Received: by 2002:ad5:474a:0:0:0:0:0 with SMTP id i10csp4026022imu; Mon, 10 Dec 2018 11:47:50 -0800 (PST) X-Google-Smtp-Source: AFSGD/UZa98VwyW7Btg2/jhj0VYwI8i74F5RyNdQ7p9XWHyDtxlmfLwVCEAMj1VJKzpZ9iC2Sf0+ X-Received: by 2002:a17:902:b40d:: with SMTP id x13mr13503539plr.237.1544471270122; Mon, 10 Dec 2018 11:47:50 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1544471270; cv=none; d=google.com; s=arc-20160816; b=T4ylfxhdLqb8lbgs+LyNKwwFsOI+A0WJD27/DclRnkAr/hBejll15mjtzRuUQiu6HS zFUANgN0GbEMGYn3MwnZnkc1Mpl65K3rDLmxBVysL75cUuhRkUNS4B06kgv8i2dGSWaT JZ8CMANMQAu6JI5YOmFJznFue/i93ireSAO5CtRzblqp/yLdZV3YRkHgIqCKKi1xxmu/ av+bCjj5VmRaADmgsY0SD7tYmHAvGD/DvUPt7RWIwOjmj/FpfZYXwpZwmi9GFUb0CNPP dAhygSfqNHqV4Mm5OB5Irf1a95abTpawcqyAw1aE5WvBOZzCvZzSSPqFg1GSAM5Ql0y0 5LNA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:dkim-signature; bh=Ujnwl3BsNFQa93BAt9nig1Xuv1MrvR6KHaZTtgjC6ng=; b=q/4M6imjn2xS8xsbStOEky+j5YQNjtrTGq4eyRD+F60gDd8eSDSvYUnepXxkwTGZUo njwnNPB8XzzD9tVZSVvKXP0wj9+GICT47doxn9XNwNrc6b9A0Dp7O+3RPjBw221o/AAs wRrfspLnHo/9hk7wlc+8uvM/sh+E55Ae37YsAepop9sONzo6zflq69j/DcxFm9hxZnTQ wwPQijlcQsT/0mNgH9xkLak6hv8jWNqetcVO3YUJOJFXjjLl/aeROiLGWkJNx5y8U7wm z4BCDT8USWtBfbfDxGPzetBFRy2EH36BVI6zbzeLwsNxEZ9sOjUSjJUm8sRn4ebWWMhB M8qw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=YRTMyeTs; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b12si10755739pls.32.2018.12.10.11.47.35; Mon, 10 Dec 2018 11:47:50 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@chromium.org header.s=google header.b=YRTMyeTs; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=chromium.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1728875AbeLJRvk (ORCPT + 99 others); Mon, 10 Dec 2018 12:51:40 -0500 Received: from mail-yb1-f195.google.com ([209.85.219.195]:36205 "EHLO mail-yb1-f195.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1727567AbeLJRvk (ORCPT ); Mon, 10 Dec 2018 12:51:40 -0500 Received: by mail-yb1-f195.google.com with SMTP id 64so2889569ybe.3 for ; Mon, 10 Dec 2018 09:51:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Ujnwl3BsNFQa93BAt9nig1Xuv1MrvR6KHaZTtgjC6ng=; b=YRTMyeTss6kEtS8Cn7N0HWSp33lfIVmAFUB+qqUGUjAwO8qtL1rRsIn+b7vL93fgOv CMcljSPnX8kTdmIWxCXje2D/yWcckRO5vDsitH28q+y3JIdpLuAlPN7zF/XeIVHWuOQN MJ650of5DObqR8TtAC2kJU9YOnolSWbKEdd68= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Ujnwl3BsNFQa93BAt9nig1Xuv1MrvR6KHaZTtgjC6ng=; b=FvvN06UuTzYGNBD5FQ12FN/JJBut8/SFMWlaoKXLDFp2bhdEBpJnmNs1zRkMolREfv zr2KzVk+4+/993RmLF8uiT1kegFmtiykeUmQE/eNfTSKOmYEl5nfla6U9GaGYXSRIL4c BDyDGevG4G/wBKjH0QSKU8dxVx+l/iJ/IS0NBe7jSUTZTjqmVqLjNbnEf2Eun5iFiElN Hbk6VO95/gQZ7lPBLqWECMznpTElZqtUc1nLNDZ6r2wnkuKj32KH6hI/f2F+WRB47/Xi JGaQLQeJMM2q3ZIDCLY8pVnZ5XL3Rdvz/7njHo4hwz0LUz8OlRmnvJn68gTRmSQ5gbVp dA2A== X-Gm-Message-State: AA+aEWbxDws7S+BT5SjeRNTxarS3x+89rfnounCCO8zAiDRCQ+oBOeB4 91rBJELDVxsEZ61cPaU5njjigYyGbxA= X-Received: