On Thu, Mar 01, 2018 at 12:43:39PM -0500, Waiman Long wrote: > A user can write arbitrary integer values to msgmni and shmmni sysctl > parameters without getting error, but the actual limit is really > IPCMNI (32k). This can mislead users as they think they can get a > value that is not real. > > Enforcing the limit by failing the sysctl parameter write, however, > can break existing user applications. Instead, the range clamping flag > is set to enforce the limit without failing existing user code. Users > can easily figure out if the sysctl parameter value is out of range > by either reading back the parameter value or checking the kernel > ring buffer for warning. > > Signed-off-by: Waiman Long <[email protected]> > --- > ipc/ipc_sysctl.c | 20 +++++++++++++++++--- > 1 file changed, 17 insertions(+), 3 deletions(-) > > diff --git a/ipc/ipc_sysctl.c b/ipc/ipc_sysctl.c > index 8ad93c2..8eb7268 100644 > --- a/ipc/ipc_sysctl.c > +++ b/ipc/ipc_sysctl.c > @@ -41,12 +41,21 @@ static int proc_ipc_dointvec(struct ctl_table *table, int > write, > static int proc_ipc_dointvec_minmax(struct ctl_table *table, int write, > void __user *buffer, size_t *lenp, loff_t *ppos) > { > + int ret; > struct ctl_table ipc_table; > > memcpy(&ipc_table, table, sizeof(ipc_table)); > ipc_table.data = get_ipc(table); > > - return proc_dointvec_minmax(&ipc_table, write, buffer, lenp, ppos); > + ret = proc_dointvec_minmax(&ipc_table, write, buffer, lenp, ppos); > + > + /* > + * Copy back the CTL_FLAGS_OOR_WARNED flag which may be set in > + * the temporary ctl_table entry. > + */ > + table->flags |= (ipc_table.flags & CTL_FLAGS_OOR_WARNED);
Again, why is this needed? Cant' we do this for the developer somehow? Seems fragile, and if we can do it why not? Luis
