[thirdparty/kernel/stable-queue.git] / releases / 4.14.111 / sysctl-handle-overflow-for-file-max.patch

From 0f1f3ec94e89af33a12c9b0728a6d1fca34129b4 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian@brauner.io>
Date: Thu, 7 Mar 2019 16:29:43 -0800
Subject: sysctl: handle overflow for file-max

[ Upstream commit 32a5ad9c22852e6bd9e74bdec5934ef9d1480bc5 ]

Currently, when writing

  echo 18446744073709551616 > /proc/sys/fs/file-max

/proc/sys/fs/file-max will overflow and be set to 0.  That quickly
crashes the system.

This commit sets the max and min value for file-max.  The max value is
set to long int.  Any higher value cannot currently be used as the
percpu counters are long ints and not unsigned integers.

Note that the file-max value is ultimately parsed via
__do_proc_doulongvec_minmax().  This function does not report error when
min or max are exceeded.  Which means if a value largen that long int is
written userspace will not receive an error instead the old value will be
kept.  There is an argument to be made that this should be changed and
__do_proc_doulongvec_minmax() should return an error when a dedicated min
or max value are exceeded.  However this has the potential to break
userspace so let's defer this to an RFC patch.

Link: http://lkml.kernel.org/r/20190107222700.15954-3-christian@brauner.io
Signed-off-by: Christian Brauner <christian@brauner.io>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Dominik Brodowski <linux@dominikbrodowski.net>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Joe Lawrence <joe.lawrence@redhat.com>
Cc: Luis Chamberlain <mcgrof@kernel.org>
Cc: Waiman Long <longman@redhat.com>
[christian@brauner.io: v4]
  Link: http://lkml.kernel.org/r/20190210203943.8227-3-christian@brauner.io
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 kernel/sysctl.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index a7acb058b776..34a3b8a262a9 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -125,6 +125,7 @@ static int __maybe_unused one = 1;
 static int __maybe_unused two = 2;
 static int __maybe_unused four = 4;
 static unsigned long one_ul = 1;
+static unsigned long long_max = LONG_MAX;
 static int one_hundred = 100;
 static int one_thousand = 1000;
 #ifdef CONFIG_PRINTK
@@ -1681,6 +1682,8 @@ static struct ctl_table fs_table[] = {
 		.maxlen		= sizeof(files_stat.max_files),
 		.mode		= 0644,
 		.proc_handler	= proc_doulongvec_minmax,
+		.extra1		= &zero,
+		.extra2		= &long_max,
 	},
 	{
 		.procname	= "nr_open",
-- 
2.19.1
Commit	Line	Data
04fd09d4 SL	1	From 0f1f3ec94e89af33a12c9b0728a6d1fca34129b4 Mon Sep 17 00:00:00 2001
	2	From: Christian Brauner <christian@brauner.io>
	3	Date: Thu, 7 Mar 2019 16:29:43 -0800
	4	Subject: sysctl: handle overflow for file-max
	5
	6	[ Upstream commit 32a5ad9c22852e6bd9e74bdec5934ef9d1480bc5 ]
	7
	8	Currently, when writing
	9
	10	echo 18446744073709551616 > /proc/sys/fs/file-max
	11
	12	/proc/sys/fs/file-max will overflow and be set to 0. That quickly
	13	crashes the system.
	14
	15	This commit sets the max and min value for file-max. The max value is
	16	set to long int. Any higher value cannot currently be used as the
	17	percpu counters are long ints and not unsigned integers.
	18
	19	Note that the file-max value is ultimately parsed via
	20	__do_proc_doulongvec_minmax(). This function does not report error when
	21	min or max are exceeded. Which means if a value largen that long int is
	22	written userspace will not receive an error instead the old value will be
	23	kept. There is an argument to be made that this should be changed and
	24	__do_proc_doulongvec_minmax() should return an error when a dedicated min
	25	or max value are exceeded. However this has the potential to break
	26	userspace so let's defer this to an RFC patch.
	27
	28	Link: http://lkml.kernel.org/r/20190107222700.15954-3-christian@brauner.io
	29	Signed-off-by: Christian Brauner <christian@brauner.io>
	30	Acked-by: Kees Cook <keescook@chromium.org>
	31	Cc: Alexey Dobriyan <adobriyan@gmail.com>
	32	Cc: Al Viro <viro@zeniv.linux.org.uk>
	33	Cc: Dominik Brodowski <linux@dominikbrodowski.net>
	34	Cc: "Eric W. Biederman" <ebiederm@xmission.com>
	35	Cc: Joe Lawrence <joe.lawrence@redhat.com>
	36	Cc: Luis Chamberlain <mcgrof@kernel.org>
	37	Cc: Waiman Long <longman@redhat.com>
	38	[christian@brauner.io: v4]
	39	Link: http://lkml.kernel.org/r/20190210203943.8227-3-christian@brauner.io
	40	Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
	41	Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
	42	Signed-off-by: Sasha Levin <sashal@kernel.org>
	43	---
	44	kernel/sysctl.c \| 3 +++
	45	1 file changed, 3 insertions(+)
	46
	47	diff --git a/kernel/sysctl.c b/kernel/sysctl.c
	48	index a7acb058b776..34a3b8a262a9 100644
	49	--- a/kernel/sysctl.c
	50	+++ b/kernel/sysctl.c
	51	@@ -125,6 +125,7 @@ static int __maybe_unused one = 1;
	52	static int __maybe_unused two = 2;
	53	static int __maybe_unused four = 4;
	54	static unsigned long one_ul = 1;
	55	+static unsigned long long_max = LONG_MAX;
	56	static int one_hundred = 100;
	57	static int one_thousand = 1000;
	58	#ifdef CONFIG_PRINTK
	59	@@ -1681,6 +1682,8 @@ static struct ctl_table fs_table[] = {
	60	.maxlen = sizeof(files_stat.max_files),
	61	.mode = 0644,
	62	.proc_handler = proc_doulongvec_minmax,
	63	+ .extra1 = &zero,
	64	+ .extra2 = &long_max,
65	},
66	{
67	.procname = "nr_open",
68	--
69	2.19.1
70