_table *table, int write, void *buffer, + size_t *lenp, loff_t *ppos); /* DO NOT MODIFY THIS VARIABLE DIRECTLY! */ DECLARE_PER_CPU(int, disable_stack_tracer); diff --git a/include/net/neighbour.h b/include/net/neighbour.h index e1476775769c..81ee17594c32 100644 --- a/include/net/neighbour.h +++ b/include/net/neighbour.h @@ -392,13 +392,12 @@ void *neigh_seq_next(struct seq_file *, void *, loff_t *); void neigh_seq_stop(struct seq_file *, void *); int neigh_proc_dointvec(struct ctl_table *ctl, int write, - void __user *buffer, size_t *lenp, loff_t *ppos); + void *buffer, size_t *lenp, loff_t *ppos); int neigh_proc_dointvec_jiffies(struct ctl_table *ctl, int write, - void __user *buffer, + void *buffer, size_t *lenp, loff_t *ppos); int neigh_proc_dointvec_ms_jiffies(struct ctl_table *ctl, int write, - void __user *buffer, - size_t *lenp, loff_t *ppos); + void *buffer, size_t *lenp, loff_t *ppos); int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p, proc_handler *proc_handler); diff --git a/kernel/trace/trace_stack.c b/kernel/trace/trace_stack.c index c557f42a9397..98bba4764c52 100644 --- a/kernel/trace/trace_stack.c +++ b/kernel/trace/trace_stack.c @@ -515,9 +515,8 @@ static const struct file_operations stack_trace_filter_fops = { #endif /* CONFIG_DYNAMIC_FTRACE */ int -stack_trace_sysctl(struct ctl_table *table, int write, - void __user *buffer, size_t *lenp, - loff_t *ppos) +stack_trace_sysctl(struct ctl_table *table, int write, void *buffer, + size_t *lenp, loff_t *ppos) { int was_enabled; int ret; diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c index b109cc8a6dd8..f93f8ace6c56 100644 --- a/net/core/sysctl_net_core.c +++ b/net/core/sysctl_net_core.c @@ -128,7 +128,7 @@ static int flow_limit_cpu_sysctl(struct ctl_table *table, int write, return -ENOMEM; if (write) { - ret = cpumask_parse_user(buffer, *lenp, mask); + ret = cpumask_parse(buffer, mask); if (ret) goto done; |