diff options
| author | Joel Granados <joel.granados@kernel.org> | 2025-05-05 21:20:07 +0200 |
|---|---|---|
| committer | Joel Granados <joel.granados@kernel.org> | 2025-07-23 11:52:48 +0200 |
| commit | 942b296a6c35da6593eeeb126dce71d4e506f314 (patch) | |
| tree | aa6e2424696f7c848ecd50ab205a50399eae0dea /kernel/panic.c | |
| parent | 79ac8df97408b97175c01b6bff5ce0a97f35b439 (diff) | |
sysctl: Move tainted ctl_table into kernel/panic.c
Move the ctl_table with the "tainted" proc_name into kernel/panic.c.
With it moves the proc_tainted helper function.
This is part of a greater effort to move ctl tables into their
respective subsystems which will reduce the merge conflicts in
kernel/sysctl.c.
Reviewed-by: Luis Chamberlain <mcgrof@kernel.org>
Reviewed-by: Kees Cook <kees@kernel.org>
Signed-off-by: Joel Granados <joel.granados@kernel.org>
Diffstat (limited to 'kernel/panic.c')
| -rw-r--r-- | kernel/panic.c | 50 |
1 files changed, 50 insertions, 0 deletions
diff --git a/kernel/panic.c b/kernel/panic.c index b0b9a8bf4560..39e5b1ddf1a8 100644 --- a/kernel/panic.c +++ b/kernel/panic.c @@ -84,6 +84,50 @@ ATOMIC_NOTIFIER_HEAD(panic_notifier_list); EXPORT_SYMBOL(panic_notifier_list); #ifdef CONFIG_SYSCTL + +/* + * Taint values can only be increased + * This means we can safely use a temporary. + */ +static int proc_taint(const struct ctl_table *table, int write, + void *buffer, size_t *lenp, loff_t *ppos) +{ + struct ctl_table t; + unsigned long tmptaint = get_taint(); + int err; + + if (write && !capable(CAP_SYS_ADMIN)) + return -EPERM; + + t = *table; + t.data = &tmptaint; + err = proc_doulongvec_minmax(&t, write, buffer, lenp, ppos); + if (err < 0) + return err; + + if (write) { + int i; + + /* + * If we are relying on panic_on_taint not producing + * false positives due to userspace input, bail out + * before setting the requested taint flags. + */ + if (panic_on_taint_nousertaint && (tmptaint & panic_on_taint)) + return -EINVAL; + + /* + * Poor man's atomic or. Not worth adding a primitive + * to everyone's atomic.h for this + */ + for (i = 0; i < TAINT_FLAGS_COUNT; i++) + if ((1UL << i) & tmptaint) + add_taint(i, LOCKDEP_STILL_OK); + } + + return err; +} + static const struct ctl_table kern_panic_table[] = { #ifdef CONFIG_SMP { @@ -97,6 +141,12 @@ static const struct ctl_table kern_panic_table[] = { }, #endif { + .procname = "tainted", + .maxlen = sizeof(long), + .mode = 0644, + .proc_handler = proc_taint, + }, + { .procname = "panic", .data = &panic_timeout, .maxlen = sizeof(int), |