AuxXxilium/linux_dsm_epyc7002
1
0
Fork 0
mirror of https://github.com/AuxXxilium/linux_dsm_epyc7002.git synced 2025-01-27 17:11:37 +07:00
Code Issues Actions Packages Projects Releases Wiki Activity
c1b1418a66
linux_dsm_epyc7002/include
History
Joe Lawrence 7a8d181949 pipe: add proc_dopipe_max_size() to safely assign pipe_max_size 
pipe_max_size is assigned directly via procfs sysctl:

  static struct ctl_table fs_table[] = {
          ...
          {
                  .procname       = "pipe-max-size",
                  .data           = &pipe_max_size,
                  .maxlen         = sizeof(int),
                  .mode           = 0644,
                  .proc_handler   = &pipe_proc_fn,
                  .extra1         = &pipe_min_size,
          },
          ...

  int pipe_proc_fn(struct ctl_table *table, int write, void __user *buf,
                   size_t *lenp, loff_t *ppos)
  {
          ...
          ret = proc_dointvec_minmax(table, write, buf, lenp, ppos)
          ...

and then later rounded in-place a few statements later:

          ...
          pipe_max_size = round_pipe_size(pipe_max_size);
          ...

This leaves a window of time between initial assignment and rounding
that may be visible to other threads.  (For example, one thread sets a
non-rounded value to pipe_max_size while another reads its value.)

Similar reads of pipe_max_size are potentially racy:

  pipe.c :: alloc_pipe_info()
  pipe.c :: pipe_set_size()

Add a new proc_dopipe_max_size() that consolidates reading the new value
from the user buffer, verifying bounds, and calling round_pipe_size()
with a single assignment to pipe_max_size.

Link: http://lkml.kernel.org/r/1507658689-11669-4-git-send-email-joe.lawrence@redhat.com
Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
Reported-by: Mikulas Patocka <mpatocka@redhat.com>
Reviewed-by: Mikulas Patocka <mpatocka@redhat.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Jens Axboe <axboe@kernel.dk>
Cc: Michael Kerrisk <mtk.manpages@gmail.com>
Cc: Randy Dunlap <rdunlap@infradead.org>
Cc: Josh Poimboeuf <jpoimboe@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
2017-11-17 16:10:03 -08:00
..
acpi TTY/Serial patches for 4.15-rc1 2017-11-13 21:05:31 -08:00
asm-generic bug: fix "cut here" location for __WARN_TAINT architectures 2017-11-17 16:10:01 -08:00
clocksource arm64 updates for 4.15 2017-11-15 10:56:56 -08:00
crypto Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 2017-11-14 10:52:09 -08:00
drm main drm pull request for v4.15 2017-11-15 20:42:10 -08:00
dt-bindings ARM: SoC driver updates for v4.15 2017-11-16 16:05:01 -08:00
keys
kvm
lib
linux pipe: add proc_dopipe_max_size() to safely assign pipe_max_size 2017-11-17 16:10:03 -08:00
math-emu
media media updates for v4.15-rc1 2017-11-15 20:30:12 -08:00
memory
misc
net Merge branch 'akpm' (patches from Andrew) 2017-11-15 19:42:40 -08:00
pcmcia
ras
rdma Updates for 4.15 kernel merge window 2017-11-15 14:54:53 -08:00
scsi SCSI misc on 20171114 2017-11-14 16:23:44 -08:00
soc
sound ASoC: Updates for v4.15 2017-11-13 15:45:57 +01:00
target A couple of configfs cleanups: 2017-11-14 14:44:04 -08:00
trace libnvdimm for 4.15 2017-11-17 09:51:57 -08:00
uapi libnvdimm for 4.15 2017-11-17 09:51:57 -08:00
video
xen xen: features and fixes for v4.15-rc1 2017-11-16 13:06:27 -08:00