Commit 4aff95ab authored by Namhyung Kim's avatar Namhyung Kim Committed by Greg Kroah-Hartman

sched/debug: Limit sd->*_idx range on sysctl

commit 201c373e upstream.

Various sd->*_idx's are used for refering the rq's load average table
when selecting a cpu to run.  However they can be set to any number
with sysctl knobs so that it can crash the kernel if something bad is
given. Fix it by limiting them into the actual range.
Signed-off-by: default avatarNamhyung Kim <namhyung@kernel.org>
Signed-off-by: default avatarPeter Zijlstra <a.p.zijlstra@chello.nl>
Link: http://lkml.kernel.org/r/1345104204-8317-1-git-send-email-namhyung@kernel.orgSigned-off-by: default avatarIngo Molnar <mingo@kernel.org>
Cc: Rui Xiang <rui.xiang@huawei.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 74d86ed7
...@@ -5433,16 +5433,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep) ...@@ -5433,16 +5433,25 @@ static void sd_free_ctl_entry(struct ctl_table **tablep)
*tablep = NULL; *tablep = NULL;
} }
static int min_load_idx = 0;
static int max_load_idx = CPU_LOAD_IDX_MAX;
static void static void
set_table_entry(struct ctl_table *entry, set_table_entry(struct ctl_table *entry,
const char *procname, void *data, int maxlen, const char *procname, void *data, int maxlen,
umode_t mode, proc_handler *proc_handler) umode_t mode, proc_handler *proc_handler,
bool load_idx)
{ {
entry->procname = procname; entry->procname = procname;
entry->data = data; entry->data = data;
entry->maxlen = maxlen; entry->maxlen = maxlen;
entry->mode = mode; entry->mode = mode;
entry->proc_handler = proc_handler; entry->proc_handler = proc_handler;
if (load_idx) {
entry->extra1 = &min_load_idx;
entry->extra2 = &max_load_idx;
}
} }
static struct ctl_table * static struct ctl_table *
...@@ -5454,30 +5463,30 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd) ...@@ -5454,30 +5463,30 @@ sd_alloc_ctl_domain_table(struct sched_domain *sd)
return NULL; return NULL;
set_table_entry(&table[0], "min_interval", &sd->min_interval, set_table_entry(&table[0], "min_interval", &sd->min_interval,
sizeof(long), 0644, proc_doulongvec_minmax); sizeof(long), 0644, proc_doulongvec_minmax, false);
set_table_entry(&table[1], "max_interval", &sd->max_interval, set_table_entry(&table[1], "max_interval", &sd->max_interval,
sizeof(long), 0644, proc_doulongvec_minmax); sizeof(long), 0644, proc_doulongvec_minmax, false);
set_table_entry(&table[2], "busy_idx", &sd->busy_idx, set_table_entry(&table[2], "busy_idx", &sd->busy_idx,
sizeof(int), 0644, proc_dointvec_minmax); sizeof(int), 0644, proc_dointvec_minmax, true);
set_table_entry(&table[3], "idle_idx", &sd->idle_idx, set_table_entry(&table[3], "idle_idx", &sd->idle_idx,
sizeof(int), 0644, proc_dointvec_minmax); sizeof(int), 0644, proc_dointvec_minmax, true);
set_table_entry(&table[4], "newidle_idx", &sd->newidle_idx, set_table_entry(&table[4], "newidle_idx", &sd->newidle_idx,
sizeof(int), 0644, proc_dointvec_minmax); sizeof(int), 0644, proc_dointvec_minmax, true);
set_table_entry(&table[5], "wake_idx", &sd->wake_idx, set_table_entry(&table[5], "wake_idx", &sd->wake_idx,
sizeof(int), 0644, proc_dointvec_minmax); sizeof(int), 0644, proc_dointvec_minmax, true);
set_table_entry(&table[6], "forkexec_idx", &sd->forkexec_idx, set_table_entry(&table[6], "forkexec_idx", &sd->forkexec_idx,
sizeof(int), 0644, proc_dointvec_minmax); sizeof(int), 0644, proc_dointvec_minmax, true);
set_table_entry(&table[7], "busy_factor", &sd->busy_factor, set_table_entry(&table[7], "busy_factor", &sd->busy_factor,
sizeof(int), 0644, proc_dointvec_minmax); sizeof(int), 0644, proc_dointvec_minmax, false);
set_table_entry(&table[8], "imbalance_pct", &sd->imbalance_pct, set_table_entry(&table[8], "imbalance_pct", &sd->imbalance_pct,
sizeof(int), 0644, proc_dointvec_minmax); sizeof(int), 0644, proc_dointvec_minmax, false);
set_table_entry(&table[9], "cache_nice_tries", set_table_entry(&table[9], "cache_nice_tries",
&sd->cache_nice_tries, &sd->cache_nice_tries,
sizeof(int), 0644, proc_dointvec_minmax); sizeof(int), 0644, proc_dointvec_minmax, false);
set_table_entry(&table[10], "flags", &sd->flags, set_table_entry(&table[10], "flags", &sd->flags,
sizeof(int), 0644, proc_dointvec_minmax); sizeof(int), 0644, proc_dointvec_minmax, false);
set_table_entry(&table[11], "name", sd->name, set_table_entry(&table[11], "name", sd->name,
CORENAME_MAX_SIZE, 0444, proc_dostring); CORENAME_MAX_SIZE, 0444, proc_dostring, false);
/* &table[12] is terminator */ /* &table[12] is terminator */
return table; return table;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment