I'm scraping the bottom of the barrel with these, so dumped them all
together for ease of review. Will submit piecemeal as reviews happen.
All verified manually with sysctl -w. Even bothered to find an i386
machine with watchdog and build a WITNESS kernel to run all code paths.
OKs?
Subject: [PATCH 01/10] Use sysctl_int_bounded in sysctl_hwsmt
Prefer error reporting is to silent clipping.
---
sys/kern/kern_sched.c | 6 +-----
1 file changed, 1 insertion(+), 5 deletions(-)
diff --git sys/kern/kern_sched.c sys/kern/kern_sched.c
index eab78f74c60..7a27c2b65e8 100644
--- sys/kern/kern_sched.c
+++ sys/kern/kern_sched.c
@@ -861,13 +861,9 @@ sysctl_hwsmt(void *oldp, size_t *oldlenp, void *newp,
size_t newlen)
int err, newsmt;
newsmt = sched_smt;
- err = sysctl_int(oldp, oldlenp, newp, newlen, &newsmt);
+ err = sysctl_int_bounded(oldp, oldlenp, newp, newlen, &newsmt, 0, 1);
if (err)
return err;
- if (newsmt > 1)
- newsmt = 1;
- if (newsmt < 0)
- newsmt = 0;
if (newsmt == sched_smt)
return 0;
--
2.29.2
Subject: [PATCH 02/10] Finish converting ddb_sysctl to sysctl_int_bounded
I missed the verbose pattern that it used for error checking the first
time around.
---
sys/ddb/db_usrreq.c | 32 ++++++--------------------------
1 file changed, 6 insertions(+), 26 deletions(-)
diff --git sys/ddb/db_usrreq.c sys/ddb/db_usrreq.c
index 4b77e63b540..820f9eeb246 100644
--- sys/ddb/db_usrreq.c
+++ sys/ddb/db_usrreq.c
@@ -48,8 +48,6 @@ int
ddb_sysctl(int *name, u_int namelen, void *oldp, size_t *oldlenp, void *newp,
size_t newlen, struct proc *p)
{
- int error, ctlval;
-
/* All sysctl names at this level are terminal. */
if (namelen != 1)
return (ENOTDIR);
@@ -60,14 +58,8 @@ ddb_sysctl(int *name, u_int namelen, void *oldp, size_t
*oldlenp, void *newp,
return (sysctl_int_lower(oldp, oldlenp, newp, newlen,
&db_panic));
else {
- ctlval = db_panic;
- if ((error = sysctl_int(oldp, oldlenp, newp, newlen,
- &ctlval)) || newp == NULL)
- return (error);
- if (ctlval != 1 && ctlval != 0)
- return (EINVAL);
- db_panic = ctlval;
- return (0);
+ return (sysctl_int_bounded(oldp, oldlenp, newp, newlen,
+ &db_panic, 0, 1));
}
break;
case DBCTL_CONSOLE:
@@ -75,14 +67,8 @@ ddb_sysctl(int *name, u_int namelen, void *oldp, size_t
*oldlenp, void *newp,
return (sysctl_int_lower(oldp, oldlenp, newp, newlen,
&db_console));
else {
- ctlval = db_console;
- if ((error = sysctl_int(oldp, oldlenp, newp, newlen,
- &ctlval)) || newp == NULL)
- return (error);
- if (ctlval != 1 && ctlval != 0)
- return (EINVAL);
- db_console = ctlval;
- return (0);
+ return (sysctl_int_bounded(oldp, oldlenp, newp, newlen,
+ &db_console, 0, 1));
}
break;
case DBCTL_TRIGGER:
@@ -104,14 +90,8 @@ ddb_sysctl(int *name, u_int namelen, void *oldp, size_t
*oldlenp, void *newp,
return (sysctl_int_lower(oldp, oldlenp, newp, newlen,
&db_profile));
else {
- ctlval = db_profile;
- if ((error = sysctl_int(oldp, oldlenp, newp, newlen,
- &ctlval)) || newp == NULL)
- return (error);
- if (ctlval != 1 && ctlval != 0)
- return (EINVAL);
- db_profile = ctlval;
- return (0);
+ return (sysctl_int_bounded(oldp, oldlenp, newp, newlen,
+ &db_profile, 0, 1));
}
break;
#endif /* DDBPROF */
--
2.29.2
Subject: [PATCH 03/10] Enforce range with sysctl_int_bounded in tcp_sysctl
One case uses the explicit range from the code and the other was
inferred from reading the usage.
