Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp1035451yba;
        Thu, 4 Apr 2019 02:57:51 -0700 (PDT)
X-Google-Smtp-Source: APXvYqwYwBAVam4mwzzhFFIpXvPBD0jBuEOVMap3rmPuEoCIh2KaytyGf4nm/KKfxi5sDGdiSM9Z
X-Received: by 2002:a63:e445:: with SMTP id i5mr4852603pgk.383.1554371871199;
        Thu, 04 Apr 2019 02:57:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1554371871; cv=none;
        d=google.com; s=arc-20160816;
        b=H3LwFY01SxU1Zv2wBIAZe51MuIpB5DPFu3UIL50pW54hzxnLVCBQtEzxYI1NgURDcp
         88QBNiRgnTM1ico/W2JZIzkA1BJxPgS7Z+2tuWMHAjsUzpASO83WttwHUzCTEbDjh9EQ
         VMlN0plCXBLs3bpPN2SuFaB7ug/ljf+N0V9k5+bPRCT80ikkye4LnrKFaTvrAFy+Njkj
         i9BLdBHRQzUct0zIVgmRCS3phKO+2Z4JZfrMu/W/KsmNFDuPSNIk5xXZPn3n7FDtRw61
         cBkJIDT+YFJbKPxjnK4PwQmvsvTmhs80/elneP8ugGybBkwcDDJf/RBe/yngE0mXe9r1
         R/Ug==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=NdHQ+9wSz22JzgIP2kdpY3UDWixn5eGqBlAfieGv7O8=;
        b=B/nhLw5zbkJyqDrSxjS4Dg+eTDTD3Yl8pxIf7MiSmCT8KtZwaqWYaalWEo5AmGq3cy
         zG4yOOGJAUv3k2dMaFJGnnHw5txvNvy6iitzULplgKoQ+J7GOIP7DtUHZVzNk0/naTTc
         Wj46iSmWbMecDsedWLTAgQTcsATqO+Ll8o0vORJlw8tgFwX5bowjjWp6FtAn3SAaBD0d
         eTbYDsfFZOuk4TpH/44KZ1n4cNK3OMSxVoN1DmUxqvjfpnimssLR5mOLCxQAzk5JTRCC
         DR9ZV5Qq8B/RykdCcvrP2n5VPgpu6JaPzAjo4EnUJv4QJ3MSy7x7lpX5UDmhpYwVxM3I
         XIFQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=vALAcgqt;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id q7si15996198pls.259.2019.04.04.02.57.36;
        Thu, 04 Apr 2019 02:57:51 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=vALAcgqt;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729051AbfDDIuS (ORCPT <rfc822;xqjcool@gmail.com> + 99 others);
        Thu, 4 Apr 2019 04:50:18 -0400
Received: from mail.kernel.org ([198.145.29.99]:51222 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1728859AbfDDIuN (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 4 Apr 2019 04:50:13 -0400
Received: from localhost (83-86-89-107.cable.dynamic.v4.ziggo.nl [83.86.89.107])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 976AA2171F;
        Thu,  4 Apr 2019 08:50:12 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1554367813;
        bh=iswsrojnOcNhLIdxobN8b08cWXANVh76ujW+A65EaLI=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=vALAcgqtbCNDPKMrCQqP3Ij4Xq6BJdAa31afCe6sEXs/2sRCIClxuumPF2Tp0znBK
         1QMqFVpSszENRTJJ5GYRFw+eKVvU3Pf6DgYkvEG0kn8oNNzU6xIWNdf5ZW+57X3BSg
         qQnFtjPq7jCCu3CNEd6Js4lKFjys34fctm3p3WRc=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Christian Brauner <christian@brauner.io>,
        Kees Cook <keescook@chromium.org>,
        Alexey Dobriyan <adobriyan@gmail.com>,
        Al Viro <viro@zeniv.linux.org.uk>,
        Dominik Brodowski <linux@dominikbrodowski.net>,
        "Eric W. Biederman" <ebiederm@xmission.com>,
        Joe Lawrence <joe.lawrence@redhat.com>,
        Luis Chamberlain <mcgrof@kernel.org>,
        Waiman Long <longman@redhat.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.9 14/91] sysctl: handle overflow for file-max
Date:   Thu,  4 Apr 2019 10:46:58 +0200
Message-Id: <20190404084536.250150012@linuxfoundation.org>
X-Mailer: git-send-email 2.21.0
In-Reply-To: <20190404084535.450029272@linuxfoundation.org>
References: <20190404084535.450029272@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
X-Patchwork-Hint: ignore
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.9-stable review patch.  If anyone has any objections, please let me know.

------------------

[ Upstream commit 32a5ad9c22852e6bd9e74bdec5934ef9d1480bc5 ]

Currently, when writing

  echo 18446744073709551616 > /proc/sys/fs/file-max

/proc/sys/fs/file-max will overflow and be set to 0.  That quickly
crashes the system.

This commit sets the max and min value for file-max.  The max value is
set to long int.  Any higher value cannot currently be used as the
percpu counters are long ints and not unsigned integers.

Note that the file-max value is ultimately parsed via
__do_proc_doulongvec_minmax().  This function does not report error when
min or max are exceeded.  Which means if a value largen that long int is
written userspace will not receive an error instead the old value will be
kept.  There is an argument to be made that this should be changed and
__do_proc_doulongvec_minmax() should return an error when a dedicated min
or max value are exceeded.  However this has the potential to break
userspace so let's defer this to an RFC patch.

Link: http://lkml.kernel.org/r/20190107222700.15954-3-christian@brauner.io
Signed-off-by: Christian Brauner <christian@brauner.io>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Dominik Brodowski <linux@dominikbrodowski.net>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Joe Lawrence <joe.lawrence@redhat.com>
Cc: Luis Chamberlain <mcgrof@kernel.org>
Cc: Waiman Long <longman@redhat.com>
[christian@brauner.io: v4]
  Link: http://lkml.kernel.org/r/20190210203943.8227-3-christian@brauner.io
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 kernel/sysctl.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index efd340a510a9..5515d578095b 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -125,6 +125,7 @@ static int __maybe_unused one = 1;
 static int __maybe_unused two = 2;
 static int __maybe_unused four = 4;
 static unsigned long one_ul = 1;
+static unsigned long long_max = LONG_MAX;
 static int one_hundred = 100;
 static int one_thousand = 1000;
 #ifdef CONFIG_PRINTK
@@ -1682,6 +1683,8 @@ static struct ctl_table fs_table[] = {
 		.maxlen		= sizeof(files_stat.max_files),
 		.mode		= 0644,
 		.proc_handler	= proc_doulongvec_minmax,
+		.extra1		= &zero,
+		.extra2		= &long_max,
 	},
 	{
 		.procname	= "nr_open",
-- 
2.19.1