Commit e260ad01 authored May 14, 2019 by Christian Brauner Committed by Linus Torvalds May 14, 2019

sysctl: return -EINVAL if val violates minmax

Currently when userspace gives us a values that overflow e.g.  file-max
and other callers of __do_proc_doulongvec_minmax() we simply ignore the
new value and leave the current value untouched.

This can be problematic as it gives the illusion that the limit has
indeed be bumped when in fact it failed.  This commit makes sure to
return EINVAL when an overflow is detected.  Please note that this is a
userspace facing change.

Link: http://lkml.kernel.org/r/20190210203943.8227-4-christian@brauner.io


Signed-off-by: Christian Brauner <christian@brauner.io>
Acked-by: Luis Chamberlain <mcgrof@kernel.org>
Cc: Kees Cook <keescook@chromium.org>
Cc: Alexey Dobriyan <adobriyan@gmail.com>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Dominik Brodowski <linux@dominikbrodowski.net>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Joe Lawrence <joe.lawrence@redhat.com>
Cc: Waiman Long <longman@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

parent 475dae38

kernel/sysctl.c

+4 −2

Original line number	Diff line number	Diff line
		@@ -2886,8 +2886,10 @@ static int __do_proc_doulongvec_minmax(void data, struct ctl_table table, int
		if (neg)
		continue;
		val = convmul * val / convdiv;
		if ((min && val < min) \|\| (max && val > max))
		continue;
		if ((min && val < min) \|\| (max && val > max)) {
		err = -EINVAL;
		break;
		}
		*i = val;
		} else {
		val = convdiv * (*i) / convmul;

Admin message