sysctl: reject gigantic reads/write to sysctl files

Instead of triggering a WARN_ON deep down in the page allocator just
give up early on allocations that are way larger than the usual sysctl
values.

Fixes: ecad013df758 ("sysctl: pass kernel pointers to ->proc_handler")
Reported-by: Vegard Nossum <vegard.nossum@oracle.com>
Signed-off-by: Christoph Hellwig <hch@lst.de>
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>

diff --git a/fs/proc/proc_sysctl.c b/fs/proc/proc_sysctl.c
index df2143e05c571e830f71640961a21b1e455fe311..08c33bd1642dcdc069ce35a668a119cd77228ca6 100644 (file)
--- a/fs/proc/proc_sysctl.c
+++ b/fs/proc/proc_sysctl.c
@@ -564,6 +564,10 @@ static ssize_t proc_sys_call_handler(struct file *filp, void __user *ubuf,
        if (!table->proc_handler)
                goto out;
 
+       /* don't even try if the size is too large */
+       if (count > KMALLOC_MAX_SIZE)
+               return -ENOMEM;
+
        if (write) {
                kbuf = memdup_user_nul(ubuf, count);
                if (IS_ERR(kbuf)) {