Received: by 2002:ac0:bc90:0:0:0:0:0 with SMTP id a16csp5612556img;
        Wed, 27 Mar 2019 11:42:18 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzZUD977iDuPuxRTHo0+ynPITeqttLJW8AO8dzNxNMtKcs/fJVNBY2pdRtd058/k0b8LU0N
X-Received: by 2002:a63:5b24:: with SMTP id p36mr4072699pgb.84.1553712138836;
        Wed, 27 Mar 2019 11:42:18 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1553712138; cv=none;
        d=google.com; s=arc-20160816;
        b=xiUUqP1TBxwwj/x0+MMUUrBonL6aKDlYTGDJQRDNOTbDnGip6lBoRyuCbFfIBUDrv8
         MILddKgR/e5Q7qGe92aYjJSsWZ26iczbbvRJl7p9ekFpIx2BGPmDSQ0tBCvHa0Gt/x7N
         5TFcQdrCOimmzDotj6sQ6O6Gb887fbxUKCeqbVNaPDnFHCNBTrNJQs+4OtHz+hW++UjF
         ItF3rkdAzBwjD4yLm+SXeYsPXWzpKKzhOLyZdpXaN7QNQt/LV5CeMfOyjK/dtIGEA/m/
         1Ds1MDXRNCSz3LXXGX2rKvXx294Ud0mrMfnY96sL5oStqG8qk75K938Z0b6VVegSD+Si
         nPwA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :references:in-reply-to:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=eP4DkYEXCAFOIhXVs5lZC/72F1dk5aCX+Up7K2ZF6V0=;
        b=kiGFv3bpmZPth27ACq16aXL3EBhmc9tel9LGTeqZnWNACzH1uI+EPjBrsf2xNYH34q
         98jeaYgQo95z9VfULtPhD8m8aqGvfYO5emdoZknXmJVrex78Y5k7GQ9ys1p7GQ78sAf5
         AuL7Ykazs4+Mlv+ZxgYcrciJ2x467GTdQlrsJzqwZXKYzZO/6ld3PCPRgci1uSjtnCfD
         VvISeFSNCWx7Xw6ASxvyC998AHOmJjTqFp9VGhlgN+lAZSV+T/hpu4s+hZJB9DjrQ6c2
         1sADsMYjFx48EvgNiMj2gt0WuAZFE6rD6XBE1LCQ01G0X0p34W0QzDvJkzgpWhVrha6K
         HqQw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b="pZ/FM8vl";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id b9si18167595pfd.228.2019.03.27.11.42.03;
        Wed, 27 Mar 2019 11:42:18 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b="pZ/FM8vl";
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2391047AbfC0SW6 (ORCPT <rfc822;utfcpqpk@gmail.com> + 99 others);
        Wed, 27 Mar 2019 14:22:58 -0400
Received: from mail.kernel.org ([198.145.29.99]:38604 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S2390493AbfC0SUy (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 27 Mar 2019 14:20:54 -0400
Received: from sasha-vm.mshome.net (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35])
        (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 1C2352087C;
        Wed, 27 Mar 2019 18:20:52 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1553710853;
        bh=CwJP2eLuk+apzsegnVV348udYkGg6KG2Q4tYijPHw6o=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=pZ/FM8vluJYNK4fKFTSHaruJolgi/R4fXkNPsmsI9CqQAeW4jjsVu/z6H6VblIvG4
         5i7XB3AMYNqsty1qKVXiebUUdLgiVY9W89BnZtLpUx1lepWh1W4CSUndEGepqlB7tP
         XDv6g3dfL+/a1jB4gPlCuXQFlqWhdlb1MpQwPjjo=
From:   Sasha Levin <sashal@kernel.org>
To:     linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc:     Christian Brauner <christian@brauner.io>,
        Alexey Dobriyan <adobriyan@gmail.com>,
        Al Viro <viro@zeniv.linux.org.uk>,
        Dominik Brodowski <linux@dominikbrodowski.net>,
        "Eric W. Biederman" <ebiederm@xmission.com>,
        Joe Lawrence <joe.lawrence@redhat.com>,
        Luis Chamberlain <mcgrof@kernel.org>,
        Waiman Long <longman@redhat.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Sasha Levin <sashal@kernel.org>, linux-fsdevel@vger.kernel.org
Subject: [PATCH AUTOSEL 4.9 07/87] sysctl: handle overflow for file-max
Date:   Wed, 27 Mar 2019 14:19:20 -0400
Message-Id: <20190327182040.17444-7-sashal@kernel.org>
X-Mailer: git-send-email 2.19.1
In-Reply-To: <20190327182040.17444-1-sashal@kernel.org>
References: <20190327182040.17444-1-sashal@kernel.org>
MIME-Version: 1.0
X-Patchwork-Hint: Ignore
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Christian Brauner <christian@brauner.io>

[ Upstream commit 32a5ad9c22852e6bd9e74bdec5934ef9d1480bc5 ]

Currently, when writing

  echo 18446744073709551616 > /proc/sys/fs/file-max

/proc/sys/fs/file-max will overflow and be set to 0.  That quickly
crashes the system.

This commit sets the max and min value for file-max.  The max value is
set to long int.  Any higher value cannot currently be used as the
percpu counters are long ints and not unsigned integers.

Note that the file-max value is ultimately parsed via
__do_proc_doulongvec_minmax().  This function does not report error when
min or max are exceeded.  Which means if a value largen that long int is
written userspace will not receive an error instead the old value will be
kept.  There is an argument to be made that this should be changed and
__do_proc_doulongvec_minmax() should return an error when a dedicated min
or max value are exceeded.  However this has the potential to break
userspace so let's defer this to an RFC patch.

Link: http://lkml.kernel.org/r/20190107222700.15954-3-christian@brauner.io
Signed-off-by: Christian Brauner <christian@brauner.io>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Dominik Brodowski <linux@dominikbrodowski.net>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Joe Lawrence <joe.lawrence@redhat.com>
Cc: Luis Chamberlain <mcgrof@kernel.org>
Cc: Waiman Long <longman@redhat.com>
[christian@brauner.io: v4]
  Link: http://lkml.kernel.org/r/20190210203943.8227-3-christian@brauner.io
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 kernel/sysctl.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index efd340a510a9..5515d578095b 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -125,6 +125,7 @@ static int __maybe_unused one = 1;
 static int __maybe_unused two = 2;
 static int __maybe_unused four = 4;
 static unsigned long one_ul = 1;
+static unsigned long long_max = LONG_MAX;
 static int one_hundred = 100;
 static int one_thousand = 1000;
 #ifdef CONFIG_PRINTK
@@ -1682,6 +1683,8 @@ static struct ctl_table fs_table[] = {
 		.maxlen		= sizeof(files_stat.max_files),
 		.mode		= 0644,
 		.proc_handler	= proc_doulongvec_minmax,
+		.extra1		= &zero,
+		.extra2		= &long_max,
 	},
 	{
 		.procname	= "nr_open",
-- 
2.19.1