by 2002:a25:d391:: with SMTP id e139mr7833192ybf.86.1544464298065; Mon, 10 Dec 2018 09:51:38 -0800 (PST) Received: from mail-yb1-f170.google.com (mail-yb1-f170.google.com. [209.85.219.170]) by smtp.gmail.com with ESMTPSA id h145sm3533470ywc.72.2018.12.10.09.51.34 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 10 Dec 2018 09:51:35 -0800 (PST) Received: by mail-yb1-f170.google.com with SMTP id f4so5008278ybq.4 for ; Mon, 10 Dec 2018 09:51:34 -0800 (PST) X-Received: by 2002:a25:1cc1:: with SMTP id c184-v6mr13103299ybc.421.1544464294266; Mon, 10 Dec 2018 09:51:34 -0800 (PST) MIME-Version: 1.0 References: <20181016223322.16844-1-christian@brauner.io> <20181029145818.4bqmy25itjnqhodg@brauner.io> In-Reply-To: From: Kees Cook Date: Mon, 10 Dec 2018 09:51:22 -0800 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: [PATCH v3 0/2] sysctl: handle overflow for file-max To: Andrew Morton Cc: Christian Brauner , Christian Brauner , LKML , "Eric W. Biederman" , "Luis R. Rodriguez" , Joe Lawrence , Waiman Long , Dominik Brodowski , Al Viro , Alexey Dobriyan , Linux API Content-Type: text/plain; charset="UTF-8" Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Hi Andrew, Can you take this patch for -mm? -Kees On Sun, Dec 9, 2018 at 8:41 AM Christian Brauner wrote: > > On Mon, Oct 29, 2018 at 10:44 PM Kees Cook wrote: > > > > On Mon, Oct 29, 2018 at 7:58 AM, Christian Brauner wrote: > > > On Wed, Oct 17, 2018 at 12:33:20AM +0200, Christian Brauner wrote: > > >> Hey, > > >> > > >> Here is v3 of this patchset. Changelogs are in the individual commits. > > >> > > >> Currently, when writing > > >> > > >> echo 18446744073709551616 > /proc/sys/fs/file-max > > >> > > >> /proc/sys/fs/file-max will overflow and be set to 0. That quickly > > >> crashes the system. > > >> > > >> The first version of this patch intended to detect the overflow and cap > > >> at ULONG_MAX. However, we should not do this and rather return EINVAL on > > >> overflow. The reasons are: > > >> - this aligns with other sysctl handlers that simply reject overflows > > >> (cf. [1], [2], and a bunch of others) > > >> - we already do a partial fail on overflow right now > > >> Namely, when the TMPBUFLEN is exceeded. So we already reject values > > >> such as 184467440737095516160 (21 chars) but accept values such as > > >> 18446744073709551616 (20 chars) but both are overflows. So we should > > >> just always reject 64bit overflows and not special-case this based on > > >> the number of chars. > > >> > > >> (This patchset is in reference to https://lkml.org/lkml/2018/10/11/585.) > > > > > > Just so that we don't forget, can we make sure that this gets picked > > > into linux-next? :) > > > > I was hoping akpm would take this? Andrew, does the v3 look okay to you? > > gentle ping again :) > > Christian -- Kees Cook