On Wed, Apr 24, 2019 at 11:50:22PM +0200, Christian Brauner wrote:
On Wed, Apr 24, 2019 at 7:16 PM Greg Kroah-Hartman gregkh@linuxfoundation.org wrote:
[ Upstream commit 32a5ad9c22852e6bd9e74bdec5934ef9d1480bc5 ]
Currently, when writing
echo 18446744073709551616 > /proc/sys/fs/file-max
/proc/sys/fs/file-max will overflow and be set to 0. That quickly crashes the system.
This commit sets the max and min value for file-max. The max value is set to long int. Any higher value cannot currently be used as the percpu counters are long ints and not unsigned integers.
Note that the file-max value is ultimately parsed via __do_proc_doulongvec_minmax(). This function does not report error when min or max are exceeded. Which means if a value largen that long int is written userspace will not receive an error instead the old value will be kept. There is an argument to be made that this should be changed and __do_proc_doulongvec_minmax() should return an error when a dedicated min or max value are exceeded. However this has the potential to break userspace so let's defer this to an RFC patch.
Link: http://lkml.kernel.org/r/20190107222700.15954-3-christian@brauner.io Signed-off-by: Christian Brauner christian@brauner.io Acked-by: Kees Cook keescook@chromium.org Cc: Alexey Dobriyan adobriyan@gmail.com Cc: Al Viro viro@zeniv.linux.org.uk Cc: Dominik Brodowski linux@dominikbrodowski.net Cc: "Eric W. Biederman" ebiederm@xmission.com Cc: Joe Lawrence joe.lawrence@redhat.com Cc: Luis Chamberlain mcgrof@kernel.org Cc: Waiman Long longman@redhat.com [christian@brauner.io: v4] Link: http://lkml.kernel.org/r/20190210203943.8227-3-christian@brauner.io Signed-off-by: Andrew Morton akpm@linux-foundation.org Signed-off-by: Linus Torvalds torvalds@linux-foundation.org Signed-off-by: Sasha Levin sashal@kernel.org
Hey Greg,
Just an heads-up. This patch triggered a KASAN warning and Will has sent a fix for that which is already in master. So if you backport this patch you likely also want to backport
9002b21465fa4d829edfc94a5a441005cffaa972
(See https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?i... )
Seems we missed a Cc: for stable in there. Sorry about that.
No problem, thanks for letting me know, now queued up everywhere.
greg k-h