On Mon, Jan 30, 2017 at 02:38:03PM +0100, Petr Mladek wrote: > We must not access userspace pointer directly. One solution would be > to use get_user().
Good point. > But a better solution might be to check also the trailing '\0' in > __control_devkmsg, see below. I has several advantages: > > + we will never assign "invalid" value to @devkmsg_log and > do not need to revert it. Only devkmsg_log_str must be > reverted. > > + __control_devkmsg() do not need to return the length of the > string. We could simply check the error code. > > * the err variable will have the same meaning for both > __control_devkmsg() and proc_dostring(). > Sounds good to me. > Note that > > echo "ratelimitXXXXXX" >/proc/sys/kernel/printk_devkmsg > > succeeds because the copied string is limited by DEVKMSG_STR_MAX_SIZE. > We would need to add at least one byte to be able to detect an error > but I am not sure if it is worth it. So my reasoning here was to allow only '<str>' or '<str>\n' - where <str> is one of the three accepted settings and fail everything else. That's why I did return the strlen. Accepting $ echo "ratelimitXXXXXX" > ... looks strange to me and silly and misleading and... IOW, I'd like the user to know what she does and mean it. No sloppy inputs. -- Regards/Gruss, Boris. SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) --