Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp2764101imu; Sun, 9 Dec 2018 08:47:45 -0800 (PST) X-Google-Smtp-Source: AFSGD/V1BmYjPx39hOpCwH1i4Bd4P8UouZnD/XhNmnMXDr0bajPc5rpDSwKxmccMWS5TM8wP8ruF X-Received: by 2002:a63:4665:: with SMTP id v37mr8302456pgk.425.1544374065046; Sun, 09 Dec 2018 08:47:45 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1544374065; cv=none; d=google.com; s=arc-20160816; b=k6plizC33PTIXx8qwyivlwNhDx3nbiUW6DjaIq9WS9n8uee9k5Qv+14H2GNVwp7stD h1as6GIowQcq0eb8OmcDV9NrjUTqFOIymPAVw5cV2Wr/ZoWArmL6UTYLftki7sgHpWn/ A91uG/myUvY3CGQUYExsbvzQ1d3BX54CX2r+HWjYhj+2EWYth0wjmmX6Pnu+kF4GloIH RdrHU6m4nvvg0CP1OaeHItBogZscZnQvxkbdV7fQJV95eJnPDw/5ev1GsF33buPad5Bo ej1IMQ8d3eSPb5DqXDXYuPUrkcFxzOXzu3qY36qK464pDMsT8iCDs17z15nu1UbV3h9y NQmw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version; bh=XKMerKFE87zC5G0vfp3TossQpuuQ25Gn/kQdJFCIzJg=; b=WUoI/YRtFQDifhKcIIWeNEXChuf4u8EG94hAe+kOSW1Ub8ufNc8bbFQ8YJKbHUVvAk VKOhFJnAlIlFHShN+g2GvU/KnAN6k8FbnXz/iJNxioxivmqtDGJRgRxxvf43XriKU/YM eXmE25f7XKhxokUHkt7WDWKakqA72iRhlu0q45NhgwSmnKTyehj5Y2q/OL78p0qq2yCK 4So9ccYuRE/+peJzOOClNaHKyPYjDvuRx/AFPIbNzLufzcHLEup9gXZ7S/mP6tNOeXxq C4qBG934rUjLXZHYodhIyR4bk2ClN10O7D91q3j3dpHnU5RIP0gNI2TpPTFf1ZWTiAbt 23iA== ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id u28si7657470pgn.436.2018.12.09.08.47.29; Sun, 09 Dec 2018 08:47:45 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=canonical.com Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726128AbeLIQlM (ORCPT + 99 others); Sun, 9 Dec 2018 11:41:12 -0500 Received: from youngberry.canonical.com ([91.189.89.112]:47560 "EHLO youngberry.canonical.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726088AbeLIQlM (ORCPT ); Sun, 9 Dec 2018 11:41:12 -0500 Received: from mail-vs1-f72.google.com ([209.85.217.72]) by youngberry.canonical.com with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.76) (envelope-from ) id 1gW27x-0006sw-Au for linux-kernel@vger.kernel.org; Sun, 09 Dec 2018 16:40:21 +0000 Received: by mail-vs1-f72.google.com with SMTP id f203so4999017vsd.17 for ; Sun, 09 Dec 2018 08:40:21 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=XKMerKFE87zC5G0vfp3TossQpuuQ25Gn/kQdJFCIzJg=; b=Su1Mcc5JHOnSBAK1Em0DjSSysin5ux0r6NJAyotL1H/Ei1vO2NHFQhp9Z9uRuyczWo V+lUJDjmL8OTM7R3N5yU4E8R1QYk2UTygYTxbVty9qMNWOAWkY0zNyhc3Vk7fZRx3c7m xqa21fcwetUzY7TcztRO/U4bH8lGlU2Pn/XevuA+laZOw4JmPUF5hCS86s4r7FASn6iT Cq+aST5TBJg0pX867Vx2WqjKp6QY5BeiN2fR7tb/ISa64luWvscdvqOZjk209U7J+tNg NJrd4yOSKgMVK3YSl3UXUtxFyuToAhwJ2hmOLc/DXMiwgfEQUYmEae/zEW6q5l3TDnuc HNMw== X-Gm-Message-State: AA+aEWY32eURyyJB5aHP/WuGQOiBcTVqZaHzNypdJz3rr1SFHzHk0mtT UxhVKCzqnyAUJTQ4+jiDT/6CovaB+lw4nlOvIMgIIfo+AE1NpRtzBBWJYqIGJtgA5Cd+GuSBblv aDJQBw8Pjb9qTa22SZa///qqrwb9dFaXQ4PF3PW/z19NwuueDqtkUxJnAHA== X-Received: by 2002:a67:2388:: with SMTP id j8mr4117932vsj.126.1544373620293; Sun, 09 Dec 2018 08:40:20 -0800 (PST) X-Received: by 2002:a67:2388:: with SMTP id j8mr4117912vsj.126.1544373619965; Sun, 09 Dec 2018 08:40:19 -0800 (PST) MIME-Version: 1.0 References: <20181016223322.16844-1-christian@brauner.io> <20181029145818.4bqmy25itjnqhodg@brauner.io> In-Reply-To: From: Christian Brauner Date: Sun, 9 Dec 2018 17:40:09 +0100 Message-ID: Subject: Re: [PATCH v3 0/2] sysctl: handle overflow for file-max To: Kees Cook Cc: Christian Brauner , Andrew Morton , Linux Kernel Mailing List , "Eric W. Biederman" , mcgrof@kernel.org, joe.lawrence@redhat.com, Waiman Long , Dominik Brodowski , Al Viro , Alexey Dobriyan , Linux API Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org On Mon, Oct 29, 2018 at 10:44 PM Kees Cook wrote: > > On Mon, Oct 29, 2018 at 7:58 AM, Christian Brauner wrote: > > On Wed, Oct 17, 2018 at 12:33:20AM +0200, Christian Brauner wrote: > >> Hey, > >> > >> Here is v3 of this patchset. Changelogs are in the individual commits. > >> > >> Currently, when writing > >> > >> echo 18446744073709551616 > /proc/sys/fs/file-max > >> > >> /proc/sys/fs/file-max will overflow and be set to 0. That quickly > >> crashes the system. > >> > >> The first version of this patch intended to detect the overflow and cap > >> at ULONG_MAX. However, we should not do this and rather return EINVAL on > >> overflow. The reasons are: > >> - this aligns with other sysctl handlers that simply reject overflows > >> (cf. [1], [2], and a bunch of others) > >> - we already do a partial fail on overflow right now > >> Namely, when the TMPBUFLEN is exceeded. So we already reject values > >> such as 184467440737095516160 (21 chars) but accept values such as > >> 18446744073709551616 (20 chars) but both are overflows. So we should > >> just always reject 64bit overflows and not special-case this based on > >> the number of chars. > >> > >> (This patchset is in reference to https://lkml.org/lkml/2018/10/11/585.) > > > > Just so that we don't forget, can we make sure that this gets picked > > into linux-next? :) > > I was hoping akpm would take this? Andrew, does the v3 look okay to you? gentle ping again :) Christian