tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
fork atom

Merge branch 'work.sysctl' of ssh://gitolite.kernel.org/pub/scm/linux/kernel/git/viro/vfs

Pull in Christoph Hellwig's series that changes the sysctl's ->proc_handler
methods to take kernel pointers instead. It gets rid of the set_fs address
space overrides used by BPF. As per discussion, pull in the feature branch
into bpf-next as it relates to BPF sysctl progs.

Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Link: https://lore.kernel.org/bpf/20200427071508.GV23230@ZenIV.linux.org.uk/T/

Daniel Borkmann 0b54142e 8c1b2bf1

+1839 -2103
+1 -1
arch/arm64/kernel/armv8_deprecated.c
··· 203 203 } 204 204 205 205 static int emulation_proc_handler(struct ctl_table *table, int write, 206 - void __user *buffer, size_t *lenp, 206 + void *buffer, size_t *lenp, 207 207 loff_t *ppos) 208 208 { 209 209 int ret = 0;
+1 -2
arch/arm64/kernel/fpsimd.c
··· 341 341 #ifdef CONFIG_SYSCTL 342 342 343 343 static int sve_proc_do_default_vl(struct ctl_table *table, int write, 344 - void __user *buffer, size_t *lenp, 345 - loff_t *ppos) 344 + void *buffer, size_t *lenp, loff_t *ppos) 346 345 { 347 346 int ret; 348 347 int vl = sve_default_vl;
+5 -8
arch/mips/lasat/sysctl.c
··· 95 95 len = 0; 96 96 p = buffer; 97 97 while (len < *lenp) { 98 - if (get_user(c, p++)) 99 - return -EFAULT; 98 + c = *p; 99 + p++; 100 100 if (c == 0 || c == '\n') 101 101 break; 102 102 len++; 103 103 } 104 104 if (len >= sizeof(ipbuf)-1) 105 105 len = sizeof(ipbuf) - 1; 106 - if (copy_from_user(ipbuf, buffer, len)) 107 - return -EFAULT; 106 + memcpy(ipbuf, buffer, len); 108 107 ipbuf[len] = 0; 109 108 *ppos += *lenp; 110 109 /* Now see if we can convert it to a valid IP */ ··· 121 122 if (len > *lenp) 122 123 len = *lenp; 123 124 if (len) 124 - if (copy_to_user(buffer, ipbuf, len)) 125 - return -EFAULT; 125 + memcpy(buffer, ipbuf, len); 126 126 if (len < *lenp) { 127 - if (put_user('\n', ((char *) buffer) + len)) 128 - return -EFAULT; 127 + *((char *)buffer + len) = '\n'; 129 128 len++; 130 129 } 131 130 *lenp = len;
+5 -6
arch/s390/appldata/appldata_base.c
··· 51 51 */ 52 52 static const char appldata_proc_name[APPLDATA_PROC_NAME_LENGTH] = "appldata"; 53 53 static int appldata_timer_handler(struct ctl_table *ctl, int write, 54 - void __user *buffer, size_t *lenp, loff_t *ppos); 54 + void *buffer, size_t *lenp, loff_t *ppos); 55 55 static int appldata_interval_handler(struct ctl_table *ctl, int write, 56 - void __user *buffer, 57 - size_t *lenp, loff_t *ppos); 56 + void *buffer, size_t *lenp, loff_t *ppos); 58 57 59 58 static struct ctl_table_header *appldata_sysctl_header; 60 59 static struct ctl_table appldata_table[] = { ··· 216 217 */ 217 218 static int 218 219 appldata_timer_handler(struct ctl_table *ctl, int write, 219 - void __user *buffer, size_t *lenp, loff_t *ppos) 220 + void *buffer, size_t *lenp, loff_t *ppos) 220 221 { 221 222 int timer_active = appldata_timer_active; 222 223 int rc; ··· 249 250 */ 250 251 static int 251 252 appldata_interval_handler(struct ctl_table *ctl, int write, 252 - void __user *buffer, size_t *lenp, loff_t *ppos) 253 + void *buffer, size_t *lenp, loff_t *ppos) 253 254 { 254 255 int interval = appldata_interval; 255 256 int rc; ··· 279 280 */ 280 281 static int 281 282 appldata_generic_handler(struct ctl_table *ctl, int write, 282 - void __user *buffer, size_t *lenp, loff_t *ppos) 283 + void *buffer, size_t *lenp, loff_t *ppos) 283 284 { 284 285 struct appldata_ops *ops = NULL, *tmp_ops; 285 286 struct list_head *lh;
+1 -1
arch/s390/kernel/debug.c
··· 867 867 * if debug_active is already off 868 868 */ 869 869 static int s390dbf_procactive(struct ctl_table *table, int write, 870 - void __user *buffer, size_t *lenp, loff_t *ppos) 870 + void *buffer, size_t *lenp, loff_t *ppos) 871 871 { 872 872 if (!write || debug_stoppable || !debug_active) 873 873 return proc_dointvec(table, write, buffer, lenp, ppos);
+1 -1
arch/s390/kernel/topology.c
··· 594 594 early_param("topology", topology_setup); 595 595 596 596 static int topology_ctl_handler(struct ctl_table *ctl, int write, 597 - void __user *buffer, size_t *lenp, loff_t *ppos) 597 + void *buffer, size_t *lenp, loff_t *ppos) 598 598 { 599 599 int enabled = topology_is_enabled(); 600 600 int new_mode;
+5 -7
arch/s390/mm/cmm.c
··· 245 245 } 246 246 247 247 static int cmm_pages_handler(struct ctl_table *ctl, int write, 248 - void __user *buffer, size_t *lenp, loff_t *ppos) 248 + void *buffer, size_t *lenp, loff_t *ppos) 249 249 { 250 250 long nr = cmm_get_pages(); 251 251 struct ctl_table ctl_entry = { ··· 264 264 } 265 265 266 266 static int cmm_timed_pages_handler(struct ctl_table *ctl, int write, 267 - void __user *buffer, size_t *lenp, 267 + void *buffer, size_t *lenp, 268 268 loff_t *ppos) 269 269 { 270 270 long nr = cmm_get_timed_pages(); ··· 284 284 } 285 285 286 286 static int cmm_timeout_handler(struct ctl_table *ctl, int write, 287 - void __user *buffer, size_t *lenp, loff_t *ppos) 287 + void *buffer, size_t *lenp, loff_t *ppos) 288 288 { 289 289 char buf[64], *p; 290 290 long nr, seconds; ··· 297 297 298 298 if (write) { 299 299 len = min(*lenp, sizeof(buf)); 300 - if (copy_from_user(buf, buffer, len)) 301 - return -EFAULT; 300 + memcpy(buf, buffer, len); 302 301 buf[len - 1] = '\0'; 303 302 cmm_skip_blanks(buf, &p); 304 303 nr = simple_strtoul(p, &p, 0); ··· 310 311 cmm_timeout_pages, cmm_timeout_seconds); 311 312 if (len > *lenp) 312 313 len = *lenp; 313 - if (copy_to_user(buffer, buf, len)) 314 - return -EFAULT; 314 + memcpy(buffer, buf, len); 315 315 *lenp = len; 316 316 *ppos += len; 317 317 }
+1 -2
arch/x86/kernel/itmt.c
··· 39 39 unsigned int __read_mostly sysctl_sched_itmt_enabled; 40 40 41 41 static int sched_itmt_update_handler(struct ctl_table *table, int write, 42 - void __user *buffer, size_t *lenp, 43 - loff_t *ppos) 42 + void *buffer, size_t *lenp, loff_t *ppos) 44 43 { 45 44 unsigned int old_sysctl; 46 45 int ret;
+1 -1
drivers/cdrom/cdrom.c
··· 3631 3631 } 3632 3632 3633 3633 static int cdrom_sysctl_handler(struct ctl_table *ctl, int write, 3634 - void __user *buffer, size_t *lenp, loff_t *ppos) 3634 + void *buffer, size_t *lenp, loff_t *ppos) 3635 3635 { 3636 3636 int ret; 3637 3637
+1 -1
drivers/char/random.c
··· 2057 2057 * sysctl system call, as 16 bytes of binary data. 2058 2058 */ 2059 2059 static int proc_do_uuid(struct ctl_table *table, int write, 2060 - void __user *buffer, size_t *lenp, loff_t *ppos) 2060 + void *buffer, size_t *lenp, loff_t *ppos) 2061 2061 { 2062 2062 struct ctl_table fake_table; 2063 2063 unsigned char buf[64], tmp_uuid[16], *uuid;
+1 -2
drivers/macintosh/mac_hid.c
··· 183 183 } 184 184 185 185 static int mac_hid_toggle_emumouse(struct ctl_table *table, int write, 186 - void __user *buffer, size_t *lenp, 187 - loff_t *ppos) 186 + void *buffer, size_t *lenp, loff_t *ppos) 188 187 { 189 188 int *valp = table->data; 190 189 int old_val = *valp;
+18 -21
drivers/parport/procfs.c
··· 34 34 #define PARPORT_MAX_SPINTIME_VALUE 1000 35 35 36 36 static int do_active_device(struct ctl_table *table, int write, 37 - void __user *result, size_t *lenp, loff_t *ppos) 37 + void *result, size_t *lenp, loff_t *ppos) 38 38 { 39 39 struct parport *port = (struct parport *)table->extra1; 40 40 char buffer[256]; ··· 65 65 *lenp = len; 66 66 67 67 *ppos += len; 68 - 69 - return copy_to_user(result, buffer, len) ? -EFAULT : 0; 68 + memcpy(result, buffer, len); 69 + return 0; 70 70 } 71 71 72 72 #ifdef CONFIG_PARPORT_1284 73 73 static int do_autoprobe(struct ctl_table *table, int write, 74 - void __user *result, size_t *lenp, loff_t *ppos) 74 + void *result, size_t *lenp, loff_t *ppos) 75 75 { 76 76 struct parport_device_info *info = table->extra2; 77 77 const char *str; ··· 108 108 109 109 *ppos += len; 110 110 111 - return copy_to_user (result, buffer, len) ? -EFAULT : 0; 111 + memcpy(result, buffer, len); 112 + return 0; 112 113 } 113 114 #endif /* IEEE1284.3 support. */ 114 115 115 116 static int do_hardware_base_addr(struct ctl_table *table, int write, 116 - void __user *result, 117 - size_t *lenp, loff_t *ppos) 117 + void *result, size_t *lenp, loff_t *ppos) 118 118 { 119 119 struct parport *port = (struct parport *)table->extra1; 120 120 char buffer[20]; ··· 136 136 *lenp = len; 137 137 138 138 *ppos += len; 139 - 140 - return copy_to_user(result, buffer, len) ? -EFAULT : 0; 139 + memcpy(result, buffer, len); 140 + return 0; 141 141 } 142 142 143 143 static int do_hardware_irq(struct ctl_table *table, int write, 144 - void __user *result, 145 - size_t *lenp, loff_t *ppos) 144 + void *result, size_t *lenp, loff_t *ppos) 146 145 { 147 146 struct parport *port = (struct parport *)table->extra1; 148 147 char buffer[20]; ··· 163 164 *lenp = len; 164 165 165 166 *ppos += len; 166 - 167 - return copy_to_user(result, buffer, len) ? -EFAULT : 0; 167 + memcpy(result, buffer, len); 168 + return 0; 168 169 } 169 170 170 171 static int do_hardware_dma(struct ctl_table *table, int write, 171 - void __user *result, 172 - size_t *lenp, loff_t *ppos) 172 + void *result, size_t *lenp, loff_t *ppos) 173 173 { 174 174 struct parport *port = (struct parport *)table->extra1; 175 175 char buffer[20]; ··· 190 192 *lenp = len; 191 193 192 194 *ppos += len; 193 - 194 - return copy_to_user(result, buffer, len) ? -EFAULT : 0; 195 + memcpy(result, buffer, len); 196 + return 0; 195 197 } 196 198 197 199 static int do_hardware_modes(struct ctl_table *table, int write, 198 - void __user *result, 199 - size_t *lenp, loff_t *ppos) 200 + void *result, size_t *lenp, loff_t *ppos) 200 201 { 201 202 struct parport *port = (struct parport *)table->extra1; 202 203 char buffer[40]; ··· 228 231 *lenp = len; 229 232 230 233 *ppos += len; 231 - 232 - return copy_to_user(result, buffer, len) ? -EFAULT : 0; 234 + memcpy(result, buffer, len); 235 + return 0; 233 236 } 234 237 235 238 #define PARPORT_PORT_DIR(CHILD) { .procname = NULL, .mode = 0555, .child = CHILD }
+1 -1
fs/dcache.c
··· 165 165 return sum < 0 ? 0 : sum; 166 166 } 167 167 168 - int proc_nr_dentry(struct ctl_table *table, int write, void __user *buffer, 168 + int proc_nr_dentry(struct ctl_table *table, int write, void *buffer, 169 169 size_t *lenp, loff_t *ppos) 170 170 { 171 171 dentry_stat.nr_dentry = get_nr_dentry();
+1 -1
fs/drop_caches.c
··· 47 47 } 48 48 49 49 int drop_caches_sysctl_handler(struct ctl_table *table, int write, 50 - void __user *buffer, size_t *length, loff_t *ppos) 50 + void *buffer, size_t *length, loff_t *ppos) 51 51 { 52 52 int ret; 53 53
+2 -2
fs/file_table.c
··· 80 80 */ 81 81 #if defined(CONFIG_SYSCTL) && defined(CONFIG_PROC_FS) 82 82 int proc_nr_files(struct ctl_table *table, int write, 83 - void __user *buffer, size_t *lenp, loff_t *ppos) 83 + void *buffer, size_t *lenp, loff_t *ppos) 84 84 { 85 85 files_stat.nr_files = get_nr_files(); 86 86 return proc_doulongvec_minmax(table, write, buffer, lenp, ppos); 87 87 } 88 88 #else 89 89 int proc_nr_files(struct ctl_table *table, int write, 90 - void __user *buffer, size_t *lenp, loff_t *ppos) 90 + void *buffer, size_t *lenp, loff_t *ppos) 91 91 { 92 92 return -ENOSYS; 93 93 }
+1 -2
fs/fscache/main.c
··· 51 51 static struct ctl_table_header *fscache_sysctl_header; 52 52 53 53 static int fscache_max_active_sysctl(struct ctl_table *table, int write, 54 - void __user *buffer, 55 - size_t *lenp, loff_t *ppos) 54 + void *buffer, size_t *lenp, loff_t *ppos) 56 55 { 57 56 struct workqueue_struct **wqp = table->extra1; 58 57 unsigned int *datap = table->data;
+1 -1
fs/inode.c
··· 108 108 */ 109 109 #ifdef CONFIG_SYSCTL 110 110 int proc_nr_inodes(struct ctl_table *table, int write, 111 - void __user *buffer, size_t *lenp, loff_t *ppos) 111 + void *buffer, size_t *lenp, loff_t *ppos) 112 112 { 113 113 inodes_stat.nr_inodes = get_nr_inodes(); 114 114 inodes_stat.nr_unused = get_nr_inodes_unused();
+31 -20
fs/proc/proc_sysctl.c
··· 539 539 return err; 540 540 } 541 541 542 - static ssize_t proc_sys_call_handler(struct file *filp, void __user *buf, 542 + static ssize_t proc_sys_call_handler(struct file *filp, void __user *ubuf, 543 543 size_t count, loff_t *ppos, int write) 544 544 { 545 545 struct inode *inode = file_inode(filp); 546 546 struct ctl_table_header *head = grab_header(inode); 547 547 struct ctl_table *table = PROC_I(inode)->sysctl_entry; 548 - void *new_buf = NULL; 548 + void *kbuf; 549 549 ssize_t error; 550 550 551 551 if (IS_ERR(head)) ··· 564 564 if (!table->proc_handler) 565 565 goto out; 566 566 567 - error = BPF_CGROUP_RUN_PROG_SYSCTL(head, table, write, buf, &count, 568 - ppos, &new_buf); 569 - if (error) 570 - goto out; 571 - 572 - /* careful: calling conventions are nasty here */ 573 - if (new_buf) { 574 - mm_segment_t old_fs; 575 - 576 - old_fs = get_fs(); 577 - set_fs(KERNEL_DS); 578 - error = table->proc_handler(table, write, (void __user *)new_buf, 579 - &count, ppos); 580 - set_fs(old_fs); 581 - kfree(new_buf); 567 + if (write) { 568 + kbuf = memdup_user_nul(ubuf, count); 569 + if (IS_ERR(kbuf)) { 570 + error = PTR_ERR(kbuf); 571 + goto out; 572 + } 582 573 } else { 583 - error = table->proc_handler(table, write, buf, &count, ppos); 574 + error = -ENOMEM; 575 + kbuf = kzalloc(count, GFP_KERNEL); 576 + if (!kbuf) 577 + goto out; 584 578 } 585 579 586 - if (!error) 587 - error = count; 580 + error = BPF_CGROUP_RUN_PROG_SYSCTL(head, table, write, &kbuf, &count, 581 + ppos); 582 + if (error) 583 + goto out_free_buf; 584 + 585 + /* careful: calling conventions are nasty here */ 586 + error = table->proc_handler(table, write, kbuf, &count, ppos); 587 + if (error) 588 + goto out_free_buf; 589 + 590 + if (!write) { 591 + error = -EFAULT; 592 + if (copy_to_user(ubuf, kbuf, count)) 593 + goto out_free_buf; 594 + } 595 + 596 + error = count; 597 + out_free_buf: 598 + kfree(kbuf); 588 599 out: 589 600 sysctl_head_finish(head); 590 601
+1 -1
fs/quota/dquot.c
··· 2841 2841 EXPORT_SYMBOL(dquot_quotactl_sysfile_ops); 2842 2842 2843 2843 static int do_proc_dqstats(struct ctl_table *table, int write, 2844 - void __user *buffer, size_t *lenp, loff_t *ppos) 2844 + void *buffer, size_t *lenp, loff_t *ppos) 2845 2845 { 2846 2846 unsigned int type = (unsigned long *)table->data - dqstats.stat; 2847 2847 s64 value = percpu_counter_sum(&dqstats.counter[type]);
+2 -2
fs/xfs/xfs_sysctl.c
··· 13 13 xfs_stats_clear_proc_handler( 14 14 struct ctl_table *ctl, 15 15 int write, 16 - void __user *buffer, 16 + void *buffer, 17 17 size_t *lenp, 18 18 loff_t *ppos) 19 19 { ··· 33 33 xfs_panic_mask_proc_handler( 34 34 struct ctl_table *ctl, 35 35 int write, 36 - void __user *buffer, 36 + void *buffer, 37 37 size_t *lenp, 38 38 loff_t *ppos) 39 39 {
+4 -5
include/linux/bpf-cgroup.h
··· 138 138 139 139 int __cgroup_bpf_run_filter_sysctl(struct ctl_table_header *head, 140 140 struct ctl_table *table, int write, 141 - void __user *buf, size_t *pcount, 142 - loff_t *ppos, void **new_buf, 141 + void **buf, size_t *pcount, loff_t *ppos, 143 142 enum bpf_attach_type type); 144 143 145 144 int __cgroup_bpf_run_filter_setsockopt(struct sock *sock, int *level, ··· 301 302 }) 302 303 303 304 304 - #define BPF_CGROUP_RUN_PROG_SYSCTL(head, table, write, buf, count, pos, nbuf) \ 305 + #define BPF_CGROUP_RUN_PROG_SYSCTL(head, table, write, buf, count, pos) \ 305 306 ({ \ 306 307 int __ret = 0; \ 307 308 if (cgroup_bpf_enabled) \ 308 309 __ret = __cgroup_bpf_run_filter_sysctl(head, table, write, \ 309 - buf, count, pos, nbuf, \ 310 + buf, count, pos, \ 310 311 BPF_CGROUP_SYSCTL); \ 311 312 __ret; \ 312 313 }) ··· 428 429 #define BPF_CGROUP_RUN_PROG_UDP6_RECVMSG_LOCK(sk, uaddr) ({ 0; }) 429 430 #define BPF_CGROUP_RUN_PROG_SOCK_OPS(sock_ops) ({ 0; }) 430 431 #define BPF_CGROUP_RUN_PROG_DEVICE_CGROUP(type,major,minor,access) ({ 0; }) 431 - #define BPF_CGROUP_RUN_PROG_SYSCTL(head,table,write,buf,count,pos,nbuf) ({ 0; }) 432 + #define BPF_CGROUP_RUN_PROG_SYSCTL(head,table,write,buf,count,pos) ({ 0; }) 432 433 #define BPF_CGROUP_GETSOCKOPT_MAX_OPTLEN(optlen) ({ 0; }) 433 434 #define BPF_CGROUP_RUN_PROG_GETSOCKOPT(sock, level, optname, optval, \ 434 435 optlen, max_optlen, retval) ({ retval; })
+1 -1
include/linux/compaction.h
··· 86 86 #ifdef CONFIG_COMPACTION 87 87 extern int sysctl_compact_memory; 88 88 extern int sysctl_compaction_handler(struct ctl_table *table, int write, 89 - void __user *buffer, size_t *length, loff_t *ppos); 89 + void *buffer, size_t *length, loff_t *ppos); 90 90 extern int sysctl_extfrag_threshold; 91 91 extern int sysctl_compact_unevictable_allowed; 92 92
+4
include/linux/coredump.h
··· 22 22 static inline void do_coredump(const kernel_siginfo_t *siginfo) {} 23 23 #endif 24 24 25 + extern int core_uses_pid; 26 + extern char core_pattern[]; 27 + extern unsigned int core_pipe_limit; 28 + 25 29 #endif /* _LINUX_COREDUMP_H */
+2
include/linux/file.h
··· 94 94 extern void flush_delayed_fput(void); 95 95 extern void __fput_sync(struct file *); 96 96 97 + extern unsigned int sysctl_nr_open_min, sysctl_nr_open_max; 98 + 97 99 #endif /* __LINUX_FILE_H */
+3 -3
include/linux/fs.h
··· 3536 3536 3537 3537 struct ctl_table; 3538 3538 int proc_nr_files(struct ctl_table *table, int write, 3539 - void __user *buffer, size_t *lenp, loff_t *ppos); 3539 + void *buffer, size_t *lenp, loff_t *ppos); 3540 3540 int proc_nr_dentry(struct ctl_table *table, int write, 3541 - void __user *buffer, size_t *lenp, loff_t *ppos); 3541 + void *buffer, size_t *lenp, loff_t *ppos); 3542 3542 int proc_nr_inodes(struct ctl_table *table, int write, 3543 - void __user *buffer, size_t *lenp, loff_t *ppos); 3543 + void *buffer, size_t *lenp, loff_t *ppos); 3544 3544 int __init get_filesystem_list(char *buf); 3545 3545 3546 3546 #define __FMODE_EXEC ((__force int) FMODE_EXEC)
+1 -2
include/linux/ftrace.h
··· 1005 1005 extern int __disable_trace_on_warning; 1006 1006 1007 1007 int tracepoint_printk_sysctl(struct ctl_table *table, int write, 1008 - void __user *buffer, size_t *lenp, 1009 - loff_t *ppos); 1008 + void *buffer, size_t *lenp, loff_t *ppos); 1010 1009 1011 1010 #else /* CONFIG_TRACING */ 1012 1011 static inline void disable_trace_on_warning(void) { }
+7 -8
include/linux/hugetlb.h
··· 105 105 void hugepage_put_subpool(struct hugepage_subpool *spool); 106 106 107 107 void reset_vma_resv_huge_pages(struct vm_area_struct *vma); 108 - int hugetlb_sysctl_handler(struct ctl_table *, int, void __user *, size_t *, loff_t *); 109 - int hugetlb_overcommit_handler(struct ctl_table *, int, void __user *, size_t *, loff_t *); 110 - int hugetlb_treat_movable_handler(struct ctl_table *, int, void __user *, size_t *, loff_t *); 111 - 112 - #ifdef CONFIG_NUMA 113 - int hugetlb_mempolicy_sysctl_handler(struct ctl_table *, int, 114 - void __user *, size_t *, loff_t *); 115 - #endif 108 + int hugetlb_sysctl_handler(struct ctl_table *, int, void *, size_t *, loff_t *); 109 + int hugetlb_overcommit_handler(struct ctl_table *, int, void *, size_t *, 110 + loff_t *); 111 + int hugetlb_treat_movable_handler(struct ctl_table *, int, void *, size_t *, 112 + loff_t *); 113 + int hugetlb_mempolicy_sysctl_handler(struct ctl_table *, int, void *, size_t *, 114 + loff_t *); 116 115 117 116 int copy_hugetlb_page_range(struct mm_struct *, struct mm_struct *, struct vm_area_struct *); 118 117 long follow_hugetlb_page(struct mm_struct *, struct vm_area_struct *,
+1 -1
include/linux/kprobes.h
··· 312 312 #ifdef CONFIG_SYSCTL 313 313 extern int sysctl_kprobes_optimization; 314 314 extern int proc_kprobes_optimization_handler(struct ctl_table *table, 315 - int write, void __user *buffer, 315 + int write, void *buffer, 316 316 size_t *length, loff_t *ppos); 317 317 #endif 318 318 extern void wait_for_kprobe_optimizer(void);
+2 -2
include/linux/latencytop.h
··· 38 38 39 39 void clear_tsk_latency_tracing(struct task_struct *p); 40 40 41 - extern int sysctl_latencytop(struct ctl_table *table, int write, 42 - void __user *buffer, size_t *lenp, loff_t *ppos); 41 + int sysctl_latencytop(struct ctl_table *table, int write, void *buffer, 42 + size_t *lenp, loff_t *ppos); 43 43 44 44 #else 45 45
+8 -6
include/linux/mm.h
··· 201 201 extern int sysctl_overcommit_ratio; 202 202 extern unsigned long sysctl_overcommit_kbytes; 203 203 204 - extern int overcommit_ratio_handler(struct ctl_table *, int, void __user *, 205 - size_t *, loff_t *); 206 - extern int overcommit_kbytes_handler(struct ctl_table *, int, void __user *, 207 - size_t *, loff_t *); 204 + int overcommit_ratio_handler(struct ctl_table *, int, void *, size_t *, 205 + loff_t *); 206 + int overcommit_kbytes_handler(struct ctl_table *, int, void *, size_t *, 207 + loff_t *); 208 208 209 209 #define nth_page(page,n) pfn_to_page(page_to_pfn((page)) + (n)) 210 210 ··· 2957 2957 2958 2958 #ifdef CONFIG_SYSCTL 2959 2959 extern int sysctl_drop_caches; 2960 - int drop_caches_sysctl_handler(struct ctl_table *, int, 2961 - void __user *, size_t *, loff_t *); 2960 + int drop_caches_sysctl_handler(struct ctl_table *, int, void *, size_t *, 2961 + loff_t *); 2962 2962 #endif 2963 2963 2964 2964 void drop_slab(void); ··· 3139 3139 unsigned long wp_shared_mapping_range(struct address_space *mapping, 3140 3140 pgoff_t first_index, pgoff_t nr); 3141 3141 #endif 3142 + 3143 + extern int sysctl_nr_trim_pages; 3142 3144 3143 3145 #endif /* __KERNEL__ */ 3144 3146 #endif /* _LINUX_MM_H */
+16 -17
include/linux/mmzone.h
··· 909 909 910 910 /* These two functions are used to setup the per zone pages min values */ 911 911 struct ctl_table; 912 - int min_free_kbytes_sysctl_handler(struct ctl_table *, int, 913 - void __user *, size_t *, loff_t *); 914 - int watermark_boost_factor_sysctl_handler(struct ctl_table *, int, 915 - void __user *, size_t *, loff_t *); 916 - int watermark_scale_factor_sysctl_handler(struct ctl_table *, int, 917 - void __user *, size_t *, loff_t *); 918 - extern int sysctl_lowmem_reserve_ratio[MAX_NR_ZONES]; 919 - int lowmem_reserve_ratio_sysctl_handler(struct ctl_table *, int, 920 - void __user *, size_t *, loff_t *); 921 - int percpu_pagelist_fraction_sysctl_handler(struct ctl_table *, int, 922 - void __user *, size_t *, loff_t *); 923 - int sysctl_min_unmapped_ratio_sysctl_handler(struct ctl_table *, int, 924 - void __user *, size_t *, loff_t *); 925 - int sysctl_min_slab_ratio_sysctl_handler(struct ctl_table *, int, 926 - void __user *, size_t *, loff_t *); 927 912 928 - extern int numa_zonelist_order_handler(struct ctl_table *, int, 929 - void __user *, size_t *, loff_t *); 913 + int min_free_kbytes_sysctl_handler(struct ctl_table *, int, void *, size_t *, 914 + loff_t *); 915 + int watermark_scale_factor_sysctl_handler(struct ctl_table *, int, void *, 916 + size_t *, loff_t *); 917 + extern int sysctl_lowmem_reserve_ratio[MAX_NR_ZONES]; 918 + int lowmem_reserve_ratio_sysctl_handler(struct ctl_table *, int, void *, 919 + size_t *, loff_t *); 920 + int percpu_pagelist_fraction_sysctl_handler(struct ctl_table *, int, 921 + void *, size_t *, loff_t *); 922 + int sysctl_min_unmapped_ratio_sysctl_handler(struct ctl_table *, int, 923 + void *, size_t *, loff_t *); 924 + int sysctl_min_slab_ratio_sysctl_handler(struct ctl_table *, int, 925 + void *, size_t *, loff_t *); 926 + int numa_zonelist_order_handler(struct ctl_table *, int, 927 + void *, size_t *, loff_t *); 928 + extern int percpu_pagelist_fraction; 930 929 extern char numa_zonelist_order[]; 931 930 #define NUMA_ZONELIST_ORDER_LEN 16 932 931
+5 -10
include/linux/nmi.h
··· 202 202 #endif 203 203 204 204 struct ctl_table; 205 - extern int proc_watchdog(struct ctl_table *, int , 206 - void __user *, size_t *, loff_t *); 207 - extern int proc_nmi_watchdog(struct ctl_table *, int , 208 - void __user *, size_t *, loff_t *); 209 - extern int proc_soft_watchdog(struct ctl_table *, int , 210 - void __user *, size_t *, loff_t *); 211 - extern int proc_watchdog_thresh(struct ctl_table *, int , 212 - void __user *, size_t *, loff_t *); 213 - extern int proc_watchdog_cpumask(struct ctl_table *, int, 214 - void __user *, size_t *, loff_t *); 205 + int proc_watchdog(struct ctl_table *, int, void *, size_t *, loff_t *); 206 + int proc_nmi_watchdog(struct ctl_table *, int , void *, size_t *, loff_t *); 207 + int proc_soft_watchdog(struct ctl_table *, int , void *, size_t *, loff_t *); 208 + int proc_watchdog_thresh(struct ctl_table *, int , void *, size_t *, loff_t *); 209 + int proc_watchdog_cpumask(struct ctl_table *, int, void *, size_t *, loff_t *); 215 210 216 211 #ifdef CONFIG_HAVE_ACPI_APEI_NMI 217 212 #include <asm/nmi.h>
+5 -8
include/linux/perf_event.h
··· 1280 1280 1281 1281 extern void perf_sample_event_took(u64 sample_len_ns); 1282 1282 1283 - extern int perf_proc_update_handler(struct ctl_table *table, int write, 1284 - void __user *buffer, size_t *lenp, 1285 - loff_t *ppos); 1286 - extern int perf_cpu_time_max_percent_handler(struct ctl_table *table, int write, 1287 - void __user *buffer, size_t *lenp, 1288 - loff_t *ppos); 1289 - 1283 + int perf_proc_update_handler(struct ctl_table *table, int write, 1284 + void *buffer, size_t *lenp, loff_t *ppos); 1285 + int perf_cpu_time_max_percent_handler(struct ctl_table *table, int write, 1286 + void *buffer, size_t *lenp, loff_t *ppos); 1290 1287 int perf_event_max_stack_handler(struct ctl_table *table, int write, 1291 - void __user *buffer, size_t *lenp, loff_t *ppos); 1288 + void *buffer, size_t *lenp, loff_t *ppos); 1292 1289 1293 1290 /* Access to perf_event_open(2) syscall. */ 1294 1291 #define PERF_SECURITY_OPEN 0
+3
include/linux/pid.h
··· 108 108 struct pid_namespace; 109 109 extern struct pid_namespace init_pid_ns; 110 110 111 + extern int pid_max; 112 + extern int pid_max_min, pid_max_max; 113 + 111 114 /* 112 115 * look up a PID in the hash table. Must be called with the tasklist_lock 113 116 * or rcu_read_lock() held.
