]>
Commit | Line | Data |
---|---|---|
04fd09d4 SL |
1 | From 0f1f3ec94e89af33a12c9b0728a6d1fca34129b4 Mon Sep 17 00:00:00 2001 |
2 | From: Christian Brauner <christian@brauner.io> | |
3 | Date: Thu, 7 Mar 2019 16:29:43 -0800 | |
4 | Subject: sysctl: handle overflow for file-max | |
5 | ||
6 | [ Upstream commit 32a5ad9c22852e6bd9e74bdec5934ef9d1480bc5 ] | |
7 | ||
8 | Currently, when writing | |
9 | ||
10 | echo 18446744073709551616 > /proc/sys/fs/file-max | |
11 | ||
12 | /proc/sys/fs/file-max will overflow and be set to 0. That quickly | |
13 | crashes the system. | |
14 | ||
15 | This commit sets the max and min value for file-max. The max value is | |
16 | set to long int. Any higher value cannot currently be used as the | |
17 | percpu counters are long ints and not unsigned integers. | |
18 | ||
19 | Note that the file-max value is ultimately parsed via | |
20 | __do_proc_doulongvec_minmax(). This function does not report error when | |
21 | min or max are exceeded. Which means if a value largen that long int is | |
22 | written userspace will not receive an error instead the old value will be | |
23 | kept. There is an argument to be made that this should be changed and | |
24 | __do_proc_doulongvec_minmax() should return an error when a dedicated min | |
25 | or max value are exceeded. However this has the potential to break | |
26 | userspace so let's defer this to an RFC patch. | |
27 | ||
28 | Link: http://lkml.kernel.org/r/20190107222700.15954-3-christian@brauner.io | |
29 | Signed-off-by: Christian Brauner <christian@brauner.io> | |
30 | Acked-by: Kees Cook <keescook@chromium.org> | |
31 | Cc: Alexey Dobriyan <adobriyan@gmail.com> | |
32 | Cc: Al Viro <viro@zeniv.linux.org.uk> | |
33 | Cc: Dominik Brodowski <linux@dominikbrodowski.net> | |
34 | Cc: "Eric W. Biederman" <ebiederm@xmission.com> | |
35 | Cc: Joe Lawrence <joe.lawrence@redhat.com> | |
36 | Cc: Luis Chamberlain <mcgrof@kernel.org> | |
37 | Cc: Waiman Long <longman@redhat.com> | |
38 | [christian@brauner.io: v4] | |
39 | Link: http://lkml.kernel.org/r/20190210203943.8227-3-christian@brauner.io | |
40 | Signed-off-by: Andrew Morton <akpm@linux-foundation.org> | |
41 | Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org> | |
42 | Signed-off-by: Sasha Levin <sashal@kernel.org> | |
43 | --- | |
44 | kernel/sysctl.c | 3 +++ | |
45 | 1 file changed, 3 insertions(+) | |
46 | ||
47 | diff --git a/kernel/sysctl.c b/kernel/sysctl.c | |
48 | index a7acb058b776..34a3b8a262a9 100644 | |
49 | --- a/kernel/sysctl.c | |
50 | +++ b/kernel/sysctl.c | |
51 | @@ -125,6 +125,7 @@ static int __maybe_unused one = 1; | |
52 | static int __maybe_unused two = 2; | |
53 | static int __maybe_unused four = 4; | |
54 | static unsigned long one_ul = 1; | |
55 | +static unsigned long long_max = LONG_MAX; | |
56 | static int one_hundred = 100; | |
57 | static int one_thousand = 1000; | |
58 | #ifdef CONFIG_PRINTK | |
59 | @@ -1681,6 +1682,8 @@ static struct ctl_table fs_table[] = { | |
60 | .maxlen = sizeof(files_stat.max_files), | |
61 | .mode = 0644, | |
62 | .proc_handler = proc_doulongvec_minmax, | |
63 | + .extra1 = &zero, | |
64 | + .extra2 = &long_max, | |
65 | }, | |
66 | { | |
67 | .procname = "nr_open", | |
68 | -- | |
69 | 2.19.1 | |
70 |