ucounts: Handle wrapping in is_ucounts_overlimit
authorEric W. Biederman <ebiederm@xmission.com>
Thu, 10 Feb 2022 00:09:41 +0000 (18:09 -0600)
committerEric W. Biederman <ebiederm@xmission.com>
Thu, 17 Feb 2022 15:11:57 +0000 (09:11 -0600)
While examining is_ucounts_overlimit and reading the various messages
I realized that is_ucounts_overlimit fails to deal with counts that
may have wrapped.

Being wrapped should be a transitory state for counts and they should
never be wrapped for long, but it can happen so handle it.

Cc: stable@vger.kernel.org
Fixes: 21d1c5e386bc ("Reimplement RLIMIT_NPROC on top of ucounts")
Link: https://lkml.kernel.org/r/20220216155832.680775-5-ebiederm@xmission.com
Reviewed-by: Shuah Khan <skhan@linuxfoundation.org>
Signed-off-by: "Eric W. Biederman" <ebiederm@xmission.com>
kernel/ucount.c

index 65b597431c861aa4a949e4914f073118aa7b0567..06ea04d4468522aac6526a986d14429490c9bbef 100644 (file)
@@ -350,7 +350,8 @@ bool is_ucounts_overlimit(struct ucounts *ucounts, enum ucount_type type, unsign
        if (rlimit > LONG_MAX)
                max = LONG_MAX;
        for (iter = ucounts; iter; iter = iter->ns->ucounts) {
-               if (get_ucounts_value(iter, type) > max)
+               long val = get_ucounts_value(iter, type);
+               if (val < 0 || val > max)
                        return true;
                max = READ_ONCE(iter->ns->ucount_max[type]);
        }