Re: [PATCH 09/12] sysctl: move cad_pid into kernel/pid.c
From: Kees Cook
Date: Fri May 09 2025 - 15:01:59 EST
On Fri, May 09, 2025 at 02:54:13PM +0200, Joel Granados wrote:
> Move cad_pid as well as supporting function proc_do_cad_pid into
> kernel/pic.c. Replaced call to __do_proc_dointvec with proc_dointvec
> inside proc_do_cad_pid which requires the copy of the ctl_table to
> handle the temp value.
>
> This is part of a greater effort to move ctl tables into their
> respective subsystems which will reduce the merge conflicts in
> kernel/sysctl.c.
>
> Signed-off-by: Joel Granados <joel.granados@xxxxxxxxxx>
> ---
> kernel/pid.c | 32 ++++++++++++++++++++++++++++++++
> kernel/sysctl.c | 31 -------------------------------
> 2 files changed, 32 insertions(+), 31 deletions(-)
>
> diff --git a/kernel/pid.c b/kernel/pid.c
> index 4ac2ce46817fdefff8888681bb5ca3f2676e8add..bc87ba08ae8b7c67f3457b31309b56b5d90f8c52 100644
> --- a/kernel/pid.c
> +++ b/kernel/pid.c
> @@ -717,6 +717,29 @@ static struct ctl_table_root pid_table_root = {
> .set_ownership = pid_table_root_set_ownership,
> };
>
> +static int proc_do_cad_pid(const struct ctl_table *table, int write, void *buffer,
> + size_t *lenp, loff_t *ppos)
> +{
> + struct pid *new_pid;
> + pid_t tmp_pid;
> + int r;
> + struct ctl_table tmp_table = *table;
> +
> + tmp_pid = pid_vnr(cad_pid);
> + tmp_table.data = &tmp_pid;
> +
> + r = proc_dointvec(&tmp_table, write, buffer, lenp, ppos);
> + if (r || !write)
> + return r;
> +
> + new_pid = find_get_pid(tmp_pid);
> + if (!new_pid)
> + return -ESRCH;
> +
> + put_pid(xchg(&cad_pid, new_pid));
> + return 0;
> +}
> +
> static const struct ctl_table pid_table[] = {
> {
> .procname = "pid_max",
> @@ -727,6 +750,15 @@ static const struct ctl_table pid_table[] = {
> .extra1 = &pid_max_min,
> .extra2 = &pid_max_max,
> },
> +#ifdef CONFIG_PROC_SYSCTL
> + {
> + .procname = "cad_pid",
> + .data = NULL,
nit: this is redundant, any unspecified member will be zero-initialized.
Regardless:
Reviewed-by: Kees Cook <kees@xxxxxxxxxx>
> + .maxlen = sizeof(int),
> + .mode = 0600,
> + .proc_handler = proc_do_cad_pid,
> + },
> +#endif
> };
> #endif
>
> diff --git a/kernel/sysctl.c b/kernel/sysctl.c
> index 9d8db9cef11122993d850ab5c753e3da1cbfb5cc..d5bebdd02cd4f1def7d9dd2b85454a9022b600b7 100644
> --- a/kernel/sysctl.c
> +++ b/kernel/sysctl.c
> @@ -1224,28 +1224,6 @@ int proc_dointvec_ms_jiffies(const struct ctl_table *table, int write, void *buf
> do_proc_dointvec_ms_jiffies_conv, NULL);
> }
>
> -static int proc_do_cad_pid(const struct ctl_table *table, int write, void *buffer,
> - size_t *lenp, loff_t *ppos)
> -{
> - struct pid *new_pid;
> - pid_t tmp;
> - int r;
> -
> - tmp = pid_vnr(cad_pid);
> -
> - r = __do_proc_dointvec(&tmp, table, write, buffer,
> - lenp, ppos, NULL, NULL);
> - if (r || !write)
> - return r;
> -
> - new_pid = find_get_pid(tmp);
> - if (!new_pid)
> - return -ESRCH;
> -
> - put_pid(xchg(&cad_pid, new_pid));
> - return 0;
> -}
> -
> /**
> * proc_do_large_bitmap - read/write from/to a large bitmap
> * @table: the sysctl table
> @@ -1541,15 +1519,6 @@ static const struct ctl_table kern_table[] = {
> .mode = 0644,
> .proc_handler = proc_dostring,
> },
> -#endif
> -#ifdef CONFIG_PROC_SYSCTL
> - {
> - .procname = "cad_pid",
> - .data = NULL,
> - .maxlen = sizeof (int),
> - .mode = 0600,
> - .proc_handler = proc_do_cad_pid,
> - },
> #endif
> {
> .procname = "overflowuid",
>
> --
> 2.47.2
>
>
--
Kees Cook