• Joe Lawrence's avatar
    pipe: add proc_dopipe_max_size() to safely assign pipe_max_size · 7a8d1819
    Joe Lawrence authored
    pipe_max_size is assigned directly via procfs sysctl:
    
      static struct ctl_table fs_table[] = {
              ...
              {
                      .procname       = "pipe-max-size",
                      .data           = &pipe_max_size,
                      .maxlen         = sizeof(int),
                      .mode           = 0644,
                      .proc_handler   = &pipe_proc_fn,
                      .extra1         = &pipe_min_size,
              },
              ...
    
      int pipe_proc_fn(struct ctl_table *table, int write, void __user *buf,
                       size_t *lenp, loff_t *ppos)
      {
              ...
              ret = proc_dointvec_minmax(table, write, buf, lenp, ppos)
              ...
    
    and then later rounded in-place a few statements later:
    
              ...
              pipe_max_size = round_pipe_size(pipe_max_size);
              ...
    
    This leaves a window of time between initial assignment and rounding
    that may be visible to other threads.  (For example, one thread sets a
    non-rounded value to pipe_max_size while another reads its value.)
    
    Similar reads of pipe_max_size are potentially racy:
    
      pipe.c :: alloc_pipe_info()
      pipe.c :: pipe_set_size()
    
    Add a new proc_dopipe_max_size() that consolidates reading the new value
    from the user buffer, verifying bounds, and calling round_pipe_size()
    with a single assignment to pipe_max_size.
    
    Link: http://lkml.kernel.org/r/1507658689-11669-4-git-send-email-joe.lawrence@redhat.comSigned-off-by: default avatarJoe Lawrence <joe.lawrence@redhat.com>
    Reported-by: default avatarMikulas Patocka <mpatocka@redhat.com>
    Reviewed-by: default avatarMikulas Patocka <mpatocka@redhat.com>
    Cc: Al Viro <viro@zeniv.linux.org.uk>
    Cc: Jens Axboe <axboe@kernel.dk>
    Cc: Michael Kerrisk <mtk.manpages@gmail.com>
    Cc: Randy Dunlap <rdunlap@infradead.org>
    Cc: Josh Poimboeuf <jpoimboe@redhat.com>
    Signed-off-by: default avatarAndrew Morton <akpm@linux-foundation.org>
    Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
    7a8d1819
sysctl.c 74.2 KB