| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20241123181308.184294-1-alexjlzheng@tencent.com>
Date: Sun, 24 Nov 2024 02:13:08 +0800
From: Jinliang Zheng <alexjlzheng@...il.com>
To: alexjlzheng@...il.com
Cc: adobriyan@...il.com,
alexjlzheng@...cent.com,
brauner@...nel.org,
flyingpeng@...cent.com,
jack@...e.cz,
joel.granados@...nel.org,
kees@...nel.org,
linux-fsdevel@...r.kernel.org,
linux-kernel@...r.kernel.org,
mcgrof@...nel.org,
viro@...iv.linux.org.uk
Subject: [PATCH 5/6] sysctl: ensure sysctl_nr_open is not greater than files_stat.max_files
Introduce proc_douintvec_nropen_minmax(), ensure the value of
sysctl_nr_open is not greater than files_stat.max_files.
Signed-off-by: Jinliang Zheng <alexjlzheng@...cent.com>
---
fs/file_table.c | 2 +-
include/linux/sysctl.h | 2 ++
kernel/sysctl.c | 21 +++++++++++++++++++++
3 files changed, 24 insertions(+), 1 deletion(-)
diff --git a/fs/file_table.c b/fs/file_table.c
index 01faa9c2869e..43838354ce6d 100644
--- a/fs/file_table.c
+++ b/fs/file_table.c
@@ -128,7 +128,7 @@ static struct ctl_table fs_stat_sysctls[] = {
.data = &sysctl_nr_open,
.maxlen = sizeof(unsigned int),
.mode = 0644,
- .proc_handler = proc_douintvec_minmax,
+ .proc_handler = proc_douintvec_nropen_minmax,
.extra1 = &sysctl_nr_open_min,
.extra2 = &sysctl_nr_open_max,
},
diff --git a/include/linux/sysctl.h b/include/linux/sysctl.h
index 4ecf945de956..ed7400841f82 100644
--- a/include/linux/sysctl.h
+++ b/include/linux/sysctl.h
@@ -72,6 +72,8 @@ int proc_douintvec(const struct ctl_table *, int, void *, size_t *, loff_t *);
int proc_dointvec_minmax(const struct ctl_table *, int, void *, size_t *, loff_t *);
int proc_douintvec_minmax(const struct ctl_table *table, int write, void *buffer,
size_t *lenp, loff_t *ppos);
+int proc_douintvec_nropen_minmax(const struct ctl_table *, int, void *,
+ size_t *, loff_t *);
int proc_dou8vec_minmax(const struct ctl_table *table, int write, void *buffer,
size_t *lenp, loff_t *ppos);
int proc_dointvec_jiffies(const struct ctl_table *, int, void *, size_t *, loff_t *);
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 5ee2bfc7fcbe..d8ce18368ab3 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -944,6 +944,27 @@ int proc_douintvec_minmax(const struct ctl_table *table, int write,
do_proc_douintvec_minmax_conv, ¶m);
}
+/*
+ * Used for 'sysctl -w fs.nr_open', ensuring its value will not be greater
+ * than files_stat.max_files.
+ */
+int proc_douintvec_nropen_minmax(const struct ctl_table *table, int write,
+ void *buffer, size_t *lenp, loff_t *ppos)
+{
+ unsigned int file_max;
+ struct do_proc_douintvec_minmax_conv_param param = {
+ .min = (unsigned int *) table->extra1,
+ .max = (unsigned int *) table->extra2,
+ };
+
+ file_max = min_t(unsigned int, files_stat.max_files,
+ *(unsigned int *)table->extra2);
+ if (write)
+ param.max = &file_max;
+ return do_proc_douintvec(table, write, buffer, lenp, ppos,
+ do_proc_douintvec_minmax_conv, ¶m);
+}
+
/**
* proc_dou8vec_minmax - read a vector of unsigned chars with min/max values
* @table: the sysctl table
--
2.41.1
Powered by blists - more mailing lists