Merge v6.12.43

Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2025-08-20 18:30:58 +0200
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2025-08-20 18:30:58 +0200
commit: 1b39e7de5f4110f0dfda32693b968ab7709977ec (patch)
tree: 76cde8070b62733e06a06aee40cc266a1d9dd54f /fs/file.c
parent: cd5b27c9e334ff91ec39647957a3bdf75f171938 (diff)
parent: 9becd7c25c61ae7e5b6fbfc3c226b1f23af7638c (diff)
1 files changed, 15 insertions, 0 deletions
diff --git a/fs/file.c b/fs/file.c
index b6fb6d18ac3b..4579c3296498 100644
--- a/fs/file.c
+++ b/fs/file.c
@@ -126,6 +126,21 @@ static struct fdtable * alloc_fdtable(unsigned int nr)
 	if (unlikely(nr > sysctl_nr_open))
 		nr = ((sysctl_nr_open - 1) | (BITS_PER_LONG - 1)) + 1;
 
+	/*
+	 * Check if the allocation size would exceed INT_MAX. kvmalloc_array()
+	 * and kvmalloc() will warn if the allocation size is greater than
+	 * INT_MAX, as filp_cachep objects are not __GFP_NOWARN.
+	 *
+	 * This can happen when sysctl_nr_open is set to a very high value and
+	 * a process tries to use a file descriptor near that limit. For example,
+	 * if sysctl_nr_open is set to 1073741816 (0x3ffffff8) - which is what
+	 * systemd typically sets it to - then trying to use a file descriptor
+	 * close to that value will require allocating a file descriptor table
+	 * that exceeds 8GB in size.
+	 */
+	if (unlikely(nr > INT_MAX / sizeof(struct file *)))
+		return ERR_PTR(-EMFILE);
+
 	fdt = kmalloc(sizeof(struct fdtable), GFP_KERNEL_ACCOUNT);
 	if (!fdt)
 		goto out;
author	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2025-08-20 18:30:58 +0200
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2025-08-20 18:30:58 +0200
commit	1b39e7de5f4110f0dfda32693b968ab7709977ec (patch)
tree	76cde8070b62733e06a06aee40cc266a1d9dd54f /fs/file.c
parent	cd5b27c9e334ff91ec39647957a3bdf75f171938 (diff)
parent	9becd7c25c61ae7e5b6fbfc3c226b1f23af7638c (diff)