| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <33893212b1cc4a418cec09aeeed0a9fc@AcuMS.aculab.com> Date: Fri, 6 Dec 2024 10:27:23 +0000 From: David Laight <David.Laight@...LAB.COM> To: "netdev@...r.kernel.org" <netdev@...r.kernel.org>, 'Naresh Kamboju' <naresh.kamboju@...aro.org>, 'Dan Carpenter' <dan.carpenter@...aro.org>, Julian Anastasov <ja@....bg>, "'pablo@...filter.org'" <pablo@...filter.org> CC: 'open list' <linux-kernel@...r.kernel.org>, "'lkft-triage@...ts.linaro.org'" <lkft-triage@...ts.linaro.org>, "'Linux Regressions'" <regressions@...ts.linux.dev>, 'Linux ARM' <linux-arm-kernel@...ts.infradead.org>, "'netfilter-devel@...r.kernel.org'" <netfilter-devel@...r.kernel.org>, 'Arnd Bergmann' <arnd@...db.de>, "'Anders Roxell'" <anders.roxell@...aro.org>, 'Johannes Berg' <johannes.berg@...el.com>, "'toke@...nel.org'" <toke@...nel.org>, 'Al Viro' <viro@...iv.linux.org.uk>, "'kernel@...rr.cc'" <kernel@...rr.cc>, "'kees@...nel.org'" <kees@...nel.org> Subject: [PATCH net] Fix clamp() of ip_vs_conn_tab on small memory systems. The intention of the code seems to be that the minimum table size should be 256 (1 << min). However the code uses max = clamp(20, 5, max_avail) which implies the author thought max_avail could be less than 5. But clamp(val, min, max) is only well defined for max >= min. If max < min whether is returns min or max depends on the order of the comparisons. Change to clamp(max_avail, 5, 20) which has the expected behaviour. Replace the clamp_val() on the line below with clamp(). clamp_val() is just 'an accident waiting to happen' and not needed here. Fixes: 4f325e26277b6 (Although I actually doubt the code is used on small memory systems.) Detected by compile time checks added to clamp(), specifically: minmax.h: use BUILD_BUG_ON_MSG() for the lo < hi test in clamp() Signed-off-by: David Laight <david.laight@...lab.com> --- net/netfilter/ipvs/ip_vs_conn.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/net/netfilter/ipvs/ip_vs_conn.c b/net/netfilter/ipvs/ip_vs_conn.c index 98d7dbe3d787..c0289f83f96d 100644 --- a/net/netfilter/ipvs/ip_vs_conn.c +++ b/net/netfilter/ipvs/ip_vs_conn.c @@ -1495,8 +1495,8 @@ int __init ip_vs_conn_init(void) max_avail -= 2; /* ~4 in hash row */ max_avail -= 1; /* IPVS up to 1/2 of mem */ max_avail -= order_base_2(sizeof(struct ip_vs_conn)); - max = clamp(max, min, max_avail); - ip_vs_conn_tab_bits = clamp_val(ip_vs_conn_tab_bits, min, max); + max = clamp(max_avail, min, max); + ip_vs_conn_tab_bits = clamp(ip_vs_conn_tab_bits, min, max); ip_vs_conn_tab_size = 1 << ip_vs_conn_tab_bits; ip_vs_conn_tab_mask = ip_vs_conn_tab_size - 1; -- 2.17.1 - Registered Address Lakeside, Bramley Road, Mount Farm, Milton Keynes, MK1 1PT, UK Registration No: 1397386 (Wales)
Powered by blists - more mailing lists