1 From 8b021e8b8ebd7221766f63f6aa532699eb6bfe5a Mon Sep 17 00:00:00 2001
2 From: Christian Brauner <christian@brauner.io>
3 Date: Tue, 14 May 2019 15:44:55 -0700
4 Subject: sysctl: return -EINVAL if val violates minmax
6 [ Upstream commit e260ad01f0aa9e96b5386d5cd7184afd949dc457 ]
8 Currently when userspace gives us a values that overflow e.g. file-max
9 and other callers of __do_proc_doulongvec_minmax() we simply ignore the
10 new value and leave the current value untouched.
12 This can be problematic as it gives the illusion that the limit has
13 indeed be bumped when in fact it failed. This commit makes sure to
14 return EINVAL when an overflow is detected. Please note that this is a
15 userspace facing change.
17 Link: http://lkml.kernel.org/r/20190210203943.8227-4-christian@brauner.io
18 Signed-off-by: Christian Brauner <christian@brauner.io>
19 Acked-by: Luis Chamberlain <mcgrof@kernel.org>
20 Cc: Kees Cook <keescook@chromium.org>
21 Cc: Alexey Dobriyan <adobriyan@gmail.com>
22 Cc: Al Viro <viro@zeniv.linux.org.uk>
23 Cc: Dominik Brodowski <linux@dominikbrodowski.net>
24 Cc: "Eric W. Biederman" <ebiederm@xmission.com>
25 Cc: Joe Lawrence <joe.lawrence@redhat.com>
26 Cc: Waiman Long <longman@redhat.com>
27 Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
28 Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
29 Signed-off-by: Sasha Levin <sashal@kernel.org>
31 kernel/sysctl.c | 6 ++++--
32 1 file changed, 4 insertions(+), 2 deletions(-)
34 diff --git a/kernel/sysctl.c b/kernel/sysctl.c
35 index cf0aeaae567e..6af1ac551ea3 100644
38 @@ -2527,8 +2527,10 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int
41 val = convmul * val / convdiv;
42 - if ((min && val < *min) || (max && val > *max))
44 + if ((min && val < *min) || (max && val > *max)) {
50 val = convdiv * (*i) / convmul;
projects / thirdparty / kernel / stable-queue.git / blob