---
sys/netinet/tcp_usrreq.c | 31 ++++++++++++++-----------------
1 file changed, 14 insertions(+), 17 deletions(-)
diff --git sys/netinet/tcp_usrreq.c sys/netinet/tcp_usrreq.c
index 64327536ee5..8da961830bf 100644
--- sys/netinet/tcp_usrreq.c
+++ sys/netinet/tcp_usrreq.c
@@ -1056,8 +1056,8 @@ tcp_sysctl(int *name, u_int namelen, void *oldp, size_t
*oldlenp, void *newp,
case TCPCTL_SYN_USE_LIMIT:
NET_LOCK();
- error = sysctl_int(oldp, oldlenp, newp, newlen,
- &tcp_syn_use_limit);
+ error = sysctl_int_bounded(oldp, oldlenp, newp, newlen,
+ &tcp_syn_use_limit, 0, INT_MAX);
if (!error && newp != NULL) {
/*
* Global tcp_syn_use_limit is used when reseeding a
@@ -1074,22 +1074,19 @@ tcp_sysctl(int *name, u_int namelen, void *oldp, size_t
*oldlenp, void *newp,
case TCPCTL_SYN_HASH_SIZE:
NET_LOCK();
nval = tcp_syn_hash_size;
- error = sysctl_int(oldp, oldlenp, newp, newlen, &nval);
+ error = sysctl_int_bounded(oldp, oldlenp, newp, newlen,
+ &nval, 1, 100000);
if (!error && nval != tcp_syn_hash_size) {
- if (nval < 1 || nval > 100000) {
- error = EINVAL;
- } else {
- /*
- * If global hash size has been changed,
- * switch sets as soon as possible. Then
- * the actual hash array will be reallocated.
- */
- if (tcp_syn_cache[0].scs_size != nval)
- tcp_syn_cache[0].scs_use = 0;
- if (tcp_syn_cache[1].scs_size != nval)
- tcp_syn_cache[1].scs_use = 0;
- tcp_syn_hash_size = nval;
- }
+ /*
+ * If global hash size has been changed,
+ * switch sets as soon as possible. Then
+ * the actual hash array will be reallocated.
+ */
+ if (tcp_syn_cache[0].scs_size != nval)
+ tcp_syn_cache[0].scs_use = 0;
+ if (tcp_syn_cache[1].scs_size != nval)
+ tcp_syn_cache[1].scs_use = 0;
+ tcp_syn_hash_size = nval;
}
NET_UNLOCK();
return (error);
--
2.29.2
Subject: [PATCH 04/10] Enforce range with sysctl_int_bounded in
witness_sysctl_watch
Makes previously explicit checking less verbose.
