[PATCH 5.15 178/196] ucounts: Handle wrapping in is_ucounts_overlimit

[Greg Kroah-Hartman]

From: Eric W. Biederman <ebiederm@xxxxxxxxxxxx>

commit 0cbae9e24fa7d6c6e9f828562f084da82217a0c5 upstream.

While examining is_ucounts_overlimit and reading the various messages
I realized that is_ucounts_overlimit fails to deal with counts that
may have wrapped.

Being wrapped should be a transitory state for counts and they should
never be wrapped for long, but it can happen so handle it.

Cc: stable@xxxxxxxxxxxxxxx
Fixes: 21d1c5e386bc ("Reimplement RLIMIT_NPROC on top of ucounts")
Link: https://lkml.kernel.org/r/20220216155832.680775-5-ebiederm@xxxxxxxxxxxx
Reviewed-by: Shuah Khan <skhan@xxxxxxxxxxxxxxxxxxx>
Signed-off-by: "Eric W. Biederman" <ebiederm@xxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 kernel/ucount.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/kernel/ucount.c
+++ b/kernel/ucount.c
@@ -344,7 +344,8 @@ bool is_ucounts_overlimit(struct ucounts
 	if (rlimit > LONG_MAX)
 		max = LONG_MAX;
 	for (iter = ucounts; iter; iter = iter->ns->ucounts) {
-		if (get_ucounts_value(iter, type) > max)
+		long val = get_ucounts_value(iter, type);
+		if (val < 0 || val > max)
 			return true;
 		max = READ_ONCE(iter->ns->ucount_max[type]);
 	}