+1 -1
include/linux/printk.h
··· 189 189 extern int dmesg_restrict; 190 190 191 191 extern int 192 - devkmsg_sysctl_set_loglvl(struct ctl_table *table, int write, void __user *buf, 192 + devkmsg_sysctl_set_loglvl(struct ctl_table *table, int write, void *buf, 193 193 size_t *lenp, loff_t *ppos); 194 194 195 195 extern void wake_up_klogd(void);
+15 -29
include/linux/sched/sysctl.h
··· 12 12 extern unsigned long sysctl_hung_task_timeout_secs; 13 13 extern unsigned long sysctl_hung_task_check_interval_secs; 14 14 extern int sysctl_hung_task_warnings; 15 - extern int proc_dohung_task_timeout_secs(struct ctl_table *table, int write, 16 - void __user *buffer, 17 - size_t *lenp, loff_t *ppos); 15 + int proc_dohung_task_timeout_secs(struct ctl_table *table, int write, 16 + void *buffer, size_t *lenp, loff_t *ppos); 18 17 #else 19 18 /* Avoid need for ifdefs elsewhere in the code */ 20 19 enum { sysctl_hung_task_timeout_secs = 0 }; ··· 42 43 extern __read_mostly unsigned int sysctl_sched_nr_migrate; 43 44 44 45 int sched_proc_update_handler(struct ctl_table *table, int write, 45 - void __user *buffer, size_t *length, 46 - loff_t *ppos); 46 + void *buffer, size_t *length, loff_t *ppos); 47 47 #endif 48 48 49 49 /* ··· 70 72 extern int sysctl_sched_rr_timeslice; 71 73 extern int sched_rr_timeslice; 72 74 73 - extern int sched_rr_handler(struct ctl_table *table, int write, 74 - void __user *buffer, size_t *lenp, 75 - loff_t *ppos); 76 - 77 - extern int sched_rt_handler(struct ctl_table *table, int write, 78 - void __user *buffer, size_t *lenp, 79 - loff_t *ppos); 80 - 81 - #ifdef CONFIG_UCLAMP_TASK 82 - extern int sysctl_sched_uclamp_handler(struct ctl_table *table, int write, 83 - void __user *buffer, size_t *lenp, 84 - loff_t *ppos); 85 - #endif 86 - 87 - extern int sysctl_numa_balancing(struct ctl_table *table, int write, 88 - void __user *buffer, size_t *lenp, 89 - loff_t *ppos); 90 - 91 - extern int sysctl_schedstats(struct ctl_table *table, int write, 92 - void __user *buffer, size_t *lenp, 93 - loff_t *ppos); 75 + int sched_rr_handler(struct ctl_table *table, int write, void *buffer, 76 + size_t *lenp, loff_t *ppos); 77 + int sched_rt_handler(struct ctl_table *table, int write, void *buffer, 78 + size_t *lenp, loff_t *ppos); 79 + int sysctl_sched_uclamp_handler(struct ctl_table *table, int write, 80 + void *buffer, size_t *lenp, loff_t *ppos); 81 + int sysctl_numa_balancing(struct ctl_table *table, int write, void *buffer, 82 + size_t *lenp, loff_t *ppos); 83 + int sysctl_schedstats(struct ctl_table *table, int write, void *buffer, 84 + size_t *lenp, loff_t *ppos); 94 85 95 86 #if defined(CONFIG_ENERGY_MODEL) && defined(CONFIG_CPU_FREQ_GOV_SCHEDUTIL) 96 87 extern unsigned int sysctl_sched_energy_aware; 97 - extern int sched_energy_aware_handler(struct ctl_table *table, int write, 98 - void __user *buffer, size_t *lenp, 99 - loff_t *ppos); 88 + int sched_energy_aware_handler(struct ctl_table *table, int write, 89 + void *buffer, size_t *lenp, loff_t *ppos); 100 90 #endif 101 91 102 92 #endif /* _LINUX_SCHED_SYSCTL_H */
+1 -1
include/linux/security.h
··· 211 211 212 212 #ifdef CONFIG_MMU 213 213 extern int mmap_min_addr_handler(struct ctl_table *table, int write, 214 - void __user *buffer, size_t *lenp, loff_t *ppos); 214 + void *buffer, size_t *lenp, loff_t *ppos); 215 215 #endif 216 216 217 217 /* security_inode_init_security callback function to write xattrs */
+29 -30
include/linux/sysctl.h
··· 44 44 45 45 extern const int sysctl_vals[]; 46 46 47 - typedef int proc_handler (struct ctl_table *ctl, int write, 48 - void __user *buffer, size_t *lenp, loff_t *ppos); 47 + typedef int proc_handler(struct ctl_table *ctl, int write, void *buffer, 48 + size_t *lenp, loff_t *ppos); 49 49 50 - extern int proc_dostring(struct ctl_table *, int, 51 - void __user *, size_t *, loff_t *); 52 - extern int proc_dointvec(struct ctl_table *, int, 53 - void __user *, size_t *, loff_t *); 54 - extern int proc_douintvec(struct ctl_table *, int, 55 - void __user *, size_t *, loff_t *); 56 - extern int proc_dointvec_minmax(struct ctl_table *, int, 57 - void __user *, size_t *, loff_t *); 58 - extern int proc_douintvec_minmax(struct ctl_table *table, int write, 59 - void __user *buffer, size_t *lenp, 60 - loff_t *ppos); 61 - extern int proc_dointvec_jiffies(struct ctl_table *, int, 62 - void __user *, size_t *, loff_t *); 63 - extern int proc_dointvec_userhz_jiffies(struct ctl_table *, int, 64 - void __user *, size_t *, loff_t *); 65 - extern int proc_dointvec_ms_jiffies(struct ctl_table *, int, 66 - void __user *, size_t *, loff_t *); 67 - extern int proc_doulongvec_minmax(struct ctl_table *, int, 68 - void __user *, size_t *, loff_t *); 69 - extern int proc_doulongvec_ms_jiffies_minmax(struct ctl_table *table, int, 70 - void __user *, size_t *, loff_t *); 71 - extern int proc_do_large_bitmap(struct ctl_table *, int, 72 - void __user *, size_t *, loff_t *); 73 - extern int proc_do_static_key(struct ctl_table *table, int write, 74 - void __user *buffer, size_t *lenp, 75 - loff_t *ppos); 50 + int proc_dostring(struct ctl_table *, int, void *, size_t *, loff_t *); 51 + int proc_dointvec(struct ctl_table *, int, void *, size_t *, loff_t *); 52 + int proc_douintvec(struct ctl_table *, int, void *, size_t *, loff_t *); 53 + int proc_dointvec_minmax(struct ctl_table *, int, void *, size_t *, loff_t *); 54 + int proc_douintvec_minmax(struct ctl_table *table, int write, void *buffer, 55 + size_t *lenp, loff_t *ppos); 56 + int proc_dointvec_jiffies(struct ctl_table *, int, void *, size_t *, loff_t *); 57 + int proc_dointvec_userhz_jiffies(struct ctl_table *, int, void *, size_t *, 58 + loff_t *); 59 + int proc_dointvec_ms_jiffies(struct ctl_table *, int, void *, size_t *, 60 + loff_t *); 61 + int proc_doulongvec_minmax(struct ctl_table *, int, void *, size_t *, loff_t *); 62 + int proc_doulongvec_ms_jiffies_minmax(struct ctl_table *table, int, void *, 63 + size_t *, loff_t *); 64 + int proc_do_large_bitmap(struct ctl_table *, int, void *, size_t *, loff_t *); 65 + int proc_do_static_key(struct ctl_table *table, int write, void *buffer, 66 + size_t *lenp, loff_t *ppos); 76 67 77 68 /* 78 69 * Register a set of sysctl names by calling register_sysctl_table ··· 198 207 199 208 extern int sysctl_init(void); 200 209 210 + extern int pwrsw_enabled; 211 + extern int unaligned_enabled; 212 + extern int unaligned_dump_stack; 213 + extern int no_unaligned_warning; 214 + 201 215 extern struct ctl_table sysctl_mount_point[]; 216 + extern struct ctl_table random_table[]; 217 + extern struct ctl_table firmware_config_table[]; 218 + extern struct ctl_table epoll_table[]; 202 219 203 220 #else /* CONFIG_SYSCTL */ 204 221 static inline struct ctl_table_header *register_sysctl_table(struct ctl_table * table) ··· 237 238 238 239 #endif /* CONFIG_SYSCTL */ 239 240 240 - int sysctl_max_threads(struct ctl_table *table, int write, 241 - void __user *buffer, size_t *lenp, loff_t *ppos); 241 + int sysctl_max_threads(struct ctl_table *table, int write, void *buffer, 242 + size_t *lenp, loff_t *ppos); 242 243 243 244 #endif /* _LINUX_SYSCTL_H */
+1 -2
include/linux/timer.h
··· 201 201 202 202 extern unsigned int sysctl_timer_migration; 203 203 int timer_migration_handler(struct ctl_table *table, int write, 204 - void __user *buffer, size_t *lenp, 205 - loff_t *ppos); 204 + void *buffer, size_t *lenp, loff_t *ppos); 206 205 #endif 207 206 208 207 unsigned long __round_jiffies(unsigned long j, int cpu);
+4 -4
include/linux/vmstat.h
··· 16 16 #define DISABLE_NUMA_STAT 0 17 17 extern int sysctl_vm_numa_stat; 18 18 DECLARE_STATIC_KEY_TRUE(vm_numa_stat_key); 19 - extern int sysctl_vm_numa_stat_handler(struct ctl_table *table, 20 - int write, void __user *buffer, size_t *length, loff_t *ppos); 19 + int sysctl_vm_numa_stat_handler(struct ctl_table *table, int write, 20 + void *buffer, size_t *length, loff_t *ppos); 21 21 #endif 22 22 23 23 struct reclaim_stat { ··· 274 274 void refresh_zone_stat_thresholds(void); 275 275 276 276 struct ctl_table; 277 - int vmstat_refresh(struct ctl_table *, int write, 278 - void __user *buffer, size_t *lenp, loff_t *ppos); 277 + int vmstat_refresh(struct ctl_table *, int write, void *buffer, size_t *lenp, 278 + loff_t *ppos); 279 279 280 280 void drain_zonestat(struct zone *zone, struct per_cpu_pageset *); 281 281
+11 -17
include/linux/writeback.h
··· 362 362 extern int block_dump; 363 363 extern int laptop_mode; 364 364 365 - extern int dirty_background_ratio_handler(struct ctl_table *table, int write, 366 - void __user *buffer, size_t *lenp, 367 - loff_t *ppos); 368 - extern int dirty_background_bytes_handler(struct ctl_table *table, int write, 369 - void __user *buffer, size_t *lenp, 370 - loff_t *ppos); 371 - extern int dirty_ratio_handler(struct ctl_table *table, int write, 372 - void __user *buffer, size_t *lenp, 373 - loff_t *ppos); 374 - extern int dirty_bytes_handler(struct ctl_table *table, int write, 375 - void __user *buffer, size_t *lenp, 376 - loff_t *ppos); 365 + int dirty_background_ratio_handler(struct ctl_table *table, int write, 366 + void *buffer, size_t *lenp, loff_t *ppos); 367 + int dirty_background_bytes_handler(struct ctl_table *table, int write, 368 + void *buffer, size_t *lenp, loff_t *ppos); 369 + int dirty_ratio_handler(struct ctl_table *table, int write, 370 + void *buffer, size_t *lenp, loff_t *ppos); 371 + int dirty_bytes_handler(struct ctl_table *table, int write, 372 + void *buffer, size_t *lenp, loff_t *ppos); 377 373 int dirtytime_interval_handler(struct ctl_table *table, int write, 378 - void __user *buffer, size_t *lenp, loff_t *ppos); 379 - 380 - struct ctl_table; 381 - int dirty_writeback_centisecs_handler(struct ctl_table *, int, 382 - void __user *, size_t *, loff_t *); 374 + void *buffer, size_t *lenp, loff_t *ppos); 375 + int dirty_writeback_centisecs_handler(struct ctl_table *table, int write, 376 + void *buffer, size_t *lenp, loff_t *ppos); 383 377 384 378 void global_dirty_limits(unsigned long *pbackground, unsigned long *pdirty); 385 379 unsigned long wb_calc_thresh(struct bdi_writeback *wb, unsigned long thresh);
+5 -5
ipc/ipc_sysctl.c
··· 24 24 25 25 #ifdef CONFIG_PROC_SYSCTL 26 26 static int proc_ipc_dointvec(struct ctl_table *table, int write, 27 - void __user *buffer, size_t *lenp, loff_t *ppos) 27 + void *buffer, size_t *lenp, loff_t *ppos) 28 28 { 29 29 struct ctl_table ipc_table; 30 30 ··· 35 35 } 36 36 37 37 static int proc_ipc_dointvec_minmax(struct ctl_table *table, int write, 38 - void __user *buffer, size_t *lenp, loff_t *ppos) 38 + void *buffer, size_t *lenp, loff_t *ppos) 39 39 { 40 40 struct ctl_table ipc_table; 41 41 ··· 46 46 } 47 47 48 48 static int proc_ipc_dointvec_minmax_orphans(struct ctl_table *table, int write, 49 - void __user *buffer, size_t *lenp, loff_t *ppos) 49 + void *buffer, size_t *lenp, loff_t *ppos) 50 50 { 51 51 struct ipc_namespace *ns = current->nsproxy->ipc_ns; 52 52 int err = proc_ipc_dointvec_minmax(table, write, buffer, lenp, ppos); ··· 59 59 } 60 60 61 61 static int proc_ipc_doulongvec_minmax(struct ctl_table *table, int write, 62 - void __user *buffer, size_t *lenp, loff_t *ppos) 62 + void *buffer, size_t *lenp, loff_t *ppos) 63 63 { 64 64 struct ctl_table ipc_table; 65 65 memcpy(&ipc_table, table, sizeof(ipc_table)); ··· 70 70 } 71 71 72 72 static int proc_ipc_auto_msgmni(struct ctl_table *table, int write, 73 - void __user *buffer, size_t *lenp, loff_t *ppos) 73 + void *buffer, size_t *lenp, loff_t *ppos) 74 74 { 75 75 struct ctl_table ipc_table; 76 76 int dummy = 0;
+2 -2
ipc/mq_sysctl.c
··· 19 19 } 20 20 21 21 static int proc_mq_dointvec(struct ctl_table *table, int write, 22 - void __user *buffer, size_t *lenp, loff_t *ppos) 22 + void *buffer, size_t *lenp, loff_t *ppos) 23 23 { 24 24 struct ctl_table mq_table; 25 25 memcpy(&mq_table, table, sizeof(mq_table)); ··· 29 29 } 30 30 31 31 static int proc_mq_dointvec_minmax(struct ctl_table *table, int write, 32 - void __user *buffer, size_t *lenp, loff_t *ppos) 32 + void *buffer, size_t *lenp, loff_t *ppos) 33 33 { 34 34 struct ctl_table mq_table; 35 35 memcpy(&mq_table, table, sizeof(mq_table));
+12 -23
kernel/bpf/cgroup.c
··· 1122 1122 * @head: sysctl table header 1123 1123 * @table: sysctl table 1124 1124 * @write: sysctl is being read (= 0) or written (= 1) 1125 - * @buf: pointer to buffer passed by user space 1125 + * @buf: pointer to buffer (in and out) 1126 1126 * @pcount: value-result argument: value is size of buffer pointed to by @buf, 1127 1127 * result is size of @new_buf if program set new value, initial value 1128 1128 * otherwise 1129 1129 * @ppos: value-result argument: value is position at which read from or write 1130 1130 * to sysctl is happening, result is new position if program overrode it, 1131 1131 * initial value otherwise 1132 - * @new_buf: pointer to pointer to new buffer that will be allocated if program 1133 - * overrides new value provided by user space on sysctl write 1134 - * NOTE: it's caller responsibility to free *new_buf if it was set 1135 1132 * @type: type of program to be executed 1136 1133 * 1137 1134 * Program is run when sysctl is being accessed, either read or written, and ··· 1139 1142 */ 1140 1143 int __cgroup_bpf_run_filter_sysctl(struct ctl_table_header *head, 1141 1144 struct ctl_table *table, int write, 1142 - void __user *buf, size_t *pcount, 1143 - loff_t *ppos, void **new_buf, 1145 + void **buf, size_t *pcount, loff_t *ppos, 1144 1146 enum bpf_attach_type type) 1145 1147 { 1146 1148 struct bpf_sysctl_kern ctx = { ··· 1154 1158 .new_updated = 0, 1155 1159 }; 1156 1160 struct cgroup *cgrp; 1161 + loff_t pos = 0; 1157 1162 int ret; 1158 1163 1159 1164 ctx.cur_val = kmalloc_track_caller(ctx.cur_len, GFP_KERNEL); 1160 - if (ctx.cur_val) { 1161 - mm_segment_t old_fs; 1162 - loff_t pos = 0; 1163 - 1164 - old_fs = get_fs(); 1165 - set_fs(KERNEL_DS); 1166 - if (table->proc_handler(table, 0, (void __user *)ctx.cur_val, 1167 - &ctx.cur_len, &pos)) { 1168 - /* Let BPF program decide how to proceed. */ 1169 - ctx.cur_len = 0; 1170 - } 1171 - set_fs(old_fs); 1172 - } else { 1165 + if (!ctx.cur_val || 1166 + table->proc_handler(table, 0, ctx.cur_val, &ctx.cur_len, &pos)) { 1173 1167 /* Let BPF program decide how to proceed. */ 1174 1168 ctx.cur_len = 0; 1175 1169 } 1176 1170 1177 - if (write && buf && *pcount) { 1171 + if (write && *buf && *pcount) { 1178 1172 /* BPF program should be able to override new value with a 1179 1173 * buffer bigger than provided by user. 1180 1174 */ 1181 1175 ctx.new_val = kmalloc_track_caller(PAGE_SIZE, GFP_KERNEL); 1182 1176 ctx.new_len = min_t(size_t, PAGE_SIZE, *pcount); 1183 - if (!ctx.new_val || 1184 - copy_from_user(ctx.new_val, buf, ctx.new_len)) 1177 + if (ctx.new_val) { 1178 + memcpy(ctx.new_val, *buf, ctx.new_len); 1179 + } else { 1185 1180 /* Let BPF program decide how to proceed. */ 1186 1181 ctx.new_len = 0; 1182 + } 1187 1183 } 1188 1184 1189 1185 rcu_read_lock(); ··· 1186 1198 kfree(ctx.cur_val); 1187 1199 1188 1200 if (ret == 1 && ctx.new_updated) { 1189 - *new_buf = ctx.new_val; 1201 + kfree(*buf); 1202 + *buf = ctx.new_val; 1190 1203 *pcount = ctx.new_len; 1191 1204 } else { 1192 1205 kfree(ctx.new_val);
+1 -1
kernel/events/callchain.c
··· 236 236 * sysctl_perf_event_max_contexts_per_stack. 237 237 */ 238 238 int perf_event_max_stack_handler(struct ctl_table *table, int write, 239 - void __user *buffer, size_t *lenp, loff_t *ppos) 239 + void *buffer, size_t *lenp, loff_t *ppos) 240 240 { 241 241 int *value = table->data; 242 242 int new_value = *value, ret;
+2 -4
kernel/events/core.c
··· 437 437 static bool perf_rotate_context(struct perf_cpu_context *cpuctx); 438 438 439 439 int perf_proc_update_handler(struct ctl_table *table, int write, 440 - void __user *buffer, size_t *lenp, 441 - loff_t *ppos) 440 + void *buffer, size_t *lenp, loff_t *ppos) 442 441 { 443 442 int ret; 444 443 int perf_cpu = sysctl_perf_cpu_time_max_percent; ··· 461 462 int sysctl_perf_cpu_time_max_percent __read_mostly = DEFAULT_CPU_TIME_MAX_PERCENT; 462 463 463 464 int perf_cpu_time_max_percent_handler(struct ctl_table *table, int write, 464 - void __user *buffer, size_t *lenp, 465 - loff_t *ppos) 465 + void *buffer, size_t *lenp, loff_t *ppos) 466 466 { 467 467 int ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos); 468 468
+1 -1
kernel/kprobes.c
··· 892 892 static DEFINE_MUTEX(kprobe_sysctl_mutex); 893 893 int sysctl_kprobes_optimization; 894 894 int proc_kprobes_optimization_handler(struct ctl_table *table, int write, 895 - void __user *buffer, size_t *length, 895 + void *buffer, size_t *length, 896 896 loff_t *ppos) 897 897 { 898 898 int ret;
+2 -2
kernel/latencytop.c
··· 269 269 return 0; 270 270 } 271 271 272 - int sysctl_latencytop(struct ctl_table *table, int write, 273 - void __user *buffer, size_t *lenp, loff_t *ppos) 272 + int sysctl_latencytop(struct ctl_table *table, int write, void *buffer, 273 + size_t *lenp, loff_t *ppos) 274 274 { 275 275 int err; 276 276
+1 -1
kernel/pid_namespace.c
··· 263 263 264 264 #ifdef CONFIG_CHECKPOINT_RESTORE 265 265 static int pid_ns_ctl_handler(struct ctl_table *table, int write, 266 - void __user *buffer, size_t *lenp, loff_t *ppos) 266 + void *buffer, size_t *lenp, loff_t *ppos) 267 267 { 268 268 struct pid_namespace *pid_ns = task_active_pid_ns(current); 269 269 struct ctl_table tmp = *table;
+1 -1
kernel/printk/printk.c
··· 173 173 char devkmsg_log_str[DEVKMSG_STR_MAX_SIZE] = "ratelimit"; 174 174 175 175 int devkmsg_sysctl_set_loglvl(struct ctl_table *table, int write, 176 - void __user *buffer, size_t *lenp, loff_t *ppos) 176 + void *buffer, size_t *lenp, loff_t *ppos) 177 177 { 178 178 char old_str[DEVKMSG_STR_MAX_SIZE]; 179 179 unsigned int old;
+4 -5
kernel/sched/core.c
··· 1110 1110 #endif 1111 1111 1112 1112 int sysctl_sched_uclamp_handler(struct ctl_table *table, int write, 1113 - void __user *buffer, size_t *lenp, 1114 - loff_t *ppos) 1113 + void *buffer, size_t *lenp, loff_t *ppos) 1115 1114 { 1116 1115 bool update_root_tg = false; 1117 1116 int old_min, old_max; ··· 2717 2718 2718 2719 #ifdef CONFIG_PROC_SYSCTL 2719 2720 int sysctl_numa_balancing(struct ctl_table *table, int write, 2720 - void __user *buffer, size_t *lenp, loff_t *ppos) 2721 + void *buffer, size_t *lenp, loff_t *ppos) 2721 2722 { 2722 2723 struct ctl_table t; 2723 2724 int err; ··· 2791 2792 } 2792 2793 2793 2794 #ifdef CONFIG_PROC_SYSCTL 2794 - int sysctl_schedstats(struct ctl_table *table, int write, 2795 - void __user *buffer, size_t *lenp, loff_t *ppos) 2795 + int sysctl_schedstats(struct ctl_table *table, int write, void *buffer, 2796 + size_t *lenp, loff_t *ppos) 2796 2797 { 2797 2798 struct ctl_table t; 2798 2799 int err;
+1 -2
kernel/sched/fair.c
··· 645 645 */ 646 646 647 647 int sched_proc_update_handler(struct ctl_table *table, int write, 648 - void __user *buffer, size_t *lenp, 649 - loff_t *ppos) 648 + void *buffer, size_t *lenp, loff_t *ppos) 650 649 { 651 650 int ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos); 652 651 unsigned int factor = get_update_sysctl_factor();
+4 -6
kernel/sched/rt.c
··· 2714 2714 def_rt_bandwidth.rt_period = ns_to_ktime(global_rt_period()); 2715 2715 } 2716 2716 2717 - int sched_rt_handler(struct ctl_table *table, int write, 2718 - void __user *buffer, size_t *lenp, 2719 - loff_t *ppos) 2717 + int sched_rt_handler(struct ctl_table *table, int write, void *buffer, 2718 + size_t *lenp, loff_t *ppos) 2720 2719 { 2721 2720 int old_period, old_runtime; 2722 2721 static DEFINE_MUTEX(mutex); ··· 2753 2754 return ret; 2754 2755 } 2755 2756 2756 - int sched_rr_handler(struct ctl_table *table, int write, 2757 - void __user *buffer, size_t *lenp, 2758 - loff_t *ppos) 2757 + int sched_rr_handler(struct ctl_table *table, int write, void *buffer, 2758 + size_t *lenp, loff_t *ppos) 2759 2759 { 2760 2760 int ret; 2761 2761 static DEFINE_MUTEX(mutex);
+1 -1
kernel/sched/topology.c
··· 209 209 210 210 #ifdef CONFIG_PROC_SYSCTL 211 211 int sched_energy_aware_handler(struct ctl_table *table, int write, 212 - void __user *buffer, size_t *lenp, loff_t *ppos) 212 + void *buffer, size_t *lenp, loff_t *ppos) 213 213 { 214 214 int ret, state; 215 215
+1 -1
kernel/seccomp.c
··· 1776 1776 } 1777 1777 1778 1778 static int seccomp_actions_logged_handler(struct ctl_table *ro_table, int write, 1779 - void __user *buffer, size_t *lenp, 1779 + void *buffer, size_t *lenp, 1780 1780 loff_t *ppos) 1781 1781 { 1782 1782 int ret;
+1447 -1580
kernel/sysctl.c
