diff options
| author | Miaohe Lin <linmiaohe@huawei.com> | 2022-03-22 16:09:18 +0800 |
|---|---|---|
| committer | Eric W. Biederman <ebiederm@xmission.com> | 2022-03-23 11:16:59 -0500 |
| commit | e97824ff663ce3509fe040431c713182c2f058b1 (patch) | |
| tree | e034a0a6eddcd8b5654efbe3f744949e73e2ff47 /kernel/seccomp.c | |
| parent | ffb217a13a2eaf6d5bd974fc83036a53ca69f1e2 (diff) | |
mm/mlock: fix two bugs in user_shm_lock()
user_shm_lock forgets to set allowed to 0 when get_ucounts fails. So the
later user_shm_unlock might do the extra dec_rlimit_ucounts. Also in the
RLIM_INFINITY case, user_shm_lock will success regardless of the value of
memlock where memblock == LONG_MAX && !capable(CAP_IPC_LOCK) should fail.
Fix all of these by changing the code to leave lock_limit at ULONG_MAX aka
RLIM_INFINITY, leave "allowed" initialized to 0 and remove the special case
of RLIM_INFINITY as nothing can be greater than ULONG_MAX.
Credit goes to Eric W. Biederman for proposing simplifying the code and
thus catching the later bug.
Fixes: d7c9e99aee48 ("Reimplement RLIMIT_MEMLOCK on top of ucounts")
Signed-off-by: Miaohe Lin <linmiaohe@huawei.com>
Cc: stable@vger.kernel.org
v1: https://lkml.kernel.org/r/20220310132417.41189-1-linmiaohe@huawei.com
v2: https://lkml.kernel.org/r/20220314064039.62972-1-linmiaohe@huawei.com
Link: https://lkml.kernel.org/r/20220322080918.59861-1-linmiaohe@huawei.com
Signed-off-by: Eric W. Biederman <ebiederm@xmission.com>
Diffstat (limited to 'kernel/seccomp.c')
0 files changed, 0 insertions, 0 deletions