ipc, msg: forbid negative values for "msg{max,mnb,mni}"

Negative message lengths make no sense -- so don't do negative queue
lenghts or identifier counts. Prevent them from getting negative.

Also change the underlying data types to be unsigned to avoid hairy
surprises with sign extensions in cases where those variables get
evaluated in unsigned expressions with bigger data types, e.g size_t.

In case a user still wants to have "unlimited" sizes she could just use
INT_MAX instead.

Signed-off-by: Mathias Krause <minipli@googlemail.com>
Cc: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

1 files changed, 12 insertions, 8 deletions

diff --git a/ipc/ipc_sysctl.c b/ipc/ipc_sysctl.c
index 130dfece27ac..b0e99deb6d05 100644
--- a/ipc/ipc_sysctl.c
+++ b/ipc/ipc_sysctl.c
@@ -62,7 +62,7 @@ static int proc_ipc_dointvec_minmax_orphans(ctl_table *table, int write,
         return err;
 }
 
-static int proc_ipc_callback_dointvec(ctl_table *table, int write,
+static int proc_ipc_callback_dointvec_minmax(ctl_table *table, int write,
         void __user *buffer, size_t *lenp, loff_t *ppos)
 {
         struct ctl_table ipc_table;
@@ -72,7 +72,7 @@ static int proc_ipc_callback_dointvec(ctl_table *table, int write,
         memcpy(&ipc_table, table, sizeof(ipc_table));
         ipc_table.data = get_ipc(table);
 
-        rc = proc_dointvec(&ipc_table, write, buffer, lenp, ppos);
+        rc = proc_dointvec_minmax(&ipc_table, write, buffer, lenp, ppos);
 
         if (write && !rc && lenp_bef == *lenp)
                 /*
@@ -152,15 +152,13 @@ static int proc_ipcauto_dointvec_minmax(ctl_table *table, int write,
 #define proc_ipc_dointvec          NULL
 #define proc_ipc_dointvec_minmax   NULL
 #define proc_ipc_dointvec_minmax_orphans   NULL
-#define proc_ipc_callback_dointvec NULL
+#define proc_ipc_callback_dointvec_minmax  NULL
 #define proc_ipcauto_dointvec_minmax NULL
 #endif
 
 static int zero;
 static int one = 1;
-#ifdef CONFIG_CHECKPOINT_RESTORE
 static int int_max = INT_MAX;
-#endif
 
 static struct ctl_table ipc_kern_table[] = {
         {
@@ -198,21 +196,27 @@ static struct ctl_table ipc_kern_table[] = {
                 .data           = &init_ipc_ns.msg_ctlmax,
                 .maxlen         = sizeof (init_ipc_ns.msg_ctlmax),
                 .mode           = 0644,
-                .proc_handler   = proc_ipc_dointvec,
+                .proc_handler   = proc_ipc_dointvec_minmax,
+                .extra1         = &zero,
+                .extra2         = &int_max,
         },
         {
                 .procname       = "msgmni",
                 .data           = &init_ipc_ns.msg_ctlmni,
                 .maxlen         = sizeof (init_ipc_ns.msg_ctlmni),
                 .mode           = 0644,
-                .proc_handler   = proc_ipc_callback_dointvec,
+                .proc_handler   = proc_ipc_callback_dointvec_minmax,
+                .extra1         = &zero,
+                .extra2         = &int_max,
         },
         {
                 .procname       =  "msgmnb",
                 .data           = &init_ipc_ns.msg_ctlmnb,
                 .maxlen         = sizeof (init_ipc_ns.msg_ctlmnb),
                 .mode           = 0644,
-                .proc_handler   = proc_ipc_dointvec,
+                .proc_handler   = proc_ipc_dointvec_minmax,
+                .extra1         = &zero,
+                .extra2         = &int_max,
         },
         {
                 .procname       = "sem",