··· 68 68 #include <linux/bpf.h> 69 69 #include <linux/mount.h> 70 70 #include <linux/userfaultfd_k.h> 71 + #include <linux/coredump.h> 72 + #include <linux/latencytop.h> 73 + #include <linux/pid.h> 71 74 72 75 #include "../lib/kstrtox.h" 73 76 ··· 105 102 #endif 106 103 107 104 #if defined(CONFIG_SYSCTL) 108 - 109 - /* External variables not in a header file. */ 110 - extern int suid_dumpable; 111 - #ifdef CONFIG_COREDUMP 112 - extern int core_uses_pid; 113 - extern char core_pattern[]; 114 - extern unsigned int core_pipe_limit; 115 - #endif 116 - extern int pid_max; 117 - extern int pid_max_min, pid_max_max; 118 - extern int percpu_pagelist_fraction; 119 - extern int latencytop_enabled; 120 - extern unsigned int sysctl_nr_open_min, sysctl_nr_open_max; 121 - #ifndef CONFIG_MMU 122 - extern int sysctl_nr_trim_pages; 123 - #endif 124 105 125 106 /* Constants used for minimum and maximum */ 126 107 #ifdef CONFIG_LOCKUP_DETECTOR ··· 147 160 #ifdef CONFIG_INOTIFY_USER 148 161 #include <linux/inotify.h> 149 162 #endif 150 - #ifdef CONFIG_SPARC 151 - #endif 152 - 153 - #ifdef CONFIG_PARISC 154 - extern int pwrsw_enabled; 155 - #endif 156 - 157 - #ifdef CONFIG_SYSCTL_ARCH_UNALIGN_ALLOW 158 - extern int unaligned_enabled; 159 - #endif 160 - 161 - #ifdef CONFIG_IA64 162 - extern int unaligned_dump_stack; 163 - #endif 164 - 165 - #ifdef CONFIG_SYSCTL_ARCH_UNALIGN_NO_WARN 166 - extern int no_unaligned_warning; 167 - #endif 168 163 169 164 #ifdef CONFIG_PROC_SYSCTL 170 165 ··· 176 207 }; 177 208 178 209 static enum sysctl_writes_mode sysctl_writes_strict = SYSCTL_WRITES_STRICT; 179 - 180 - static int proc_do_cad_pid(struct ctl_table *table, int write, 181 - void __user *buffer, size_t *lenp, loff_t *ppos); 182 - static int proc_taint(struct ctl_table *table, int write, 183 - void __user *buffer, size_t *lenp, loff_t *ppos); 184 - #ifdef CONFIG_COMPACTION 185 - static int proc_dointvec_minmax_warn_RT_change(struct ctl_table *table, 186 - int write, void __user *buffer, 187 - size_t *lenp, loff_t *ppos); 188 - #endif 189 - #endif 190 - 191 - #ifdef CONFIG_PRINTK 192 - static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, 193 - void __user *buffer, size_t *lenp, loff_t *ppos); 194 - #endif 195 - 196 - static int proc_dointvec_minmax_coredump(struct ctl_table *table, int write, 197 - void __user *buffer, size_t *lenp, loff_t *ppos); 198 - #ifdef CONFIG_COREDUMP 199 - static int proc_dostring_coredump(struct ctl_table *table, int write, 200 - void __user *buffer, size_t *lenp, loff_t *ppos); 201 - #endif 202 - static int proc_dopipe_max_size(struct ctl_table *table, int write, 203 - void __user *buffer, size_t *lenp, loff_t *ppos); 204 - 205 - #ifdef CONFIG_MAGIC_SYSRQ 206 - static int sysrq_sysctl_handler(struct ctl_table *table, int write, 207 - void __user *buffer, size_t *lenp, loff_t *ppos); 208 - #endif 209 - 210 - static struct ctl_table kern_table[]; 211 - static struct ctl_table vm_table[]; 212 - static struct ctl_table fs_table[]; 213 - static struct ctl_table debug_table[]; 214 - static struct ctl_table dev_table[]; 215 - extern struct ctl_table random_table[]; 216 - #ifdef CONFIG_EPOLL 217 - extern struct ctl_table epoll_table[]; 218 - #endif 219 - 220 - #ifdef CONFIG_FW_LOADER_USER_HELPER 221 - extern struct ctl_table firmware_config_table[]; 222 - #endif 210 + #endif /* CONFIG_PROC_SYSCTL */ 223 211 224 212 #if defined(HAVE_ARCH_PICK_MMAP_LAYOUT) || \ 225 213 defined(CONFIG_ARCH_WANT_DEFAULT_TOPDOWN_MMAP_LAYOUT) 226 214 int sysctl_legacy_va_layout; 227 215 #endif 228 - 229 - /* The default sysctl tables: */ 230 - 231 - static struct ctl_table sysctl_base_table[] = { 232 - { 233 - .procname = "kernel", 234 - .mode = 0555, 235 - .child = kern_table, 236 - }, 237 - { 238 - .procname = "vm", 239 - .mode = 0555, 240 - .child = vm_table, 241 - }, 242 - { 243 - .procname = "fs", 244 - .mode = 0555, 245 - .child = fs_table, 246 - }, 247 - { 248 - .procname = "debug", 249 - .mode = 0555, 250 - .child = debug_table, 251 - }, 252 - { 253 - .procname = "dev", 254 - .mode = 0555, 255 - .child = dev_table, 256 - }, 257 - { } 258 - }; 259 216 260 217 #ifdef CONFIG_SCHED_DEBUG 261 218 static int min_sched_granularity_ns = 100000; /* 100 usecs */ ··· 198 303 static int min_extfrag_threshold; 199 304 static int max_extfrag_threshold = 1000; 200 305 #endif 306 + 307 + #endif /* CONFIG_SYSCTL */ 308 + 309 + /* 310 + * /proc/sys support 311 + */ 312 + 313 + #ifdef CONFIG_PROC_SYSCTL 314 + 315 + static int _proc_do_string(char *data, int maxlen, int write, 316 + char *buffer, size_t *lenp, loff_t *ppos) 317 + { 318 + size_t len; 319 + char c, *p; 320 + 321 + if (!data || !maxlen || !*lenp) { 322 + *lenp = 0; 323 + return 0; 324 + } 325 + 326 + if (write) { 327 + if (sysctl_writes_strict == SYSCTL_WRITES_STRICT) { 328 + /* Only continue writes not past the end of buffer. */ 329 + len = strlen(data); 330 + if (len > maxlen - 1) 331 + len = maxlen - 1; 332 + 333 + if (*ppos > len) 334 + return 0; 335 + len = *ppos; 336 + } else { 337 + /* Start writing from beginning of buffer. */ 338 + len = 0; 339 + } 340 + 341 + *ppos += *lenp; 342 + p = buffer; 343 + while ((p - buffer) < *lenp && len < maxlen - 1) { 344 + c = *(p++); 345 + if (c == 0 || c == '\n') 346 + break; 347 + data[len++] = c; 348 + } 349 + data[len] = 0; 350 + } else { 351 + len = strlen(data); 352 + if (len > maxlen) 353 + len = maxlen; 354 + 355 + if (*ppos > len) { 356 + *lenp = 0; 357 + return 0; 358 + } 359 + 360 + data += *ppos; 361 + len -= *ppos; 362 + 363 + if (len > *lenp) 364 + len = *lenp; 365 + if (len) 366 + memcpy(buffer, data, len); 367 + if (len < *lenp) { 368 + buffer[len] = '\n'; 369 + len++; 370 + } 371 + *lenp = len; 372 + *ppos += len; 373 + } 374 + return 0; 375 + } 376 + 377 + static void warn_sysctl_write(struct ctl_table *table) 378 + { 379 + pr_warn_once("%s wrote to %s when file position was not 0!\n" 380 + "This will not be supported in the future. To silence this\n" 381 + "warning, set kernel.sysctl_writes_strict = -1\n", 382 + current->comm, table->procname); 383 + } 384 + 385 + /** 386 + * proc_first_pos_non_zero_ignore - check if first position is allowed 387 + * @ppos: file position 388 + * @table: the sysctl table 389 + * 390 + * Returns true if the first position is non-zero and the sysctl_writes_strict 391 + * mode indicates this is not allowed for numeric input types. String proc 392 + * handlers can ignore the return value. 393 + */ 394 + static bool proc_first_pos_non_zero_ignore(loff_t *ppos, 395 + struct ctl_table *table) 396 + { 397 + if (!*ppos) 398 + return false; 399 + 400 + switch (sysctl_writes_strict) { 401 + case SYSCTL_WRITES_STRICT: 402 + return true; 403 + case SYSCTL_WRITES_WARN: 404 + warn_sysctl_write(table); 405 + return false; 406 + default: 407 + return false; 408 + } 409 + } 410 + 411 + /** 412 + * proc_dostring - read a string sysctl 413 + * @table: the sysctl table 414 + * @write: %TRUE if this is a write to the sysctl file 415 + * @buffer: the user buffer 416 + * @lenp: the size of the user buffer 417 + * @ppos: file position 418 + * 419 + * Reads/writes a string from/to the user buffer. If the kernel 420 + * buffer provided is not large enough to hold the string, the 421 + * string is truncated. The copied string is %NULL-terminated. 422 + * If the string is being read by the user process, it is copied 423 + * and a newline '\n' is added. It is truncated if the buffer is 424 + * not large enough. 425 + * 426 + * Returns 0 on success. 427 + */ 428 + int proc_dostring(struct ctl_table *table, int write, 429 + void *buffer, size_t *lenp, loff_t *ppos) 430 + { 431 + if (write) 432 + proc_first_pos_non_zero_ignore(ppos, table); 433 + 434 + return _proc_do_string(table->data, table->maxlen, write, buffer, lenp, 435 + ppos); 436 + } 437 + 438 + static size_t proc_skip_spaces(char **buf) 439 + { 440 + size_t ret; 441 + char *tmp = skip_spaces(*buf); 442 + ret = tmp - *buf; 443 + *buf = tmp; 444 + return ret; 445 + } 446 + 447 + static void proc_skip_char(char **buf, size_t *size, const char v) 448 + { 449 + while (*size) { 450 + if (**buf != v) 451 + break; 452 + (*size)--; 453 + (*buf)++; 454 + } 455 + } 456 + 457 + /** 458 + * strtoul_lenient - parse an ASCII formatted integer from a buffer and only 459 + * fail on overflow 460 + * 461 + * @cp: kernel buffer containing the string to parse 462 + * @endp: pointer to store the trailing characters 463 + * @base: the base to use 464 + * @res: where the parsed integer will be stored 465 + * 466 + * In case of success 0 is returned and @res will contain the parsed integer, 467 + * @endp will hold any trailing characters. 468 + * This function will fail the parse on overflow. If there wasn't an overflow 469 + * the function will defer the decision what characters count as invalid to the 470 + * caller. 471 + */ 472 + static int strtoul_lenient(const char *cp, char **endp, unsigned int base, 473 + unsigned long *res) 474 + { 475 + unsigned long long result; 476 + unsigned int rv; 477 + 478 + cp = _parse_integer_fixup_radix(cp, &base); 479 + rv = _parse_integer(cp, base, &result); 480 + if ((rv & KSTRTOX_OVERFLOW) || (result != (unsigned long)result)) 481 + return -ERANGE; 482 + 483 + cp += rv; 484 + 485 + if (endp) 486 + *endp = (char *)cp; 487 + 488 + *res = (unsigned long)result; 489 + return 0; 490 + } 491 + 492 + #define TMPBUFLEN 22 493 + /** 494 + * proc_get_long - reads an ASCII formatted integer from a user buffer 495 + * 496 + * @buf: a kernel buffer 497 + * @size: size of the kernel buffer 498 + * @val: this is where the number will be stored 499 + * @neg: set to %TRUE if number is negative 500 + * @perm_tr: a vector which contains the allowed trailers 501 + * @perm_tr_len: size of the perm_tr vector 502 + * @tr: pointer to store the trailer character 503 + * 504 + * In case of success %0 is returned and @buf and @size are updated with 505 + * the amount of bytes read. If @tr is non-NULL and a trailing 506 + * character exists (size is non-zero after returning from this 507 + * function), @tr is updated with the trailing character. 508 + */ 509 + static int proc_get_long(char **buf, size_t *size, 510 + unsigned long *val, bool *neg, 511 + const char *perm_tr, unsigned perm_tr_len, char *tr) 512 + { 513 + int len; 514 + char *p, tmp[TMPBUFLEN]; 515 + 516 + if (!*size) 517 + return -EINVAL; 518 + 519 + len = *size; 520 + if (len > TMPBUFLEN - 1) 521 + len = TMPBUFLEN - 1; 522 + 523 + memcpy(tmp, *buf, len); 524 + 525 + tmp[len] = 0; 526 + p = tmp; 527 + if (*p == '-' && *size > 1) { 528 + *neg = true; 529 + p++; 530 + } else 531 + *neg = false; 532 + if (!isdigit(*p)) 533 + return -EINVAL; 534 + 535 + if (strtoul_lenient(p, &p, 0, val)) 536 + return -EINVAL; 537 + 538 + len = p - tmp; 539 + 540 + /* We don't know if the next char is whitespace thus we may accept 541 + * invalid integers (e.g. 1234...a) or two integers instead of one 542 + * (e.g. 123...1). So lets not allow such large numbers. */ 543 + if (len == TMPBUFLEN - 1) 544 + return -EINVAL; 545 + 546 + if (len < *size && perm_tr_len && !memchr(perm_tr, *p, perm_tr_len)) 547 + return -EINVAL; 548 + 549 + if (tr && (len < *size)) 550 + *tr = *p; 551 + 552 + *buf += len; 553 + *size -= len; 554 + 555 + return 0; 556 + } 557 + 558 + /** 559 + * proc_put_long - converts an integer to a decimal ASCII formatted string 560 + * 561 + * @buf: the user buffer 562 + * @size: the size of the user buffer 563 + * @val: the integer to be converted 564 + * @neg: sign of the number, %TRUE for negative 565 + * 566 + * In case of success @buf and @size are updated with the amount of bytes 567 + * written. 568 + */ 569 + static void proc_put_long(void **buf, size_t *size, unsigned long val, bool neg) 570 + { 571 + int len; 572 + char tmp[TMPBUFLEN], *p = tmp; 573 + 574 + sprintf(p, "%s%lu", neg ? "-" : "", val); 575 + len = strlen(tmp); 576 + if (len > *size) 577 + len = *size; 578 + memcpy(*buf, tmp, len); 579 + *size -= len; 580 + *buf += len; 581 + } 582 + #undef TMPBUFLEN 583 + 584 + static void proc_put_char(void **buf, size_t *size, char c) 585 + { 586 + if (*size) { 587 + char **buffer = (char **)buf; 588 + **buffer = c; 589 + 590 + (*size)--; 591 + (*buffer)++; 592 + *buf = *buffer; 593 + } 594 + } 595 + 596 + static int do_proc_dointvec_conv(bool *negp, unsigned long *lvalp, 597 + int *valp, 598 + int write, void *data) 599 + { 600 + if (write) { 601 + if (*negp) { 602 + if (*lvalp > (unsigned long) INT_MAX + 1) 603 + return -EINVAL; 604 + *valp = -*lvalp; 605 + } else { 606 + if (*lvalp > (unsigned long) INT_MAX) 607 + return -EINVAL; 608 + *valp = *lvalp; 609 + } 610 + } else { 611 + int val = *valp; 612 + if (val < 0) { 613 + *negp = true; 614 + *lvalp = -(unsigned long)val; 615 + } else { 616 + *negp = false; 617 + *lvalp = (unsigned long)val; 618 + } 619 + } 620 + return 0; 621 + } 622 + 623 + static int do_proc_douintvec_conv(unsigned long *lvalp, 624 + unsigned int *valp, 625 + int write, void *data) 626 + { 627 + if (write) { 628 + if (*lvalp > UINT_MAX) 629 + return -EINVAL; 630 + *valp = *lvalp; 631 + } else { 632 + unsigned int val = *valp; 633 + *lvalp = (unsigned long)val; 634 + } 635 + return 0; 636 + } 637 + 638 + static const char proc_wspace_sep[] = { ' ', '\t', '\n' }; 639 + 640 + static int __do_proc_dointvec(void *tbl_data, struct ctl_table *table, 641 + int write, void *buffer, 642 + size_t *lenp, loff_t *ppos, 643 + int (*conv)(bool *negp, unsigned long *lvalp, int *valp, 644 + int write, void *data), 645 + void *data) 646 + { 647 + int *i, vleft, first = 1, err = 0; 648 + size_t left; 649 + char *p; 650 + 651 + if (!tbl_data || !table->maxlen || !*lenp || (*ppos && !write)) { 652 + *lenp = 0; 653 + return 0; 654 + } 655 + 656 + i = (int *) tbl_data; 657 + vleft = table->maxlen / sizeof(*i); 658 + left = *lenp; 659 + 660 + if (!conv) 661 + conv = do_proc_dointvec_conv; 662 + 663 + if (write) { 664 + if (proc_first_pos_non_zero_ignore(ppos, table)) 665 + goto out; 666 + 667 + if (left > PAGE_SIZE - 1) 668 + left = PAGE_SIZE - 1; 669 + p = buffer; 670 + } 671 + 672 + for (; left && vleft--; i++, first=0) { 673 + unsigned long lval; 674 + bool neg; 675 + 676 + if (write) { 677 + left -= proc_skip_spaces(&p); 678 + 679 + if (!left) 680 + break; 681 + err = proc_get_long(&p, &left, &lval, &neg, 682 + proc_wspace_sep, 683 + sizeof(proc_wspace_sep), NULL); 684 + if (err) 685 + break; 686 + if (conv(&neg, &lval, i, 1, data)) { 687 + err = -EINVAL; 688 + break; 689 + } 690 + } else { 691 + if (conv(&neg, &lval, i, 0, data)) { 692 + err = -EINVAL; 693 + break; 694 + } 695 + if (!first) 696 + proc_put_char(&buffer, &left, '\t'); 697 + proc_put_long(&buffer, &left, lval, neg); 698 + } 699 + } 700 + 701 + if (!write && !first && left && !err) 702 + proc_put_char(&buffer, &left, '\n'); 703 + if (write && !err && left) 704 + left -= proc_skip_spaces(&p); 705 + if (write && first) 706 + return err ? : -EINVAL; 707 + *lenp -= left; 708 + out: 709 + *ppos += *lenp; 710 + return err; 711 + } 712 + 713 + static int do_proc_dointvec(struct ctl_table *table, int write, 714 + void *buffer, size_t *lenp, loff_t *ppos, 715 + int (*conv)(bool *negp, unsigned long *lvalp, int *valp, 716 + int write, void *data), 717 + void *data) 718 + { 719 + return __do_proc_dointvec(table->data, table, write, 720 + buffer, lenp, ppos, conv, data); 721 + } 722 + 723 + static int do_proc_douintvec_w(unsigned int *tbl_data, 724 + struct ctl_table *table, 725 + void *buffer, 726 + size_t *lenp, loff_t *ppos, 727 + int (*conv)(unsigned long *lvalp, 728 + unsigned int *valp, 729 + int write, void *data), 730 + void *data) 731 + { 732 + unsigned long lval; 733 + int err = 0; 734 + size_t left; 735 + bool neg; 736 + char *p = buffer; 737 + 738 + left = *lenp; 739 + 740 + if (proc_first_pos_non_zero_ignore(ppos, table)) 741 + goto bail_early; 742 + 743 + if (left > PAGE_SIZE - 1) 744 + left = PAGE_SIZE - 1; 745 + 746 + left -= proc_skip_spaces(&p); 747 + if (!left) { 748 + err = -EINVAL; 749 + goto out_free; 750 + } 751 + 752 + err = proc_get_long(&p, &left, &lval, &neg, 753 + proc_wspace_sep, 754 + sizeof(proc_wspace_sep), NULL); 755 + if (err || neg) { 756 + err = -EINVAL; 757 + goto out_free; 758 + } 759 + 760 + if (conv(&lval, tbl_data, 1, data)) { 761 + err = -EINVAL; 762 + goto out_free; 763 + } 764 + 765 + if (!err && left) 766 + left -= proc_skip_spaces(&p); 767 + 768 + out_free: 769 + if (err) 770 + return -EINVAL; 771 + 772 + return 0; 773 + 774 + /* This is in keeping with old __do_proc_dointvec() */ 775 + bail_early: 776 + *ppos += *lenp; 777 + return err; 778 + } 779 + 780 + static int do_proc_douintvec_r(unsigned int *tbl_data, void *buffer, 781 + size_t *lenp, loff_t *ppos, 782 + int (*conv)(unsigned long *lvalp, 783 + unsigned int *valp, 784 + int write, void *data), 785 + void *data) 786 + { 787 + unsigned long lval; 788 + int err = 0; 789 + size_t left; 790 + 791 + left = *lenp; 792 + 793 + if (conv(&lval, tbl_data, 0, data)) { 794 + err = -EINVAL; 795 + goto out; 796 + } 797 + 798 + proc_put_long(&buffer, &left, lval, false); 799 + if (!left) 800 + goto out; 801 + 802 + proc_put_char(&buffer, &left, '\n'); 803 + 804 + out: 805 + *lenp -= left; 806 + *ppos += *lenp; 807 + 808 + return err; 809 + } 810 + 811 + static int __do_proc_douintvec(void *tbl_data, struct ctl_table *table, 812 + int write, void *buffer, 813 + size_t *lenp, loff_t *ppos, 814 + int (*conv)(unsigned long *lvalp, 815 + unsigned int *valp, 816 + int write, void *data), 817 + void *data) 818 + { 819 + unsigned int *i, vleft; 820 + 821 + if (!tbl_data || !table->maxlen || !*lenp || (*ppos && !write)) { 822 + *lenp = 0; 823 + return 0; 824 + } 825 + 826 + i = (unsigned int *) tbl_data; 827 + vleft = table->maxlen / sizeof(*i); 828 + 829 + /* 830 + * Arrays are not supported, keep this simple. *Do not* add 831 + * support for them. 832 + */ 833 + if (vleft != 1) { 834 + *lenp = 0; 835 + return -EINVAL; 836 + } 837 + 838 + if (!conv) 839 + conv = do_proc_douintvec_conv; 840 + 841 + if (write) 842 + return do_proc_douintvec_w(i, table, buffer, lenp, ppos, 843 + conv, data); 844 + return do_proc_douintvec_r(i, buffer, lenp, ppos, conv, data); 845 + } 846 + 847 + static int do_proc_douintvec(struct ctl_table *table, int write, 848 + void *buffer, size_t *lenp, loff_t *ppos, 849 + int (*conv)(unsigned long *lvalp, 850 + unsigned int *valp, 851 + int write, void *data), 852 + void *data) 853 + { 854 + return __do_proc_douintvec(table->data, table, write, 855 + buffer, lenp, ppos, conv, data); 856 + } 857 + 858 + /** 859 + * proc_dointvec - read a vector of integers 860 + * @table: the sysctl table 861 + * @write: %TRUE if this is a write to the sysctl file 862 + * @buffer: the user buffer 863 + * @lenp: the size of the user buffer 864 + * @ppos: file position 865 + * 866 + * Reads/writes up to table->maxlen/sizeof(unsigned int) integer 867 + * values from/to the user buffer, treated as an ASCII string. 868 + * 869 + * Returns 0 on success. 870 + */ 871 + int proc_dointvec(struct ctl_table *table, int write, void *buffer, 872 + size_t *lenp, loff_t *ppos) 873 + { 874 + return do_proc_dointvec(table, write, buffer, lenp, ppos, NULL, NULL); 875 + } 876 + 877 + #ifdef CONFIG_COMPACTION 878 + static int proc_dointvec_minmax_warn_RT_change(struct ctl_table *table, 879 + int write, void *buffer, size_t *lenp, loff_t *ppos) 880 + { 881 + int ret, old; 882 + 883 + if (!IS_ENABLED(CONFIG_PREEMPT_RT) || !write) 884 + return proc_dointvec_minmax(table, write, buffer, lenp, ppos); 885 + 886 + old = *(int *)table->data; 887 + ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos); 888 + if (ret) 889 + return ret; 890 + if (old != *(int *)table->data) 891 + pr_warn_once("sysctl attribute %s changed by %s[%d]\n", 892 + table->procname, current->comm, 893 + task_pid_nr(current)); 894 + return ret; 895 + } 896 + #endif 897 + 898 + /** 899 + * proc_douintvec - read a vector of unsigned integers 900 + * @table: the sysctl table 901 + * @write: %TRUE if this is a write to the sysctl file 902 + * @buffer: the user buffer 903 + * @lenp: the size of the user buffer 904 + * @ppos: file position 905 + * 906 + * Reads/writes up to table->maxlen/sizeof(unsigned int) unsigned integer 907 + * values from/to the user buffer, treated as an ASCII string. 908 + * 909 + * Returns 0 on success. 910 + */ 911 + int proc_douintvec(struct ctl_table *table, int write, void *buffer, 912 + size_t *lenp, loff_t *ppos) 913 + { 914 + return do_proc_douintvec(table, write, buffer, lenp, ppos, 915 + do_proc_douintvec_conv, NULL); 916 + } 917 + 918 + /* 919 + * Taint values can only be increased 920 + * This means we can safely use a temporary. 921 + */ 922 + static int proc_taint(struct ctl_table *table, int write, 923 + void *buffer, size_t *lenp, loff_t *ppos) 924 + { 925 + struct ctl_table t; 926 + unsigned long tmptaint = get_taint(); 927 + int err; 928 + 929 + if (write && !capable(CAP_SYS_ADMIN)) 930 + return -EPERM; 931 + 932 + t = *table; 933 + t.data = &tmptaint; 934 + err = proc_doulongvec_minmax(&t, write, buffer, lenp, ppos); 935 + if (err < 0) 936 + return err; 937 + 938 + if (write) { 939 + /* 940 + * Poor man's atomic or. Not worth adding a primitive 941 + * to everyone's atomic.h for this 942 + */ 943 + int i; 944 + for (i = 0; i < BITS_PER_LONG && tmptaint >> i; i++) { 945 + if ((tmptaint >> i) & 1) 946 + add_taint(i, LOCKDEP_STILL_OK); 947 + } 948 + } 949 + 950 + return err; 951 + } 952 + 953 + #ifdef CONFIG_PRINTK 954 + static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, 955 + void *buffer, size_t *lenp, loff_t *ppos) 956 + { 957 + if (write && !capable(CAP_SYS_ADMIN)) 958 + return -EPERM; 959 + 960 + return proc_dointvec_minmax(table, write, buffer, lenp, ppos); 961 + } 962 + #endif 963 + 964 + /** 965 + * struct do_proc_dointvec_minmax_conv_param - proc_dointvec_minmax() range checking structure 966 + * @min: pointer to minimum allowable value 967 + * @max: pointer to maximum allowable value 968 + * 969 + * The do_proc_dointvec_minmax_conv_param structure provides the 970 + * minimum and maximum values for doing range checking for those sysctl 971 + * parameters that use the proc_dointvec_minmax() handler. 