Bug#728759: linux - compat_sys_getrlimit returns values compat_sys_setrlimit does not like

[Bastian Blank <waldi@debian.org>]

Control: tags -1 patch

On Tue, Nov 05, 2013 at 09:29:42AM +0100, Bastian Blank wrote:
> compat_sys_getrlimit clips all values above COMPAT_RLIM_INFINITY.  So
> any large values between COMPAT_RLIM_INFINITY and RLIM_INFINITY is
> returned as the same value COMPAT_RLIM_INFINITY.

Untested patch.  It converts COMPAT_RLIM_INFINITY <= x < RLIM_INFINITY
to COMPAT_RLIM_INFINITY - 1.  It would also work around the wrong
userspace definition on mips for anything that does not explicitely
request infinity (which would be broken anyway).

It assumes that COMPAT_RLIM_INFINITY <= RLIM_INFINITY.

Bastian

-- 
Conquest is easy. Control is not.
		-- Kirk, "Mirror, Mirror", stardate unknown

diff --git a/kernel/compat.c b/kernel/compat.c
index 0a09e48..7e5dfa7 100644
--- a/kernel/compat.c
+++ b/kernel/compat.c
@@ -478,10 +478,15 @@ asmlinkage long compat_sys_getrlimit(unsigned int resource,
 
 	ret = do_prlimit(current, resource, NULL, &r);
 	if (!ret) {
-		if (r.rlim_cur > COMPAT_RLIM_INFINITY)
+		if (r.rlim_cur == RLIM_INFINITY)
 			r.rlim_cur = COMPAT_RLIM_INFINITY;
-		if (r.rlim_max > COMPAT_RLIM_INFINITY)
+		else if (r.rlim_cur >= COMPAT_RLIM_INFINITY)
+			r.rlim_cur = COMPAT_RLIM_INFINITY - 1;
+
+		if (r.rlim_max == RLIM_INFINITY)
 			r.rlim_max = COMPAT_RLIM_INFINITY;
+		else if (r.rlim_max >= COMPAT_RLIM_INFINITY)
+			r.rlim_max = COMPAT_RLIM_INFINITY - 1;
 
 		if (!access_ok(VERIFY_WRITE, rlim, sizeof(*rlim)) ||
 		    __put_user(r.rlim_cur, &rlim->rlim_cur) ||