[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CANn89iK2N5Vo3XoTcxHJWu3XtDD=B1Axnr1axx-NbKvnAEHXxw@mail.gmail.com>
Date: Fri, 21 Oct 2022 09:01:28 -0700
From: Eric Dumazet <edumazet@...gle.com>
To: Lu Wei <luwei32@...wei.com>
Cc: davem@...emloft.net, kuba@...nel.org, pabeni@...hat.com,
yoshfuji@...ux-ipv6.org, dsahern@...nel.org, ast@...nel.org,
martin.lau@...nel.org, kuniyu@...zon.com, asml.silence@...il.com,
imagedong@...cent.com, ncardwell@...gle.com,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH net,v3] tcp: fix a signed-integer-overflow bug in tcp_add_backlog()
On Thu, Oct 20, 2022 at 8:03 PM Lu Wei <luwei32@...wei.com> wrote:
>
> The type of sk_rcvbuf and sk_sndbuf in struct sock is int, and
> in tcp_add_backlog(), the variable limit is caculated by adding
> sk_rcvbuf, sk_sndbuf and 64 * 1024, it may exceed the max value
> of int and overflow. This patch reduces the limit budget by
> halving the sndbuf to solve this issue since ACK packets are much
> smaller than the payload.
>
> Fixes: c9c3321257e1 ("tcp: add tcp_add_backlog()")
> Signed-off-by: Lu Wei <luwei32@...wei.com>
Reviewed-by: Eric Dumazet <edumazet@...gle.com>
Powered by blists - more mailing lists