972 + */ 973 + struct do_proc_dointvec_minmax_conv_param { 974 + int *min; 975 + int *max; 976 + }; 977 + 978 + static int do_proc_dointvec_minmax_conv(bool *negp, unsigned long *lvalp, 979 + int *valp, 980 + int write, void *data) 981 + { 982 + int tmp, ret; 983 + struct do_proc_dointvec_minmax_conv_param *param = data; 984 + /* 985 + * If writing, first do so via a temporary local int so we can 986 + * bounds-check it before touching *valp. 987 + */ 988 + int *ip = write ? &tmp : valp; 989 + 990 + ret = do_proc_dointvec_conv(negp, lvalp, ip, write, data); 991 + if (ret) 992 + return ret; 993 + 994 + if (write) { 995 + if ((param->min && *param->min > tmp) || 996 + (param->max && *param->max < tmp)) 997 + return -EINVAL; 998 + *valp = tmp; 999 + } 1000 + 1001 + return 0; 1002 + } 1003 + 1004 + /** 1005 + * proc_dointvec_minmax - read a vector of integers with min/max values 1006 + * @table: the sysctl table 1007 + * @write: %TRUE if this is a write to the sysctl file 1008 + * @buffer: the user buffer 1009 + * @lenp: the size of the user buffer 1010 + * @ppos: file position 1011 + * 1012 + * Reads/writes up to table->maxlen/sizeof(unsigned int) integer 1013 + * values from/to the user buffer, treated as an ASCII string. 1014 + * 1015 + * This routine will ensure the values are within the range specified by 1016 + * table->extra1 (min) and table->extra2 (max). 1017 + * 1018 + * Returns 0 on success or -EINVAL on write when the range check fails. 1019 + */ 1020 + int proc_dointvec_minmax(struct ctl_table *table, int write, 1021 + void *buffer, size_t *lenp, loff_t *ppos) 1022 + { 1023 + struct do_proc_dointvec_minmax_conv_param param = { 1024 + .min = (int *) table->extra1, 1025 + .max = (int *) table->extra2, 1026 + }; 1027 + return do_proc_dointvec(table, write, buffer, lenp, ppos, 1028 + do_proc_dointvec_minmax_conv, &param); 1029 + } 1030 + 1031 + /** 1032 + * struct do_proc_douintvec_minmax_conv_param - proc_douintvec_minmax() range checking structure 1033 + * @min: pointer to minimum allowable value 1034 + * @max: pointer to maximum allowable value 1035 + * 1036 + * The do_proc_douintvec_minmax_conv_param structure provides the 1037 + * minimum and maximum values for doing range checking for those sysctl 1038 + * parameters that use the proc_douintvec_minmax() handler. 1039 + */ 1040 + struct do_proc_douintvec_minmax_conv_param { 1041 + unsigned int *min; 1042 + unsigned int *max; 1043 + }; 1044 + 1045 + static int do_proc_douintvec_minmax_conv(unsigned long *lvalp, 1046 + unsigned int *valp, 1047 + int write, void *data) 1048 + { 1049 + int ret; 1050 + unsigned int tmp; 1051 + struct do_proc_douintvec_minmax_conv_param *param = data; 1052 + /* write via temporary local uint for bounds-checking */ 1053 + unsigned int *up = write ? &tmp : valp; 1054 + 1055 + ret = do_proc_douintvec_conv(lvalp, up, write, data); 1056 + if (ret) 1057 + return ret; 1058 + 1059 + if (write) { 1060 + if ((param->min && *param->min > tmp) || 1061 + (param->max && *param->max < tmp)) 1062 + return -ERANGE; 1063 + 1064 + *valp = tmp; 1065 + } 1066 + 1067 + return 0; 1068 + } 1069 + 1070 + /** 1071 + * proc_douintvec_minmax - read a vector of unsigned ints with min/max values 1072 + * @table: the sysctl table 1073 + * @write: %TRUE if this is a write to the sysctl file 1074 + * @buffer: the user buffer 1075 + * @lenp: the size of the user buffer 1076 + * @ppos: file position 1077 + * 1078 + * Reads/writes up to table->maxlen/sizeof(unsigned int) unsigned integer 1079 + * values from/to the user buffer, treated as an ASCII string. Negative 1080 + * strings are not allowed. 1081 + * 1082 + * This routine will ensure the values are within the range specified by 1083 + * table->extra1 (min) and table->extra2 (max). There is a final sanity 1084 + * check for UINT_MAX to avoid having to support wrap around uses from 1085 + * userspace. 1086 + * 1087 + * Returns 0 on success or -ERANGE on write when the range check fails. 1088 + */ 1089 + int proc_douintvec_minmax(struct ctl_table *table, int write, 1090 + void *buffer, size_t *lenp, loff_t *ppos) 1091 + { 1092 + struct do_proc_douintvec_minmax_conv_param param = { 1093 + .min = (unsigned int *) table->extra1, 1094 + .max = (unsigned int *) table->extra2, 1095 + }; 1096 + return do_proc_douintvec(table, write, buffer, lenp, ppos, 1097 + do_proc_douintvec_minmax_conv, &param); 1098 + } 1099 + 1100 + static int do_proc_dopipe_max_size_conv(unsigned long *lvalp, 1101 + unsigned int *valp, 1102 + int write, void *data) 1103 + { 1104 + if (write) { 1105 + unsigned int val; 1106 + 1107 + val = round_pipe_size(*lvalp); 1108 + if (val == 0) 1109 + return -EINVAL; 1110 + 1111 + *valp = val; 1112 + } else { 1113 + unsigned int val = *valp; 1114 + *lvalp = (unsigned long) val; 1115 + } 1116 + 1117 + return 0; 1118 + } 1119 + 1120 + static int proc_dopipe_max_size(struct ctl_table *table, int write, 1121 + void *buffer, size_t *lenp, loff_t *ppos) 1122 + { 1123 + return do_proc_douintvec(table, write, buffer, lenp, ppos, 1124 + do_proc_dopipe_max_size_conv, NULL); 1125 + } 1126 + 1127 + static void validate_coredump_safety(void) 1128 + { 1129 + #ifdef CONFIG_COREDUMP 1130 + if (suid_dumpable == SUID_DUMP_ROOT && 1131 + core_pattern[0] != '/' && core_pattern[0] != '|') { 1132 + printk(KERN_WARNING 1133 + "Unsafe core_pattern used with fs.suid_dumpable=2.\n" 1134 + "Pipe handler or fully qualified core dump path required.\n" 1135 + "Set kernel.core_pattern before fs.suid_dumpable.\n" 1136 + ); 1137 + } 1138 + #endif 1139 + } 1140 + 1141 + static int proc_dointvec_minmax_coredump(struct ctl_table *table, int write, 1142 + void *buffer, size_t *lenp, loff_t *ppos) 1143 + { 1144 + int error = proc_dointvec_minmax(table, write, buffer, lenp, ppos); 1145 + if (!error) 1146 + validate_coredump_safety(); 1147 + return error; 1148 + } 1149 + 1150 + #ifdef CONFIG_COREDUMP 1151 + static int proc_dostring_coredump(struct ctl_table *table, int write, 1152 + void *buffer, size_t *lenp, loff_t *ppos) 1153 + { 1154 + int error = proc_dostring(table, write, buffer, lenp, ppos); 1155 + if (!error) 1156 + validate_coredump_safety(); 1157 + return error; 1158 + } 1159 + #endif 1160 + 1161 + #ifdef CONFIG_MAGIC_SYSRQ 1162 + static int sysrq_sysctl_handler(struct ctl_table *table, int write, 1163 + void *buffer, size_t *lenp, loff_t *ppos) 1164 + { 1165 + int tmp, ret; 1166 + 1167 + tmp = sysrq_mask(); 1168 + 1169 + ret = __do_proc_dointvec(&tmp, table, write, buffer, 1170 + lenp, ppos, NULL, NULL); 1171 + if (ret || !write) 1172 + return ret; 1173 + 1174 + if (write) 1175 + sysrq_toggle_support(tmp); 1176 + 1177 + return 0; 1178 + } 1179 + #endif 1180 + 1181 + static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, 1182 + int write, void *buffer, size_t *lenp, loff_t *ppos, 1183 + unsigned long convmul, unsigned long convdiv) 1184 + { 1185 + unsigned long *i, *min, *max; 1186 + int vleft, first = 1, err = 0; 1187 + size_t left; 1188 + char *p; 1189 + 1190 + if (!data || !table->maxlen || !*lenp || (*ppos && !write)) { 1191 + *lenp = 0; 1192 + return 0; 1193 + } 1194 + 1195 + i = (unsigned long *) data; 1196 + min = (unsigned long *) table->extra1; 1197 + max = (unsigned long *) table->extra2; 1198 + vleft = table->maxlen / sizeof(unsigned long); 1199 + left = *lenp; 1200 + 1201 + if (write) { 1202 + if (proc_first_pos_non_zero_ignore(ppos, table)) 1203 + goto out; 1204 + 1205 + if (left > PAGE_SIZE - 1) 1206 + left = PAGE_SIZE - 1; 1207 + p = buffer; 1208 + } 1209 + 1210 + for (; left && vleft--; i++, first = 0) { 1211 + unsigned long val; 1212 + 1213 + if (write) { 1214 + bool neg; 1215 + 1216 + left -= proc_skip_spaces(&p); 1217 + if (!left) 1218 + break; 1219 + 1220 + err = proc_get_long(&p, &left, &val, &neg, 1221 + proc_wspace_sep, 1222 + sizeof(proc_wspace_sep), NULL); 1223 + if (err) 1224 + break; 1225 + if (neg) 1226 + continue; 1227 + val = convmul * val / convdiv; 1228 + if ((min && val < *min) || (max && val > *max)) { 1229 + err = -EINVAL; 1230 + break; 1231 + } 1232 + *i = val; 1233 + } else { 1234 + val = convdiv * (*i) / convmul; 1235 + if (!first) 1236 + proc_put_char(&buffer, &left, '\t'); 1237 + proc_put_long(&buffer, &left, val, false); 1238 + } 1239 + } 1240 + 1241 + if (!write && !first && left && !err) 1242 + proc_put_char(&buffer, &left, '\n'); 1243 + if (write && !err) 1244 + left -= proc_skip_spaces(&p); 1245 + if (write && first) 1246 + return err ? : -EINVAL; 1247 + *lenp -= left; 1248 + out: 1249 + *ppos += *lenp; 1250 + return err; 1251 + } 1252 + 1253 + static int do_proc_doulongvec_minmax(struct ctl_table *table, int write, 1254 + void *buffer, size_t *lenp, loff_t *ppos, unsigned long convmul, 1255 + unsigned long convdiv) 1256 + { 1257 + return __do_proc_doulongvec_minmax(table->data, table, write, 1258 + buffer, lenp, ppos, convmul, convdiv); 1259 + } 1260 + 1261 + /** 1262 + * proc_doulongvec_minmax - read a vector of long integers with min/max values 1263 + * @table: the sysctl table 1264 + * @write: %TRUE if this is a write to the sysctl file 1265 + * @buffer: the user buffer 1266 + * @lenp: the size of the user buffer 1267 + * @ppos: file position 1268 + * 1269 + * Reads/writes up to table->maxlen/sizeof(unsigned long) unsigned long 1270 + * values from/to the user buffer, treated as an ASCII string. 1271 + * 1272 + * This routine will ensure the values are within the range specified by 1273 + * table->extra1 (min) and table->extra2 (max). 1274 + * 1275 + * Returns 0 on success. 1276 + */ 1277 + int proc_doulongvec_minmax(struct ctl_table *table, int write, 1278 + void *buffer, size_t *lenp, loff_t *ppos) 1279 + { 1280 + return do_proc_doulongvec_minmax(table, write, buffer, lenp, ppos, 1l, 1l); 1281 + } 1282 + 1283 + /** 1284 + * proc_doulongvec_ms_jiffies_minmax - read a vector of millisecond values with min/max values 1285 + * @table: the sysctl table 1286 + * @write: %TRUE if this is a write to the sysctl file 1287 + * @buffer: the user buffer 1288 + * @lenp: the size of the user buffer 1289 + * @ppos: file position 1290 + * 1291 + * Reads/writes up to table->maxlen/sizeof(unsigned long) unsigned long 1292 + * values from/to the user buffer, treated as an ASCII string. The values 1293 + * are treated as milliseconds, and converted to jiffies when they are stored. 1294 + * 1295 + * This routine will ensure the values are within the range specified by 1296 + * table->extra1 (min) and table->extra2 (max). 1297 + * 1298 + * Returns 0 on success. 1299 + */ 1300 + int proc_doulongvec_ms_jiffies_minmax(struct ctl_table *table, int write, 1301 + void *buffer, size_t *lenp, loff_t *ppos) 1302 + { 1303 + return do_proc_doulongvec_minmax(table, write, buffer, 1304 + lenp, ppos, HZ, 1000l); 1305 + } 1306 + 1307 + 1308 + static int do_proc_dointvec_jiffies_conv(bool *negp, unsigned long *lvalp, 1309 + int *valp, 1310 + int write, void *data) 1311 + { 1312 + if (write) { 1313 + if (*lvalp > INT_MAX / HZ) 1314 + return 1; 1315 + *valp = *negp ? -(*lvalp*HZ) : (*lvalp*HZ); 1316 + } else { 1317 + int val = *valp; 1318 + unsigned long lval; 1319 + if (val < 0) { 1320 + *negp = true; 1321 + lval = -(unsigned long)val; 1322 + } else { 1323 + *negp = false; 1324 + lval = (unsigned long)val; 1325 + } 1326 + *lvalp = lval / HZ; 1327 + } 1328 + return 0; 1329 + } 1330 + 1331 + static int do_proc_dointvec_userhz_jiffies_conv(bool *negp, unsigned long *lvalp, 1332 + int *valp, 1333 + int write, void *data) 1334 + { 1335 + if (write) { 1336 + if (USER_HZ < HZ && *lvalp > (LONG_MAX / HZ) * USER_HZ) 1337 + return 1; 1338 + *valp = clock_t_to_jiffies(*negp ? -*lvalp : *lvalp); 1339 + } else { 1340 + int val = *valp; 1341 + unsigned long lval; 1342 + if (val < 0) { 1343 + *negp = true; 1344 + lval = -(unsigned long)val; 1345 + } else { 1346 + *negp = false; 1347 + lval = (unsigned long)val; 1348 + } 1349 + *lvalp = jiffies_to_clock_t(lval); 1350 + } 1351 + return 0; 1352 + } 1353 + 1354 + static int do_proc_dointvec_ms_jiffies_conv(bool *negp, unsigned long *lvalp, 1355 + int *valp, 1356 + int write, void *data) 1357 + { 1358 + if (write) { 1359 + unsigned long jif = msecs_to_jiffies(*negp ? -*lvalp : *lvalp); 1360 + 1361 + if (jif > INT_MAX) 1362 + return 1; 1363 + *valp = (int)jif; 1364 + } else { 1365 + int val = *valp; 1366 + unsigned long lval; 1367 + if (val < 0) { 1368 + *negp = true; 1369 + lval = -(unsigned long)val; 1370 + } else { 1371 + *negp = false; 1372 + lval = (unsigned long)val; 1373 + } 1374 + *lvalp = jiffies_to_msecs(lval); 1375 + } 1376 + return 0; 1377 + } 1378 + 1379 + /** 1380 + * proc_dointvec_jiffies - read a vector of integers as seconds 1381 + * @table: the sysctl table 1382 + * @write: %TRUE if this is a write to the sysctl file 1383 + * @buffer: the user buffer 1384 + * @lenp: the size of the user buffer 1385 + * @ppos: file position 1386 + * 1387 + * Reads/writes up to table->maxlen/sizeof(unsigned int) integer 1388 + * values from/to the user buffer, treated as an ASCII string. 1389 + * The values read are assumed to be in seconds, and are converted into 1390 + * jiffies. 1391 + * 1392 + * Returns 0 on success. 1393 + */ 1394 + int proc_dointvec_jiffies(struct ctl_table *table, int write, 1395 + void *buffer, size_t *lenp, loff_t *ppos) 1396 + { 1397 + return do_proc_dointvec(table,write,buffer,lenp,ppos, 1398 + do_proc_dointvec_jiffies_conv,NULL); 1399 + } 1400 + 1401 + /** 1402 + * proc_dointvec_userhz_jiffies - read a vector of integers as 1/USER_HZ seconds 1403 + * @table: the sysctl table 1404 + * @write: %TRUE if this is a write to the sysctl file 1405 + * @buffer: the user buffer 1406 + * @lenp: the size of the user buffer 1407 + * @ppos: pointer to the file position 1408 + * 1409 + * Reads/writes up to table->maxlen/sizeof(unsigned int) integer 1410 + * values from/to the user buffer, treated as an ASCII string. 1411 + * The values read are assumed to be in 1/USER_HZ seconds, and 1412 + * are converted into jiffies. 1413 + * 1414 + * Returns 0 on success. 1415 + */ 1416 + int proc_dointvec_userhz_jiffies(struct ctl_table *table, int write, 1417 + void *buffer, size_t *lenp, loff_t *ppos) 1418 + { 1419 + return do_proc_dointvec(table,write,buffer,lenp,ppos, 1420 + do_proc_dointvec_userhz_jiffies_conv,NULL); 1421 + } 1422 + 1423 + /** 1424 + * proc_dointvec_ms_jiffies - read a vector of integers as 1 milliseconds 1425 + * @table: the sysctl table 1426 + * @write: %TRUE if this is a write to the sysctl file 1427 + * @buffer: the user buffer 1428 + * @lenp: the size of the user buffer 1429 + * @ppos: file position 1430 + * @ppos: the current position in the file 1431 + * 1432 + * Reads/writes up to table->maxlen/sizeof(unsigned int) integer 1433 + * values from/to the user buffer, treated as an ASCII string. 1434 + * The values read are assumed to be in 1/1000 seconds, and 1435 + * are converted into jiffies. 1436 + * 1437 + * Returns 0 on success. 1438 + */ 1439 + int proc_dointvec_ms_jiffies(struct ctl_table *table, int write, void *buffer, 1440 + size_t *lenp, loff_t *ppos) 1441 + { 1442 + return do_proc_dointvec(table, write, buffer, lenp, ppos, 1443 + do_proc_dointvec_ms_jiffies_conv, NULL); 1444 + } 1445 + 1446 + static int proc_do_cad_pid(struct ctl_table *table, int write, void *buffer, 1447 + size_t *lenp, loff_t *ppos) 1448 + { 1449 + struct pid *new_pid; 1450 + pid_t tmp; 1451 + int r; 1452 + 1453 + tmp = pid_vnr(cad_pid); 1454 + 1455 + r = __do_proc_dointvec(&tmp, table, write, buffer, 1456 + lenp, ppos, NULL, NULL); 1457 + if (r || !write) 1458 + return r; 1459 + 1460 + new_pid = find_get_pid(tmp); 1461 + if (!new_pid) 1462 + return -ESRCH; 1463 + 1464 + put_pid(xchg(&cad_pid, new_pid)); 1465 + return 0; 1466 + } 1467 + 1468 + /** 1469 + * proc_do_large_bitmap - read/write from/to a large bitmap 1470 + * @table: the sysctl table 1471 + * @write: %TRUE if this is a write to the sysctl file 1472 + * @buffer: the user buffer 1473 + * @lenp: the size of the user buffer 1474 + * @ppos: file position 1475 + * 1476 + * The bitmap is stored at table->data and the bitmap length (in bits) 1477 + * in table->maxlen. 1478 + * 1479 + * We use a range comma separated format (e.g. 1,3-4,10-10) so that 1480 + * large bitmaps may be represented in a compact manner. Writing into 1481 + * the file will clear the bitmap then update it with the given input. 1482 + * 1483 + * Returns 0 on success. 1484 + */ 1485 + int proc_do_large_bitmap(struct ctl_table *table, int write, 1486 + void *buffer, size_t *lenp, loff_t *ppos) 1487 + { 1488 + int err = 0; 1489 + bool first = 1; 1490 + size_t left = *lenp; 1491 + unsigned long bitmap_len = table->maxlen; 1492 + unsigned long *bitmap = *(unsigned long **) table->data; 1493 + unsigned long *tmp_bitmap = NULL; 1494 + char tr_a[] = { '-', ',', '\n' }, tr_b[] = { ',', '\n', 0 }, c; 1495 + 1496 + if (!bitmap || !bitmap_len || !left || (*ppos && !write)) { 1497 + *lenp = 0; 1498 + return 0; 1499 + } 1500 + 1501 + if (write) { 1502 + char *p = buffer; 1503 + size_t skipped = 0; 1504 + 1505 + if (left > PAGE_SIZE - 1) { 1506 + left = PAGE_SIZE - 1; 1507 + /* How much of the buffer we'll skip this pass */ 1508 + skipped = *lenp - left; 1509 + } 1510 + 1511 + tmp_bitmap = bitmap_zalloc(bitmap_len, GFP_KERNEL); 1512 + if (!tmp_bitmap) 1513 + return -ENOMEM; 1514 + proc_skip_char(&p, &left, '\n'); 1515 + while (!err && left) { 1516 + unsigned long val_a, val_b; 1517 + bool neg; 1518 + size_t saved_left; 1519 + 1520 + /* In case we stop parsing mid-number, we can reset */ 1521 + saved_left = left; 1522 + err = proc_get_long(&p, &left, &val_a, &neg, tr_a, 1523 + sizeof(tr_a), &c); 1524 + /* 1525 + * If we consumed the entirety of a truncated buffer or 1526 + * only one char is left (may be a "-"), then stop here, 1527 + * reset, & come back for more. 1528 + */ 1529 + if ((left <= 1) && skipped) { 1530 + left = saved_left; 1531 + break; 1532 + } 1533 + 1534 + if (err) 1535 + break; 1536 + if (val_a >= bitmap_len || neg) { 1537 + err = -EINVAL; 1538 + break; 1539 + } 1540 + 1541 + val_b = val_a; 1542 + if (left) { 1543 + p++; 1544 + left--; 1545 + } 1546 + 1547 + if (c == '-') { 1548 + err = proc_get_long(&p, &left, &val_b, 1549 + &neg, tr_b, sizeof(tr_b), 1550 + &c); 1551 + /* 1552 + * If we consumed all of a truncated buffer or 1553 + * then stop here, reset, & come back for more. 1554 + */ 1555 + if (!left && skipped) { 1556 + left = saved_left; 1557 + break; 1558 + } 1559 + 1560 + if (err) 1561 + break; 1562 + if (val_b >= bitmap_len || neg || 1563 + val_a > val_b) { 1564 + err = -EINVAL; 1565 + break; 1566 + } 1567 + if (left) { 1568 + p++; 1569 + left--; 1570 + } 1571 + } 1572 + 1573 + bitmap_set(tmp_bitmap, val_a, val_b - val_a + 1); 1574 + first = 0; 1575 + proc_skip_char(&p, &left, '\n'); 1576 + } 1577 + left += skipped; 1578 + } else { 1579 + unsigned long bit_a, bit_b = 0; 1580 + 1581 + while (left) { 1582 + bit_a = find_next_bit(bitmap, bitmap_len, bit_b); 1583 + if (bit_a >= bitmap_len) 1584 + break; 1585 + bit_b = find_next_zero_bit(bitmap, bitmap_len, 1586 + bit_a + 1) - 1; 1587 + 1588 + if (!first) 1589 + proc_put_char(&buffer, &left, ','); 1590 + proc_put_long(&buffer, &left, bit_a, false); 1591 + if (bit_a != bit_b) { 1592 + proc_put_char(&buffer, &left, '-'); 1593 + proc_put_long(&buffer, &left, bit_b, false); 1594 + } 1595 + 1596 + first = 0; bit_b++; 1597 + } 1598 + proc_put_char(&buffer, &left, '\n'); 1599 + } 1600 + 1601 + if (!err) { 1602 + if (write) { 1603 + if (*ppos) 1604 + bitmap_or(bitmap, bitmap, tmp_bitmap, bitmap_len); 1605 + else 1606 + bitmap_copy(bitmap, tmp_bitmap, bitmap_len); 1607 + } 1608 + *lenp -= left; 1609 + *ppos += *lenp; 1610 + } 1611 + 1612 + bitmap_free(tmp_bitmap); 1613 + return err; 1614 + } 1615 + 1616 + #else /* CONFIG_PROC_SYSCTL */ 1617 + 1618 + int proc_dostring(struct ctl_table *table, int write, 1619 + void *buffer, size_t *lenp, loff_t *ppos) 1620 + { 1621 + return -ENOSYS; 1622 + } 1623 + 1624 + int proc_dointvec(struct ctl_table *table, int write, 1625 + void *buffer, size_t *lenp, loff_t *ppos) 1626 + { 1627 + return -ENOSYS; 1628 + } 1629 + 1630 + int proc_douintvec(struct ctl_table *table, int write, 1631 + void *buffer, size_t *lenp, loff_t *ppos) 1632 + { 1633 + return -ENOSYS; 1634 + } 1635 + 1636 + int proc_dointvec_minmax(struct ctl_table *table, int write, 1637 + void *buffer, size_t *lenp, loff_t *ppos) 1638 + { 1639 + return -ENOSYS; 1640 + } 1641 + 1642 + int