* [34/44] Limit sysctl_tcp_mem and sysctl_udp_mem initializers to prevent integer overflows. [not found] <20101208003205.GA4286@kroah.com> @ 2010-12-08 0:04 ` Greg KH 2010-12-08 1:22 ` Linus Torvalds 0 siblings, 1 reply; 6+ messages in thread From: Greg KH @ 2010-12-08 0:04 UTC (permalink / raw) To: linux-kernel, stable, David S. Miller Cc: stable-review, torvalds, akpm, alan, Robin Holt, Willy Tarreau, netdev, linux-sctp, Alexey Kuznetsov, Pekka Savola (ipv6), James Morris, Hideaki YOSHIFUJI, Patrick McHardy, Vlad Yasevich, Sridhar Samudrala 2.6.27-stable review patch. If anyone has any objections, please let us know. ------------------ From: Robin Holt <holt@sgi.com> [ Problem was fixed differently upstream. -DaveM ] On a 16TB x86_64 machine, sysctl_tcp_mem[2], sysctl_udp_mem[2], and sysctl_sctp_mem[2] can integer overflow. Set limit such that they are maximized without overflowing. Signed-off-by: Robin Holt <holt@sgi.com> To: "David S. Miller" <davem@davemloft.net> Cc: Willy Tarreau <w@1wt.eu> Cc: linux-kernel@vger.kernel.org Cc: netdev@vger.kernel.org Cc: linux-sctp@vger.kernel.org Cc: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru> Cc: "Pekka Savola (ipv6)" <pekkas@netcore.fi> Cc: James Morris <jmorris@namei.org> Cc: Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org> Cc: Patrick McHardy <kaber@trash.net> Cc: Vlad Yasevich <vladislav.yasevich@hp.com> Cc: Sridhar Samudrala <sri@us.ibm.com> Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de> --- net/ipv4/tcp.c | 4 +++- net/ipv4/udp.c | 4 +++- net/sctp/protocol.c | 4 +++- 3 files changed, 9 insertions(+), 3 deletions(-) --- a/net/ipv4/tcp.c +++ b/net/ipv4/tcp.c @@ -2754,12 +2754,14 @@ void __init tcp_init(void) /* Set the pressure threshold to be a fraction of global memory that * is up to 1/2 at 256 MB, decreasing toward zero with the amount of - * memory, with a floor of 128 pages. + * memory, with a floor of 128 pages, and a ceiling that prevents an + * integer overflow. */ nr_pages = totalram_pages - totalhigh_pages; limit = min(nr_pages, 1UL<<(28-PAGE_SHIFT)) >> (20-PAGE_SHIFT); limit = (limit * (nr_pages >> (20-PAGE_SHIFT))) >> (PAGE_SHIFT-11); limit = max(limit, 128UL); + limit = min(limit, INT_MAX * 4UL / 3 / 2); sysctl_tcp_mem[0] = limit / 4 * 3; sysctl_tcp_mem[1] = limit; sysctl_tcp_mem[2] = sysctl_tcp_mem[0] * 2; --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -1722,11 +1722,13 @@ void __init udp_init(void) /* Set the pressure threshold up by the same strategy of TCP. It is a * fraction of global memory that is up to 1/2 at 256 MB, decreasing - * toward zero with the amount of memory, with a floor of 128 pages. + * toward zero with the amount of memory, with a floor of 128 pages, + * and a ceiling that prevents an integer overflow. */ limit = min(nr_all_pages, 1UL<<(28-PAGE_SHIFT)) >> (20-PAGE_SHIFT); limit = (limit * (nr_all_pages >> (20-PAGE_SHIFT))) >> (PAGE_SHIFT-11); limit = max(limit, 128UL); + limit = min(limit, INT_MAX * 4UL / 3 / 2); sysctl_udp_mem[0] = limit / 4 * 3; sysctl_udp_mem[1] = limit; sysctl_udp_mem[2] = sysctl_udp_mem[0] * 2; --- a/net/sctp/protocol.c +++ b/net/sctp/protocol.c @@ -1179,7 +1179,8 @@ SCTP_STATIC __init int sctp_init(void) /* Set the pressure threshold to be a fraction of global memory that * is up to 1/2 at 256 MB, decreasing toward zero with the amount of - * memory, with a floor of 128 pages. + * memory, with a floor of 128 pages, and a ceiling that prevents an + * integer overflow. * Note this initalizes the data in sctpv6_prot too * Unabashedly stolen from tcp_init */ @@ -1187,6 +1188,7 @@ SCTP_STATIC __init int sctp_init(void) limit = min(nr_pages, 1UL<<(28-PAGE_SHIFT)) >> (20-PAGE_SHIFT); limit = (limit * (nr_pages >> (20-PAGE_SHIFT))) >> (PAGE_SHIFT-11); limit = max(limit, 128UL); + limit = min(limit, INT_MAX * 4UL / 3 / 2); sysctl_sctp_mem[0] = limit / 4 * 3; sysctl_sctp_mem[1] = limit; sysctl_sctp_mem[2] = sysctl_sctp_mem[0] * 2; ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [34/44] Limit sysctl_tcp_mem and sysctl_udp_mem initializers to prevent integer overflows. 