• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1#!/bin/sh
2# SPDX-License-Identifier: GPL-2.0-or-later
3# Copyright (c) 2019 FUJITSU LIMITED. All rights reserved.
4# Copyright (c) 2019 Petr Vorel <pvorel@suse.cz>
5# Author: Yang Xu<xuyang2018.jy@cn.fujitsu.com>
6#
7# Test for these regressions causing buffer overflow when writing into
8# /proc/sys/fs/file-max:
9# 7f2923c4f73f ("sysctl: handle overflow in proc_get_long")
10# 32a5ad9c2285 ("sysctl: handle overflow for file-max")
11#
12# This bug has been fixed in 9002b21465fa ("kernel/sysctl.c: fix
13# out-of-bounds access when setting file-max")
14#
15# We test in sysctl02.sh setting 2^64, 2^64-1, 2^63 and 0.
16
17TST_TESTFUNC=do_test
18TST_SETUP=setup
19TST_CLEANUP=cleanup
20TST_CNT=4
21TST_NEEDS_ROOT=1
22TST_NEEDS_CMDS="sysctl"
23sys_name="fs.file-max"
24sys_file="/proc/sys/fs/file-max"
25syms_file="/proc/kallsyms"
26
27. tst_test.sh
28
29setup()
30{
31	[ ! -f "$sys_file" ] && tst_brk TCONF "$sys_file not enabled"
32	orig_value=$(cat "$sys_file")
33}
34
35do_test()
36{
37	case $1 in
38	1) sysctl_test_overflow 18446744073709551616 ;;
39	2) sysctl_test_overflow 18446744073709551615 ;;
40	3) sysctl_test_overflow 9223372036854775808 ;;
41	4) sysctl_test_zero ;;
42	esac
43}
44
45sysctl_test_overflow()
46{
47	local test_value="$1"
48	local old_value="$(cat $sys_file)"
49
50	tst_res TINFO "trying to set $sys_name=$test_value"
51	sysctl -w -q $sys_name=$test_value 2>/dev/null
52	local new_value="$(cat $sys_file)"
53
54	if [ "$new_value" = "$old_value" ]; then
55		tst_res TPASS "$sys_file keeps old value ($old_value)"
56	else
57		tst_res TFAIL "$sys_file overflows and is set to $new_value"
58	fi
59	cleanup
60}
61
62sysctl_test_zero()
63{
64	[ ! -f "$syms_file" ] && tst_brk TCONF "$syms_file not enabled"
65	ROD sysctl -w -q $sys_name=0
66
67	if grep -q kasan_report $syms_file; then
68		if dmesg | grep -q "KASAN: global-out-of-bounds in __do_proc_doulongvec_minmax"; then
69			tst_res TFAIL "$sys_file is set 0 and trigger a KASAN error"
70		else
71			tst_res TPASS "$sys_file is set 0 and doesn't trigger a KASAN error"
72		fi
73	else
74		tst_res TCONF "kernel doesn't support KASAN"
75	fi
76}
77
78cleanup()
79{
80	[ -n "$orig_value" ] && sysctl -w -q $sys_name=$orig_value
81}
82
83tst_run
84