[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20071015124919.30ed8f06.akpm@linux-foundation.org>
Date: Mon, 15 Oct 2007 12:49:19 -0700
From: Andrew Morton <akpm@...ux-foundation.org>
To: Anton Arapov <aarapov@...hat.com>
Cc: linux-kernel@...r.kernel.org, linux-netdev@...r.kernel.org,
davem@...hat.com, jgarzik@...hat.com
Subject: Re: [PATCH] ipv4: kernel panic when only one unsecured port
available
On Tue, 09 Oct 2007 15:59:14 +0200
Anton Arapov <aarapov@...hat.com> wrote:
> Steps to reproduce:
> Server:
> [root@...ver ~]# cat /etc/exports
> /export *(ro,insecure)
> // there is insecure ... I am using ports like "1024 to 61000"
> [root@...ver ~] service nfs restart
>
> Client:
> 1.[root@...ent ~]# echo 32768 32768 > /proc/sys/net/ipv4/ip_local_port_range
> 32768 32768
> // two same numbers, for ex "32769 32769" etc.
> 2.[root@...ent ~]# cat /proc/sys/net/ipv4/ip_local_port_range
> 32768 32768
> 3.[root@...ent ~]# mount server:/export /import
>
> Actual results:
> Kernel always panics
>
> --------------------------------------------------------------------
> [PATCH] ipv4: kernel panic when only one unsecured port available
>
> Patch prevents division by zero. Kernel panics if only one
> unsecured port available.
>
> Signed-off-by: Anton Arapov <aarapov@...hat.com>
> ---
>
> net/ipv4/inet_connection_sock.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
> index fbe7714..00ad079 100644
> --- a/net/ipv4/inet_connection_sock.c
> +++ b/net/ipv4/inet_connection_sock.c
> @@ -80,7 +80,7 @@ int inet_csk_get_port(struct inet_hashinfo *hashinfo,
> int low = sysctl_local_port_range[0];
> int high = sysctl_local_port_range[1];
> int remaining = (high - low) + 1;
> - int rover = net_random() % (high - low) + low;
> + int rover = net_random() % remaining + low;
>
> do {
> head = &hashinfo->bhash[inet_bhashfn(rover, hashinfo->bhash_size)];
>
This code has recently been reworked, but from my reading, that
divide-by-zero can still occur. And given that the numbers in
/proc/sys/net/ipv4/ip_local_port_range are inclusive, the arithmetic in
inet_csk_get_port() seems to just be wrong?
So we have this, against David's current devel tree:
--- a/net/ipv4/inet_connection_sock.c~ipv4-kernel-panic-when-only-one-unsecured-port-available
+++ a/net/ipv4/inet_connection_sock.c
@@ -93,7 +93,7 @@ int inet_csk_get_port(struct inet_hashin
int remaining, rover, low, high;
inet_get_local_port_range(&low, &high);
- remaining = high - low;
+ remaining = high - low + 1;
rover = net_random() % remaining + low;
do {
_
btw, mime-mangled gpg-fancified emails are rather a pain to handle at the
receivnig end. Good old text/plain works better, please.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists