[v2,4/6] sysctl: Fixes scsi_logging_level bounds

Message ID	20250224095826.16458-5-nicolas.bouchinet@clip-os.org (mailing list archive)
State	Not Applicable
Headers	show Received: from relay8-d.mail.gandi.net (relay8-d.mail.gandi.net [217.70.183.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 1907A255E4A; Mon, 24 Feb 2025 09:59:06 +0000 (UTC) From: nicolas.bouchinet@clip-os.org To: linux-kernel@vger.kernel.org, linux-rdma@vger.kernel.org, linux-scsi@vger.kernel.org, codalist@coda.cs.cmu.edu, linux-nfs@vger.kernel.org Cc: Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr>, Joel Granados <j.granados@samsung.com>, Clemens Ladisch <clemens@ladisch.de>, Arnd Bergmann <arnd@arndb.de>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Jason Gunthorpe <jgg@ziepe.ca>, Leon Romanovsky <leon@kernel.org>, "James E.J. Bottomley" <James.Bottomley@HansenPartnership.com>, "Martin K. Petersen" <martin.petersen@oracle.com>, Jan Harkes <jaharkes@cs.cmu.edu>, Chuck Lever <chuck.lever@oracle.com>, Jeff Layton <jlayton@kernel.org>, Neil Brown <neilb@suse.de>, Olga Kornievskaia <okorniev@redhat.com>, Dai Ngo <Dai.Ngo@oracle.com>, Tom Talpey <tom@talpey.com>, Trond Myklebust <trondmy@kernel.org>, Anna Schumaker <anna@kernel.org>, Bart Van Assche <bvanassche@acm.org>, Zhu Yanjun <yanjun.zhu@linux.dev>, Al Viro <viro@zeniv.linux.org.uk>, Christian Brauner <brauner@kernel.org> Subject: [PATCH v2 4/6] sysctl: Fixes scsi_logging_level bounds Date: Mon, 24 Feb 2025 10:58:19 +0100 Message-ID: <20250224095826.16458-5-nicolas.bouchinet@clip-os.org> In-Reply-To: <20250224095826.16458-1-nicolas.bouchinet@clip-os.org> References: <20250224095826.16458-1-nicolas.bouchinet@clip-os.org> Precedence: bulk MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	Fixes multiple sysctl bound checks \| expand [v2,0/6] Fixes multiple sysctl bound checks [v2,1/6] sysctl: Fixes idmap_cache_timeout bounds [v2,2/6] sysctl: Fixes nsm_local_state bounds [v2,3/6] sysctl/coda: Fixes timeout bounds [v2,4/6] sysctl: Fixes scsi_logging_level bounds [v2,5/6] sysctl/infiniband: Fixes infiniband sysctl bounds [v2,6/6] sysctl: Fixes max-user-freq bounds

Message ID

20250224095826.16458-5-nicolas.bouchinet@clip-os.org (mailing list archive)

State

Not Applicable

Headers

From: nicolas.bouchinet@clip-os.org
To: linux-kernel@vger.kernel.org,
	linux-rdma@vger.kernel.org,
	linux-scsi@vger.kernel.org,
	codalist@coda.cs.cmu.edu,
	linux-nfs@vger.kernel.org
Cc: Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr>,
	Joel Granados <j.granados@samsung.com>,
	Clemens Ladisch <clemens@ladisch.de>,
	Arnd Bergmann <arnd@arndb.de>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Jason Gunthorpe <jgg@ziepe.ca>,
	Leon Romanovsky <leon@kernel.org>,
	"James E.J. Bottomley" <James.Bottomley@HansenPartnership.com>,
	"Martin K. Petersen" <martin.petersen@oracle.com>,
	Jan Harkes <jaharkes@cs.cmu.edu>,
	Chuck Lever <chuck.lever@oracle.com>,
	Jeff Layton <jlayton@kernel.org>,
	Neil Brown <neilb@suse.de>,
	Olga Kornievskaia <okorniev@redhat.com>,
	Dai Ngo <Dai.Ngo@oracle.com>,
	Tom Talpey <tom@talpey.com>,
	Trond Myklebust <trondmy@kernel.org>,
	Anna Schumaker <anna@kernel.org>,
	Bart Van Assche <bvanassche@acm.org>,
	Zhu Yanjun <yanjun.zhu@linux.dev>,
	Al Viro <viro@zeniv.linux.org.uk>,
	Christian Brauner <brauner@kernel.org>
Subject: [PATCH v2 4/6] sysctl: Fixes scsi_logging_level bounds
Date: Mon, 24 Feb 2025 10:58:19 +0100
Message-ID: <20250224095826.16458-5-nicolas.bouchinet@clip-os.org>
In-Reply-To: <20250224095826.16458-1-nicolas.bouchinet@clip-os.org>
References: <20250224095826.16458-1-nicolas.bouchinet@clip-os.org>
Precedence: bulk
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

Fixes multiple sysctl bound checks | expand

Commit Message

Nicolas Bouchinet Feb. 24, 2025, 9:58 a.m. UTC

From: Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr>

Bound scsi_logging_level sysctl writings between SYSCTL_ZERO
and SYSCTL_INT_MAX.

