Received: by 10.213.65.68 with SMTP id h4csp271737imn; Mon, 12 Mar 2018 13:19:27 -0700 (PDT) X-Google-Smtp-Source: AG47ELsWUhnnqo1qCxHSV8Qql56KpxpRCJ1+Fj8JkPW225u0ALV/W+5ZRq+Mb9h537bCbrhYen14 X-Received: by 2002:a17:902:47aa:: with SMTP id r39-v6mr9411401pld.72.1520885967564; Mon, 12 Mar 2018 13:19:27 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1520885967; cv=none; d=google.com; s=arc-20160816; b=juZENKqFyAmdd7Uw+Eiwz9/dgaSqMdCkddycb9v+tBmwZI1i+Lli6I5C5Wf0CVV0Ml zfNHi5yBSZ4unn2lnYO50mFapyUllu6mZeW/zendR/unZWBxTa7m+4HaHpc7DXI6Z+cp 9JwJcw0McG+JCcIPj431kZ4egGgwDWejrV0m5XBCKb1gdxurr7ct7X/swaSezENhnyuC QkAsLFUhARCSLlivaCHI+BZGxmpuB6/9g4Qd+7n1lB4PPl1xwkh2O75KqgDpaTKQqrDW XisNJIkHfGSrSphbXOA7dLoBS1oWgoAxdUhdmH7+DEIXCKTHgJ1wBZ4E4ErUp0I9FE2O +37A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:arc-authentication-results; bh=INfz6jpvrNSI7mZA2fXSbjvuGzeLvis5qdiyNYj8jn0=; b=Cib5vlX3aOoUIXrHNay4ckJ1wmTWWogR73ELbOABeP9kTW34CvAf3FroQa9RYVK4ky tMJZ/L1jHt6OT3eS9bF0sIYimfzsAPOeEMHuZu+JiehbS6EC2o60MXwX9jiHW7oVAJUp SshnBnmxsfP3DW50SkR8/IGYjHzB3MeCqrqLn5+o7GDvtF1jYc5Y5iaN2ZP3Ac3gfTPF LFm68JvXsoHvQ/RogdC0o4kFJlomrJHQBYb+Y08wdajTVfrrQYegnSRxAaNxHFZGbMLy RttmwmiidLeII30ytjd0KhSo+nzRtr7nppnCVVBJVXgWsLNeRFqRA2LBUyZ/yVJpUrP+ Jmxw== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id e93-v6si6469647plk.159.2018.03.12.13.19.12; Mon, 12 Mar 2018 13:19:27 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=redhat.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932484AbeCLUQM (ORCPT + 99 others); Mon, 12 Mar 2018 16:16:12 -0400 Received: from mx3-rdu2.redhat.com ([66.187.233.73]:55340 "EHLO mx1.redhat.com" rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP id S932439AbeCLUQK (ORCPT ); Mon, 12 Mar 2018 16:16:10 -0400 Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id AE6B7401DE93; Mon, 12 Mar 2018 20:16:09 +0000 (UTC) Received: from llong.com (dhcp-17-75.bos.redhat.com [10.18.17.75]) by smtp.corp.redhat.com (Postfix) with ESMTP id 73E551102E23; Mon, 12 Mar 2018 20:16:09 +0000 (UTC) From: Waiman Long To: "Luis R. Rodriguez" , Kees Cook Cc: linux-kernel@vger.kernel.org, linux-fsdevel@vger.kernel.org, Andrew Morton , Al Viro , Matthew Wilcox , Waiman Long Subject: [PATCH v4 4/6] ipc: Clamp msgmni and shmmni to the real IPCMNI limit Date: Mon, 12 Mar 2018 16:15:42 -0400 Message-Id: <1520885744-1546-5-git-send-email-longman@redhat.com> In-Reply-To: <1520885744-1546-1-git-send-email-longman@redhat.com> References: <1520885744-1546-1-git-send-email-longman@redhat.com> X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.6]); Mon, 12 Mar 2018 20:16:09 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.11.55.6]); Mon, 12 Mar 2018 20:16:09 +0000 (UTC) for IP:'10.11.54.3' DOMAIN:'int-mx03.intmail.prod.int.rdu2.redhat.com' HELO:'smtp.corp.redhat.com' FROM:'longman@redhat.com' RCPT:'' Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org A user can write arbitrary integer values to msgmni and shmmni sysctl parameters without getting error, but the actual limit is really IPCMNI (32k). This can mislead users as they think they can get a value that is not real. Enforcing the limit by failing the sysctl parameter write, however, can break existing user applications. Instead, the range clamping flag is set to enforce the limit without failing existing user code. Users can easily figure out if the sysctl parameter value is out of range by either reading back the parameter value or checking the kernel ring buffer for warning. Signed-off-by: Waiman Long --- ipc/ipc_sysctl.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/ipc/ipc_sysctl.c b/ipc/ipc_sysctl.c index 8ad93c2..1955dd4 100644 --- a/ipc/ipc_sysctl.c +++ b/ipc/ipc_sysctl.c @@ -99,6 +99,7 @@ static int proc_ipc_auto_msgmni(struct ctl_table *table, int write, static int zero; static int one = 1; static int int_max = INT_MAX; +static int ipc_mni = IPCMNI; static struct ctl_table ipc_kern_table[] = { { @@ -120,7 +121,10 @@ static int proc_ipc_auto_msgmni(struct ctl_table *table, int write, .data = &init_ipc_ns.shm_ctlmni, .maxlen = sizeof(init_ipc_ns.shm_ctlmni), .mode = 0644, - .proc_handler = proc_ipc_dointvec, + .proc_handler = proc_ipc_dointvec_minmax, + .extra1 = &zero, + .extra2 = &ipc_mni, + .flags = CTL_FLAGS_CLAMP_RANGE, }, { .procname = "shm_rmid_forced", @@ -147,7 +151,8 @@ static int proc_ipc_auto_msgmni(struct ctl_table *table, int write, .mode = 0644, .proc_handler = proc_ipc_dointvec_minmax, .extra1 = &zero, - .extra2 = &int_max, + .extra2 = &ipc_mni, + .flags = CTL_FLAGS_CLAMP_RANGE, }, { .procname = "auto_msgmni", -- 1.8.3.1