proc_douintvec_minmax(struct ctl_table *table, int write, 1643 + void *buffer, size_t *lenp, loff_t *ppos) 1644 + { 1645 + return -ENOSYS; 1646 + } 1647 + 1648 + int proc_dointvec_jiffies(struct ctl_table *table, int write, 1649 + void *buffer, size_t *lenp, loff_t *ppos) 1650 + { 1651 + return -ENOSYS; 1652 + } 1653 + 1654 + int proc_dointvec_userhz_jiffies(struct ctl_table *table, int write, 1655 + void *buffer, size_t *lenp, loff_t *ppos) 1656 + { 1657 + return -ENOSYS; 1658 + } 1659 + 1660 + int proc_dointvec_ms_jiffies(struct ctl_table *table, int write, 1661 + void *buffer, size_t *lenp, loff_t *ppos) 1662 + { 1663 + return -ENOSYS; 1664 + } 1665 + 1666 + int proc_doulongvec_minmax(struct ctl_table *table, int write, 1667 + void *buffer, size_t *lenp, loff_t *ppos) 1668 + { 1669 + return -ENOSYS; 1670 + } 1671 + 1672 + int proc_doulongvec_ms_jiffies_minmax(struct ctl_table *table, int write, 1673 + void *buffer, size_t *lenp, loff_t *ppos) 1674 + { 1675 + return -ENOSYS; 1676 + } 1677 + 1678 + int proc_do_large_bitmap(struct ctl_table *table, int write, 1679 + void *buffer, size_t *lenp, loff_t *ppos) 1680 + { 1681 + return -ENOSYS; 1682 + } 1683 + 1684 + #endif /* CONFIG_PROC_SYSCTL */ 1685 + 1686 + #if defined(CONFIG_SYSCTL) 1687 + int proc_do_static_key(struct ctl_table *table, int write, 1688 + void *buffer, size_t *lenp, loff_t *ppos) 1689 + { 1690 + struct static_key *key = (struct static_key *)table->data; 1691 + static DEFINE_MUTEX(static_key_mutex); 1692 + int val, ret; 1693 + struct ctl_table tmp = { 1694 + .data = &val, 1695 + .maxlen = sizeof(val), 1696 + .mode = table->mode, 1697 + .extra1 = SYSCTL_ZERO, 1698 + .extra2 = SYSCTL_ONE, 1699 + }; 1700 + 1701 + if (write && !capable(CAP_SYS_ADMIN)) 1702 + return -EPERM; 1703 + 1704 + mutex_lock(&static_key_mutex); 1705 + val = static_key_enabled(key); 1706 + ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 1707 + if (write && !ret) { 1708 + if (val) 1709 + static_key_enable(key); 1710 + else 1711 + static_key_disable(key); 1712 + } 1713 + mutex_unlock(&static_key_mutex); 1714 + return ret; 1715 + } 201 1716 202 1717 static struct ctl_table kern_table[] = { 203 1718 { ··· 1918 613 .procname = "soft-power", 1919 614 .data = &pwrsw_enabled, 1920 615 .maxlen = sizeof (int), 1921 - .mode = 0644, 616 + .mode = 0644, 1922 617 .proc_handler = proc_dointvec, 1923 618 }, 1924 619 #endif ··· 2377 1072 .procname = "ignore-unaligned-usertrap", 2378 1073 .data = &no_unaligned_warning, 2379 1074 .maxlen = sizeof (int), 2380 - .mode = 0644, 1075 + .mode = 0644, 2381 1076 .proc_handler = proc_dointvec, 2382 1077 }, 2383 1078 #endif ··· 2625 1320 .proc_handler = overcommit_kbytes_handler, 2626 1321 }, 2627 1322 { 2628 - .procname = "page-cluster", 1323 + .procname = "page-cluster", 2629 1324 .data = &page_cluster, 2630 1325 .maxlen = sizeof(int), 2631 1326 .mode = 0644, ··· 2796 1491 .data = &watermark_boost_factor, 2797 1492 .maxlen = sizeof(watermark_boost_factor), 2798 1493 .mode = 0644, 2799 - .proc_handler = watermark_boost_factor_sysctl_handler, 1494 + .proc_handler = proc_dointvec_minmax, 2800 1495 .extra1 = SYSCTL_ZERO, 2801 1496 }, 2802 1497 { ··· 3264 1959 { } 3265 1960 }; 3266 1961 1962 + static struct ctl_table sysctl_base_table[] = { 1963 + { 1964 + .procname = "kernel", 1965 + .mode = 0555, 1966 + .child = kern_table, 1967 + }, 1968 + { 1969 + .procname = "vm", 1970 + .mode = 0555, 1971 + .child = vm_table, 1972 + }, 1973 + { 1974 + .procname = "fs", 1975 + .mode = 0555, 1976 + .child = fs_table, 1977 + }, 1978 + { 1979 + .procname = "debug", 1980 + .mode = 0555, 1981 + .child = debug_table, 1982 + }, 1983 + { 1984 + .procname = "dev", 1985 + .mode = 0555, 1986 + .child = dev_table, 1987 + }, 1988 + { } 1989 + }; 1990 + 3267 1991 int __init sysctl_init(void) 3268 1992 { 3269 1993 struct ctl_table_header *hdr; ··· 3301 1967 kmemleak_not_leak(hdr); 3302 1968 return 0; 3303 1969 } 3304 - 3305 1970 #endif /* CONFIG_SYSCTL */ 3306 - 3307 - /* 3308 - * /proc/sys support 3309 - */ 3310 - 3311 - #ifdef CONFIG_PROC_SYSCTL 3312 - 3313 - static int _proc_do_string(char *data, int maxlen, int write, 3314 - char __user *buffer, 3315 - size_t *lenp, loff_t *ppos) 3316 - { 3317 - size_t len; 3318 - char __user *p; 3319 - char c; 3320 - 3321 - if (!data || !maxlen || !*lenp) { 3322 - *lenp = 0; 3323 - return 0; 3324 - } 3325 - 3326 - if (write) { 3327 - if (sysctl_writes_strict == SYSCTL_WRITES_STRICT) { 3328 - /* Only continue writes not past the end of buffer. */ 3329 - len = strlen(data); 3330 - if (len > maxlen - 1) 3331 - len = maxlen - 1; 3332 - 3333 - if (*ppos > len) 3334 - return 0; 3335 - len = *ppos; 3336 - } else { 3337 - /* Start writing from beginning of buffer. */ 3338 - len = 0; 3339 - } 3340 - 3341 - *ppos += *lenp; 3342 - p = buffer; 3343 - while ((p - buffer) < *lenp && len < maxlen - 1) { 3344 - if (get_user(c, p++)) 3345 - return -EFAULT; 3346 - if (c == 0 || c == '\n') 3347 - break; 3348 - data[len++] = c; 3349 - } 3350 - data[len] = 0; 3351 - } else { 3352 - len = strlen(data); 3353 - if (len > maxlen) 3354 - len = maxlen; 3355 - 3356 - if (*ppos > len) { 3357 - *lenp = 0; 3358 - return 0; 3359 - } 3360 - 3361 - data += *ppos; 3362 - len -= *ppos; 3363 - 3364 - if (len > *lenp) 3365 - len = *lenp; 3366 - if (len) 3367 - if (copy_to_user(buffer, data, len)) 3368 - return -EFAULT; 3369 - if (len < *lenp) { 3370 - if (put_user('\n', buffer + len)) 3371 - return -EFAULT; 3372 - len++; 3373 - } 3374 - *lenp = len; 3375 - *ppos += len; 3376 - } 3377 - return 0; 3378 - } 3379 - 3380 - static void warn_sysctl_write(struct ctl_table *table) 3381 - { 3382 - pr_warn_once("%s wrote to %s when file position was not 0!\n" 3383 - "This will not be supported in the future. To silence this\n" 3384 - "warning, set kernel.sysctl_writes_strict = -1\n", 3385 - current->comm, table->procname); 3386 - } 3387 - 3388 - /** 3389 - * proc_first_pos_non_zero_ignore - check if first position is allowed 3390 - * @ppos: file position 3391 - * @table: the sysctl table 3392 - * 3393 - * Returns true if the first position is non-zero and the sysctl_writes_strict 3394 - * mode indicates this is not allowed for numeric input types. String proc 3395 - * handlers can ignore the return value. 3396 - */ 3397 - static bool proc_first_pos_non_zero_ignore(loff_t *ppos, 3398 - struct ctl_table *table) 3399 - { 3400 - if (!*ppos) 3401 - return false; 3402 - 3403 - switch (sysctl_writes_strict) { 3404 - case SYSCTL_WRITES_STRICT: 3405 - return true; 3406 - case SYSCTL_WRITES_WARN: 3407 - warn_sysctl_write(table); 3408 - return false; 3409 - default: 3410 - return false; 3411 - } 3412 - } 3413 - 3414 - /** 3415 - * proc_dostring - read a string sysctl 3416 - * @table: the sysctl table 3417 - * @write: %TRUE if this is a write to the sysctl file 3418 - * @buffer: the user buffer 3419 - * @lenp: the size of the user buffer 3420 - * @ppos: file position 3421 - * 3422 - * Reads/writes a string from/to the user buffer. If the kernel 3423 - * buffer provided is not large enough to hold the string, the 3424 - * string is truncated. The copied string is %NULL-terminated. 3425 - * If the string is being read by the user process, it is copied 3426 - * and a newline '\n' is added. It is truncated if the buffer is 3427 - * not large enough. 3428 - * 3429 - * Returns 0 on success. 3430 - */ 3431 - int proc_dostring(struct ctl_table *table, int write, 3432 - void __user *buffer, size_t *lenp, loff_t *ppos) 3433 - { 3434 - if (write) 3435 - proc_first_pos_non_zero_ignore(ppos, table); 3436 - 3437 - return _proc_do_string((char *)(table->data), table->maxlen, write, 3438 - (char __user *)buffer, lenp, ppos); 3439 - } 3440 - 3441 - static size_t proc_skip_spaces(char **buf) 3442 - { 3443 - size_t ret; 3444 - char *tmp = skip_spaces(*buf); 3445 - ret = tmp - *buf; 3446 - *buf = tmp; 3447 - return ret; 3448 - } 3449 - 3450 - static void proc_skip_char(char **buf, size_t *size, const char v) 3451 - { 3452 - while (*size) { 3453 - if (**buf != v) 3454 - break; 3455 - (*size)--; 3456 - (*buf)++; 3457 - } 3458 - } 3459 - 3460 - /** 3461 - * strtoul_lenient - parse an ASCII formatted integer from a buffer and only 3462 - * fail on overflow 3463 - * 3464 - * @cp: kernel buffer containing the string to parse 3465 - * @endp: pointer to store the trailing characters 3466 - * @base: the base to use 3467 - * @res: where the parsed integer will be stored 3468 - * 3469 - * In case of success 0 is returned and @res will contain the parsed integer, 3470 - * @endp will hold any trailing characters. 3471 - * This function will fail the parse on overflow. If there wasn't an overflow 3472 - * the function will defer the decision what characters count as invalid to the 3473 - * caller. 3474 - */ 3475 - static int strtoul_lenient(const char *cp, char **endp, unsigned int base, 3476 - unsigned long *res) 3477 - { 3478 - unsigned long long result; 3479 - unsigned int rv; 3480 - 3481 - cp = _parse_integer_fixup_radix(cp, &base); 3482 - rv = _parse_integer(cp, base, &result); 3483 - if ((rv & KSTRTOX_OVERFLOW) || (result != (unsigned long)result)) 3484 - return -ERANGE; 3485 - 3486 - cp += rv; 3487 - 3488 - if (endp) 3489 - *endp = (char *)cp; 3490 - 3491 - *res = (unsigned long)result; 3492 - return 0; 3493 - } 3494 - 3495 - #define TMPBUFLEN 22 3496 - /** 3497 - * proc_get_long - reads an ASCII formatted integer from a user buffer 3498 - * 3499 - * @buf: a kernel buffer 3500 - * @size: size of the kernel buffer 3501 - * @val: this is where the number will be stored 3502 - * @neg: set to %TRUE if number is negative 3503 - * @perm_tr: a vector which contains the allowed trailers 3504 - * @perm_tr_len: size of the perm_tr vector 3505 - * @tr: pointer to store the trailer character 3506 - * 3507 - * In case of success %0 is returned and @buf and @size are updated with 3508 - * the amount of bytes read. If @tr is non-NULL and a trailing 3509 - * character exists (size is non-zero after returning from this 3510 - * function), @tr is updated with the trailing character. 3511 - */ 3512 - static int proc_get_long(char **buf, size_t *size, 3513 - unsigned long *val, bool *neg, 3514 - const char *perm_tr, unsigned perm_tr_len, char *tr) 3515 - { 3516 - int len; 3517 - char *p, tmp[TMPBUFLEN]; 3518 - 3519 - if (!*size) 3520 - return -EINVAL; 3521 - 3522 - len = *size; 3523 - if (len > TMPBUFLEN - 1) 3524 - len = TMPBUFLEN - 1; 3525 - 3526 - memcpy(tmp, *buf, len); 3527 - 3528 - tmp[len] = 0; 3529 - p = tmp; 3530 - if (*p == '-' && *size > 1) { 3531 - *neg = true; 3532 - p++; 3533 - } else 3534 - *neg = false; 3535 - if (!isdigit(*p)) 3536 - return -EINVAL; 3537 - 3538 - if (strtoul_lenient(p, &p, 0, val)) 3539 - return -EINVAL; 3540 - 3541 - len = p - tmp; 3542 - 3543 - /* We don't know if the next char is whitespace thus we may accept 3544 - * invalid integers (e.g. 1234...a) or two integers instead of one 3545 - * (e.g. 123...1). So lets not allow such large numbers. */ 3546 - if (len == TMPBUFLEN - 1) 3547 - return -EINVAL; 3548 - 3549 - if (len < *size && perm_tr_len && !memchr(perm_tr, *p, perm_tr_len)) 3550 - return -EINVAL; 3551 - 3552 - if (tr && (len < *size)) 3553 - *tr = *p; 3554 - 3555 - *buf += len; 3556 - *size -= len; 3557 - 3558 - return 0; 3559 - } 3560 - 3561 - /** 3562 - * proc_put_long - converts an integer to a decimal ASCII formatted string 3563 - * 3564 - * @buf: the user buffer 3565 - * @size: the size of the user buffer 3566 - * @val: the integer to be converted 3567 - * @neg: sign of the number, %TRUE for negative 3568 - * 3569 - * In case of success %0 is returned and @buf and @size are updated with 3570 - * the amount of bytes written. 3571 - */ 3572 - static int proc_put_long(void __user **buf, size_t *size, unsigned long val, 3573 - bool neg) 3574 - { 3575 - int len; 3576 - char tmp[TMPBUFLEN], *p = tmp; 3577 - 3578 - sprintf(p, "%s%lu", neg ? "-" : "", val); 3579 - len = strlen(tmp); 3580 - if (len > *size) 3581 - len = *size; 3582 - if (copy_to_user(*buf, tmp, len)) 3583 - return -EFAULT; 3584 - *size -= len; 3585 - *buf += len; 3586 - return 0; 3587 - } 3588 - #undef TMPBUFLEN 3589 - 3590 - static int proc_put_char(void __user **buf, size_t *size, char c) 3591 - { 3592 - if (*size) { 3593 - char __user **buffer = (char __user **)buf; 3594 - if (put_user(c, *buffer)) 3595 - return -EFAULT; 3596 - (*size)--, (*buffer)++; 3597 - *buf = *buffer; 3598 - } 3599 - return 0; 3600 - } 3601 - 3602 - static int do_proc_dointvec_conv(bool *negp, unsigned long *lvalp, 3603 - int *valp, 3604 - int write, void *data) 3605 - { 3606 - if (write) { 3607 - if (*negp) { 3608 - if (*lvalp > (unsigned long) INT_MAX + 1) 3609 - return -EINVAL; 3610 - *valp = -*lvalp; 3611 - } else { 3612 - if (*lvalp > (unsigned long) INT_MAX) 3613 - return -EINVAL; 3614 - *valp = *lvalp; 3615 - } 3616 - } else { 3617 - int val = *valp; 3618 - if (val < 0) { 3619 - *negp = true; 3620 - *lvalp = -(unsigned long)val; 3621 - } else { 3622 - *negp = false; 3623 - *lvalp = (unsigned long)val; 3624 - } 3625 - } 3626 - return 0; 3627 - } 3628 - 3629 - static int do_proc_douintvec_conv(unsigned long *lvalp, 3630 - unsigned int *valp, 3631 - int write, void *data) 3632 - { 3633 - if (write) { 3634 - if (*lvalp > UINT_MAX) 3635 - return -EINVAL; 3636 - *valp = *lvalp; 3637 - } else { 3638 - unsigned int val = *valp; 3639 - *lvalp = (unsigned long)val; 3640 - } 3641 - return 0; 3642 - } 3643 - 3644 - static const char proc_wspace_sep[] = { ' ', '\t', '\n' }; 3645 - 3646 - static int __do_proc_dointvec(void *tbl_data, struct ctl_table *table, 3647 - int write, void __user *buffer, 3648 - size_t *lenp, loff_t *ppos, 3649 - int (*conv)(bool *negp, unsigned long *lvalp, int *valp, 3650 - int write, void *data), 3651 - void *data) 3652 - { 3653 - int *i, vleft, first = 1, err = 0; 3654 - size_t left; 3655 - char *kbuf = NULL, *p; 3656 - 3657 - if (!tbl_data || !table->maxlen || !*lenp || (*ppos && !write)) { 3658 - *lenp = 0; 3659 - return 0; 3660 - } 3661 - 3662 - i = (int *) tbl_data; 3663 - vleft = table->maxlen / sizeof(*i); 3664 - left = *lenp; 3665 - 3666 - if (!conv) 3667 - conv = do_proc_dointvec_conv; 3668 - 3669 - if (write) { 3670 - if (proc_first_pos_non_zero_ignore(ppos, table)) 3671 - goto out; 3672 - 3673 - if (left > PAGE_SIZE - 1) 3674 - left = PAGE_SIZE - 1; 3675 - p = kbuf = memdup_user_nul(buffer, left); 3676 - if (IS_ERR(kbuf)) 3677 - return PTR_ERR(kbuf); 3678 - } 3679 - 3680 - for (; left && vleft--; i++, first=0) { 3681 - unsigned long lval; 3682 - bool neg; 3683 - 3684 - if (write) { 3685 - left -= proc_skip_spaces(&p); 3686 - 3687 - if (!left) 3688 - break; 3689 - err = proc_get_long(&p, &left, &lval, &neg, 3690 - proc_wspace_sep, 3691 - sizeof(proc_wspace_sep), NULL); 3692 - if (err) 3693 - break; 3694 - if (conv(&neg, &lval, i, 1, data)) { 3695 - err = -EINVAL; 3696 - break; 3697 - } 3698 - } else { 3699 - if (conv(&neg, &lval, i, 0, data)) { 3700 - err = -EINVAL; 3701 - break; 3702 - } 3703 - if (!first) 3704 - err = proc_put_char(&buffer, &left, '\t'); 3705 - if (err) 3706 - break; 3707 - err = proc_put_long(&buffer, &left, lval, neg); 3708 - if (err) 3709 - break; 3710 - } 3711 - } 3712 - 3713 - if (!write && !first && left && !err) 3714 - err = proc_put_char(&buffer, &left, '\n'); 3715 - if (write && !err && left) 3716 - left -= proc_skip_spaces(&p); 3717 - if (write) { 3718 - kfree(kbuf); 3719 - if (first) 3720 - return err ? : -EINVAL; 3721 - } 3722 - *lenp -= left; 3723 - out: 3724 - *ppos += *lenp; 3725 - return err; 3726 - } 3727 - 3728 - static int do_proc_dointvec(struct ctl_table *table, int write, 3729 - void __user *buffer, size_t *lenp, loff_t *ppos, 3730 - int (*conv)(bool *negp, unsigned long *lvalp, int *valp, 3731 - int write, void *data), 3732 - void *data) 3733 - { 3734 - return __do_proc_dointvec(table->data, table, write, 3735 - buffer, lenp, ppos, conv, data); 3736 - } 3737 - 3738 - static int do_proc_douintvec_w(unsigned int *tbl_data, 3739 - struct ctl_table *table, 3740 - void __user *buffer, 3741 - size_t *lenp, loff_t *ppos, 3742 - int (*conv)(unsigned long *lvalp, 3743 - unsigned int *valp, 3744 - int write, void *data), 3745 - void *data) 3746 - { 3747 - unsigned long lval; 3748 - int err = 0; 3749 - size_t left; 3750 - bool neg; 3751 - char *kbuf = NULL, *p; 3752 - 3753 - left = *lenp; 3754 - 3755 - if (proc_first_pos_non_zero_ignore(ppos, table)) 3756 - goto bail_early; 3757 - 3758 - if (left > PAGE_SIZE - 1) 3759 - left = PAGE_SIZE - 1; 3760 - 3761 - p = kbuf = memdup_user_nul(buffer, left); 3762 - if (IS_ERR(kbuf)) 3763 - return -EINVAL; 3764 - 3765 - left -= proc_skip_spaces(&p); 3766 - if (!left) { 3767 - err = -EINVAL; 3768 - goto out_free; 3769 - } 3770 - 3771 - err = proc_get_long(&p, &left, &lval, &neg, 3772 - proc_wspace_sep, 3773 - sizeof(proc_wspace_sep), NULL); 3774 - if (err || neg) { 3775 - err = -EINVAL; 3776 - goto out_free; 3777 - } 3778 - 3779 - if (conv(&lval, tbl_data, 1, data)) { 3780 - err = -EINVAL; 3781 - goto out_free; 3782 - } 3783 - 3784 - if (!err && left) 3785 - left -= proc_skip_spaces(&p); 3786 - 3787 - out_free: 3788 - kfree(kbuf); 3789 - if (err) 3790 - return -EINVAL; 3791 - 3792 - return 0; 3793 - 3794 - /* This is in keeping with old __do_proc_dointvec() */ 3795 - bail_early: 3796 - *ppos += *lenp; 3797 - return err; 3798 - } 3799 - 3800 - static int do_proc_douintvec_r(unsigned int *tbl_data, void __user *buffer, 3801 - size_t *lenp, loff_t *ppos, 3802 - int (*conv)(unsigned long *lvalp, 3803 - unsigned int *valp, 3804 - int write, void *data), 3805 - void *data) 3806 - { 3807 - unsigned long lval; 3808 - int err = 0; 3809 - size_t left; 3810 - 3811 - left = *lenp; 3812 - 3813 - if (conv(&lval, tbl_data, 0, data)) { 3814 - err = -EINVAL; 3815 - goto out; 3816 - } 3817 - 3818 - err = proc_put_long(&buffer, &left, lval, false); 3819 - if (err || !left) 3820 - goto out; 3821 - 3822 - err = proc_put_char(&buffer, &left, '\n'); 3823 - 3824 - out: 3825 - *lenp -= left; 3826 - *ppos += *lenp; 3827 - 3828 - return err; 3829 - } 3830 - 3831 - static int __do_proc_douintvec(void *tbl_data, struct ctl_table *table, 3832 - int write, void __user *buffer, 3833 - size_t *lenp, loff_t *ppos, 3834 - int (*conv)(unsigned long *lvalp, 3835 - unsigned int *valp, 3836 - int write, void *data), 3837 - void *data) 3838 - { 3839 - unsigned int *i, vleft; 3840 - 3841 - if (!tbl_data || !table->maxlen || !*lenp || (*ppos && !write)) { 3842 - *lenp = 0; 3843 - return 0; 3844 - } 3845 - 3846 - i = (unsigned int *) tbl_data; 3847 - vleft = table->maxlen / sizeof(*i); 3848 - 3849 - /* 3850 - * Arrays are not supported, keep this simple. *Do not* add 3851 - * support for them. 3852 - */ 3853 - if (vleft != 1) { 3854 - *lenp = 0; 3855 - return -EINVAL; 3856 - } 3857 - 3858 - if (!conv) 3859 - conv = do_proc_douintvec_conv; 3860 - 3861 - if (write) 3862 - return do_proc_douintvec_w(i, table, buffer, lenp, ppos, 3863 - conv, data); 3864 - return do_proc_douintvec_r(i, buffer, lenp, ppos, conv, data); 3865 - } 3866 - 3867 - static int do_proc_douintvec(struct ctl_table *table, int write, 3868 - void __user *buffer, size_t *lenp, loff_t *ppos, 3869 - int (*conv)(unsigned long *lvalp, 3870 - unsigned int *valp, 3871 - int write, void *data), 3872 - void *data) 3873 - { 3874 - return __do_proc_douintvec(table->data, table, write, 3875 - buffer, lenp, ppos, conv, data); 3876 - } 3877 - 3878 - /** 3879 - * proc_dointvec - read a vector of integers 3880 - * @table: the sysctl table 3881 - * @write: %TRUE if this is a write to the sysctl file 3882 - * @buffer: the user buffer 3883 - * @lenp: the size of the user buffer 3884 - * @ppos: file position 3885 - * 3886 - * Reads/writes up to table->maxlen/sizeof(unsigned int) integer 3887 - * values from/to the user buffer, treated as an ASCII string. 3888 - * 3889 - * Returns 0 on success. 3890 - */ 3891 - int proc_dointvec(struct ctl_table *table, int write, 3892 - void __user *buffer, size_t *lenp, loff_t *ppos) 3893 - { 3894 - return do_proc_dointvec(table, write, buffer, lenp, ppos, NULL, NULL); 3895 - } 3896 - 3897 - #ifdef CONFIG_COMPACTION 3898 - static int proc_dointvec_minmax_warn_RT_change(struct ctl_table *table, 3899 - int write, void __user *buffer, 3900 - size_t *lenp, loff_t *ppos) 3901 - { 3902 - int ret, old; 3903 - 3904 - if (!IS_ENABLED(CONFIG_PREEMPT_RT) || !write) 3905 - return proc_dointvec_minmax(table, write, buffer, lenp, ppos); 3906 - 3907 - old = *(int *)table->data; 3908 - ret = proc_dointvec_minmax(table, write, buffer, lenp, ppos); 3909 - if (ret) 3910 - return ret; 3911 - if (old != *(int *)table->data) 3912 - pr_warn_once("sysctl attribute %s changed by %s[%d]\n", 3913 - table->procname, current->comm, 3914 - task_pid_nr(current)); 3915 - return ret; 3916 - } 3917 - #endif 3918 - 3919 - /** 3920 - * proc_douintvec - read a vector of unsigned integers 3921 - * @table: the sysctl table 3922 - * @write: %TRUE if this is a write to the sysctl file 3923 - * @buffer: the user buffer 3924 - * @lenp: the size of the user buffer 3925 - * @ppos: file position 3926 - * 3927 - * Reads/writes up to table->maxlen/sizeof(unsigned int) unsigned integer 3928 - * values from/to the user buffer, treated as an ASCII string. 