lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat, 25 Aug 2012 08:43:09 +0200 From: Eric Dumazet <eric.dumazet@...il.com> To: Xi Wang <xi.wang@...il.com> Cc: netdev@...r.kernel.org, "David S. Miller" <davem@...emloft.net>, Eric Dumazet <edumazet@...gle.com> Subject: Re: [PATCH] af_unix: fix unix_nr_socks check in unix_create1() On Sat, 2012-08-25 at 02:05 -0400, Xi Wang wrote: > This patch complements 518de9b3 ("fs: allow for more than 2^31 files"). > > get_max_files() returns files_stat.max_files, which can be set to any > value from user space via /proc/sys/fs/file-max. A large file-max will > cause an integer overflow in the following check: > > if (atomic_long_read(&unix_nr_socks) > 2 * get_max_files()) > goto out; > > The kernel will then fail to create a unix domain socket. > > Rewrite the check using "/ 2" on the left-hand side. > > Signed-off-by: Xi Wang <xi.wang@...il.com> > Cc: Eric Dumazet <edumazet@...gle.com> > --- > net/unix/af_unix.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c > index c5ee4ff..99a8bc9 100644 > --- a/net/unix/af_unix.c > +++ b/net/unix/af_unix.c > @@ -630,9 +630,9 @@ static struct sock *unix_create1(struct net *net, struct socket *sock) > { > struct sock *sk = NULL; > struct unix_sock *u; > + unsigned long nr_socks = atomic_long_inc_return(&unix_nr_socks); > > - atomic_long_inc(&unix_nr_socks); > - if (atomic_long_read(&unix_nr_socks) > 2 * get_max_files()) > + if (nr_socks / 2 > get_max_files()) > goto out; > > sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_proto); I dont think this patch is right. atomic_long_inc_return() is expensive, more than atomic_long_inc() And setting a 2^63 limit for max number of files is plain wrong, as there is no way a kernel can allocate 2^63 files structures. (same apply on 32bit arches, but for 2^31) If you feel you must warn a sysadmin of stupid settings, add sane boundaries in kernel/sysctl.c, and send your patch to lkml instead. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@...r.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists