提交 1c383726 编写于 作者: L Linus Torvalds

Merge branch 'work.sysctl' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs

Pull sysctl fixes from Al Viro:
 "Fixups to regressions in sysctl series"

* 'work.sysctl' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs:
  sysctl: reject gigantic reads/write to sysctl files
  cdrom: fix an incorrect __user annotation on cdrom_sysctl_info
  trace: fix an incorrect __user annotation on stack_trace_sysctl
  random: fix an incorrect __user annotation on proc_do_entropy
  net/sysctl: remove leftover __user annotations on neigh_proc_dointvec*
  net/sysctl: use cpumask_parse in flow_limit_cpu_sysctl
...@@ -3535,7 +3535,7 @@ static int cdrom_print_info(const char *header, int val, char *info, ...@@ -3535,7 +3535,7 @@ static int cdrom_print_info(const char *header, int val, char *info,
} }
static int cdrom_sysctl_info(struct ctl_table *ctl, int write, static int cdrom_sysctl_info(struct ctl_table *ctl, int write,
void __user *buffer, size_t *lenp, loff_t *ppos) void *buffer, size_t *lenp, loff_t *ppos)
{ {
int pos; int pos;
char *info = cdrom_sysctl_settings.info; char *info = cdrom_sysctl_settings.info;
......
...@@ -2087,7 +2087,7 @@ static int proc_do_uuid(struct ctl_table *table, int write, ...@@ -2087,7 +2087,7 @@ static int proc_do_uuid(struct ctl_table *table, int write,
* Return entropy available scaled to integral bits * Return entropy available scaled to integral bits
*/ */
static int proc_do_entropy(struct ctl_table *table, int write, static int proc_do_entropy(struct ctl_table *table, int write,
void __user *buffer, size_t *lenp, loff_t *ppos) void *buffer, size_t *lenp, loff_t *ppos)
{ {
struct ctl_table fake_table; struct ctl_table fake_table;
int entropy_count; int entropy_count;
......
...@@ -565,6 +565,10 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *ubuf, ...@@ -565,6 +565,10 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *ubuf,
if (!table->proc_handler) if (!table->proc_handler)
goto out; goto out;
/* don't even try if the size is too large */
if (count > KMALLOC_MAX_SIZE)
return -ENOMEM;
if (write) { if (write) {
kbuf = memdup_user_nul(ubuf, count); kbuf = memdup_user_nul(ubuf, count);
if (IS_ERR(kbuf)) { if (IS_ERR(kbuf)) {
......
...@@ -342,9 +342,8 @@ static inline void arch_ftrace_set_direct_caller(struct pt_regs *regs, ...@@ -342,9 +342,8 @@ static inline void arch_ftrace_set_direct_caller(struct pt_regs *regs,
extern int stack_tracer_enabled; extern int stack_tracer_enabled;
int stack_trace_sysctl(struct ctl_table *table, int write, int stack_trace_sysctl(struct ctl_table *table, int write, void *buffer,
void __user *buffer, size_t *lenp, size_t *lenp, loff_t *ppos);
loff_t *ppos);
/* DO NOT MODIFY THIS VARIABLE DIRECTLY! */ /* DO NOT MODIFY THIS VARIABLE DIRECTLY! */
DECLARE_PER_CPU(int, disable_stack_tracer); DECLARE_PER_CPU(int, disable_stack_tracer);
......
...@@ -392,13 +392,12 @@ void *neigh_seq_next(struct seq_file *, void *, loff_t *); ...@@ -392,13 +392,12 @@ void *neigh_seq_next(struct seq_file *, void *, loff_t *);
void neigh_seq_stop(struct seq_file *, void *); void neigh_seq_stop(struct seq_file *, void *);
int neigh_proc_dointvec(struct ctl_table *ctl, int write, int neigh_proc_dointvec(struct ctl_table *ctl, int write,
void __user *buffer, size_t *lenp, loff_t *ppos); void *buffer, size_t *lenp, loff_t *ppos);
int neigh_proc_dointvec_jiffies(struct ctl_table *ctl, int write, int neigh_proc_dointvec_jiffies(struct ctl_table *ctl, int write,
void __user *buffer, void *buffer,
size_t *lenp, loff_t *ppos); size_t *lenp, loff_t *ppos);
int neigh_proc_dointvec_ms_jiffies(struct ctl_table *ctl, int write, int neigh_proc_dointvec_ms_jiffies(struct ctl_table *ctl, int write,
void __user *buffer, void *buffer, size_t *lenp, loff_t *ppos);
size_t *lenp, loff_t *ppos);
int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p, int neigh_sysctl_register(struct net_device *dev, struct neigh_parms *p,
proc_handler *proc_handler); proc_handler *proc_handler);
......
...@@ -515,9 +515,8 @@ static const struct file_operations stack_trace_filter_fops = { ...@@ -515,9 +515,8 @@ static const struct file_operations stack_trace_filter_fops = {
#endif /* CONFIG_DYNAMIC_FTRACE */ #endif /* CONFIG_DYNAMIC_FTRACE */
int int
stack_trace_sysctl(struct ctl_table *table, int write, stack_trace_sysctl(struct ctl_table *table, int write, void *buffer,
void __user *buffer, size_t *lenp, size_t *lenp, loff_t *ppos)
loff_t *ppos)
{ {
int was_enabled; int was_enabled;
int ret; int ret;
......
...@@ -128,7 +128,7 @@ static int flow_limit_cpu_sysctl(struct ctl_table *table, int write, ...@@ -128,7 +128,7 @@ static int flow_limit_cpu_sysctl(struct ctl_table *table, int write,
return -ENOMEM; return -ENOMEM;
if (write) { if (write) {
ret = cpumask_parse_user(buffer, *lenp, mask); ret = cpumask_parse(buffer, mask);
if (ret) if (ret)
goto done; goto done;
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册