3929 - * 3930 - * Returns 0 on success. 3931 - */ 3932 - int proc_douintvec(struct ctl_table *table, int write, 3933 - void __user *buffer, size_t *lenp, loff_t *ppos) 3934 - { 3935 - return do_proc_douintvec(table, write, buffer, lenp, ppos, 3936 - do_proc_douintvec_conv, NULL); 3937 - } 3938 - 3939 - /* 3940 - * Taint values can only be increased 3941 - * This means we can safely use a temporary. 3942 - */ 3943 - static int proc_taint(struct ctl_table *table, int write, 3944 - void __user *buffer, size_t *lenp, loff_t *ppos) 3945 - { 3946 - struct ctl_table t; 3947 - unsigned long tmptaint = get_taint(); 3948 - int err; 3949 - 3950 - if (write && !capable(CAP_SYS_ADMIN)) 3951 - return -EPERM; 3952 - 3953 - t = *table; 3954 - t.data = &tmptaint; 3955 - err = proc_doulongvec_minmax(&t, write, buffer, lenp, ppos); 3956 - if (err < 0) 3957 - return err; 3958 - 3959 - if (write) { 3960 - /* 3961 - * Poor man's atomic or. Not worth adding a primitive 3962 - * to everyone's atomic.h for this 3963 - */ 3964 - int i; 3965 - for (i = 0; i < BITS_PER_LONG && tmptaint >> i; i++) { 3966 - if ((tmptaint >> i) & 1) 3967 - add_taint(i, LOCKDEP_STILL_OK); 3968 - } 3969 - } 3970 - 3971 - return err; 3972 - } 3973 - 3974 - #ifdef CONFIG_PRINTK 3975 - static int proc_dointvec_minmax_sysadmin(struct ctl_table *table, int write, 3976 - void __user *buffer, size_t *lenp, loff_t *ppos) 3977 - { 3978 - if (write && !capable(CAP_SYS_ADMIN)) 3979 - return -EPERM; 3980 - 3981 - return proc_dointvec_minmax(table, write, buffer, lenp, ppos); 3982 - } 3983 - #endif 3984 - 3985 - /** 3986 - * struct do_proc_dointvec_minmax_conv_param - proc_dointvec_minmax() range checking structure 3987 - * @min: pointer to minimum allowable value 3988 - * @max: pointer to maximum allowable value 3989 - * 3990 - * The do_proc_dointvec_minmax_conv_param structure provides the 3991 - * minimum and maximum values for doing range checking for those sysctl 3992 - * parameters that use the proc_dointvec_minmax() handler. 3993 - */ 3994 - struct do_proc_dointvec_minmax_conv_param { 3995 - int *min; 3996 - int *max; 3997 - }; 3998 - 3999 - static int do_proc_dointvec_minmax_conv(bool *negp, unsigned long *lvalp, 4000 - int *valp, 4001 - int write, void *data) 4002 - { 4003 - int tmp, ret; 4004 - struct do_proc_dointvec_minmax_conv_param *param = data; 4005 - /* 4006 - * If writing, first do so via a temporary local int so we can 4007 - * bounds-check it before touching *valp. 4008 - */ 4009 - int *ip = write ? &tmp : valp; 4010 - 4011 - ret = do_proc_dointvec_conv(negp, lvalp, ip, write, data); 4012 - if (ret) 4013 - return ret; 4014 - 4015 - if (write) { 4016 - if ((param->min && *param->min > tmp) || 4017 - (param->max && *param->max < tmp)) 4018 - return -EINVAL; 4019 - *valp = tmp; 4020 - } 4021 - 4022 - return 0; 4023 - } 4024 - 4025 - /** 4026 - * proc_dointvec_minmax - read a vector of integers with min/max values 4027 - * @table: the sysctl table 4028 - * @write: %TRUE if this is a write to the sysctl file 4029 - * @buffer: the user buffer 4030 - * @lenp: the size of the user buffer 4031 - * @ppos: file position 4032 - * 4033 - * Reads/writes up to table->maxlen/sizeof(unsigned int) integer 4034 - * values from/to the user buffer, treated as an ASCII string. 4035 - * 4036 - * This routine will ensure the values are within the range specified by 4037 - * table->extra1 (min) and table->extra2 (max). 4038 - * 4039 - * Returns 0 on success or -EINVAL on write when the range check fails. 4040 - */ 4041 - int proc_dointvec_minmax(struct ctl_table *table, int write, 4042 - void __user *buffer, size_t *lenp, loff_t *ppos) 4043 - { 4044 - struct do_proc_dointvec_minmax_conv_param param = { 4045 - .min = (int *) table->extra1, 4046 - .max = (int *) table->extra2, 4047 - }; 4048 - return do_proc_dointvec(table, write, buffer, lenp, ppos, 4049 - do_proc_dointvec_minmax_conv, &param); 4050 - } 4051 - 4052 - /** 4053 - * struct do_proc_douintvec_minmax_conv_param - proc_douintvec_minmax() range checking structure 4054 - * @min: pointer to minimum allowable value 4055 - * @max: pointer to maximum allowable value 4056 - * 4057 - * The do_proc_douintvec_minmax_conv_param structure provides the 4058 - * minimum and maximum values for doing range checking for those sysctl 4059 - * parameters that use the proc_douintvec_minmax() handler. 4060 - */ 4061 - struct do_proc_douintvec_minmax_conv_param { 4062 - unsigned int *min; 4063 - unsigned int *max; 4064 - }; 4065 - 4066 - static int do_proc_douintvec_minmax_conv(unsigned long *lvalp, 4067 - unsigned int *valp, 4068 - int write, void *data) 4069 - { 4070 - int ret; 4071 - unsigned int tmp; 4072 - struct do_proc_douintvec_minmax_conv_param *param = data; 4073 - /* write via temporary local uint for bounds-checking */ 4074 - unsigned int *up = write ? &tmp : valp; 4075 - 4076 - ret = do_proc_douintvec_conv(lvalp, up, write, data); 4077 - if (ret) 4078 - return ret; 4079 - 4080 - if (write) { 4081 - if ((param->min && *param->min > tmp) || 4082 - (param->max && *param->max < tmp)) 4083 - return -ERANGE; 4084 - 4085 - *valp = tmp; 4086 - } 4087 - 4088 - return 0; 4089 - } 4090 - 4091 - /** 4092 - * proc_douintvec_minmax - read a vector of unsigned ints with min/max values 4093 - * @table: the sysctl table 4094 - * @write: %TRUE if this is a write to the sysctl file 4095 - * @buffer: the user buffer 4096 - * @lenp: the size of the user buffer 4097 - * @ppos: file position 4098 - * 4099 - * Reads/writes up to table->maxlen/sizeof(unsigned int) unsigned integer 4100 - * values from/to the user buffer, treated as an ASCII string. Negative 4101 - * strings are not allowed. 4102 - * 4103 - * This routine will ensure the values are within the range specified by 4104 - * table->extra1 (min) and table->extra2 (max). There is a final sanity 4105 - * check for UINT_MAX to avoid having to support wrap around uses from 4106 - * userspace. 4107 - * 4108 - * Returns 0 on success or -ERANGE on write when the range check fails. 4109 - */ 4110 - int proc_douintvec_minmax(struct ctl_table *table, int write, 4111 - void __user *buffer, size_t *lenp, loff_t *ppos) 4112 - { 4113 - struct do_proc_douintvec_minmax_conv_param param = { 4114 - .min = (unsigned int *) table->extra1, 4115 - .max = (unsigned int *) table->extra2, 4116 - }; 4117 - return do_proc_douintvec(table, write, buffer, lenp, ppos, 4118 - do_proc_douintvec_minmax_conv, &param); 4119 - } 4120 - 4121 - static int do_proc_dopipe_max_size_conv(unsigned long *lvalp, 4122 - unsigned int *valp, 4123 - int write, void *data) 4124 - { 4125 - if (write) { 4126 - unsigned int val; 4127 - 4128 - val = round_pipe_size(*lvalp); 4129 - if (val == 0) 4130 - return -EINVAL; 4131 - 4132 - *valp = val; 4133 - } else { 4134 - unsigned int val = *valp; 4135 - *lvalp = (unsigned long) val; 4136 - } 4137 - 4138 - return 0; 4139 - } 4140 - 4141 - static int proc_dopipe_max_size(struct ctl_table *table, int write, 4142 - void __user *buffer, size_t *lenp, loff_t *ppos) 4143 - { 4144 - return do_proc_douintvec(table, write, buffer, lenp, ppos, 4145 - do_proc_dopipe_max_size_conv, NULL); 4146 - } 4147 - 4148 - static void validate_coredump_safety(void) 4149 - { 4150 - #ifdef CONFIG_COREDUMP 4151 - if (suid_dumpable == SUID_DUMP_ROOT && 4152 - core_pattern[0] != '/' && core_pattern[0] != '|') { 4153 - printk(KERN_WARNING 4154 - "Unsafe core_pattern used with fs.suid_dumpable=2.\n" 4155 - "Pipe handler or fully qualified core dump path required.\n" 4156 - "Set kernel.core_pattern before fs.suid_dumpable.\n" 4157 - ); 4158 - } 4159 - #endif 4160 - } 4161 - 4162 - static int proc_dointvec_minmax_coredump(struct ctl_table *table, int write, 4163 - void __user *buffer, size_t *lenp, loff_t *ppos) 4164 - { 4165 - int error = proc_dointvec_minmax(table, write, buffer, lenp, ppos); 4166 - if (!error) 4167 - validate_coredump_safety(); 4168 - return error; 4169 - } 4170 - 4171 - #ifdef CONFIG_COREDUMP 4172 - static int proc_dostring_coredump(struct ctl_table *table, int write, 4173 - void __user *buffer, size_t *lenp, loff_t *ppos) 4174 - { 4175 - int error = proc_dostring(table, write, buffer, lenp, ppos); 4176 - if (!error) 4177 - validate_coredump_safety(); 4178 - return error; 4179 - } 4180 - #endif 4181 - 4182 - #ifdef CONFIG_MAGIC_SYSRQ 4183 - static int sysrq_sysctl_handler(struct ctl_table *table, int write, 4184 - void __user *buffer, size_t *lenp, loff_t *ppos) 4185 - { 4186 - int tmp, ret; 4187 - 4188 - tmp = sysrq_mask(); 4189 - 4190 - ret = __do_proc_dointvec(&tmp, table, write, buffer, 4191 - lenp, ppos, NULL, NULL); 4192 - if (ret || !write) 4193 - return ret; 4194 - 4195 - if (write) 4196 - sysrq_toggle_support(tmp); 4197 - 4198 - return 0; 4199 - } 4200 - #endif 4201 - 4202 - static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int write, 4203 - void __user *buffer, 4204 - size_t *lenp, loff_t *ppos, 4205 - unsigned long convmul, 4206 - unsigned long convdiv) 4207 - { 4208 - unsigned long *i, *min, *max; 4209 - int vleft, first = 1, err = 0; 4210 - size_t left; 4211 - char *kbuf = NULL, *p; 4212 - 4213 - if (!data || !table->maxlen || !*lenp || (*ppos && !write)) { 4214 - *lenp = 0; 4215 - return 0; 4216 - } 4217 - 4218 - i = (unsigned long *) data; 4219 - min = (unsigned long *) table->extra1; 4220 - max = (unsigned long *) table->extra2; 4221 - vleft = table->maxlen / sizeof(unsigned long); 4222 - left = *lenp; 4223 - 4224 - if (write) { 4225 - if (proc_first_pos_non_zero_ignore(ppos, table)) 4226 - goto out; 4227 - 4228 - if (left > PAGE_SIZE - 1) 4229 - left = PAGE_SIZE - 1; 4230 - p = kbuf = memdup_user_nul(buffer, left); 4231 - if (IS_ERR(kbuf)) 4232 - return PTR_ERR(kbuf); 4233 - } 4234 - 4235 - for (; left && vleft--; i++, first = 0) { 4236 - unsigned long val; 4237 - 4238 - if (write) { 4239 - bool neg; 4240 - 4241 - left -= proc_skip_spaces(&p); 4242 - if (!left) 4243 - break; 4244 - 4245 - err = proc_get_long(&p, &left, &val, &neg, 4246 - proc_wspace_sep, 4247 - sizeof(proc_wspace_sep), NULL); 4248 - if (err) 4249 - break; 4250 - if (neg) 4251 - continue; 4252 - val = convmul * val / convdiv; 4253 - if ((min && val < *min) || (max && val > *max)) { 4254 - err = -EINVAL; 4255 - break; 4256 - } 4257 - *i = val; 4258 - } else { 4259 - val = convdiv * (*i) / convmul; 4260 - if (!first) { 4261 - err = proc_put_char(&buffer, &left, '\t'); 4262 - if (err) 4263 - break; 4264 - } 4265 - err = proc_put_long(&buffer, &left, val, false); 4266 - if (err) 4267 - break; 4268 - } 4269 - } 4270 - 4271 - if (!write && !first && left && !err) 4272 - err = proc_put_char(&buffer, &left, '\n'); 4273 - if (write && !err) 4274 - left -= proc_skip_spaces(&p); 4275 - if (write) { 4276 - kfree(kbuf); 4277 - if (first) 4278 - return err ? : -EINVAL; 4279 - } 4280 - *lenp -= left; 4281 - out: 4282 - *ppos += *lenp; 4283 - return err; 4284 - } 4285 - 4286 - static int do_proc_doulongvec_minmax(struct ctl_table *table, int write, 4287 - void __user *buffer, 4288 - size_t *lenp, loff_t *ppos, 4289 - unsigned long convmul, 4290 - unsigned long convdiv) 4291 - { 4292 - return __do_proc_doulongvec_minmax(table->data, table, write, 4293 - buffer, lenp, ppos, convmul, convdiv); 4294 - } 4295 - 4296 - /** 4297 - * proc_doulongvec_minmax - read a vector of long integers with min/max values 4298 - * @table: the sysctl table 4299 - * @write: %TRUE if this is a write to the sysctl file 4300 - * @buffer: the user buffer 4301 - * @lenp: the size of the user buffer 4302 - * @ppos: file position 4303 - * 4304 - * Reads/writes up to table->maxlen/sizeof(unsigned long) unsigned long 4305 - * values from/to the user buffer, treated as an ASCII string. 4306 - * 4307 - * This routine will ensure the values are within the range specified by 4308 - * table->extra1 (min) and table->extra2 (max). 4309 - * 4310 - * Returns 0 on success. 4311 - */ 4312 - int proc_doulongvec_minmax(struct ctl_table *table, int write, 4313 - void __user *buffer, size_t *lenp, loff_t *ppos) 4314 - { 4315 - return do_proc_doulongvec_minmax(table, write, buffer, lenp, ppos, 1l, 1l); 4316 - } 4317 - 4318 - /** 4319 - * proc_doulongvec_ms_jiffies_minmax - read a vector of millisecond values with min/max values 4320 - * @table: the sysctl table 4321 - * @write: %TRUE if this is a write to the sysctl file 4322 - * @buffer: the user buffer 4323 - * @lenp: the size of the user buffer 4324 - * @ppos: file position 4325 - * 4326 - * Reads/writes up to table->maxlen/sizeof(unsigned long) unsigned long 4327 - * values from/to the user buffer, treated as an ASCII string. The values 4328 - * are treated as milliseconds, and converted to jiffies when they are stored. 4329 - * 4330 - * This routine will ensure the values are within the range specified by 4331 - * table->extra1 (min) and table->extra2 (max). 4332 - * 4333 - * Returns 0 on success. 4334 - */ 4335 - int proc_doulongvec_ms_jiffies_minmax(struct ctl_table *table, int write, 4336 - void __user *buffer, 4337 - size_t *lenp, loff_t *ppos) 4338 - { 4339 - return do_proc_doulongvec_minmax(table, write, buffer, 4340 - lenp, ppos, HZ, 1000l); 4341 - } 4342 - 4343 - 4344 - static int do_proc_dointvec_jiffies_conv(bool *negp, unsigned long *lvalp, 4345 - int *valp, 4346 - int write, void *data) 4347 - { 4348 - if (write) { 4349 - if (*lvalp > INT_MAX / HZ) 4350 - return 1; 4351 - *valp = *negp ? -(*lvalp*HZ) : (*lvalp*HZ); 4352 - } else { 4353 - int val = *valp; 4354 - unsigned long lval; 4355 - if (val < 0) { 4356 - *negp = true; 4357 - lval = -(unsigned long)val; 4358 - } else { 4359 - *negp = false; 4360 - lval = (unsigned long)val; 4361 - } 4362 - *lvalp = lval / HZ; 4363 - } 4364 - return 0; 4365 - } 4366 - 4367 - static int do_proc_dointvec_userhz_jiffies_conv(bool *negp, unsigned long *lvalp, 4368 - int *valp, 4369 - int write, void *data) 4370 - { 4371 - if (write) { 4372 - if (USER_HZ < HZ && *lvalp > (LONG_MAX / HZ) * USER_HZ) 4373 - return 1; 4374 - *valp = clock_t_to_jiffies(*negp ? -*lvalp : *lvalp); 4375 - } else { 4376 - int val = *valp; 4377 - unsigned long lval; 4378 - if (val < 0) { 4379 - *negp = true; 4380 - lval = -(unsigned long)val; 4381 - } else { 4382 - *negp = false; 4383 - lval = (unsigned long)val; 4384 - } 4385 - *lvalp = jiffies_to_clock_t(lval); 4386 - } 4387 - return 0; 4388 - } 4389 - 4390 - static int do_proc_dointvec_ms_jiffies_conv(bool *negp, unsigned long *lvalp, 4391 - int *valp, 4392 - int write, void *data) 4393 - { 4394 - if (write) { 4395 - unsigned long jif = msecs_to_jiffies(*negp ? -*lvalp : *lvalp); 4396 - 4397 - if (jif > INT_MAX) 4398 - return 1; 4399 - *valp = (int)jif; 4400 - } else { 4401 - int val = *valp; 4402 - unsigned long lval; 4403 - if (val < 0) { 4404 - *negp = true; 4405 - lval = -(unsigned long)val; 4406 - } else { 4407 - *negp = false; 4408 - lval = (unsigned long)val; 4409 - } 4410 - *lvalp = jiffies_to_msecs(lval); 4411 - } 4412 - return 0; 4413 - } 4414 - 4415 - /** 4416 - * proc_dointvec_jiffies - read a vector of integers as seconds 4417 - * @table: the sysctl table 4418 - * @write: %TRUE if this is a write to the sysctl file 4419 - * @buffer: the user buffer 4420 - * @lenp: the size of the user buffer 4421 - * @ppos: file position 4422 - * 4423 - * Reads/writes up to table->maxlen/sizeof(unsigned int) integer 4424 - * values from/to the user buffer, treated as an ASCII string. 4425 - * The values read are assumed to be in seconds, and are converted into 4426 - * jiffies. 4427 - * 4428 - * Returns 0 on success. 4429 - */ 4430 - int proc_dointvec_jiffies(struct ctl_table *table, int write, 4431 - void __user *buffer, size_t *lenp, loff_t *ppos) 4432 - { 4433 - return do_proc_dointvec(table,write,buffer,lenp,ppos, 4434 - do_proc_dointvec_jiffies_conv,NULL); 4435 - } 4436 - 4437 - /** 4438 - * proc_dointvec_userhz_jiffies - read a vector of integers as 1/USER_HZ seconds 4439 - * @table: the sysctl table 4440 - * @write: %TRUE if this is a write to the sysctl file 4441 - * @buffer: the user buffer 4442 - * @lenp: the size of the user buffer 4443 - * @ppos: pointer to the file position 4444 - * 4445 - * Reads/writes up to table->maxlen/sizeof(unsigned int) integer 4446 - * values from/to the user buffer, treated as an ASCII string. 4447 - * The values read are assumed to be in 1/USER_HZ seconds, and 4448 - * are converted into jiffies. 4449 - * 4450 - * Returns 0 on success. 4451 - */ 4452 - int proc_dointvec_userhz_jiffies(struct ctl_table *table, int write, 4453 - void __user *buffer, size_t *lenp, loff_t *ppos) 4454 - { 4455 - return do_proc_dointvec(table,write,buffer,lenp,ppos, 4456 - do_proc_dointvec_userhz_jiffies_conv,NULL); 4457 - } 4458 - 4459 - /** 4460 - * proc_dointvec_ms_jiffies - read a vector of integers as 1 milliseconds 4461 - * @table: the sysctl table 4462 - * @write: %TRUE if this is a write to the sysctl file 4463 - * @buffer: the user buffer 4464 - * @lenp: the size of the user buffer 4465 - * @ppos: file position 4466 - * @ppos: the current position in the file 4467 - * 4468 - * Reads/writes up to table->maxlen/sizeof(unsigned int) integer 4469 - * values from/to the user buffer, treated as an ASCII string. 4470 - * The values read are assumed to be in 1/1000 seconds, and 4471 - * are converted into jiffies. 4472 - * 4473 - * Returns 0 on success. 4474 - */ 4475 - int proc_dointvec_ms_jiffies(struct ctl_table *table, int write, 4476 - void __user *buffer, size_t *lenp, loff_t *ppos) 4477 - { 4478 - return do_proc_dointvec(table, write, buffer, lenp, ppos, 4479 - do_proc_dointvec_ms_jiffies_conv, NULL); 4480 - } 4481 - 4482 - static int proc_do_cad_pid(struct ctl_table *table, int write, 4483 - void __user *buffer, size_t *lenp, loff_t *ppos) 4484 - { 4485 - struct pid *new_pid; 4486 - pid_t tmp; 4487 - int r; 4488 - 4489 - tmp = pid_vnr(cad_pid); 4490 - 4491 - r = __do_proc_dointvec(&tmp, table, write, buffer, 4492 - lenp, ppos, NULL, NULL); 4493 - if (r || !write) 4494 - return r; 4495 - 4496 - new_pid = find_get_pid(tmp); 4497 - if (!new_pid) 4498 - return -ESRCH; 4499 - 4500 - put_pid(xchg(&cad_pid, new_pid)); 4501 - return 0; 4502 - } 4503 - 4504 - /** 4505 - * proc_do_large_bitmap - read/write from/to a large bitmap 4506 - * @table: the sysctl table 4507 - * @write: %TRUE if this is a write to the sysctl file 4508 - * @buffer: the user buffer 4509 - * @lenp: the size of the user buffer 4510 - * @ppos: file position 4511 - * 4512 - * The bitmap is stored at table->data and the bitmap length (in bits) 4513 - * in table->maxlen. 4514 - * 4515 - * We use a range comma separated format (e.g. 1,3-4,10-10) so that 4516 - * large bitmaps may be represented in a compact manner. Writing into 4517 - * the file will clear the bitmap then update it with the given input. 4518 - * 4519 - * Returns 0 on success. 