2010-12-08 0:04 ` [34/44] Limit sysctl_tcp_mem and sysctl_udp_mem initializers to prevent integer overflows Greg KH @ 2010-12-08 1:22 ` Linus Torvalds 2010-12-08 4:16 ` Greg KH 0 siblings, 1 reply; 6+ messages in thread From: Linus Torvalds @ 2010-12-08 1:22 UTC (permalink / raw) To: Greg KH Cc: linux-kernel, stable, David S. Miller, stable-review, akpm, alan, Robin Holt, Willy Tarreau, netdev, linux-sctp, Alexey Kuznetsov, Pekka Savola (ipv6), James Morris, Hideaki YOSHIFUJI, Patrick McHardy, Vlad Yasevich, Sridhar Samudrala On Tue, Dec 7, 2010 at 4:04 PM, Greg KH <gregkh@suse.de> wrote: > > From: Robin Holt <holt@sgi.com> > > [ Problem was fixed differently upstream. -DaveM ] Gaah. I'd really like to see more of a description for things like this. A commit ID for the alternate fix, or at least a few words about the different fix or reason why upstream doesn't need the stable commit. Linus ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [34/44] Limit sysctl_tcp_mem and sysctl_udp_mem initializers to prevent integer overflows. 2010-12-08 1:22 ` Linus Torvalds @ 2010-12-08 4:16 ` Greg KH 2010-12-08 5:50 ` Eric Dumazet 0 siblings, 1 reply; 6+ messages in thread From: Greg KH @ 2010-12-08 4:16 UTC (permalink / raw) To: Linus Torvalds Cc: linux-kernel, stable, David S. Miller, stable-review, akpm, alan, Robin Holt, Willy Tarreau, netdev, linux-sctp, Alexey Kuznetsov, Pekka Savola (ipv6), James Morris, Hideaki YOSHIFUJI, Patrick McHardy, Vlad Yasevich, Sridhar Samudrala On Tue, Dec 07, 2010 at 05:22:34PM -0800, Linus Torvalds wrote: > On Tue, Dec 7, 2010 at 4:04 PM, Greg KH <gregkh@suse.de> wrote: > > > > From: Robin Holt <holt@sgi.com> > > > > [ Problem was fixed differently upstream. -DaveM ] > > Gaah. I'd really like to see more of a description for things like > this. A commit ID for the alternate fix, or at least a few words about > the different fix or reason why upstream doesn't need the stable > commit. I'll let David confirm this, he's the one who sent it to me :) thanks, greg k-h ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [34/44] Limit sysctl_tcp_mem and sysctl_udp_mem initializers to prevent integer overflows. 2010-12-08 4:16 ` Greg KH @ 2010-12-08 5:50 ` Eric Dumazet 2010-12-08 16:25 ` David Miller 0 siblings, 1 reply; 6+ messages in thread From: Eric Dumazet @ 2010-12-08 5:50 UTC (permalink / raw) To: Greg KH Cc: Linus Torvalds, linux-kernel, stable, David S. Miller, stable-review, akpm, alan, Robin Holt, Willy Tarreau, netdev, linux-sctp, Alexey Kuznetsov, Pekka Savola (ipv6), James Morris, Hideaki YOSHIFUJI, Patrick McHardy, Vlad Yasevich, Sridhar Samudrala Le mardi 07 décembre 2010 à 20:16 -0800, Greg KH a écrit : > On Tue, Dec 07, 2010 at 05:22:34PM -0800, Linus Torvalds wrote: > > On Tue, Dec 7, 2010 at 4:04 PM, Greg KH <gregkh@suse.de> wrote: > > > > > > From: Robin Holt <holt@sgi.com> > > > > > > [ Problem was fixed differently upstream. -DaveM ] > > > > Gaah. I'd really like to see more of a description for things like > > this. A commit ID for the alternate fix, or at least a few words about > > the different fix or reason why upstream doesn't need the stable > > commit. > > I'll let David confirm this, he's the one who sent it to me :) upstream uses commit 8d987e5c7510 (net: avoid limits overflow) This commit is a bit more untrusive for stable kernels : It depends on : a9febbb4bd13 (sysctl: min/max bounds are optional) 27b3d80a7b6a (sysctl: fix min/max handling in __do_proc_doulongvec_minmax()) ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [34/44] Limit sysctl_tcp_mem and sysctl_udp_mem initializers to prevent integer overflows. 