diff mbox series

[5.16,174/227] ucounts: Handle wrapping in is_ucounts_overlimit

Message ID 20220221084940.593128934@linuxfoundation.org
State New
Headers show
Series None | expand

Commit Message

Greg KH Feb. 21, 2022, 8:49 a.m. UTC 
From: Eric W. Biederman <ebiederm@xmission.com>

commit 0cbae9e24fa7d6c6e9f828562f084da82217a0c5 upstream.

While examining is_ucounts_overlimit and reading the various messages
I realized that is_ucounts_overlimit fails to deal with counts that
may have wrapped.

Being wrapped should be a transitory state for counts and they should
never be wrapped for long, but it can happen so handle it.

Cc: stable@vger.kernel.org
Fixes: 21d1c5e386bc ("Reimplement RLIMIT_NPROC on top of ucounts")
Link: https://lkml.kernel.org/r/20220216155832.680775-5-ebiederm@xmission.com
Reviewed-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 kernel/ucount.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)
diff mbox series

Patch

--- a/kernel/ucount.c
+++ b/kernel/ucount.c
@@ -350,7 +350,8 @@  bool is_ucounts_overlimit(struct ucounts
 	if (rlimit > LONG_MAX)
 		max = LONG_MAX;
 	for (iter = ucounts; iter; iter = iter->ns->ucounts) {
-		if (get_ucounts_value(iter, type) > max)
+		long val = get_ucounts_value(iter, type);
+		if (val < 0 || val > max)
 			return true;
 		max = READ_ONCE(iter->ns->ucount_max[type]);
 	}