| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 22 Oct 2020 06:31:06 +0000
From: "Li, Ke" <keli@...mai.com>
To: Jakub Kicinski <kuba@...nel.org>
CC: "netdev@...r.kernel.org" <netdev@...r.kernel.org>,
"davem@...emloft.net" <davem@...emloft.net>,
"edumazet@...gle.com" <edumazet@...gle.com>,
"kli@...l.edu" <kli@...l.edu>, "Li, Ji" <jli@...mai.com>
Subject: Re: [PATCH net] net: Properly typecast int values to set
sk_max_pacing_rate
Thanks for review and comment, Jakub!
Please check my v2 patch.
Best,
-Ke
On 10/21/20, 8:53 PM, "Jakub Kicinski" <kuba@...nel.org> wrote:
On Mon, 19 Oct 2020 20:31:49 -0400 Ke Li wrote:
> In setsockopt(SO_MAX_PACING_RATE) on 64bit systems, sk_max_pacing_rate,
> after extended from 'u32' to 'unsigned long', takes unintentionally
> hiked value whenever assigned from an 'int' value with MSB=1, due to
> binary sign extension in promoting s32 to u64, e.g. 0x80000000 becomes
> 0xFFFFFFFF80000000.
>
> Thus inflated sk_max_pacing_rate causes subsequent getsockopt to return
> ~0U unexpectedly. It may also result in increased pacing rate.
>
> Fix by explicitly casting the 'int' value to 'unsigned int' before
> assigning it to sk_max_pacing_rate, for zero extension to happen.
>
> Fixes: 76a9ebe811fb ("net: extend sk_pacing_rate to unsigned long")
> Signed-off-by: Ji Li <jli@...mai.com>
> Signed-off-by: Ke Li <keli@...mai.com>
> Cc: Eric Dumazet <edumazet@...gle.com>
> ---
> net/core/filter.c | 2 +-
> net/core/sock.c | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/net/core/filter.c b/net/core/filter.c
> index c5e2a1c5fd8d..43f20c14864c 100644
> --- a/net/core/filter.c
> +++ b/net/core/filter.c
> @@ -4693,7 +4693,7 @@ static int _bpf_setsockopt(struct sock *sk, int level, int optname,
> cmpxchg(&sk->sk_pacing_status,
> SK_PACING_NONE,
> SK_PACING_NEEDED);
> - sk->sk_max_pacing_rate = (val == ~0U) ? ~0UL : val;
> + sk->sk_max_pacing_rate = (val == ~0U) ? ~0UL : (unsigned int)val;
Looks good, but please wrap this to 80 chars.
> sk->sk_pacing_rate = min(sk->sk_pacing_rate,
> sk->sk_max_pacing_rate);
> break;
> diff --git a/net/core/sock.c b/net/core/sock.c
> index 4e8729357122..727ea1cc633c 100644
> --- a/net/core/sock.c
> +++ b/net/core/sock.c
> @@ -1163,7 +1163,7 @@ int sock_setsockopt(struct socket *sock, int level, int optname,
>
> case SO_MAX_PACING_RATE:
> {
> - unsigned long ulval = (val == ~0U) ? ~0UL : val;
> + unsigned long ulval = (val == ~0U) ? ~0UL : (unsigned int)val;
>
> if (sizeof(ulval) != sizeof(val) &&
> optlen >= sizeof(ulval) &&
>
> base-commit: 0e8b8d6a2d85344d80dda5beadd98f5f86e8d3d3
Powered by blists - more mailing lists