[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Xen-devel] [PATCH 1/2] sysctl: add a new generic strategy to make permanent changes on negative values

To: Andy Lutomirski <luto@xxxxxxxxxx>, Kees Cook <keescook@xxxxxxxxxxxx>
From: Willy Tarreau <w@xxxxxx>
Date: Mon, 3 Aug 2015 20:23:36 +0200
Cc: "security@xxxxxxxxxx" <security@xxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, X86 ML <x86@xxxxxxxxxx>, LKML <linux-kernel@xxxxxxxxxxxxxxx>, Steven Rostedt <rostedt@xxxxxxxxxxx>, xen-devel <xen-devel@xxxxxxxxxxxxx>, Borislav Petkov <bp@xxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Sasha Levin <sasha.levin@xxxxxxxxxx>, Boris Ostrovsky <boris.ostrovsky@xxxxxxxxxx>, Willy Tarreau <w@xxxxxx>
Delivery-date: Mon, 03 Aug 2015 18:24:25 +0000
List-id: Xen developer discussion <xen-devel.lists.xen.org>

The new function is proc_dointvec_minmax_negperm(), it refuses to change
the value if the current one is already negative. This will be used to
lock down some settings such as sensitive system calls.

Signed-off-by: Willy Tarreau <w@xxxxxx>
---
 kernel/sysctl.c | 36 ++++++++++++++++++++++++++++++++++++
 1 file changed, 36 insertions(+)

diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 19b62b5..86c95a8 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -185,6 +185,9 @@ static int proc_dointvec_minmax_sysadmin(struct ctl_table 
*table, int write,
                                void __user *buffer, size_t *lenp, loff_t 
*ppos);
 #endif
 
+static int proc_dointvec_minmax_negperm(struct ctl_table *table, int write,
+               void __user *buffer, size_t *lenp, loff_t *ppos);
+
 static int proc_dointvec_minmax_coredump(struct ctl_table *table, int write,
                void __user *buffer, size_t *lenp, loff_t *ppos);
 #ifdef CONFIG_COREDUMP
@@ -2249,6 +2252,33 @@ static void validate_coredump_safety(void)
 #endif
 }
 
+/* Like minmax except that it refuses any change if the value was already
+ * negative. It silently ignores overrides with the same negative value.
+ */
+static int do_proc_dointvec_negperm_conv(bool *negp, unsigned long *lvalp,
+                                        int *valp,
+                                        int write, void *data)
+{
+       if (write && *valp < 0 && (!*negp || *valp != (int)*lvalp))
+               return -EINVAL;
+
+       return do_proc_dointvec_minmax_conv(negp, lvalp, valp, write, data);
+}
+
+/* Like proc_dointvec_minmax() except that it refuses any change once
+ * the destination is negative. Used to permanently disable some settings.
+ */
+static int proc_dointvec_minmax_negperm(struct ctl_table *table, int write,
+               void __user *buffer, size_t *lenp, loff_t *ppos)
+{
+       struct do_proc_dointvec_minmax_conv_param param = {
+               .min = (int *) table->extra1,
+               .max = (int *) table->extra2,
+       };
+       return do_proc_dointvec(table, write, buffer, lenp, ppos,
+                               do_proc_dointvec_negperm_conv, &param);
+}
+
 static int proc_dointvec_minmax_coredump(struct ctl_table *table, int write,
                void __user *buffer, size_t *lenp, loff_t *ppos)
 {
@@ -2751,6 +2781,12 @@ int proc_dointvec_minmax(struct ctl_table *table, int 
write,
        return -ENOSYS;
 }
 
+static int proc_dointvec_minmax_negperm(struct ctl_table *table, int write,
+                   void __user *buffer, size_t *lenp, loff_t *ppos)
+{
+       return -ENOSYS;
+}
+
 int proc_dointvec_jiffies(struct ctl_table *table, int write,
                    void __user *buffer, size_t *lenp, loff_t *ppos)
 {
-- 
1.7.12.1


_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxx
http://lists.xen.org/xen-devel

Follow-Ups:
- Re: [Xen-devel] [PATCH 1/2] sysctl: add a new generic strategy to make permanent changes on negative values
  - From: Andy Lutomirski

References:
- [Xen-devel] [PATCH 0/2] x86: allow to enable/disable modify_ldt at run time
  - From: Willy Tarreau

Prev by Date: [Xen-devel] [PATCH 0/2] x86: allow to enable/disable modify_ldt at run time
Next by Date: [Xen-devel] [PATCH 2/2] x86/ldt: allow to disable modify_ldt at runtime
Previous by thread: [Xen-devel] [PATCH 0/2] x86: allow to enable/disable modify_ldt at run time
Next by thread: Re: [Xen-devel] [PATCH 1/2] sysctl: add a new generic strategy to make permanent changes on negative values
Index(es):
- Date
- Thread

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.