4520 - */ 4521 - int proc_do_large_bitmap(struct ctl_table *table, int write, 4522 - void __user *buffer, size_t *lenp, loff_t *ppos) 4523 - { 4524 - int err = 0; 4525 - bool first = 1; 4526 - size_t left = *lenp; 4527 - unsigned long bitmap_len = table->maxlen; 4528 - unsigned long *bitmap = *(unsigned long **) table->data; 4529 - unsigned long *tmp_bitmap = NULL; 4530 - char tr_a[] = { '-', ',', '\n' }, tr_b[] = { ',', '\n', 0 }, c; 4531 - 4532 - if (!bitmap || !bitmap_len || !left || (*ppos && !write)) { 4533 - *lenp = 0; 4534 - return 0; 4535 - } 4536 - 4537 - if (write) { 4538 - char *kbuf, *p; 4539 - size_t skipped = 0; 4540 - 4541 - if (left > PAGE_SIZE - 1) { 4542 - left = PAGE_SIZE - 1; 4543 - /* How much of the buffer we'll skip this pass */ 4544 - skipped = *lenp - left; 4545 - } 4546 - 4547 - p = kbuf = memdup_user_nul(buffer, left); 4548 - if (IS_ERR(kbuf)) 4549 - return PTR_ERR(kbuf); 4550 - 4551 - tmp_bitmap = bitmap_zalloc(bitmap_len, GFP_KERNEL); 4552 - if (!tmp_bitmap) { 4553 - kfree(kbuf); 4554 - return -ENOMEM; 4555 - } 4556 - proc_skip_char(&p, &left, '\n'); 4557 - while (!err && left) { 4558 - unsigned long val_a, val_b; 4559 - bool neg; 4560 - size_t saved_left; 4561 - 4562 - /* In case we stop parsing mid-number, we can reset */ 4563 - saved_left = left; 4564 - err = proc_get_long(&p, &left, &val_a, &neg, tr_a, 4565 - sizeof(tr_a), &c); 4566 - /* 4567 - * If we consumed the entirety of a truncated buffer or 4568 - * only one char is left (may be a "-"), then stop here, 4569 - * reset, & come back for more. 4570 - */ 4571 - if ((left <= 1) && skipped) { 4572 - left = saved_left; 4573 - break; 4574 - } 4575 - 4576 - if (err) 4577 - break; 4578 - if (val_a >= bitmap_len || neg) { 4579 - err = -EINVAL; 4580 - break; 4581 - } 4582 - 4583 - val_b = val_a; 4584 - if (left) { 4585 - p++; 4586 - left--; 4587 - } 4588 - 4589 - if (c == '-') { 4590 - err = proc_get_long(&p, &left, &val_b, 4591 - &neg, tr_b, sizeof(tr_b), 4592 - &c); 4593 - /* 4594 - * If we consumed all of a truncated buffer or 4595 - * then stop here, reset, & come back for more. 4596 - */ 4597 - if (!left && skipped) { 4598 - left = saved_left; 4599 - break; 4600 - } 4601 - 4602 - if (err) 4603 - break; 4604 - if (val_b >= bitmap_len || neg || 4605 - val_a > val_b) { 4606 - err = -EINVAL; 4607 - break; 4608 - } 4609 - if (left) { 4610 - p++; 4611 - left--; 4612 - } 4613 - } 4614 - 4615 - bitmap_set(tmp_bitmap, val_a, val_b - val_a + 1); 4616 - first = 0; 4617 - proc_skip_char(&p, &left, '\n'); 4618 - } 4619 - kfree(kbuf); 4620 - left += skipped; 4621 - } else { 4622 - unsigned long bit_a, bit_b = 0; 4623 - 4624 - while (left) { 4625 - bit_a = find_next_bit(bitmap, bitmap_len, bit_b); 4626 - if (bit_a >= bitmap_len) 4627 - break; 4628 - bit_b = find_next_zero_bit(bitmap, bitmap_len, 4629 - bit_a + 1) - 1; 4630 - 4631 - if (!first) { 4632 - err = proc_put_char(&buffer, &left, ','); 4633 - if (err) 4634 - break; 4635 - } 4636 - err = proc_put_long(&buffer, &left, bit_a, false); 4637 - if (err) 4638 - break; 4639 - if (bit_a != bit_b) { 4640 - err = proc_put_char(&buffer, &left, '-'); 4641 - if (err) 4642 - break; 4643 - err = proc_put_long(&buffer, &left, bit_b, false); 4644 - if (err) 4645 - break; 4646 - } 4647 - 4648 - first = 0; bit_b++; 4649 - } 4650 - if (!err) 4651 - err = proc_put_char(&buffer, &left, '\n'); 4652 - } 4653 - 4654 - if (!err) { 4655 - if (write) { 4656 - if (*ppos) 4657 - bitmap_or(bitmap, bitmap, tmp_bitmap, bitmap_len); 4658 - else 4659 - bitmap_copy(bitmap, tmp_bitmap, bitmap_len); 4660 - } 4661 - *lenp -= left; 4662 - *ppos += *lenp; 4663 - } 4664 - 4665 - bitmap_free(tmp_bitmap); 4666 - return err; 4667 - } 4668 - 4669 - #else /* CONFIG_PROC_SYSCTL */ 4670 - 4671 - int proc_dostring(struct ctl_table *table, int write, 4672 - void __user *buffer, size_t *lenp, loff_t *ppos) 4673 - { 4674 - return -ENOSYS; 4675 - } 4676 - 4677 - int proc_dointvec(struct ctl_table *table, int write, 4678 - void __user *buffer, size_t *lenp, loff_t *ppos) 4679 - { 4680 - return -ENOSYS; 4681 - } 4682 - 4683 - int proc_douintvec(struct ctl_table *table, int write, 4684 - void __user *buffer, size_t *lenp, loff_t *ppos) 4685 - { 4686 - return -ENOSYS; 4687 - } 4688 - 4689 - int proc_dointvec_minmax(struct ctl_table *table, int write, 4690 - void __user *buffer, size_t *lenp, loff_t *ppos) 4691 - { 4692 - return -ENOSYS; 4693 - } 4694 - 4695 - int proc_douintvec_minmax(struct ctl_table *table, int write, 4696 - void __user *buffer, size_t *lenp, loff_t *ppos) 4697 - { 4698 - return -ENOSYS; 4699 - } 4700 - 4701 - int proc_dointvec_jiffies(struct ctl_table *table, int write, 4702 - void __user *buffer, size_t *lenp, loff_t *ppos) 4703 - { 4704 - return -ENOSYS; 4705 - } 4706 - 4707 - int proc_dointvec_userhz_jiffies(struct ctl_table *table, int write, 4708 - void __user *buffer, size_t *lenp, loff_t *ppos) 4709 - { 4710 - return -ENOSYS; 4711 - } 4712 - 4713 - int proc_dointvec_ms_jiffies(struct ctl_table *table, int write, 4714 - void __user *buffer, size_t *lenp, loff_t *ppos) 4715 - { 4716 - return -ENOSYS; 4717 - } 4718 - 4719 - int proc_doulongvec_minmax(struct ctl_table *table, int write, 4720 - void __user *buffer, size_t *lenp, loff_t *ppos) 4721 - { 4722 - return -ENOSYS; 4723 - } 4724 - 4725 - int proc_doulongvec_ms_jiffies_minmax(struct ctl_table *table, int write, 4726 - void __user *buffer, 4727 - size_t *lenp, loff_t *ppos) 4728 - { 4729 - return -ENOSYS; 4730 - } 4731 - 4732 - int proc_do_large_bitmap(struct ctl_table *table, int write, 4733 - void __user *buffer, size_t *lenp, loff_t *ppos) 4734 - { 4735 - return -ENOSYS; 4736 - } 4737 - 4738 - #endif /* CONFIG_PROC_SYSCTL */ 4739 - 4740 - #if defined(CONFIG_SYSCTL) 4741 - int proc_do_static_key(struct ctl_table *table, int write, 4742 - void __user *buffer, size_t *lenp, 4743 - loff_t *ppos) 4744 - { 4745 - struct static_key *key = (struct static_key *)table->data; 4746 - static DEFINE_MUTEX(static_key_mutex); 4747 - int val, ret; 4748 - struct ctl_table tmp = { 4749 - .data = &val, 4750 - .maxlen = sizeof(val), 4751 - .mode = table->mode, 4752 - .extra1 = SYSCTL_ZERO, 4753 - .extra2 = SYSCTL_ONE, 4754 - }; 4755 - 4756 - if (write && !capable(CAP_SYS_ADMIN)) 4757 - return -EPERM; 4758 - 4759 - mutex_lock(&static_key_mutex); 4760 - val = static_key_enabled(key); 4761 - ret = proc_dointvec_minmax(&tmp, write, buffer, lenp, ppos); 4762 - if (write && !ret) { 4763 - if (val) 4764 - static_key_enable(key); 4765 - else 4766 - static_key_disable(key); 4767 - } 4768 - mutex_unlock(&static_key_mutex); 4769 - return ret; 4770 - } 4771 - #endif 4772 1971 /* 4773 1972 * No sense putting this after each symbol definition, twice, 4774 1973 * exception granted :-)
+1 -2
kernel/time/timer.c
··· 249 249 } 250 250 251 251 int timer_migration_handler(struct ctl_table *table, int write, 252 - void __user *buffer, size_t *lenp, 253 - loff_t *ppos) 252 + void *buffer, size_t *lenp, loff_t *ppos) 254 253 { 255 254 int ret; 256 255
+1 -1
kernel/trace/trace.c
··· 2661 2661 } 2662 2662 2663 2663 int tracepoint_printk_sysctl(struct ctl_table *table, int write, 2664 - void __user *buffer, size_t *lenp, 2664 + void *buffer, size_t *lenp, 2665 2665 loff_t *ppos) 2666 2666 { 2667 2667 int save_tracepoint_printk;
+1 -1
kernel/umh.c
··· 630 630 EXPORT_SYMBOL(call_usermodehelper); 631 631 632 632 static int proc_cap_handler(struct ctl_table *table, int write, 633 - void __user *buffer, size_t *lenp, loff_t *ppos) 633 + void *buffer, size_t *lenp, loff_t *ppos) 634 634 { 635 635 struct ctl_table t; 636 636 unsigned long cap_array[_KERNEL_CAPABILITY_U32S];
+1 -1
kernel/utsname_sysctl.c
··· 30 30 * to observe. Should this be in kernel/sys.c ???? 31 31 */ 32 32 static int proc_do_uts_string(struct ctl_table *table, int write, 33 - void __user *buffer, size_t *lenp, loff_t *ppos) 33 + void *buffer, size_t *lenp, loff_t *ppos) 34 34 { 35 35 struct ctl_table uts_table; 36 36 int r;
+6 -6
kernel/watchdog.c
··· 661 661 * proc_soft_watchdog | soft_watchdog_user_enabled | SOFT_WATCHDOG_ENABLED 662 662 */ 663 663 static int proc_watchdog_common(int which, struct ctl_table *table, int write, 664 - void __user *buffer, size_t *lenp, loff_t *ppos) 664 + void *buffer, size_t *lenp, loff_t *ppos) 665 665 { 666 666 int err, old, *param = table->data; 667 667 ··· 688 688 * /proc/sys/kernel/watchdog 689 689 */ 690 690 int proc_watchdog(struct ctl_table *table, int write, 691 - void __user *buffer, size_t *lenp, loff_t *ppos) 691 + void *buffer, size_t *lenp, loff_t *ppos) 692 692 { 693 693 return proc_watchdog_common(NMI_WATCHDOG_ENABLED|SOFT_WATCHDOG_ENABLED, 694 694 table, write, buffer, lenp, ppos); ··· 698 698 * /proc/sys/kernel/nmi_watchdog 699 699 */ 700 700 int proc_nmi_watchdog(struct ctl_table *table, int write, 701 - void __user *buffer, size_t *lenp, loff_t *ppos) 701 + void *buffer, size_t *lenp, loff_t *ppos) 702 702 { 703 703 if (!nmi_watchdog_available && write) 704 704 return -ENOTSUPP; ··· 710 710 * /proc/sys/kernel/soft_watchdog 711 711 */ 712 712 int proc_soft_watchdog(struct ctl_table *table, int write, 713 - void __user *buffer, size_t *lenp, loff_t *ppos) 713 + void *buffer, size_t *lenp, loff_t *ppos) 714 714 { 715 715 return proc_watchdog_common(SOFT_WATCHDOG_ENABLED, 716 716 table, write, buffer, lenp, ppos); ··· 720 720 * /proc/sys/kernel/watchdog_thresh 721 721 */ 722 722 int proc_watchdog_thresh(struct ctl_table *table, int write, 723 - void __user *buffer, size_t *lenp, loff_t *ppos) 723 + void *buffer, size_t *lenp, loff_t *ppos) 724 724 { 725 725 int err, old; 726 726 ··· 743 743 * been brought online, if desired. 744 744 */ 745 745 int proc_watchdog_cpumask(struct ctl_table *table, int write, 746 - void __user *buffer, size_t *lenp, loff_t *ppos) 746 + void *buffer, size_t *lenp, loff_t *ppos) 747 747 { 748 748 int err; 749 749
+1 -1
mm/compaction.c
··· 2463 2463 * /proc/sys/vm/compact_memory 2464 2464 */ 2465 2465 int sysctl_compaction_handler(struct ctl_table *table, int write, 2466 - void __user *buffer, size_t *length, loff_t *ppos) 2466 + void *buffer, size_t *length, loff_t *ppos) 2467 2467 { 2468 2468 if (write) 2469 2469 compact_nodes();
+4 -5
mm/hugetlb.c
··· 3352 3352 #ifdef CONFIG_SYSCTL 3353 3353 static int hugetlb_sysctl_handler_common(bool obey_mempolicy, 3354 3354 struct ctl_table *table, int write, 3355 - void __user *buffer, size_t *length, loff_t *ppos) 3355 + void *buffer, size_t *length, loff_t *ppos) 3356 3356 { 3357 3357 struct hstate *h = &default_hstate; 3358 3358 unsigned long tmp = h->max_huge_pages; ··· 3375 3375 } 3376 3376 3377 3377 int hugetlb_sysctl_handler(struct ctl_table *table, int write, 3378 - void __user *buffer, size_t *length, loff_t *ppos) 3378 + void *buffer, size_t *length, loff_t *ppos) 3379 3379 { 3380 3380 3381 3381 return hugetlb_sysctl_handler_common(false, table, write, ··· 3384 3384 3385 3385 #ifdef CONFIG_NUMA 3386 3386 int hugetlb_mempolicy_sysctl_handler(struct ctl_table *table, int write, 3387 - void __user *buffer, size_t *length, loff_t *ppos) 3387 + void *buffer, size_t *length, loff_t *ppos) 3388 3388 { 3389 3389 return hugetlb_sysctl_handler_common(true, table, write, 3390 3390 buffer, length, ppos); ··· 3392 3392 #endif /* CONFIG_NUMA */ 3393 3393 3394 3394 int hugetlb_overcommit_handler(struct ctl_table *table, int write, 3395 - void __user *buffer, 3396 - size_t *length, loff_t *ppos) 3395 + void *buffer, size_t *length, loff_t *ppos) 3397 3396 { 3398 3397 struct hstate *h = &default_hstate; 3399 3398 unsigned long tmp;
+6 -10
mm/page-writeback.c
··· 512 512 } 513 513 514 514 int dirty_background_ratio_handler(struct ctl_table *table, int write, 515 - void __user *buffer, size_t *lenp, 516 - loff_t *ppos) 515 + void *buffer, size_t *lenp, loff_t *ppos) 517 516 { 518 517 int ret; 519 518 ··· 523 524 } 524 525 525 526 int dirty_background_bytes_handler(struct ctl_table *table, int write, 526 - void __user *buffer, size_t *lenp, 527 - loff_t *ppos) 527 + void *buffer, size_t *lenp, loff_t *ppos) 528 528 { 529 529 int ret; 530 530 ··· 533 535 return ret; 534 536 } 535 537 536 - int dirty_ratio_handler(struct ctl_table *table, int write, 537 - void __user *buffer, size_t *lenp, 538 - loff_t *ppos) 538 + int dirty_ratio_handler(struct ctl_table *table, int write, void *buffer, 539 + size_t *lenp, loff_t *ppos) 539 540 { 540 541 int old_ratio = vm_dirty_ratio; 541 542 int ret; ··· 548 551 } 549 552 550 553 int dirty_bytes_handler(struct ctl_table *table, int write, 551 - void __user *buffer, size_t *lenp, 552 - loff_t *ppos) 554 + void *buffer, size_t *lenp, loff_t *ppos) 553 555 { 554 556 unsigned long old_bytes = vm_dirty_bytes; 555 557 int ret; ··· 1968 1972 * sysctl handler for /proc/sys/vm/dirty_writeback_centisecs 1969 1973 */ 1970 1974 int dirty_writeback_centisecs_handler(struct ctl_table *table, int write, 1971 - void __user *buffer, size_t *length, loff_t *ppos) 1975 + void *buffer, size_t *length, loff_t *ppos) 1972 1976 { 1973 1977 unsigned int old_interval = dirty_writeback_interval; 1974 1978 int ret;
+10 -32
mm/page_alloc.c
··· 5546 5546 * sysctl handler for numa_zonelist_order 5547 5547 */ 5548 5548 int numa_zonelist_order_handler(struct ctl_table *table, int write, 5549 - void __user *buffer, size_t *length, 5550 - loff_t *ppos) 5549 + void *buffer, size_t *length, loff_t *ppos) 5551 5550 { 5552 - char *str; 5553 - int ret; 5554 - 5555 - if (!write) 5556 - return proc_dostring(table, write, buffer, length, ppos); 5557 - str = memdup_user_nul(buffer, 16); 5558 - if (IS_ERR(str)) 5559 - return PTR_ERR(str); 5560 - 5561 - ret = __parse_numa_zonelist_order(str); 5562 - kfree(str); 5563 - return ret; 5551 + if (write) 5552 + return __parse_numa_zonelist_order(buffer); 5553 + return proc_dostring(table, write, buffer, length, ppos); 5564 5554 } 5565 5555 5566 5556 ··· 7953 7963 * changes. 7954 7964 */ 7955 7965 int min_free_kbytes_sysctl_handler(struct ctl_table *table, int write, 7956 - void __user *buffer, size_t *length, loff_t *ppos) 7966 + void *buffer, size_t *length, loff_t *ppos) 7957 7967 { 7958 7968 int rc; 7959 7969 ··· 7968 7978 return 0; 7969 7979 } 7970 7980 7971 - int watermark_boost_factor_sysctl_handler(struct ctl_table *table, int write, 7972 - void __user *buffer, size_t *length, loff_t *ppos) 7973 - { 7974 - int rc; 7975 - 7976 - rc = proc_dointvec_minmax(table, write, buffer, length, ppos); 7977 - if (rc) 7978 - return rc; 7979 - 7980 - return 0; 7981 - } 7982 - 7983 7981 int watermark_scale_factor_sysctl_handler(struct ctl_table *table, int write, 7984 - void __user *buffer, size_t *length, loff_t *ppos) 7982 + void *buffer, size_t *length, loff_t *ppos) 7985 7983 { 7986 7984 int rc; 7987 7985 ··· 7999 8021 8000 8022 8001 8023 int sysctl_min_unmapped_ratio_sysctl_handler(struct ctl_table *table, int write, 8002 - void __user *buffer, size_t *length, loff_t *ppos) 8024 + void *buffer, size_t *length, loff_t *ppos) 8003 8025 { 8004 8026 int rc; 8005 8027 ··· 8026 8048 } 8027 8049 8028 8050 int sysctl_min_slab_ratio_sysctl_handler(struct ctl_table *table, int write, 8029 - void __user *buffer, size_t *length, loff_t *ppos) 8051 + void *buffer, size_t *length, loff_t *ppos) 8030 8052 { 8031 8053 int rc; 8032 8054 ··· 8050 8072 * if in function of the boot time zone sizes. 8051 8073 */ 8052 8074 int lowmem_reserve_ratio_sysctl_handler(struct ctl_table *table, int write, 8053 - void __user *buffer, size_t *length, loff_t *ppos) 8075 + void *buffer, size_t *length, loff_t *ppos) 8054 8076 { 8055 8077 proc_dointvec_minmax(table, write, buffer, length, ppos); 8056 8078 setup_per_zone_lowmem_reserve(); ··· 8072 8094 * pagelist can have before it gets flushed back to buddy allocator. 8073 8095 */ 8074 8096 int percpu_pagelist_fraction_sysctl_handler(struct ctl_table *table, int write, 8075 - void __user *buffer, size_t *length, loff_t *ppos) 8097 + void *buffer, size_t *length, loff_t *ppos) 8076 8098 { 8077 8099 struct zone *zone; 8078 8100 int old_percpu_pagelist_fraction;
+4 -6
mm/util.c
··· 717 717 unsigned long sysctl_user_reserve_kbytes __read_mostly = 1UL << 17; /* 128MB */ 718 718 unsigned long sysctl_admin_reserve_kbytes __read_mostly = 1UL << 13; /* 8MB */ 719 719 720 - int overcommit_ratio_handler(struct ctl_table *table, int write, 721 - void __user *buffer, size_t *lenp, 722 - loff_t *ppos) 720 + int overcommit_ratio_handler(struct ctl_table *table, int write, void *buffer, 721 + size_t *lenp, loff_t *ppos) 723 722 { 724 723 int ret; 725 724 ··· 728 729 return ret; 729 730 } 730 731 731 - int overcommit_kbytes_handler(struct ctl_table *table, int write, 732 - void __user *buffer, size_t *lenp, 733 - loff_t *ppos) 732 + int overcommit_kbytes_handler(struct ctl_table *table, int write, void *buffer, 733 + size_t *lenp, loff_t *ppos) 734 734 { 735 735 int ret; 736 736
+2 -2
mm/vmstat.c
··· 76 76 static DEFINE_MUTEX(vm_numa_stat_lock); 77 77 78 78 int sysctl_vm_numa_stat_handler(struct ctl_table *table, int write, 79 - void __user *buffer, size_t *length, loff_t *ppos) 79 + void *buffer, size_t *length, loff_t *ppos) 80 80 { 81 81 int ret, oldval; 82 82 ··· 1751 1751 } 1752 1752 1753 1753 int vmstat_refresh(struct ctl_table *table, int write, 1754 - void __user *buffer, size_t *lenp, loff_t *ppos) 1754 + void *buffer, size_t *lenp, loff_t *ppos) 1755 1755 { 1756 1756 long val; 1757 1757 int err;
+1 -1
net/bridge/br_netfilter_hooks.c
··· 1027 1027 #ifdef CONFIG_SYSCTL 1028 1028 static 1029 1029 int brnf_sysctl_call_tables(struct ctl_table *ctl, int write, 1030 - void __user *buffer, size_t *lenp, loff_t *ppos) 1030 + void *buffer, size_t *lenp, loff_t *ppos) 1031 1031 { 1032 1032 int ret; 1033 1033
+13 -15
net/core/neighbour.c
··· 3379 3379 static int unres_qlen_max = INT_MAX / SKB_TRUESIZE(ETH_FRAME_LEN); 3380 3380 3381 3381 static int proc_unres_qlen(struct ctl_table *ctl, int write, 3382 - void __user *buffer, size_t *lenp, loff_t *ppos) 3382 + void *buffer, size_t *lenp, loff_t *ppos) 3383 3383 { 3384 3384 int size, ret; 3385 3385 struct ctl_table tmp = *ctl; ··· 3443 3443 } 3444 3444 3445 3445 static int neigh_proc_dointvec_zero_intmax(struct ctl_table *ctl, int write, 3446 - void __user *buffer, 3447 - size_t *lenp, loff_t *ppos) 3446 + void *buffer, size_t *lenp, 3447 + loff_t *ppos) 3448 3448 { 3449 3449 struct ctl_table tmp = *ctl; 3450 3450 int ret; ··· 3457 3457 return ret; 3458 3458 } 3459 3459 3460 - int neigh_proc_dointvec(struct ctl_table *ctl, int write, 3461 - void __user *buffer, size_t *lenp, loff_t *ppos) 3460 + int neigh_proc_dointvec(struct ctl_table *ctl, int write, void *buffer, 3461 + size_t *lenp, loff_t *ppos) 3462 3462 { 3463 3463 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos); 3464 3464 ··· 3467 3467 } 3468 3468 EXPORT_SYMBOL(neigh_proc_dointvec); 3469 3469 3470 - int neigh_proc_dointvec_jiffies(struct ctl_table *ctl, int write, 3471 - void __user *buffer, 3470 + int neigh_proc_dointvec_jiffies(struct ctl_table *ctl, int write, void *buffer, 3472 3471 size_t *lenp, loff_t *ppos) 3473 3472 { 3474 3473 int ret = proc_dointvec_jiffies(ctl, write, buffer, lenp, ppos); ··· 3478 3479 EXPORT_SYMBOL(neigh_proc_dointvec_jiffies); 3479 3480 3480 3481 static int neigh_proc_dointvec_userhz_jiffies(struct ctl_table *ctl, int write, 3481 - void __user *buffer, 3482 - size_t *lenp, loff_t *ppos) 3482 + void *buffer, size_t *lenp, 3483 + loff_t *ppos) 3483 3484 { 3484 3485 int ret = proc_dointvec_userhz_jiffies(ctl, write, buffer, lenp, ppos); 3485 3486 ··· 3488 3489 } 3489 3490 3490 3491 int neigh_proc_dointvec_ms_jiffies(struct ctl_table *ctl, int write, 3491 - void __user *buffer, 3492 - size_t *lenp, loff_t *ppos) 3492 + void *buffer, size_t *lenp, loff_t *ppos) 3493 3493 { 3494 3494 int ret = proc_dointvec_ms_jiffies(ctl, write, buffer, lenp, ppos); 3495 3495 ··· 3498 3500 EXPORT_SYMBOL(neigh_proc_dointvec_ms_jiffies); 3499 3501 3500 3502 static int neigh_proc_dointvec_unres_qlen(struct ctl_table *ctl, int write, 3501 - void __user *buffer, 3502 - size_t *lenp, loff_t *ppos) 3503 + void *buffer, size_t *lenp, 3504 + loff_t *ppos) 3503 3505 { 3504 3506 int ret = proc_unres_qlen(ctl, write, buffer, lenp, ppos); 3505 3507 ··· 3508 3510 } 3509 3511 3510 3512 static int neigh_proc_base_reachable_time(struct ctl_table *ctl, int write, 3511 - void __user *buffer, 3512 - size_t *lenp, loff_t *ppos) 3513 + void *buffer, size_t *lenp, 3514 + loff_t *ppos) 3513 3515 { 3514 3516 struct neigh_parms *p = ctl->extra2; 3515 3517 int ret;
+10 -17
net/core/sysctl_net_core.c
··· 45 45 46 46 #ifdef CONFIG_RPS 47 47 static int rps_sock_flow_sysctl(struct ctl_table *table, int write, 48 - void __user *buffer, size_t *lenp, loff_t *ppos) 48 + void *buffer, size_t *lenp, loff_t *ppos) 49 49 { 50 50 unsigned int orig_size, size; 51 51 int ret, i; ··· 115 115 static DEFINE_MUTEX(flow_limit_update_mutex); 116 116 117 117 static int flow_limit_cpu_sysctl(struct ctl_table *table, int write, 118 - void __user *buffer, size_t *lenp, 119 - loff_t *ppos) 118 + void *buffer, size_t *lenp, loff_t *ppos) 120 119 { 121 120 struct sd_flow_limit *cur; 122 121 struct softnet_data *sd; ··· 179 180 } 180 181 if (len < *lenp) 181 182 kbuf[len++] = '\n'; 182 - if (copy_to_user(buffer, kbuf, len)) { 183 - ret = -EFAULT; 184 - goto done; 185 - } 183 + memcpy(buffer, kbuf, len); 186 184 *lenp = len; 187 185 *ppos += len; 188 186 } ··· 190 194 } 191 195 192 196 static int flow_limit_table_len_sysctl(struct ctl_table *table, int write, 193 - void __user *buffer, size_t *lenp, 194 - loff_t *ppos) 197 + void *buffer, size_t *lenp, loff_t *ppos) 195 198 { 196 199 unsigned int old, *ptr; 197 200 int ret; ··· 212 217 213 218 #ifdef CONFIG_NET_SCHED 214 219 static int set_default_qdisc(struct ctl_table *table, int write, 215 - void __user *buffer, size_t *lenp, loff_t *ppos) 220 + void *buffer, size_t *lenp, loff_t *ppos) 216 221 { 217 222 char id[IFNAMSIZ]; 218 223 struct ctl_table tbl = { ··· 231 236 #endif 232 237 233 238 static int proc_do_dev_weight(struct ctl_table *table, int write, 234 - void __user *buffer, size_t *lenp, loff_t *ppos) 239 + void *buffer, size_t *lenp, loff_t *ppos) 235 240 { 236 241 int ret; 237 242 ··· 246 251 } 247 252 248 253 static int proc_do_rss_key(struct ctl_table *table, int write, 249 - void __user *buffer, size_t *lenp, loff_t *ppos) 254 + void *buffer, size_t *lenp, loff_t *ppos) 250 255 { 251 256 struct ctl_table fake_table; 252 257 char buf[NETDEV_RSS_KEY_LEN * 3]; ··· 259 264 260 265 #ifdef CONFIG_BPF_JIT 261 266 static int proc_dointvec_minmax_bpf_enable(struct ctl_table *table, int write, 262 - void __user *buffer, size_t *lenp, 267 + void *buffer, size_t *lenp, 263 268 loff_t *ppos) 264 269 { 265 270 int ret, jit_enable = *(int *)table->data; ··· 286 291 # ifdef CONFIG_HAVE_EBPF_JIT 287 292 static int 288 293 proc_dointvec_minmax_bpf_restricted(struct ctl_table *table, int write, 289 - void __user *buffer, size_t *lenp, 290 - loff_t *ppos) 294 + void *buffer, size_t *lenp, loff_t *ppos) 291 295 { 292 296 if (!capable(CAP_SYS_ADMIN)) 293 297 return -EPERM; ··· 297 303 298 304 static int 299 305 proc_dolongvec_minmax_bpf_restricted(struct ctl_table *table, int write, 300 - void __user *buffer, size_t *lenp, 301 - loff_t *ppos) 306 + void *buffer, size_t *lenp, loff_t *ppos) 302 307 { 303 308 if (!capable(CAP_SYS_ADMIN)) 304 309 return -EPERM;
