Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp45850imm;
        Tue, 16 Oct 2018 17:36:35 -0700 (PDT)
X-Google-Smtp-Source: ACcGV600JBkSzVu3clTapdy0ZpX7EmSemm4xFYhFd4Cfl3NTyazQVeWekPegeJtg/7DdHkfybypC
X-Received: by 2002:a63:f409:: with SMTP id g9-v6mr21053884pgi.369.1539736595900;
        Tue, 16 Oct 2018 17:36:35 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1539736595; cv=none;
        d=google.com; s=arc-20160816;
        b=kLnS6DST4p1XqPa9ra9UgMU6F5q5hO3TLTNMhshKy3tU7wkVHuUbBpcxZsXzGPeCiY
         hNnPYONug2QcRl9mEmUvcR4Upm0vy8KAHJ5TuSaY0rnrFMs9aJs7uhzUq8T6JAzb6Bw5
         0XsTkFuR0dXpHis4X/E77ravMs3zDxjkndjdLbjwqps/Zluu17G0n3AwJMbsbd1edwfu
         h4GKj0bmaVxs1mQM8vgTN+e+EtbJ5ZIEIdwUNBONWGKeJAQVvFxnwg+PrTSDWhdKGN9H
         0N9Y6wOKl7UujNZ/y3/OIGoabBSrrNksRCMn4q1wVUuyHth38480o1Bp2p3IeErRbIbb
         7KZw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:user-agent:in-reply-to
         :content-disposition:mime-version:references:message-id:subject:cc
         :to:from:date;
        bh=0T7aDcqaFdWmXYQ0wUHSMcenWcNlHa6Qy2cb3Pg2Or8=;
        b=JCSPAm1Nrq7kiWpzPQc4QIngPGYzdmpi2XAjppTDFP5jurq3NROUjx1G3IUki1cdc3
         IhvGcFmuBWVRmvnZjF+n2GMjFHGx5mPP7V8BWL7z7264NnC7XiF82Ngjf/kRDSTdfpzU
         ZaiQGzG6AErCc8Ci8aVC//UJPhq3rX0eAN2EcurXFmjRGHMCKMa2YiyNjZC8Tq8CTRtF
         t/mCeqsHcvsblFm/PjxKqsHUWxRaGSexBWQgSBYy+62qDNgWcEiaB7/ojWrSz6dgPzO5
         5951IkA8395F+cIfQGH2SFsEsdbsbzZO/1tCkJYscE98s+VQvpdPO8sSWJICgAJ5XXfh
         0NCg==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id f7-v6si15502600plr.213.2018.10.16.17.36.18;
        Tue, 16 Oct 2018 17:36:35 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727487AbeJQI2z (ORCPT <rfc822;schlichte.alexander@gmail.com>
        + 99 others); Wed, 17 Oct 2018 04:28:55 -0400
Received: from zeniv.linux.org.uk ([195.92.253.2]:49046 "EHLO
        ZenIV.linux.org.uk" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S1727214AbeJQI2z (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 17 Oct 2018 04:28:55 -0400
Received: from viro by ZenIV.linux.org.uk with local (Exim 4.90_1 #2 (Red Hat Linux))
        id 1gCZoS-0001Bz-W3; Wed, 17 Oct 2018 00:35:49 +0000
Date:   Wed, 17 Oct 2018 01:35:48 +0100
From:   Al Viro <viro@ZenIV.linux.org.uk>
To:     Christian Brauner <christian@brauner.io>
Cc:     keescook@chromium.org, linux-kernel@vger.kernel.org,
        ebiederm@xmission.com, mcgrof@kernel.org,
        akpm@linux-foundation.org, joe.lawrence@redhat.com,
        longman@redhat.com, linux@dominikbrodowski.net,
        adobriyan@gmail.com, linux-api@vger.kernel.org,
        Andrea Arcangeli <aarcange@redhat.com>,
        Miklos Szeredi <miklos@szeredi.hu>,
        Eric Dumazet <eric.dumazet@gmail.com>
Subject: Re: [PATCH v3 2/2] sysctl: handle overflow for file-max
Message-ID: <20181017003548.GA32577@ZenIV.linux.org.uk>
References: <20181016223322.16844-1-christian@brauner.io>
 <20181016223322.16844-3-christian@brauner.io>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20181016223322.16844-3-christian@brauner.io>
User-Agent: Mutt/1.9.1 (2017-09-22)
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

On Wed, Oct 17, 2018 at 12:33:22AM +0200, Christian Brauner wrote:
> Currently, when writing
> 
> echo 18446744073709551616 > /proc/sys/fs/file-max
> 
> /proc/sys/fs/file-max will overflow and be set to 0. That quickly
> crashes the system.
> This commit sets the max and min value for file-max and returns -EINVAL
> when a long int is exceeded. Any higher value cannot currently be used as
> the percpu counters are long ints and not unsigned integers. This behavior
> also aligns with other tuneables that return -EINVAL when their range is
> exceeded. See e.g. [1], [2] and others.

Mostly sane, but...  get_max_files() users are bloody odd.  The one in
file-max limit reporting looks like a half-arsed attempt in "[PATCH] fix
file counting".  The one in af_unix.c, though...  I don't remember how
that check had come to be - IIRC that was a strange fallout of a thread
with me, Andrea and ANK involved, circa 1999, but I don't remember details;
Andrea, any memories?  It might be worth reconsidering...  The change in
question is in 2.2.4pre6; what do we use unix_nr_socks for?  We try to
limit the number of PF_UNIX socks by 2 * max_files, but max_files can be
huge *and* non-constant (i.e. it can decrease).  What's more, unix_tot_inflight
is unsigned int and max_files might exceed 2^31 just fine since "fs: allow
for more than 2^31 files" back in 2010...  Something's fishy there...