2010-12-08 5:50 ` Eric Dumazet @ 2010-12-08 16:25 ` David Miller 2010-12-08 23:13 ` Greg KH 0 siblings, 1 reply; 6+ messages in thread From: David Miller @ 2010-12-08 16:25 UTC (permalink / raw) To: eric.dumazet Cc: gregkh, torvalds, linux-kernel, stable, stable-review, akpm, alan, holt, w, netdev, linux-sctp, kuznet, pekkas, jmorris, yoshfuji, kaber, vladislav.yasevich, sri From: Eric Dumazet <eric.dumazet@gmail.com> Date: Wed, 08 Dec 2010 06:50:45 +0100 > Le mardi 07 décembre 2010 à 20:16 -0800, Greg KH a écrit : >> On Tue, Dec 07, 2010 at 05:22:34PM -0800, Linus Torvalds wrote: >> > On Tue, Dec 7, 2010 at 4:04 PM, Greg KH <gregkh@suse.de> wrote: >> > > >> > > From: Robin Holt <holt@sgi.com> >> > > >> > > [ Problem was fixed differently upstream. -DaveM ] >> > >> > Gaah. I'd really like to see more of a description for things like >> > this. A commit ID for the alternate fix, or at least a few words about >> > the different fix or reason why upstream doesn't need the stable >> > commit. >> >> I'll let David confirm this, he's the one who sent it to me :) > > upstream uses commit 8d987e5c7510 (net: avoid limits overflow) > > This commit is a bit more untrusive for stable kernels : > > It depends on : > a9febbb4bd13 (sysctl: min/max bounds are optional) > 27b3d80a7b6a (sysctl: fix min/max handling in __do_proc_doulongvec_minmax()) Yep, this is the case. Greg, you can add a reference to: a9febbb4bd13 27b3d80a7b6a 8d987e5c7510 in my "[ ... ]" in the commit message to clear this up. ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [34/44] Limit sysctl_tcp_mem and sysctl_udp_mem initializers to prevent integer overflows. 2010-12-08 16:25 ` David Miller @ 2010-12-08 23:13 ` Greg KH 0 siblings, 0 replies; 6+ messages in thread From: Greg KH @ 2010-12-08 23:13 UTC (permalink / raw) To: David Miller Cc: pekkas, eric.dumazet, kaber, yoshfuji, netdev, linux-kernel, stable, vladislav.yasevich, linux-sctp, w, holt, kuznet, akpm, jmorris, torvalds, stable-review, alan, sri On Wed, Dec 08, 2010 at 08:25:22AM -0800, David Miller wrote: > From: Eric Dumazet <eric.dumazet@gmail.com> > Date: Wed, 08 Dec 2010 06:50:45 +0100 > > > Le mardi 07 décembre 2010 à 20:16 -0800, Greg KH a écrit : > >> On Tue, Dec 07, 2010 at 05:22:34PM -0800, Linus Torvalds wrote: > >> > On Tue, Dec 7, 2010 at 4:04 PM, Greg KH <gregkh@suse.de> wrote: > >> > > > >> > > From: Robin Holt <holt@sgi.com> > >> > > > >> > > [ Problem was fixed differently upstream. -DaveM ] > >> > > >> > Gaah. I'd really like to see more of a description for things like > >> > this. A commit ID for the alternate fix, or at least a few words about > >> > the different fix or reason why upstream doesn't need the stable > >> > commit. > >> > >> I'll let David confirm this, he's the one who sent it to me :) > > > > upstream uses commit 8d987e5c7510 (net: avoid limits overflow) > > > > This commit is a bit more untrusive for stable kernels : > > > > It depends on : > > a9febbb4bd13 (sysctl: min/max bounds are optional) > > 27b3d80a7b6a (sysctl: fix min/max handling in __do_proc_doulongvec_minmax()) > > Yep, this is the case. Greg, you can add a reference to: > > a9febbb4bd13 > 27b3d80a7b6a > 8d987e5c7510 > > in my "[ ... ]" in the commit message to clear this up. Now added, thanks. greg k-h ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2010-12-08 23:13 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <20101208003205.GA4286@kroah.com>
2010-12-08 0:04 ` [34/44] Limit sysctl_tcp_mem and sysctl_udp_mem initializers to prevent integer overflows Greg KH
2010-12-08 1:22 ` Linus Torvalds
2010-12-08 4:16 ` Greg KH
2010-12-08 5:50 ` Eric Dumazet
2010-12-08 16:25 ` David Miller
2010-12-08 23:13 ` Greg KH
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).