linux-kernel.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
From: Christian Brauner <christian@brauner.io>
To: keescook@chromium.org, linux-kernel@vger.kernel.org
Cc: ebiederm@xmission.com, mcgrof@kernel.org,
	akpm@linux-foundation.org, joe.lawrence@redhat.com,
	longman@redhat.com, Christian Brauner <christian@brauner.io>
Subject: [PATCH 2/2] sysctl: handle overflow for file-max
Date: Sun, 14 Oct 2018 15:25:10 +0200	[thread overview]
Message-ID: <20181014132510.25943-3-christian@brauner.io> (raw)
In-Reply-To: <20181014132510.25943-1-christian@brauner.io>

Currently, when writing

echo 18446744073709551616 > /proc/sys/fs/file-max

/proc/sys/fs/file-max will overflow and be set to 0. That quickly
crashes the system. Let's detect the overflow and set to ULONG_MAX in
this case effectively capping the value.

Cc: Kees Cook <keescook@chromium.org>
Signed-off-by: Christian Brauner <christian@brauner.io>
---
 kernel/sysctl.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index a9409375380c..a3e4321b8ffa 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -127,6 +127,7 @@ static int __maybe_unused one = 1;
 static int __maybe_unused two = 2;
 static int __maybe_unused four = 4;
 static unsigned long one_ul = 1;
+static unsigned long ulong_max = ULONG_MAX;
 static int one_hundred = 100;
 static int one_thousand = 1000;
 #ifdef CONFIG_PRINTK
@@ -1696,6 +1697,7 @@ static struct ctl_table fs_table[] = {
 		.maxlen		= sizeof(files_stat.max_files),
 		.mode		= 0644,
 		.proc_handler	= proc_doulongvec_minmax,
+		.extra2		= &ulong_max,
 	},
 	{
 		.procname	= "nr_open",
@@ -2789,17 +2791,20 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int
 		unsigned long val;
 
 		if (write) {
-			bool neg;
+			bool neg, overflow;
 
 			left -= proc_skip_spaces(&p);
 
 			err = proc_get_long(&p, &left, &val, &neg,
 					     proc_wspace_sep,
-					     sizeof(proc_wspace_sep), NULL);
+					     sizeof(proc_wspace_sep), NULL,
+					     &overflow);
 			if (err)
 				break;
 			if (neg)
 				continue;
+			if (overflow && max)
+				val = *max;
 			val = convmul * val / convdiv;
 			if ((min && val < *min) || (max && val > *max))
 				continue;
-- 
2.17.1


      parent reply	other threads:[~2018-10-14 13:25 UTC|newest]

Thread overview: 7+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-10-14 13:25 [PATCH 0/2] sysctl: cap file-max value at ULONG_MAX Christian Brauner
2018-10-14 13:25 ` [PATCH 1/2] sysctl: add overflow detection to proc_get_long() Christian Brauner
2018-10-14 17:18   ` Al Viro
2018-10-14 18:53     ` Christian Brauner
2018-10-15  0:03       ` Al Viro
2018-10-15  4:47         ` Christian Brauner
2018-10-14 13:25 ` Christian Brauner [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20181014132510.25943-3-christian@brauner.io \
    --to=christian@brauner.io \
    --cc=akpm@linux-foundation.org \
    --cc=ebiederm@xmission.com \
    --cc=joe.lawrence@redhat.com \
    --cc=keescook@chromium.org \
    --cc=linux-kernel@vger.kernel.org \
    --cc=longman@redhat.com \
    --cc=mcgrof@kernel.org \
    --subject='Re: [PATCH 2/2] sysctl: handle overflow for file-max' \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).