diff options
Diffstat (limited to 'sys-kernel/cairn-sources/files/5.10.4/hardened-patches/0087-sysctl-expose-proc_dointvec_minmax_sysadmin-as-API-f.patch')
| -rw-r--r-- | sys-kernel/cairn-sources/files/5.10.4/hardened-patches/0087-sysctl-expose-proc_dointvec_minmax_sysadmin-as-API-f.patch | 95 |
1 files changed, 95 insertions, 0 deletions
diff --git a/sys-kernel/cairn-sources/files/5.10.4/hardened-patches/0087-sysctl-expose-proc_dointvec_minmax_sysadmin-as-API-f.patch b/sys-kernel/cairn-sources/files/5.10.4/hardened-patches/0087-sysctl-expose-proc_dointvec_minmax_sysadmin-as-API-f.patch new file mode 100644 index 000000000000..c3b2536556f9 --- /dev/null +++ b/sys-kernel/cairn-sources/files/5.10.4/hardened-patches/0087-sysctl-expose-proc_dointvec_minmax_sysadmin-as-API-f.patch @@ -0,0 +1,95 @@ +From b3e61892d172016a68892712e96fa3abf95e6f1d Mon Sep 17 00:00:00 2001 +From: Levente Polyak <levente@leventepolyak.net> +Date: Sun, 6 Sep 2020 20:28:32 +0200 +Subject: [PATCH 087/112] sysctl: expose proc_dointvec_minmax_sysadmin as API + function + +Orthogonal to the other sysctl proc functions expose the variant that is +checking CAP_SYS_ADMIN on write for consumption in external subsystem's +sysctl tables. + +Signed-off-by: Levente Polyak <levente@leventepolyak.net> +--- + include/linux/sysctl.h | 2 ++ + kernel/sysctl.c | 31 ++++++++++++++++++++++++++++--- + 2 files changed, 30 insertions(+), 3 deletions(-) + +diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h +index 51298a4f4623..b835c57330f2 100644 +--- a/include/linux/sysctl.h ++++ b/include/linux/sysctl.h +@@ -53,6 +53,8 @@ int proc_douintvec(struct ctl_table *, int, void *, size_t *, loff_t *); + int proc_dointvec_minmax(struct ctl_table *, int, void *, size_t *, loff_t *); + int proc_douintvec_minmax(struct ctl_table *table, int write, void *buffer, + size_t *lenp, loff_t *ppos); ++int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, ++ void *buffer, size_t *lenp, loff_t *ppos); + int proc_dointvec_jiffies(struct ctl_table *, int, void *, size_t *, loff_t *); + int proc_dointvec_userhz_jiffies(struct ctl_table *, int, void *, size_t *, + loff_t *); +diff --git a/kernel/sysctl.c b/kernel/sysctl.c +index 7fda9f61ea1a..13b619e46ade 100644 +--- a/kernel/sysctl.c ++++ b/kernel/sysctl.c +@@ -890,8 +890,27 @@ static int proc_taint(struct ctl_table *table, int write, + return err; + } + +-#ifdef CONFIG_PRINTK +-static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, ++/** ++ * proc_dointvec_minmax_sysadmin - read a vector of integers with min/max values ++ * checking CAP_SYS_ADMIN on write ++ * @table: the sysctl table ++ * @write: %TRUE if this is a write to the sysctl file ++ * @buffer: the user buffer ++ * @lenp: the size of the user buffer ++ * @ppos: file position ++ * ++ * Reads/writes up to table->maxlen/sizeof(unsigned int) integer ++ * values from/to the user buffer, treated as an ASCII string. ++ * ++ * This routine will ensure the values are within the range specified by ++ * table->extra1 (min) and table->extra2 (max). ++ * ++ * Writing is only allowed when root has CAP_SYS_ADMIN. ++ * ++ * Returns 0 on success, -EPERM on permission failure or -EINVAL on write ++ * when the range check fails. ++ */ ++int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, + void *buffer, size_t *lenp, loff_t *ppos) + { + if (write && !capable(CAP_SYS_ADMIN)) +@@ -899,7 +918,6 @@ static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, + + return proc_dointvec_minmax(table, write, buffer, lenp, ppos); + } +-#endif + + /** + * struct do_proc_dointvec_minmax_conv_param - proc_dointvec_minmax() range checking structure +@@ -1585,6 +1603,12 @@ int proc_douintvec_minmax(struct ctl_table *table, int write, + return -ENOSYS; + } + ++int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, ++ void *buffer, size_t *lenp, loff_t *ppos) ++{ ++ return -ENOSYS; ++} ++ + int proc_dointvec_jiffies(struct ctl_table *table, int write, + void *buffer, size_t *lenp, loff_t *ppos) + { +@@ -3436,6 +3460,7 @@ EXPORT_SYMBOL(proc_douintvec); + EXPORT_SYMBOL(proc_dointvec_jiffies); + EXPORT_SYMBOL(proc_dointvec_minmax); + EXPORT_SYMBOL_GPL(proc_douintvec_minmax); ++EXPORT_SYMBOL(proc_dointvec_minmax_sysadmin); + EXPORT_SYMBOL(proc_dointvec_userhz_jiffies); + EXPORT_SYMBOL(proc_dointvec_ms_jiffies); + EXPORT_SYMBOL(proc_dostring); +-- +2.30.0 + |