---
sys/kern/subr_witness.c | 16 +++++++---------
1 file changed, 7 insertions(+), 9 deletions(-)
diff --git sys/kern/subr_witness.c sys/kern/subr_witness.c
index 04ac1e4929e..44dba0d70db 100644
--- sys/kern/subr_witness.c
+++ sys/kern/subr_witness.c
@@ -2584,17 +2584,15 @@ witness_sysctl_watch(void *oldp, size_t *oldlenp, void
*newp, size_t newlen)
int value;
value = witness_watch;
- error = sysctl_int(oldp, oldlenp, newp, newlen, &value);
+ error = sysctl_int_bounded(oldp, oldlenp, newp, newlen,
+ &value, -1, 3);
if (error == 0 && newp != NULL) {
- if (value >= -1 && value <= 3) {
- mtx_enter(&w_mtx);
- if (value < 0 || witness_watch >= 0)
- witness_watch = value;
- else
- error = EINVAL;
- mtx_leave(&w_mtx);
- } else
+ mtx_enter(&w_mtx);
+ if (value < 0 || witness_watch >= 0)
+ witness_watch = value;
+ else
error = EINVAL;
+ mtx_leave(&w_mtx);
}
return (error);
}
--
2.29.2
Subject: [PATCH 05/10] Enforce range with sysctl_int_bounded in sysctl_wdog
---
sys/kern/kern_watchdog.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git sys/kern/kern_watchdog.c sys/kern/kern_watchdog.c
index b4961e45b49..be7c6747a4c 100644
--- sys/kern/kern_watchdog.c
+++ sys/kern/kern_watchdog.c
@@ -81,7 +81,8 @@ sysctl_wdog(int *name, u_int namelen, void *oldp, size_t
*oldlenp, void *newp,
switch (name[0]) {
case KERN_WATCHDOG_PERIOD:
period = wdog_period;
- error = sysctl_int(oldp, oldlenp, newp, newlen, &period);
+ error = sysctl_int_bounded(oldp, oldlenp, newp, newlen,
+ &period, 0, INT_MAX);
if (error)
return (error);
if (newp) {
@@ -90,7 +91,8 @@ sysctl_wdog(int *name, u_int namelen, void *oldp, size_t
*oldlenp, void *newp,
}
break;
case KERN_WATCHDOG_AUTO:
- error = sysctl_int(oldp, oldlenp, newp, newlen, &wdog_auto);
+ error = sysctl_int_bounded(oldp, oldlenp, newp, newlen,
+ &wdog_auto, 0, 1);
if (error)
return (error);
break;
--
2.29.2
Subject: [PATCH 06/10] Enforce range with sysctl_int_bounded in ipip_sysctl
---
sys/netinet/ip_ipip.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git sys/netinet/ip_ipip.c sys/netinet/ip_ipip.c
index b8c90fd702e..2405264ac43 100644
--- sys/netinet/ip_ipip.c
+++ sys/netinet/ip_ipip.c
@@ -596,7 +596,8 @@ ipip_sysctl(int *name, u_int namelen, void *oldp, size_t
*oldlenp, void *newp,
switch (name[0]) {
case IPIPCTL_ALLOW:
NET_LOCK();
- error = sysctl_int(oldp, oldlenp, newp, newlen, &ipip_allow);
+ error = sysctl_int_bounded(oldp, oldlenp, newp, newlen,
+ &ipip_allow, 0, 2);
NET_UNLOCK();
return (error);
case IPIPCTL_STATS:
--
2.29.2
Subject: [PATCH 07/10] Enforce range with sysctl_int_bounded in pipex_sysctl
---
sys/net/pipex.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git sys/net/pipex.c sys/net/pipex.c
index 797f2ee939d..fea712aca44 100644
--- sys/net/pipex.c
+++ sys/net/pipex.c
@@ -2778,8 +2778,8 @@ pipex_sysctl(int *name, u_int namelen, void *oldp, size_t
*oldlenp, void *newp,
case PIPEXCTL_ENABLE:
if (namelen != 1)
return (ENOTDIR);
- return (sysctl_int(oldp, oldlenp, newp, newlen,
- &pipex_enable));
