+ sysctl-return-einval-if-val-violates-minmax.patch added to -mm tree

[akpm@xxxxxxxxxxxxxxxxxxxx]

The patch titled
     Subject: sysctl: return -EINVAL if val violates minmax
has been added to the -mm tree.  Its filename is
     sysctl-return-einval-if-val-violates-minmax.patch

This patch should soon appear at
    http://ozlabs.org/~akpm/mmots/broken-out/sysctl-return-einval-if-val-violates-minmax.patch
and later at
    http://ozlabs.org/~akpm/mmotm/broken-out/sysctl-return-einval-if-val-violates-minmax.patch

Before you just go and hit "reply", please:
   a) Consider who else should be cc'ed
   b) Prefer to cc a suitable mailing list as well
   c) Ideally: find the original patch on the mailing list and do a
      reply-to-all to that, adding suitable additional cc's

*** Remember to use Documentation/process/submit-checklist.rst when testing your code ***

The -mm tree is included into linux-next and is updated
there every 3-4 working days

------------------------------------------------------
From: Christian Brauner <christian@xxxxxxxxxx>
Subject: sysctl: return -EINVAL if val violates minmax

Currently when userspace gives us a values that overflow e.g. file-max and
other callers of __do_proc_doulongvec_minmax() we simply
ignore the new value and leave the current value untouched. This can be
problematic as it gives the illusion that the limit has indeed be bumped
when in fact it failed.
This commit makes sure to return EINVAL when an overflow is detected.
Please note that this is a userspace facing change.

Link: http://lkml.kernel.org/r/20190210203943.8227-4-christian@xxxxxxxxxx
Signed-off-by: Christian Brauner <christian@xxxxxxxxxx>
Acked-by: Luis Chamberlain <mcgrof@xxxxxxxxxx>
Cc: Kees Cook <keescook@xxxxxxxxxxxx>
Cc: Alexey Dobriyan <adobriyan@xxxxxxxxx>
Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Cc: Dominik Brodowski <linux@xxxxxxxxxxxxxxxxxxxx>
Cc: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
Cc: Joe Lawrence <joe.lawrence@xxxxxxxxxx>
Cc: Waiman Long <longman@xxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---

 kernel/sysctl.c |    6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

--- a/kernel/sysctl.c~sysctl-return-einval-if-val-violates-minmax
+++ a/kernel/sysctl.c
@@ -2848,8 +2848,10 @@ static int __do_proc_doulongvec_minmax(v
 			if (neg)
 				continue;
 			val = convmul * val / convdiv;
-			if ((min && val < *min) || (max && val > *max))
-				continue;
+			if ((min && val < *min) || (max && val > *max)) {
+				err = -EINVAL;
+				break;
+			}
 			*i = val;
 		} else {
 			val = convdiv * (*i) / convmul;
_

Patches currently in -mm which might be from christian@xxxxxxxxxx are

sysctl-handle-overflow-in-proc_get_long.patch
sysctl-handle-overflow-for-file-max.patch
sysctl-handle-overflow-for-file-max-v4.patch
sysctl-return-einval-if-val-violates-minmax.patch