The patch titled
Subject: sysctl: return -EINVAL if val violates minmax
has been removed from the -mm tree. Its filename was
sysctl-return-einval-if-val-violates-minmax.patch
This patch was dropped because it was merged into mainline or a subsystem tree
------------------------------------------------------
From: Christian Brauner <christian@xxxxxxxxxx>
Subject: sysctl: return -EINVAL if val violates minmax
Currently when userspace gives us a values that overflow e.g. file-max and
other callers of __do_proc_doulongvec_minmax() we simply
ignore the new value and leave the current value untouched. This can be
problematic as it gives the illusion that the limit has indeed be bumped
when in fact it failed.
This commit makes sure to return EINVAL when an overflow is detected.
Please note that this is a userspace facing change.
Link: http://lkml.kernel.org/r/20190210203943.8227-4-christian@xxxxxxxxxx
Signed-off-by: Christian Brauner <christian@xxxxxxxxxx>
Acked-by: Luis Chamberlain <mcgrof@xxxxxxxxxx>
Cc: Kees Cook <keescook@xxxxxxxxxxxx>
Cc: Alexey Dobriyan <adobriyan@xxxxxxxxx>
Cc: Al Viro <viro@xxxxxxxxxxxxxxxxxx>
Cc: Dominik Brodowski <linux@xxxxxxxxxxxxxxxxxxxx>
Cc: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
Cc: Joe Lawrence <joe.lawrence@xxxxxxxxxx>
Cc: Waiman Long <longman@xxxxxxxxxx>
Signed-off-by: Andrew Morton <akpm@xxxxxxxxxxxxxxxxxxxx>
---
kernel/sysctl.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/kernel/sysctl.c~sysctl-return-einval-if-val-violates-minmax
+++ a/kernel/sysctl.c
@@ -2886,8 +2886,10 @@ static int __do_proc_doulongvec_minmax(v
if (neg)
continue;
val = convmul * val / convdiv;
- if ((min && val < *min) || (max && val > *max))
- continue;
+ if ((min && val < *min) || (max && val > *max)) {
+ err = -EINVAL;
+ break;
+ }
*i = val;
} else {
val = convdiv * (*i) / convmul;
_
Patches currently in -mm which might be from christian@xxxxxxxxxx are