+ return (sysctl_int_bounded(oldp, oldlenp, newp, newlen,
+ &pipex_enable, 0, 1));
default:
return (ENOPROTOOPT);
}
--
2.29.2
Subject: [PATCH 08/10] Enforce range with sysctl_int_bounded in
swap_encrypt_ctl
---
sys/uvm/uvm_swap_encrypt.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git sys/uvm/uvm_swap_encrypt.c sys/uvm/uvm_swap_encrypt.c
index 71406f13ee3..d015c157b66 100644
--- sys/uvm/uvm_swap_encrypt.c
+++ sys/uvm/uvm_swap_encrypt.c
@@ -63,7 +63,8 @@ swap_encrypt_ctl(int *name, u_int namelen, void *oldp, size_t
*oldlenp,
int doencrypt = uvm_doswapencrypt;
int result;
- result = sysctl_int(oldp, oldlenp, newp, newlen, &doencrypt);
+ result = sysctl_int_bounded(oldp, oldlenp, newp, newlen,
+ &doencrypt, 0, 1);
if (result)
return result;
--
2.29.2
Subject: [PATCH 09/10] Enforce range with sysctl_int_bounded in etherip_sysctl
---
sys/net/if_etherip.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git sys/net/if_etherip.c sys/net/if_etherip.c
index 15c26b63509..4460d2614b6 100644
--- sys/net/if_etherip.c
+++ sys/net/if_etherip.c
@@ -767,7 +767,8 @@ etherip_sysctl(int *name, u_int namelen, void *oldp, size_t
*oldlenp,
switch (name[0]) {
case ETHERIPCTL_ALLOW:
NET_LOCK();
- error = sysctl_int(oldp, oldlenp, newp, newlen, ðerip_allow);
+ error = sysctl_int_bounded(oldp, oldlenp, newp, newlen,
+ ðerip_allow, 0, 1);
NET_UNLOCK();
return (error);
case ETHERIPCTL_STATS:
--
2.29.2
Subject: [PATCH 10/10] Fold fitting sysctl_rdint into sysctl_bounded_arr in
i386 cpu_sysctl
---
sys/arch/i386/i386/machdep.c | 15 +++++----------
1 file changed, 5 insertions(+), 10 deletions(-)
diff --git sys/arch/i386/i386/machdep.c sys/arch/i386/i386/machdep.c
index 90f71921020..0da20341a5f 100644
--- sys/arch/i386/i386/machdep.c
+++ sys/arch/i386/i386/machdep.c
@@ -3560,6 +3560,11 @@ idt_vec_free(int vec)
const struct sysctl_bounded_args cpuctl_vars[] = {
{ CPU_LIDACTION, &lid_action, 0, 2 },
+ { CPU_CPUID, &cpu_id, 1, 0 },
+ { CPU_OSFXSR, &i386_use_fxsave, 1, 0 },
+ { CPU_SSE, &i386_has_sse, 1, 0 },
+ { CPU_SSE2, &i386_has_sse2, 1, 0 },
+ { CPU_XCRYPT, &i386_has_xcrypt, 1, 0 },
};
/*
@@ -3609,8 +3614,6 @@ cpu_sysctl(int *name, u_int namelen, void *oldp, size_t
*oldlenp, void *newp,
#endif
case CPU_CPUVENDOR:
return (sysctl_rdstring(oldp, oldlenp, newp, cpu_vendor));
- case CPU_CPUID:
- return (sysctl_rdint(oldp, oldlenp, newp, cpu_id));
case CPU_CPUFEATURE:
return (sysctl_rdint(oldp, oldlenp, newp,
curcpu()->ci_feature_flags));
case CPU_KBDRESET:
@@ -3620,14 +3623,6 @@ cpu_sysctl(int *name, u_int namelen, void *oldp, size_t
*oldlenp, void *newp,
else
return (sysctl_int(oldp, oldlenp, newp, newlen,
&kbd_reset));
- case CPU_OSFXSR:
- return (sysctl_rdint(oldp, oldlenp, newp, i386_use_fxsave));
- case CPU_SSE:
- return (sysctl_rdint(oldp, oldlenp, newp, i386_has_sse));
- case CPU_SSE2:
- return (sysctl_rdint(oldp, oldlenp, newp, i386_has_sse2));
- case CPU_XCRYPT:
- return (sysctl_rdint(oldp, oldlenp, newp, i386_has_xcrypt));
#if NPCKBC > 0 && NUKBD > 0
case CPU_FORCEUKBD:
{
--
2.29.2
