pipe, sysctl: drop 'min' parameter from pipe-max-size converter

Patch series "pipe: buffer limits fixes and cleanups", v2. This series simplifies the sysctl handler for pipe-max-size and fixes another set of bugs related to the pipe buffer limits: - The root user wasn't allowed to exceed the limits when creating new pipes. - There was an off-by-one error when checking the limits, so a limit of N was actually treated as N - 1. - F_SETPIPE_SZ accepted values over UINT_MAX. - Reading the pipe buffer limits could be racy. This patch (of 7): Before validating the given value against pipe_min_size, do_proc_dopipe_max_size_conv() calls round_pipe_size(), which rounds the value up to pipe_min_size. Therefore, the second check against pipe_min_size is redundant. Remove it. Link: http://lkml.kernel.org/r/20180111052902.14409-2-ebiggers3@gmail.com Signed-off-by: Eric Biggers <ebiggers@google.com> Acked-by: Kees Cook <keescook@chromium.org> Acked-by: Joe Lawrence <joe.lawrence@redhat.com> Cc: Alexander Viro <viro@zeniv.linux.org.uk> Cc: "Luis R . Rodriguez" <mcgrof@kernel.org> Cc: Michael Kerrisk <mtk.manpages@gmail.com> Cc: Mikulas Patocka <mpatocka@redhat.com> Cc: Willy Tarreau <w@1wt.eu> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
author: Eric Biggers <ebiggers@google.com> 2018-02-06 18:41:45 -0500
committer: Linus Torvalds <torvalds@linux-foundation.org> 2018-02-06 21:32:47 -0500
commit: 4c2e4befb3cc9ce42d506aa537c9ab504723e98c (patch)
tree: 5419e5965a7f07a39d1db8767148d547907f9c0d /kernel/sysctl.c
parent: e7c52b84fb18f08ce49b6067ae6285aca79084a8 (diff)
1 files changed, 1 insertions, 14 deletions
diff --git a/kernel/sysctl.c b/kernel/sysctl.c
index 2fb4e27c636a..f21375aa6cf6 100644
--- a/kernel/sysctl.c
+++ b/kernel/sysctl.c
@@ -1813,7 +1813,6 @@ static struct ctl_table fs_table[] = {
                .maxlen         = sizeof(pipe_max_size),
                .mode           = 0644,
                .proc_handler   = &pipe_proc_fn,
-                .extra1         = &pipe_min_size,
        },
        {
                .procname       = "pipe-user-pages-hard",
@@ -2615,16 +2614,10 @@ int proc_douintvec_minmax(struct ctl_table *table, int write,
                                 do_proc_douintvec_minmax_conv, &param);
 }
-struct do_proc_dopipe_max_size_conv_param {
-        unsigned int *min;
-};
 static int do_proc_dopipe_max_size_conv(unsigned long *lvalp,
                                        unsigned int *valp,
                                        int write, void *data)
 {
-        struct do_proc_dopipe_max_size_conv_param *param = data;
        if (write) {
                unsigned int val;
@@ -2635,9 +2628,6 @@ static int do_proc_dopipe_max_size_conv(unsigned long *lvalp,
                if (val == 0)
                        return -EINVAL;
-                if (param->min && *param->min > val)
-                        return -ERANGE;
                *valp = val;
        } else {
                unsigned int val = *valp;
@@ -2650,11 +2640,8 @@ static int do_proc_dopipe_max_size_conv(unsigned long *lvalp,
 int proc_dopipe_max_size(struct ctl_table *table, int write,
                         void __user *buffer, size_t *lenp, loff_t *ppos)
 {
-        struct do_proc_dopipe_max_size_conv_param param = {
-                .min = (unsigned int *) table->extra1,
-        };
        return do_proc_douintvec(table, write, buffer, lenp, ppos,
-                                 do_proc_dopipe_max_size_conv, &param);
+                                 do_proc_dopipe_max_size_conv, NULL);
 }
 static void validate_coredump_safety(void)
author	Eric Biggers <ebiggers@google.com>	2018-02-06 18:41:45 -0500
committer	Linus Torvalds <torvalds@linux-foundation.org>	2018-02-06 21:32:47 -0500
commit	4c2e4befb3cc9ce42d506aa537c9ab504723e98c (patch)
tree	5419e5965a7f07a39d1db8767148d547907f9c0d /kernel/sysctl.c
parent	e7c52b84fb18f08ce49b6067ae6285aca79084a8 (diff)