On Wed, Apr 09, 2025 at 10:26:56AM -0700, Kees Cook wrote:
On Fri, Mar 21, 2025 at 01:47:24PM +0100, Joel Granados wrote:
If the test added in commit b5ffbd139688 ("sysctl: move the extra1/2 boundary check of u8 to sysctl_check_table_array") is run as a module, a lingering reference to the module is left behind, and a 'sysctl -a' leads to a panic.
To reproduce CONFIG_KUNIT=y CONFIG_SYSCTL_KUNIT_TEST=m
Then run these commands: modprobe sysctl-test rmmod sysctl-test sysctl -a
The panic varies but generally looks something like this:
BUG: unable to handle page fault for address: ffffa4571c0c7db4 #PF: supervisor read access in kernel mode #PF: error_code(0x0000) - not-present page PGD 100000067 P4D 100000067 PUD 100351067 PMD 114f5e067 PTE 0 Oops: Oops: 0000 [#1] SMP NOPTI ... ... ... RIP: 0010:proc_sys_readdir+0x166/0x2c0 ... ... ... Call Trace: <TASK> iterate_dir+0x6e/0x140 __se_sys_getdents+0x6e/0x100 do_syscall_64+0x70/0x150 entry_SYSCALL_64_after_hwframe+0x76/0x7eMove the test to lib/test_sysctl.c where the registration reference is handled on module exit
'Fixes: b5ffbd139688 ("sysctl: move the extra1/2 boundary check of u8 to
Typoe: drop leading '
sysctl_check_table_array")'
And avoid wrapping this line for the field.
Signed-off-by: Joel Granados joel.granados@kernel.org
Otherwise looks good to me.
Thx for the feedback; Changed this and took in your trailers, but wont resend.
Best