The patch titled Subject: sysctl: handle overflow for file-max has been added to the -mm tree. Its filename is sysctl-handle-overflow-for-file-max.patch This patch should soon appear at http://ozlabs.org/~akpm/mmots/broken-out/sysctl-handle-overflow-for-file-max.patch and later at http://ozlabs.org/~akpm/mmotm/broken-out/sysctl-handle-overflow-for-file-max.patch Before you just go and hit "reply", please: a) Consider who else should be cc'ed b) Prefer to cc a suitable mailing list as well c) Ideally: find the original patch on the mailing list and do a reply-to-all to that, adding suitable additional cc's *** Remember to use Documentation/process/submit-checklist.rst when testing your code *** The -mm tree is included into linux-next and is updated there every 3-4 working days ------------------------------------------------------ From: Christian Brauner <christian@xxxxxxxxxx> Subject: sysctl: handle overflow for file-max Currently, when writing echo 18446744073709551616 > /proc/sys/fs/file-max /proc/sys/fs/file-max will overflow and be set to 0. That quickly crashes the system. This commit sets the max and min value for file-max and returns -EINVAL when a long int is exceeded. Any higher value cannot currently be used as the percpu counters are long ints and not unsigned integers. This behavior also aligns with other tuneables that return -EINVAL when their range is exceeded. See e.g. [1], [2] and others. [1]: fb910c42cceb ("sysctl: check for UINT_MAX before unsigned int min/max") [2]: 196851bed522 ("s390/topology: correct topology mode proc handler") Link: http://lkml.kernel.org/r/20190107222700.15954-3-christian@xxxxxxxxxx Signed-off-by: Christian Brauner <christian@xxxxxxxxxx> Acked-by: Kees Cook <keescook@xxxxxxxxxxxx> Cc: Alexey Dobriyan <adobriyan@xxxxxxxxx> Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx> Cc: Dominik Brodowski <linux@xxxxxxxxxxxxxxxxxxxx> Cc: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx> Cc: Joe Lawrence <joe.lawrence@xxxxxxxxxx> Cc: Luis Chamberlain <mcgrof@xxxxxxxxxx> Cc: Waiman Long <longman@xxxxxxxxxx> Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx> --- kernel/sysctl.c | 7 +++++++ 1 file changed, 7 insertions(+) --- a/kernel/sysctl.c~sysctl-handle-overflow-for-file-max +++ a/kernel/sysctl.c @@ -129,6 +129,7 @@ static int __maybe_unused one = 1; static int __maybe_unused two = 2; static int __maybe_unused four = 4; static unsigned long one_ul = 1; +static unsigned long long_max = LONG_MAX; static int one_hundred = 100; static int one_thousand = 1000; #ifdef CONFIG_PRINTK @@ -1724,6 +1725,8 @@ static struct ctl_table fs_table[] = { .maxlen = sizeof(files_stat.max_files), .mode = 0644, .proc_handler = proc_doulongvec_minmax, + .extra1 = &zero, + .extra2 = &long_max, }, { .procname = "nr_open", @@ -2842,6 +2845,10 @@ static int __do_proc_doulongvec_minmax(v break; if (neg) continue; + if ((max && val > *max) || (min && val < *min)) { + err = -EINVAL; + break; + } val = convmul * val / convdiv; if ((min && val < *min) || (max && val > *max)) continue; _ Patches currently in -mm which might be from christian@xxxxxxxxxx are sysctl-handle-overflow-in-proc_get_long.patch sysctl-handle-overflow-for-file-max.patch