The proc_handler has thus been updated to proc_dointvec_minmax.

Signed-off-by: Nicolas Bouchinet <nicolas.bouchinet@ssi.gouv.fr>
---
 drivers/scsi/scsi_sysctl.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

Comments

Martin K. Petersen Feb. 25, 2025, 1:20 a.m. UTC | #1

Hi Nicolas!

> --- a/drivers/scsi/scsi_sysctl.c
> +++ b/drivers/scsi/scsi_sysctl.c
> @@ -17,7 +17,9 @@ static const struct ctl_table scsi_table[] = {
>  	  .data		= &scsi_logging_level,
>  	  .maxlen	= sizeof(scsi_logging_level),
>  	  .mode		= 0644,
> -	  .proc_handler	= proc_dointvec },
> +	  .proc_handler	= proc_dointvec_minmax,
> +	  .extra1	= SYSCTL_ZERO,
> +	  .extra2	= SYSCTL_INT_MAX },

scsi_logging_level is a bitmask and should be unsigned.

Nicolas Bouchinet Feb. 25, 2025, 10:47 a.m. UTC | #2

On 2/25/25 02:20, Martin K. Petersen wrote:
> Hi Nicolas!
>
>> --- a/drivers/scsi/scsi_sysctl.c
>> +++ b/drivers/scsi/scsi_sysctl.c
>> @@ -17,7 +17,9 @@ static const struct ctl_table scsi_table[] = {
>>   	  .data		= &scsi_logging_level,
>>   	  .maxlen	= sizeof(scsi_logging_level),
>>   	  .mode		= 0644,
>> -	  .proc_handler	= proc_dointvec },
>> +	  .proc_handler	= proc_dointvec_minmax,
>> +	  .extra1	= SYSCTL_ZERO,
>> +	  .extra2	= SYSCTL_INT_MAX },
> scsi_logging_level is a bitmask and should be unsigned.
>

Hi Martin,

Thank's for your review.

Does `scsi_logging_level` needs the full range of a unsigned 32-bit 
integer ?
As it was using `proc_dointvec`, it was capped to an INT_MAX.

If it effectively need the full range of an unsigned 32-bit integer, the
`proc_handler` could be changed to `proc_douintvec` as suggested by Chuck.

Best regards,

Nicolas

Joel Granados March 3, 2025, 2:04 p.m. UTC | #3

On Tue, Feb 25, 2025 at 11:47:42AM +0100, Nicolas Bouchinet wrote:
> 
> On 2/25/25 02:20, Martin K. Petersen wrote:
> > Hi Nicolas!
> > 
> > > --- a/drivers/scsi/scsi_sysctl.c
> > > +++ b/drivers/scsi/scsi_sysctl.c
> > > @@ -17,7 +17,9 @@ static const struct ctl_table scsi_table[] = {
> > >   	  .data		= &scsi_logging_level,
> > >   	  .maxlen	= sizeof(scsi_logging_level),
> > >   	  .mode		= 0644,
> > > -	  .proc_handler	= proc_dointvec },
> > > +	  .proc_handler	= proc_dointvec_minmax,
> > > +	  .extra1	= SYSCTL_ZERO,
> > > +	  .extra2	= SYSCTL_INT_MAX },
> > scsi_logging_level is a bitmask and should be unsigned.
> > 
> 
> Hi Martin,
> 
> Thank's for your review.
> 
> Does `scsi_logging_level` needs the full range of a unsigned 32-bit integer
> ?
> As it was using `proc_dointvec`, it was capped to an INT_MAX.
> 
> If it effectively need the full range of an unsigned 32-bit integer, the
> `proc_handler` could be changed to `proc_douintvec` as suggested by Chuck.
And as mentioned in another patch in this series:
1. Having the upper bound be SYSCTL_INT_MAX is not necessary (as it is
   silently capped by proc_dointvec_minmax, but it is good to have as it
   adds to the understanding on what the range of the values are.

2. Having the lower bound capped by SYSCTL_ZERO is needed as it will
   prevent ppl trying to assigning negative values to the unsigned integer

Let me know if you take this through the scsi subsystem so I know to
drop it from sysctl 

Best

Reviewed-by: Joel Granados <joel.granados@kernel.org>


> 
> Best regards,
> 
> Nicolas
>

diff --git a/drivers/scsi/scsi_sysctl.c b/drivers/scsi/scsi_sysctl.c
index be4aef0f4f996..055a03a83ad68 100644
--- a/drivers/scsi/scsi_sysctl.c
+++ b/drivers/scsi/scsi_sysctl.c
@@ -17,7 +17,9 @@  static const struct ctl_table scsi_table[] = {
 	  .data		= &scsi_logging_level,
 	  .maxlen	= sizeof(scsi_logging_level),
 	  .mode		= 0644,
-	  .proc_handler	= proc_dointvec },
+	  .proc_handler	= proc_dointvec_minmax,
+	  .extra1	= SYSCTL_ZERO,
+	  .extra2	= SYSCTL_INT_MAX },
 };
 
 static struct ctl_table_header *scsi_table_header;

[v2,4/6] sysctl: Fixes scsi_logging_level bounds

Commit Message

Comments

Patch