Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp831733yba;
        Wed, 24 Apr 2019 10:18:04 -0700 (PDT)
X-Google-Smtp-Source: APXvYqzMLtU5GfLrwH724QDAVYmpGH4GTCSCoYuD/+7O+cZDihTwGAPLzgf32zrqaTQ+iVaY8ZY4
X-Received: by 2002:a63:700f:: with SMTP id l15mr32507800pgc.3.1556126284406;
        Wed, 24 Apr 2019 10:18:04 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1556126284; cv=none;
        d=google.com; s=arc-20160816;
        b=I/C4hM+G15Vyb8csETXRdrY9yGAB9Uz8NxHWG2hnyjt2kTah4UP1qsqcgi67GfjYWE
         0BQeU4aEGJPqORoukiYIRe8vssx6cNUogivmtGphAlY9DR3ZkYl7U/ESV7AFiNw9IS77
         EVg2cX73mKQaPlCoTWWabSem7p328Kk3brAX+d6O/7Y9Lt4E4G952GadbIms6s22GYYM
         Vsd5ZTdDNvXKUk9gjm5fZobEFF81ABbbWxeNqNGJ5RUaxnoMVkmqN2Pnmon8pIHe99gx
         fAVV+1YnYom8cBkTHaO3WcuiWMHInphV1J0GqacWjReZaZwR5YjtLj84Uiwp3M8f04v5
         0gVw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=o4gbnYJWAx/0GAF9V1UtZx0ZKQ9lmH1Fdnzwd0Ixyus=;
        b=PYXp9oy4cyzHTFgxRuVUdogRE0npHaW5nEwXAcyVQ9ha0HUPupPmk3MS070o88Q+WK
         Y3J770moxx/Nhbf+69bJSCdkg7+vHz4FzPUDQW0P8eHW2NQ2v+3zkKEEuE9skBj9+CI9
         EFsymtGmzTYwDTqUEhk3+8AGbuRH0kra03KX+e3Tmp4e9XHkb/Zi4FCRar2M8Nh3Uqxy
         0yxgySBjX18TETfi9Q2UJL1C7Ppr8MBj3+T+gH9rC75qbhA19Cwe/EmscFl1E2UXOlXH
         kSMmPnh5VUWXPdIvt4EtpHlFhr2oekRmw9ZZ/NfhD+EM0/FibJ4p9NySqXTBBCxhz/bl
         sjxQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=AhfJB04Z;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id k12si17959856pgi.107.2019.04.24.10.17.48;
        Wed, 24 Apr 2019 10:18:04 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=AhfJB04Z;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S2388373AbfDXRQK (ORCPT <rfc822;luigi.mantellini.ml@gmail.com>
        + 99 others); Wed, 24 Apr 2019 13:16:10 -0400
Received: from mail.kernel.org ([198.145.29.99]:40578 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S2388293AbfDXRQH (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Wed, 24 Apr 2019 13:16:07 -0400
Received: from localhost (62-193-50-229.as16211.net [62.193.50.229])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id 2807B21903;
        Wed, 24 Apr 2019 17:16:05 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1556126165;
        bh=i0lU2Bc0l7jcOrHAieyZqLEbCF5ZTXlZyj+HDgdyJu0=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=AhfJB04ZpnmOJ0rFzNzM6FFnJIdK9uAr3uZn+ApstLXqd2LSkfLP53tsI6cPyMGGT
         dyocGpHIPOiHiI06u/OiwLx76FHOGY/0hJ4ht0ZMs5rD5GVz3YeN0gOJoqAJXmt+g2
         jsoLrUKJkGo523CL+hdAhYJn0hDLJf+Cnj+mdg+Y=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Christian Brauner <christian@brauner.io>,
        Kees Cook <keescook@chromium.org>,
        Alexey Dobriyan <adobriyan@gmail.com>,
        Al Viro <viro@zeniv.linux.org.uk>,
        Dominik Brodowski <linux@dominikbrodowski.net>,
        "Eric W. Biederman" <ebiederm@xmission.com>,
        Joe Lawrence <joe.lawrence@redhat.com>,
        Luis Chamberlain <mcgrof@kernel.org>,
        Waiman Long <longman@redhat.com>,
        Andrew Morton <akpm@linux-foundation.org>,
        Linus Torvalds <torvalds@linux-foundation.org>,
        Sasha Levin <sashal@kernel.org>
Subject: [PATCH 4.4 014/168] sysctl: handle overflow for file-max
Date:   Wed, 24 Apr 2019 19:07:38 +0200
Message-Id: <20190424170924.385228692@linuxfoundation.org>
X-Mailer: git-send-email 2.21.0
In-Reply-To: <20190424170923.452349382@linuxfoundation.org>
References: <20190424170923.452349382@linuxfoundation.org>
User-Agent: quilt/0.66
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

[ Upstream commit 32a5ad9c22852e6bd9e74bdec5934ef9d1480bc5 ]

Currently, when writing

  echo 18446744073709551616 > /proc/sys/fs/file-max

/proc/sys/fs/file-max will overflow and be set to 0.  That quickly
crashes the system.

This commit sets the max and min value for file-max.  The max value is
set to long int.  Any higher value cannot currently be used as the
percpu counters are long ints and not unsigned integers.

Note that the file-max value is ultimately parsed via
__do_proc_doulongvec_minmax().  This function does not report error when
min or max are exceeded.  Which means if a value largen that long int is
written userspace will not receive an error instead the old value will be
kept.  There is an argument to be made that this should be changed and
__do_proc_doulongvec_minmax() should return an error when a dedicated min
or max value are exceeded.  However this has the potential to break
userspace so let's defer this to an RFC patch.

Link: http://lkml.kernel.org/r/20190107222700.15954-3-christian@brauner.io
Signed-off-by: Christian Brauner <christian@brauner.io>
Acked-by: Kees Cook <keescook@chromium.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Dominik Brodowski <linux@dominikbrodowski.net>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Joe Lawrence <joe.lawrence@redhat.com>
Cc: Luis Chamberlain <mcgrof@kernel.org>
Cc: Waiman Long <longman@redhat.com>
[christian@brauner.io: v4]
  Link: http://lkml.kernel.org/r/20190210203943.8227-3-christian@brauner.io
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
 kernel/sysctl.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index beadcf83ceba..2f98b11477b8 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -126,6 +126,7 @@ static int __maybe_unused one = 1;
 static int __maybe_unused two = 2;
 static int __maybe_unused four = 4;
 static unsigned long one_ul = 1;
+static unsigned long long_max = LONG_MAX;
 static int one_hundred = 100;
 #ifdef CONFIG_PRINTK
 static int ten_thousand = 10000;
@@ -1603,6 +1604,8 @@ static struct ctl_table fs_table[] = {
 		.maxlen		= sizeof(files_stat.max_files),
 		.mode		= 0644,
 		.proc_handler	= proc_doulongvec_minmax,
+		.extra1		= &zero,
+		.extra2		= &long_max,
 	},
 	{
 		.procname	= "nr_open",
-- 
2.19.1