| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <a4a786c0-85f5-a134-bcd0-ace8edf7762a@huawei.com>
Date: Sun, 28 Apr 2019 11:03:54 +0800
From: linmiaohe <linmiaohe@...wei.com>
To: Julian Anastasov <ja@....bg>
CC: <wensong@...ux-vs.org>, <horms@...ge.net.au>,
<pablo@...filter.org>, <kadlec@...ckhole.kfki.hu>, <fw@...len.de>,
<davem@...emloft.net>, <netdev@...r.kernel.org>,
<lvs-devel@...r.kernel.org>, <netfilter-devel@...r.kernel.org>,
<coreteam@...filter.org>, <linux-kernel@...r.kernel.org>,
<eric.dumazet@...il.com>, Mingfangsen <mingfangsen@...wei.com>,
<liujie165@...wei.com>
Subject: Re: [PATCH v2] ipvs:set sock send/receive buffer correctly
On 2019/4/22 2:48, Julian Anastasov wrote:
>
> Hello,
>
> On Thu, 18 Apr 2019, linmiaohe wrote:
>
>> From: Jie Liu <liujie165@...wei.com>
>>
>> If we set sysctl_wmem_max or sysctl_rmem_max larger than INT_MAX, the
>> send/receive buffer of sock will be an negative value. Same as when
>> the val is larger than INT_MAX/2.
>>
>> Fixes: 1c003b1580e2 ("ipvs: wakeup master thread")
>> Reported-by: Qiang Ning <ningqiang1@...wei.com>
>> Reviewed-by: Miaohe Lin <linmiaohe@...wei.com>
>> Signed-off-by: Jie Liu <liujie165@...wei.com>
>
> Looks good to me, thanks!
>
> Acked-by: Julian Anastasov <ja@....bg>
>
>> ---
>> net/netfilter/ipvs/ip_vs_sync.c | 20 ++++++++++++++------
>> 1 file changed, 14 insertions(+), 6 deletions(-)
>>
>> diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c
>> index 2526be6b3d90..760f3364d4a2 100644
>> --- a/net/netfilter/ipvs/ip_vs_sync.c
>> +++ b/net/netfilter/ipvs/ip_vs_sync.c
>> @@ -1278,14 +1278,22 @@ static void set_sock_size(struct sock *sk, int mode, int val)
>> /* setsockopt(sock, SOL_SOCKET, SO_RCVBUF, &val, sizeof(val)); */
>> lock_sock(sk);
>> if (mode) {
>> - val = clamp_t(int, val, (SOCK_MIN_SNDBUF + 1) / 2,
>> - sysctl_wmem_max);
>> - sk->sk_sndbuf = val * 2;
>> + val = min_t(u32, val, sysctl_wmem_max);
>> +
>> + /* Ensure val * 2 fits into an int, to prevent max_t()
>> + * from treating it as a negative value.
>> + */
>> + val = min_t(int, val, INT_MAX / 2);
>> + sk->sk_sndbuf = max_t(int, val * 2, SOCK_MIN_SNDBUF);
>> sk->sk_userlocks |= SOCK_SNDBUF_LOCK;
>> } else {
>> - val = clamp_t(int, val, (SOCK_MIN_RCVBUF + 1) / 2,
>> - sysctl_rmem_max);
>> - sk->sk_rcvbuf = val * 2;
>> + val = min_t(u32, val, sysctl_rmem_max);
>> +
>> + /* Ensure val * 2 fits into an int, to prevent max_t()
>> + * from treating it as a negative value.
>> + */
>> + val = min_t(int, val, INT_MAX / 2);
>> + sk->sk_rcvbuf = max_t(int, val * 2, SOCK_MIN_RCVBUF);
>> sk->sk_userlocks |= SOCK_RCVBUF_LOCK;
>> }
>> release_sock(sk);
>> --
>
> Regards
>
> --
> Julian Anastasov <ja@....bg>
>
> .
>
Hi all,
Could you please tell me if there is still any problem?
Many thanks.
Powered by blists - more mailing lists