summaryrefslogtreecommitdiff
path: root/kernel
diff options
context:
space:
mode:
authorChristian Brauner <christian@brauner.io>2019-05-14 15:44:55 -0700
committerLinus Torvalds <torvalds@linux-foundation.org>2019-05-14 19:52:51 -0700
commite260ad01f0aa9e96b5386d5cd7184afd949dc457 (patch)
treeb1d538e7bfb4b9e3344d6e5a2912163e408d53b8 /kernel
parent475dae385497dde3f25271ce77b526a1e54a472a (diff)
downloadlwn-e260ad01f0aa9e96b5386d5cd7184afd949dc457.tar.gz
lwn-e260ad01f0aa9e96b5386d5cd7184afd949dc457.zip
sysctl: return -EINVAL if val violates minmax
Currently when userspace gives us a values that overflow e.g. file-max and other callers of __do_proc_doulongvec_minmax() we simply ignore the new value and leave the current value untouched. This can be problematic as it gives the illusion that the limit has indeed be bumped when in fact it failed. This commit makes sure to return EINVAL when an overflow is detected. Please note that this is a userspace facing change. Link: http://lkml.kernel.org/r/20190210203943.8227-4-christian@brauner.io Signed-off-by: Christian Brauner <christian@brauner.io> Acked-by: Luis Chamberlain <mcgrof@kernel.org> Cc: Kees Cook <keescook@chromium.org> Cc: Alexey Dobriyan <adobriyan@gmail.com> Cc: Al Viro <viro@zeniv.linux.org.uk> Cc: Dominik Brodowski <linux@dominikbrodowski.net> Cc: "Eric W. Biederman" <ebiederm@xmission.com> Cc: Joe Lawrence <joe.lawrence@redhat.com> Cc: Waiman Long <longman@redhat.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Diffstat (limited to 'kernel')
-rw-r--r--kernel/sysctl.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index d82f9161adb8..f7bd1aead3bf 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -2886,8 +2886,10 @@ static int __do_proc_doulongvec_minmax(void *data, struct ctl_table *table, int
if (neg)
continue;
val = convmul * val / convdiv;
- if ((min && val < *min) || (max && val > *max))
- continue;
+ if ((min && val < *min) || (max && val > *max)) {
+ err = -EINVAL;
+ break;
+ }
*i = val;
} else {
val = convdiv * (*i) / convmul;