tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge branch 'ucount-rlimit-fixes-for-v5.16' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace

Pull ucount fix from Eric Biederman:
"This fixes a silly logic bug in the ucount rlimits code, where it was
comparing against the wrong limit"

* 'ucount-rlimit-fixes-for-v5.16' of git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace:
ucounts: Fix rlimit max values check

Linus Torvalds 7fe2bc1b 76657eae

+9 -6
+9 -6
kernel/ucount.c
··· 264 264 long inc_rlimit_ucounts(struct ucounts *ucounts, enum ucount_type type, long v) 265 265 { 266 266 struct ucounts *iter; 267 + long max = LONG_MAX; 267 268 long ret = 0; 268 269 269 270 for (iter = ucounts; iter; iter = iter->ns->ucounts) { 270 - long max = READ_ONCE(iter->ns->ucount_max[type]); 271 271 long new = atomic_long_add_return(v, &iter->ucount[type]); 272 272 if (new < 0 || new > max) 273 273 ret = LONG_MAX; 274 274 else if (iter == ucounts) 275 275 ret = new; 276 + max = READ_ONCE(iter->ns->ucount_max[type]); 276 277 } 277 278 return ret; 278 279 } ··· 313 312 { 314 313 /* Caller must hold a reference to ucounts */ 315 314 struct ucounts *iter; 315 + long max = LONG_MAX; 316 316 long dec, ret = 0; 317 317 318 318 for (iter = ucounts; iter; iter = iter->ns->ucounts) { 319 - long max = READ_ONCE(iter->ns->ucount_max[type]); 320 319 long new = atomic_long_add_return(1, &iter->ucount[type]); 321 320 if (new < 0 || new > max) 322 321 goto unwind; 323 322 if (iter == ucounts) 324 323 ret = new; 324 + max = READ_ONCE(iter->ns->ucount_max[type]); 325 325 /* 326 326 * Grab an extra ucount reference for the caller when 327 327 * the rlimit count was previously 0. ··· 341 339 return 0; 342 340 } 343 341 344 - bool is_ucounts_overlimit(struct ucounts *ucounts, enum ucount_type type, unsigned long max) 342 + bool is_ucounts_overlimit(struct ucounts *ucounts, enum ucount_type type, unsigned long rlimit) 345 343 { 346 344 struct ucounts *iter; 347 - if (get_ucounts_value(ucounts, type) > max) 348 - return true; 345 + long max = rlimit; 346 + if (rlimit > LONG_MAX) 347 + max = LONG_MAX; 349 348 for (iter = ucounts; iter; iter = iter->ns->ucounts) { 350 - max = READ_ONCE(iter->ns->ucount_max[type]); 351 349 if (get_ucounts_value(iter, type) > max) 352 350 return true; 351 + max = READ_ONCE(iter->ns->ucount_max[type]); 353 352 } 354 353 return false; 355 354 }