Home Home > GIT Browse
summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNeilBrown <neilb@suse.com>2018-11-01 13:57:07 +1100
committerNeilBrown <neilb@suse.com>2018-11-01 13:57:07 +1100
commite8660e8f13373ea96d2c00d626c6f1471fba1ecc (patch)
treea0c321ec56f69a36508e629c31dec6a9c6c297ac
parent0e081e59cda20b8639181a0734700985fa8df1ee (diff)
- pipe: match pipe_max_size data type with procfs (git-fixes).
- Refresh patches.suse/pipe-avoid-round_pipe_size-nr_pages-overflow-on-32-b.patch.
-rw-r--r--patches.fixes/pipe-match-pipe_max_size-data-type-with-procfs.patch107
-rw-r--r--patches.suse/pipe-avoid-round_pipe_size-nr_pages-overflow-on-32-b.patch2
-rw-r--r--series.conf1
3 files changed, 109 insertions, 1 deletions
diff --git a/patches.fixes/pipe-match-pipe_max_size-data-type-with-procfs.patch b/patches.fixes/pipe-match-pipe_max_size-data-type-with-procfs.patch
new file mode 100644
index 0000000000..9fdb14d12b
--- /dev/null
+++ b/patches.fixes/pipe-match-pipe_max_size-data-type-with-procfs.patch
@@ -0,0 +1,107 @@
+From: Joe Lawrence <joe.lawrence@redhat.com>
+Date: Fri, 17 Nov 2017 15:29:17 -0800
+Subject: [PATCH] pipe: match pipe_max_size data type with procfs
+Git-commit: 98159d977f71c3b3dee898d1c34e56f520b094e7
+Patch-mainline: v4.15
+References: git-fixes
+
+Patch series "A few round_pipe_size() and pipe-max-size fixups", v3.
+
+While backporting Michael's "pipe: fix limit handling" patchset to a
+distro-kernel, Mikulas noticed that current upstream pipe limit handling
+contains a few problems:
+
+ 1 - procfs signed wrap: echo'ing a large number into
+ /proc/sys/fs/pipe-max-size and then cat'ing it back out shows a
+ negative value.
+
+ 2 - round_pipe_size() nr_pages overflow on 32bit: this would
+ subsequently try roundup_pow_of_two(0), which is undefined.
+
+ 3 - visible non-rounded pipe-max-size value: there is no mutual
+ exclusion or protection between the time pipe_max_size is assigned
+ a raw value from proc_dointvec_minmax() and when it is rounded.
+
+ 4 - unsigned long -> unsigned int conversion makes for potential odd
+ return errors from do_proc_douintvec_minmax_conv() and
+ do_proc_dopipe_max_size_conv().
+
+This version underwent the same testing as v1:
+https://marc.info/?l=linux-kernel&m=150643571406022&w=2
+
+This patch (of 4):
+
+pipe_max_size is defined as an unsigned int:
+
+ unsigned int pipe_max_size = 1048576;
+
+but its procfs/sysctl representation is an integer:
+
+ static struct ctl_table fs_table[] = {
+ ...
+ {
+ .procname = "pipe-max-size",
+ .data = &pipe_max_size,
+ .maxlen = sizeof(int),
+ .mode = 0644,
+ .proc_handler = &pipe_proc_fn,
+ .extra1 = &pipe_min_size,
+ },
+ ...
+
+that is signed:
+
+ int pipe_proc_fn(struct ctl_table *table, int write, void __user *buf,
+ size_t *lenp, loff_t *ppos)
+ {
+ ...
+ ret = proc_dointvec_minmax(table, write, buf, lenp, ppos)
+
+This leads to signed results via procfs for large values of pipe_max_size:
+
+ % echo 2147483647 >/proc/sys/fs/pipe-max-size
+ % cat /proc/sys/fs/pipe-max-size
+ -2147483648
+
+Use unsigned operations on this variable to avoid such negative values.
+
+Link: http://lkml.kernel.org/r/1507658689-11669-2-git-send-email-joe.lawrence@redhat.com
+Signed-off-by: Joe Lawrence <joe.lawrence@redhat.com>
+Reported-by: Mikulas Patocka <mpatocka@redhat.com>
+Reviewed-by: Mikulas Patocka <mpatocka@redhat.com>
+Cc: Michael Kerrisk <mtk.manpages@gmail.com>
+Cc: Randy Dunlap <rdunlap@infradead.org>
+Cc: Al Viro <viro@zeniv.linux.org.uk>
+Cc: Jens Axboe <axboe@kernel.dk>
+Cc: Josh Poimboeuf <jpoimboe@redhat.com>
+Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
+Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
+Acked-by: NeilBrown <neilb@suse.com>
+
+---
+ fs/pipe.c | 2 +-
+ kernel/sysctl.c | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+--- a/fs/pipe.c
++++ b/fs/pipe.c
+@@ -1125,7 +1125,7 @@ int pipe_proc_fn(struct ctl_table *table
+ {
+ int ret;
+
+- ret = proc_dointvec_minmax(table, write, buf, lenp, ppos);
++ ret = proc_douintvec_minmax(table, write, buf, lenp, ppos);
+ if (ret < 0 || !write)
+ return ret;
+
+--- a/kernel/sysctl.c
++++ b/kernel/sysctl.c
+@@ -1821,7 +1821,7 @@ static struct ctl_table fs_table[] = {
+ {
+ .procname = "pipe-max-size",
+ .data = &pipe_max_size,
+- .maxlen = sizeof(int),
++ .maxlen = sizeof(pipe_max_size),
+ .mode = 0644,
+ .proc_handler = &pipe_proc_fn,
+ .extra1 = &pipe_min_size,
diff --git a/patches.suse/pipe-avoid-round_pipe_size-nr_pages-overflow-on-32-b.patch b/patches.suse/pipe-avoid-round_pipe_size-nr_pages-overflow-on-32-b.patch
index 1171350f17..98b98d5a82 100644
--- a/patches.suse/pipe-avoid-round_pipe_size-nr_pages-overflow-on-32-b.patch
+++ b/patches.suse/pipe-avoid-round_pipe_size-nr_pages-overflow-on-32-b.patch
@@ -95,7 +95,7 @@ Signed-off-by: Jiri Slaby <jslaby@suse.cz>
+ unsigned int rounded_pipe_max_size;
int ret;
- ret = proc_dointvec_minmax(table, write, buf, lenp, ppos);
+ ret = proc_douintvec_minmax(table, write, buf, lenp, ppos);
if (ret < 0 || !write)
return ret;
diff --git a/series.conf b/series.conf
index 8e577de661..2ba743110e 100644
--- a/series.conf
+++ b/series.conf
@@ -10035,6 +10035,7 @@
patches.suse/0001-epoll-avoid-calling-ep_call_nested-from-ep_poll_safe.patch
patches.suse/0001-epoll-remove-ep_call_nested-from-ep_eventpoll_poll.patch
patches.fixes/0001-autofs-don-t-fail-mount-for-transient-error.patch
+ patches.fixes/pipe-match-pipe_max_size-data-type-with-procfs.patch
patches.suse/pipe-avoid-round_pipe_size-nr_pages-overflow-on-32-b.patch
patches.fixes/nilfs2-fix-race-condition-that-causes-file-system-co.patch
patches.fixes/nilfs2-remove-inode-i_version-initialization.patch