[B][C][SRU][PATCH v2 1/2] sysctl: handle overflow for file-max

Po-Hsu Lin po-hsu.lin at canonical.com
Fri Jun 28 08:24:37 UTC 2019 

From: Christian Brauner <christian at brauner.io>

BugLink: https://bugs.launchpad.net/bugs/1834310

Currently, when writing

  echo 18446744073709551616 > /proc/sys/fs/file-max

/proc/sys/fs/file-max will overflow and be set to 0.  That quickly
crashes the system.

This commit sets the max and min value for file-max.  The max value is
set to long int.  Any higher value cannot currently be used as the
percpu counters are long ints and not unsigned integers.

Note that the file-max value is ultimately parsed via
__do_proc_doulongvec_minmax().  This function does not report error when
min or max are exceeded.  Which means if a value largen that long int is
written userspace will not receive an error instead the old value will be
kept.  There is an argument to be made that this should be changed and
__do_proc_doulongvec_minmax() should return an error when a dedicated min
or max value are exceeded.  However this has the potential to break
userspace so let's defer this to an RFC patch.

Link: http://lkml.kernel.org/r/20190107222700.15954-3-christian@brauner.io
Signed-off-by: Christian Brauner <christian at brauner.io>
Acked-by: Kees Cook <keescook at chromium.org>
Cc: Alexey Dobriyan <adobriyan at gmail.com>
Cc: Al Viro <viro at zeniv.linux.org.uk>
Cc: Dominik Brodowski <linux at dominikbrodowski.net>
Cc: "Eric W. Biederman" <ebiederm at xmission.com>
Cc: Joe Lawrence <joe.lawrence at redhat.com>
Cc: Luis Chamberlain <mcgrof at kernel.org>
Cc: Waiman Long <longman at redhat.com>
[christian at brauner.io: v4]
  Link: http://lkml.kernel.org/r/20190210203943.8227-3-christian@brauner.io
Signed-off-by: Andrew Morton <akpm at linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds at linux-foundation.org>

(cherry picked from commit 32a5ad9c22852e6bd9e74bdec5934ef9d1480bc5)
Signed-off-by: Po-Hsu Lin <po-hsu.lin at canonical.com>
---
 kernel/sysctl.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index c19d7a8..39ea0c1 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -129,6 +129,7 @@ static int __maybe_unused one = 1;
 static int __maybe_unused two = 2;
 static int __maybe_unused four = 4;
 static unsigned long one_ul = 1;
+static unsigned long long_max = LONG_MAX;
 static int one_hundred = 100;
 static int one_thousand = 1000;
 #ifdef CONFIG_PRINTK
@@ -1698,6 +1699,8 @@ static struct ctl_table fs_table[] = {
 		.maxlen		= sizeof(files_stat.max_files),
 		.mode		= 0644,
 		.proc_handler	= proc_doulongvec_minmax,
+		.extra1		= &zero,
+		.extra2		= &long_max,
 	},
 	{
 		.procname	= "nr_open",
-- 
2.7.4

More information about the kernel-team mailing list