+3 -4
net/decnet/dn_dev.c
··· 160 160 static int min_priority[1]; 161 161 static int max_priority[] = { 127 }; /* From DECnet spec */ 162 162 163 - static int dn_forwarding_proc(struct ctl_table *, int, 164 - void __user *, size_t *, loff_t *); 163 + static int dn_forwarding_proc(struct ctl_table *, int, void *, size_t *, 164 + loff_t *); 165 165 static struct dn_dev_sysctl_table { 166 166 struct ctl_table_header *sysctl_header; 167 167 struct ctl_table dn_dev_vars[5]; ··· 245 245 } 246 246 247 247 static int dn_forwarding_proc(struct ctl_table *table, int write, 248 - void __user *buffer, 249 - size_t *lenp, loff_t *ppos) 248 + void *buffer, size_t *lenp, loff_t *ppos) 250 249 { 251 250 #ifdef CONFIG_DECNET_ROUTER 252 251 struct net_device *dev = table->extra1;
+8 -19
net/decnet/sysctl_net_decnet.c
··· 134 134 } 135 135 136 136 static int dn_node_address_handler(struct ctl_table *table, int write, 137 - void __user *buffer, 138 - size_t *lenp, loff_t *ppos) 137 + void *buffer, size_t *lenp, loff_t *ppos) 139 138 { 140 139 char addr[DN_ASCBUF_LEN]; 141 140 size_t len; ··· 147 148 148 149 if (write) { 149 150 len = (*lenp < DN_ASCBUF_LEN) ? *lenp : (DN_ASCBUF_LEN-1); 150 - 151 - if (copy_from_user(addr, buffer, len)) 152 - return -EFAULT; 153 - 151 + memcpy(addr, buffer, len); 154 152 addr[len] = 0; 155 153 strip_it(addr); 156 154 ··· 169 173 len = strlen(addr); 170 174 addr[len++] = '\n'; 171 175 172 - if (len > *lenp) len = *lenp; 173 - 174 - if (copy_to_user(buffer, addr, len)) 175 - return -EFAULT; 176 - 176 + if (len > *lenp) 177 + len = *lenp; 178 + memcpy(buffer, addr, len); 177 179 *lenp = len; 178 180 *ppos += len; 179 181 ··· 179 185 } 180 186 181 187 static int dn_def_dev_handler(struct ctl_table *table, int write, 182 - void __user *buffer, 183 - size_t *lenp, loff_t *ppos) 188 + void *buffer, size_t *lenp, loff_t *ppos) 184 189 { 185 190 size_t len; 186 191 struct net_device *dev; ··· 194 201 if (*lenp > 16) 195 202 return -E2BIG; 196 203 197 - if (copy_from_user(devname, buffer, *lenp)) 198 - return -EFAULT; 199 - 204 + memcpy(devname, buffer, *lenp); 200 205 devname[*lenp] = 0; 201 206 strip_it(devname); 202 207 ··· 229 238 230 239 if (len > *lenp) len = *lenp; 231 240 232 - if (copy_to_user(buffer, devname, len)) 233 - return -EFAULT; 234 - 241 + memcpy(buffer, devname, len); 235 242 *lenp = len; 236 243 *ppos += len; 237 244
+3 -6
net/ipv4/devinet.c
··· 2366 2366 } 2367 2367 2368 2368 static int devinet_conf_proc(struct ctl_table *ctl, int write, 2369 - void __user *buffer, 2370 - size_t *lenp, loff_t *ppos) 2369 + void *buffer, size_t *lenp, loff_t *ppos) 2371 2370 { 2372 2371 int old_value = *(int *)ctl->data; 2373 2372 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos); ··· 2418 2419 } 2419 2420 2420 2421 static int devinet_sysctl_forward(struct ctl_table *ctl, int write, 2421 - void __user *buffer, 2422 - size_t *lenp, loff_t *ppos) 2422 + void *buffer, size_t *lenp, loff_t *ppos) 2423 2423 { 2424 2424 int *valp = ctl->data; 2425 2425 int val = *valp; ··· 2461 2463 } 2462 2464 2463 2465 static int ipv4_doint_and_flush(struct ctl_table *ctl, int write, 2464 - void __user *buffer, 2465 - size_t *lenp, loff_t *ppos) 2466 + void *buffer, size_t *lenp, loff_t *ppos) 2466 2467 { 2467 2468 int *valp = ctl->data; 2468 2469 int val = *valp;
+1 -2
net/ipv4/route.c
··· 3336 3336 static int ip_min_valid_pmtu __read_mostly = IPV4_MIN_MTU; 3337 3337 3338 3338 static int ipv4_sysctl_rtcache_flush(struct ctl_table *__ctl, int write, 3339 - void __user *buffer, 3340 - size_t *lenp, loff_t *ppos) 3339 + void *buffer, size_t *lenp, loff_t *ppos) 3341 3340 { 3342 3341 struct net *net = (struct net *)__ctl->extra1; 3343 3342
+15 -23
net/ipv4/sysctl_net_ipv4.c
··· 71 71 72 72 /* Validate changes from /proc interface. */ 73 73 static int ipv4_local_port_range(struct ctl_table *table, int write, 74 - void __user *buffer, 75 - size_t *lenp, loff_t *ppos) 74 + void *buffer, size_t *lenp, loff_t *ppos) 76 75 { 77 76 struct net *net = 78 77 container_of(table->data, struct net, ipv4.ip_local_ports.range); ··· 106 107 107 108 /* Validate changes from /proc interface. */ 108 109 static int ipv4_privileged_ports(struct ctl_table *table, int write, 109 - void __user *buffer, size_t *lenp, loff_t *ppos) 110 + void *buffer, size_t *lenp, loff_t *ppos) 110 111 { 111 112 struct net *net = container_of(table->data, struct net, 112 113 ipv4.sysctl_ip_prot_sock); ··· 167 168 168 169 /* Validate changes from /proc interface. */ 169 170 static int ipv4_ping_group_range(struct ctl_table *table, int write, 170 - void __user *buffer, 171 - size_t *lenp, loff_t *ppos) 171 + void *buffer, size_t *lenp, loff_t *ppos) 172 172 { 173 173 struct user_namespace *user_ns = current_user_ns(); 174 174 int ret; ··· 202 204 } 203 205 204 206 static int ipv4_fwd_update_priority(struct ctl_table *table, int write, 205 - void __user *buffer, 206 - size_t *lenp, loff_t *ppos) 207 + void *buffer, size_t *lenp, loff_t *ppos) 207 208 { 208 209 struct net *net; 209 210 int ret; ··· 218 221 } 219 222 220 223 static int proc_tcp_congestion_control(struct ctl_table *ctl, int write, 221 - void __user *buffer, size_t *lenp, loff_t *ppos) 224 + void *buffer, size_t *lenp, loff_t *ppos) 222 225 { 223 226 struct net *net = container_of(ctl->data, struct net, 224 227 ipv4.tcp_congestion_control); ··· 238 241 } 239 242 240 243 static int proc_tcp_available_congestion_control(struct ctl_table *ctl, 241 - int write, 242 - void __user *buffer, size_t *lenp, 243 - loff_t *ppos) 244 + int write, void *buffer, 245 + size_t *lenp, loff_t *ppos) 244 246 { 245 247 struct ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX, }; 246 248 int ret; ··· 254 258 } 255 259 256 260 static int proc_allowed_congestion_control(struct ctl_table *ctl, 257 - int write, 258 - void __user *buffer, size_t *lenp, 259 - loff_t *ppos) 261 + int write, void *buffer, 262 + size_t *lenp, loff_t *ppos) 260 263 { 261 264 struct ctl_table tbl = { .maxlen = TCP_CA_BUF_MAX }; 262 265 int ret; ··· 291 296 } 292 297 293 298 static int proc_tcp_fastopen_key(struct ctl_table *table, int write, 294 - void __user *buffer, size_t *lenp, 295 - loff_t *ppos) 299 + void *buffer, size_t *lenp, loff_t *ppos) 296 300 { 297 301 struct net *net = container_of(table->data, struct net, 298 302 ipv4.sysctl_tcp_fastopen); ··· 393 399 } 394 400 395 401 static int proc_tcp_early_demux(struct ctl_table *table, int write, 396 - void __user *buffer, size_t *lenp, loff_t *ppos) 402 + void *buffer, size_t *lenp, loff_t *ppos) 397 403 { 398 404 int ret = 0; 399 405 ··· 409 415 } 410 416 411 417 static int proc_udp_early_demux(struct ctl_table *table, int write, 412 - void __user *buffer, size_t *lenp, loff_t *ppos) 418 + void *buffer, size_t *lenp, loff_t *ppos) 413 419 { 414 420 int ret = 0; 415 421 ··· 425 431 } 426 432 427 433 static int proc_tfo_blackhole_detect_timeout(struct ctl_table *table, 428 - int write, 429 - void __user *buffer, 434 + int write, void *buffer, 430 435 size_t *lenp, loff_t *ppos) 431 436 { 432 437 struct net *net = container_of(table->data, struct net, ··· 440 447 } 441 448 442 449 static int proc_tcp_available_ulp(struct ctl_table *ctl, 443 - int write, 444 - void __user *buffer, size_t *lenp, 450 + int write, void *buffer, size_t *lenp, 445 451 loff_t *ppos) 446 452 { 447 453 struct ctl_table tbl = { .maxlen = TCP_ULP_BUF_MAX, }; ··· 458 466 459 467 #ifdef CONFIG_IP_ROUTE_MULTIPATH 460 468 static int proc_fib_multipath_hash_policy(struct ctl_table *table, int write, 461 - void __user *buffer, size_t *lenp, 469 + void *buffer, size_t *lenp, 462 470 loff_t *ppos) 463 471 { 464 472 struct net *net = container_of(table->data, struct net,
+13 -20
net/ipv6/addrconf.c
··· 6095 6095 6096 6096 #ifdef CONFIG_SYSCTL 6097 6097 6098 - static 6099 - int addrconf_sysctl_forward(struct ctl_table *ctl, int write, 6100 - void __user *buffer, size_t *lenp, loff_t *ppos) 6098 + static int addrconf_sysctl_forward(struct ctl_table *ctl, int write, 6099 + void *buffer, size_t *lenp, loff_t *ppos) 6101 6100 { 6102 6101 int *valp = ctl->data; 6103 6102 int val = *valp; ··· 6120 6121 return ret; 6121 6122 } 6122 6123 6123 - static 6124 - int addrconf_sysctl_mtu(struct ctl_table *ctl, int write, 6125 - void __user *buffer, size_t *lenp, loff_t *ppos) 6124 + static int addrconf_sysctl_mtu(struct ctl_table *ctl, int write, 6125 + void *buffer, size_t *lenp, loff_t *ppos) 6126 6126 { 6127 6127 struct inet6_dev *idev = ctl->extra1; 6128 6128 int min_mtu = IPV6_MIN_MTU; ··· 6191 6193 return 0; 6192 6194 } 6193 6195 6194 - static 6195 - int addrconf_sysctl_disable(struct ctl_table *ctl, int write, 6196 - void __user *buffer, size_t *lenp, loff_t *ppos) 6196 + static int addrconf_sysctl_disable(struct ctl_table *ctl, int write, 6197 + void *buffer, size_t *lenp, loff_t *ppos) 6197 6198 { 6198 6199 int *valp = ctl->data; 6199 6200 int val = *valp; ··· 6216 6219 return ret; 6217 6220 } 6218 6221 6219 - static 6220 - int addrconf_sysctl_proxy_ndp(struct ctl_table *ctl, int write, 6221 - void __user *buffer, size_t *lenp, loff_t *ppos) 6222 + static int addrconf_sysctl_proxy_ndp(struct ctl_table *ctl, int write, 6223 + void *buffer, size_t *lenp, loff_t *ppos) 6222 6224 { 6223 6225 int *valp = ctl->data; 6224 6226 int ret; ··· 6258 6262 } 6259 6263 6260 6264 static int addrconf_sysctl_addr_gen_mode(struct ctl_table *ctl, int write, 6261 - void __user *buffer, size_t *lenp, 6265 + void *buffer, size_t *lenp, 6262 6266 loff_t *ppos) 6263 6267 { 6264 6268 int ret = 0; ··· 6320 6324 } 6321 6325 6322 6326 static int addrconf_sysctl_stable_secret(struct ctl_table *ctl, int write, 6323 - void __user *buffer, size_t *lenp, 6327 + void *buffer, size_t *lenp, 6324 6328 loff_t *ppos) 6325 6329 { 6326 6330 int err; ··· 6387 6391 6388 6392 static 6389 6393 int addrconf_sysctl_ignore_routes_with_linkdown(struct ctl_table *ctl, 6390 - int write, 6391 - void __user *buffer, 6394 + int write, void *buffer, 6392 6395 size_t *lenp, 6393 6396 loff_t *ppos) 6394 6397 { ··· 6487 6492 return 0; 6488 6493 } 6489 6494 6490 - static 6491 - int addrconf_sysctl_disable_policy(struct ctl_table *ctl, int write, 6492 - void __user *buffer, size_t *lenp, 6493 - loff_t *ppos) 6495 + static int addrconf_sysctl_disable_policy(struct ctl_table *ctl, int write, 6496 + void *buffer, size_t *lenp, loff_t *ppos) 6494 6497 { 6495 6498 int *valp = ctl->data; 6496 6499 int val = *valp;
+2 -1
net/ipv6/ndisc.c
··· 1835 1835 } 1836 1836 } 1837 1837 1838 - int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void __user *buffer, size_t *lenp, loff_t *ppos) 1838 + int ndisc_ifinfo_sysctl_change(struct ctl_table *ctl, int write, void *buffer, 1839 + size_t *lenp, loff_t *ppos) 1839 1840 { 1840 1841 struct net_device *dev = ctl->extra1; 1841 1842 struct inet6_dev *idev;
+2 -3
net/ipv6/route.c
··· 6088 6088 6089 6089 #ifdef CONFIG_SYSCTL 6090 6090 6091 - static 6092 - int ipv6_sysctl_rtcache_flush(struct ctl_table *ctl, int write, 6093 - void __user *buffer, size_t *lenp, loff_t *ppos) 6091 + static int ipv6_sysctl_rtcache_flush(struct ctl_table *ctl, int write, 6092 + void *buffer, size_t *lenp, loff_t *ppos) 6094 6093 { 6095 6094 struct net *net; 6096 6095 int delay;
+1 -2
net/ipv6/sysctl_net_ipv6.c
··· 26 26 static int auto_flowlabels_max = IP6_AUTO_FLOW_LABEL_MAX; 27 27 28 28 static int proc_rt6_multipath_hash_policy(struct ctl_table *table, int write, 29 - void __user *buffer, size_t *lenp, 30 - loff_t *ppos) 29 + void *buffer, size_t *lenp, loff_t *ppos) 31 30 { 32 31 struct net *net; 33 32 int ret;
+2 -3
net/mpls/af_mpls.c
··· 1362 1362 (&((struct mpls_dev *)0)->field) 1363 1363 1364 1364 static int mpls_conf_proc(struct ctl_table *ctl, int write, 1365 - void __user *buffer, 1366 - size_t *lenp, loff_t *ppos) 1365 + void *buffer, size_t *lenp, loff_t *ppos) 1367 1366 { 1368 1367 int oval = *(int *)ctl->data; 1369 1368 int ret = proc_dointvec(ctl, write, buffer, lenp, ppos); ··· 2593 2594 } 2594 2595 2595 2596 static int mpls_platform_labels(struct ctl_table *table, int write, 2596 - void __user *buffer, size_t *lenp, loff_t *ppos) 2597 + void *buffer, size_t *lenp, loff_t *ppos) 2597 2598 { 2598 2599 struct net *net = table->data; 2599 2600 int platform_labels = net->mpls.platform_labels;
+3 -3
net/netfilter/ipvs/ip_vs_ctl.c
··· 1736 1736 1737 1737 static int 1738 1738 proc_do_defense_mode(struct ctl_table *table, int write, 1739 - void __user *buffer, size_t *lenp, loff_t *ppos) 1739 + void *buffer, size_t *lenp, loff_t *ppos) 1740 1740 { 1741 1741 struct netns_ipvs *ipvs = table->extra2; 1742 1742 int *valp = table->data; ··· 1763 1763 1764 1764 static int 1765 1765 proc_do_sync_threshold(struct ctl_table *table, int write, 1766 - void __user *buffer, size_t *lenp, loff_t *ppos) 1766 + void *buffer, size_t *lenp, loff_t *ppos) 1767 1767 { 1768 1768 int *valp = table->data; 1769 1769 int val[2]; ··· 1788 1788 1789 1789 static int 1790 1790 proc_do_sync_ports(struct ctl_table *table, int write, 1791 - void __user *buffer, size_t *lenp, loff_t *ppos) 1791 + void *buffer, size_t *lenp, loff_t *ppos) 1792 1792 { 1793 1793 int *valp = table->data; 1794 1794 int val = *valp;
+1 -1
net/netfilter/nf_conntrack_standalone.c
··· 517 517 518 518 static int 519 519 nf_conntrack_hash_sysctl(struct ctl_table *table, int write, 520 - void __user *buffer, size_t *lenp, loff_t *ppos) 520 + void *buffer, size_t *lenp, loff_t *ppos) 521 521 { 522 522 int ret; 523 523
+1 -1
net/netfilter/nf_log.c
··· 414 414 }; 415 415 416 416 static int nf_log_proc_dostring(struct ctl_table *table, int write, 417 - void __user *buffer, size_t *lenp, loff_t *ppos) 417 + void *buffer, size_t *lenp, loff_t *ppos) 418 418 { 419 419 const struct nf_logger *logger; 420 420 char buf[NFLOGGER_NAME_LEN];
+1 -2
net/phonet/sysctl.c
··· 49 49 } 50 50 51 51 static int proc_local_port_range(struct ctl_table *table, int write, 52 - void __user *buffer, 53 - size_t *lenp, loff_t *ppos) 52 + void *buffer, size_t *lenp, loff_t *ppos) 54 53 { 55 54 int ret; 56 55 int range[2] = {local_port_range[0], local_port_range[1]};
+2 -4
net/rds/tcp.c
··· 62 62 static struct kmem_cache *rds_tcp_conn_slab; 63 63 64 64 static int rds_tcp_skbuf_handler(struct ctl_table *ctl, int write, 65 - void __user *buffer, size_t *lenp, 66 - loff_t *fpos); 65 + void *buffer, size_t *lenp, loff_t *fpos); 67 66 68 67 static int rds_tcp_min_sndbuf = SOCK_MIN_SNDBUF; 69 68 static int rds_tcp_min_rcvbuf = SOCK_MIN_RCVBUF; ··· 675 676 } 676 677 677 678 static int rds_tcp_skbuf_handler(struct ctl_table *ctl, int write, 678 - void __user *buffer, size_t *lenp, 679 - loff_t *fpos) 679 + void *buffer, size_t *lenp, loff_t *fpos) 680 680 { 681 681 struct net *net = current->nsproxy->net_ns; 682 682 int err;
+11 -21
net/sctp/sysctl.c
··· 43 43 ? UINT_MAX : MAX_SCHEDULE_TIMEOUT / HZ; 44 44 45 45 static int proc_sctp_do_hmac_alg(struct ctl_table *ctl, int write, 46 - void __user *buffer, size_t *lenp, 47 - loff_t *ppos); 46 + void *buffer, size_t *lenp, loff_t *ppos); 48 47 static int proc_sctp_do_rto_min(struct ctl_table *ctl, int write, 49 - void __user *buffer, size_t *lenp, 50 - loff_t *ppos); 51 - static int proc_sctp_do_rto_max(struct ctl_table *ctl, int write, 52 - void __user *buffer, size_t *lenp, 53 - loff_t *ppos); 48 + void *buffer, size_t *lenp, loff_t *ppos); 49 + static int proc_sctp_do_rto_max(struct ctl_table *ctl, int write, void *buffer, 50 + size_t *lenp, loff_t *ppos); 54 51 static int proc_sctp_do_alpha_beta(struct ctl_table *ctl, int write, 55 - void __user *buffer, size_t *lenp, 56 - loff_t *ppos); 52 + void *buffer, size_t *lenp, loff_t *ppos); 57 53 static int proc_sctp_do_auth(struct ctl_table *ctl, int write, 58 - void __user *buffer, size_t *lenp, 59 - loff_t *ppos); 54 + void *buffer, size_t *lenp, loff_t *ppos); 60 55 61 56 static struct ctl_table sctp_table[] = { 62 57 { ··· 338 343 }; 339 344 340 345 static int proc_sctp_do_hmac_alg(struct ctl_table *ctl, int write, 341 - void __user *buffer, size_t *lenp, 342 - loff_t *ppos) 346 + void *buffer, size_t *lenp, loff_t *ppos) 343 347 { 344 348 struct net *net = current->nsproxy->net_ns; 345 349 struct ctl_table tbl; ··· 383 389 } 384 390 385 391 static int proc_sctp_do_rto_min(struct ctl_table *ctl, int write, 386 - void __user *buffer, size_t *lenp, 387 - loff_t *ppos) 392 + void *buffer, size_t *lenp, loff_t *ppos) 388 393 { 389 394 struct net *net = current->nsproxy->net_ns; 390 395 unsigned int min = *(unsigned int *) ctl->extra1; ··· 411 418 } 412 419 413 420 static int proc_sctp_do_rto_max(struct ctl_table *ctl, int write, 414 - void __user *buffer, size_t *lenp, 415 - loff_t *ppos) 421 + void *buffer, size_t *lenp, loff_t *ppos) 416 422 { 417 423 struct net *net = current->nsproxy->net_ns; 418 424 unsigned int min = *(unsigned int *) ctl->extra1; ··· 439 447 } 440 448 441 449 static int proc_sctp_do_alpha_beta(struct ctl_table *ctl, int write, 442 - void __user *buffer, size_t *lenp, 443 - loff_t *ppos) 450 + void *buffer, size_t *lenp, loff_t *ppos) 444 451 { 445 452 if (write) 446 453 pr_warn_once("Changing rto_alpha or rto_beta may lead to " ··· 449 458 } 450 459 451 460 static int proc_sctp_do_auth(struct ctl_table *ctl, int write, 452 - void __user *buffer, size_t *lenp, 453 - loff_t *ppos) 461 + void *buffer, size_t *lenp, loff_t *ppos) 454 462 { 455 463 struct net *net = current->nsproxy->net_ns; 456 464 struct ctl_table tbl;
+13 -16
net/sunrpc/sysctl.c
··· 60 60 } 61 61 62 62 static int proc_do_xprt(struct ctl_table *table, int write, 63 - void __user *buffer, size_t *lenp, loff_t *ppos) 63 + void *buffer, size_t *lenp, loff_t *ppos) 64 64 { 65 65 char tmpbuf[256]; 66 66 size_t len; ··· 70 70 return 0; 71 71 } 72 72 len = svc_print_xprts(tmpbuf, sizeof(tmpbuf)); 73 - return simple_read_from_buffer(buffer, *lenp, ppos, tmpbuf, len); 73 + return memory_read_from_buffer(buffer, *lenp, ppos, tmpbuf, len); 74 74 } 75 75 76 76 static int 77 - proc_dodebug(struct ctl_table *table, int write, 78 - void __user *buffer, size_t *lenp, loff_t *ppos) 77 + proc_dodebug(struct ctl_table *table, int write, void *buffer, size_t *lenp, 78 + loff_t *ppos) 79 79 { 80 - char tmpbuf[20], c, *s = NULL; 81 - char __user *p; 80 + char tmpbuf[20], *s = NULL; 81 + char *p; 82 82 unsigned int value; 83 83 size_t left, len; 84 84 ··· 90 90 left = *lenp; 91 91 92 92 if (write) { 93 - if (!access_ok(buffer, left)) 94 - return -EFAULT; 95 93 p = buffer; 96 - while (left && __get_user(c, p) >= 0 && isspace(c)) 97 - left--, p++; 94 + while (left && isspace(*p)) { 95 + left--; 96 + p++; 97 + } 98 98 if (!left) 99 99 goto done; 100 100 101 101 if (left > sizeof(tmpbuf) - 1) 102 102 return -EINVAL; 103 - if (copy_from_user(tmpbuf, p, left)) 104 - return -EFAULT; 103 + memcpy(tmpbuf, p, left); 105 104 tmpbuf[left] = '\0'; 106 105 107 106 value = simple_strtol(tmpbuf, &s, 0); ··· 120 121 len = sprintf(tmpbuf, "0x%04x", *(unsigned int *) table->data); 121 122 if (len > left) 122 123 len = left; 123 - if (copy_to_user(buffer, tmpbuf, len)) 124 - return -EFAULT; 124 + memcpy(buffer, tmpbuf, len); 125 125 if ((left -= len) > 0) { 126 - if (put_user('\n', (char __user *)buffer + len)) 127 - return -EFAULT; 126 + *((char *)buffer + len) = '\n'; 128 127 left--; 129 128 } 130 129 }
+3 -4
net/sunrpc/xprtrdma/svc_rdma.c
··· 80 80 * current value. 81 81 */ 82 82 static int read_reset_stat(struct ctl_table *table, int write, 83 - void __user *buffer, size_t *lenp, 84 - loff_t *ppos) 83 + void *buffer, size_t *lenp, loff_t *ppos) 85 84 { 86 85 atomic_t *stat = (atomic_t *)table->data; 87 86 ··· 102 103 len -= *ppos; 103 104 if (len > *lenp) 104 105 len = *lenp; 105 - if (len && copy_to_user(buffer, str_buf, len)) 106 - return -EFAULT; 106 + if (len) 107 + memcpy(buffer, str_buf, len); 107 108 *lenp = len; 108 109 *ppos += len; 109 110 }
+1 -1
security/apparmor/lsm.c
··· 1696 1696 1697 1697 #ifdef CONFIG_SYSCTL 1698 1698 static int apparmor_dointvec(struct ctl_table *table, int write, 1699 - void __user *buffer, size_t *lenp, loff_t *ppos) 1699 + void *buffer, size_t *lenp, loff_t *ppos) 1700 1700 { 1701 1701 if (!policy_admin_capable(NULL)) 1702 1702 return -EPERM;
+1 -1
security/min_addr.c
··· 30 30 * calls update_mmap_min_addr() so non MAP_FIXED hints get rounded properly 31 31 */ 32 32 int mmap_min_addr_handler(struct ctl_table *table, int write, 33 - void __user *buffer, size_t *lenp, loff_t *ppos) 33 + void *buffer, size_t *lenp, loff_t *ppos) 34 34 { 35 35 int ret; 36 36
+1 -1
security/yama/yama_lsm.c
··· 430 430 431 431 #ifdef CONFIG_SYSCTL 432 432 static int yama_dointvec_minmax(struct ctl_table *table, int write, 433 - void __user *buffer, size_t *lenp, loff_t *ppos) 433 + void *buffer, size_t *lenp, loff_t *ppos) 434 434 { 435 435 struct ctl_table table_copy; 436 436