From: Sasha Levin <sashal@kernel.org>
To: linux-kernel@vger.kernel.org, stable@vger.kernel.org
Cc: Dmitry Kandybka <d.kandybka@gmail.com>,
Jakub Kicinski <kuba@kernel.org>, Sasha Levin <sashal@kernel.org>,
matttbe@kernel.org, martineau@kernel.org, davem@davemloft.net,
edumazet@google.com, pabeni@redhat.com, netdev@vger.kernel.org,
mptcp@lists.linux.dev
Subject: [PATCH AUTOSEL 6.11 73/87] mptcp: fix possible integer overflow in mptcp_reset_tout_timer
Date: Sun, 24 Nov 2024 08:38:51 -0500 [thread overview]
Message-ID: <20241124134102.3344326-73-sashal@kernel.org> (raw)
In-Reply-To: <20241124134102.3344326-1-sashal@kernel.org>
From: Dmitry Kandybka <d.kandybka@gmail.com>
[ Upstream commit b169e76ebad22cbd055101ee5aa1a7bed0e66606 ]
In 'mptcp_reset_tout_timer', promote 'probe_timestamp' to unsigned long
to avoid possible integer overflow. Compile tested only.
Found by Linux Verification Center (linuxtesting.org) with SVACE.
Signed-off-by: Dmitry Kandybka <d.kandybka@gmail.com>
Link: https://patch.msgid.link/20241107103657.1560536-1-d.kandybka@gmail.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
---
net/mptcp/protocol.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/net/mptcp/protocol.c b/net/mptcp/protocol.c
index 7913ba6b5daa3..31a7302c02a68 100644
--- a/net/mptcp/protocol.c
+++ b/net/mptcp/protocol.c
@@ -2728,8 +2728,8 @@ void mptcp_reset_tout_timer(struct mptcp_sock *msk, unsigned long fail_tout)
if (!fail_tout && !inet_csk(sk)->icsk_mtup.probe_timestamp)
return;
- close_timeout = inet_csk(sk)->icsk_mtup.probe_timestamp - tcp_jiffies32 + jiffies +
- mptcp_close_timeout(sk);
+ close_timeout = (unsigned long)inet_csk(sk)->icsk_mtup.probe_timestamp -
+ tcp_jiffies32 + jiffies + mptcp_close_timeout(sk);
/* the close timeout takes precedence on the fail one, and here at least one of
* them is active
--
2.43.0
next prev parent reply other threads:[~2024-11-24 13:45 UTC|newest]
Thread overview: 22+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <20241124134102.3344326-1-sashal@kernel.org>
2024-11-24 13:38 ` [PATCH AUTOSEL 6.11 25/87] r8169: don't apply UDP padding quirk on RTL8126A Sasha Levin
2024-11-24 13:38 ` [PATCH AUTOSEL 6.11 29/87] net: fec_mpc52xx_phy: Use %pa to format resource_size_t Sasha Levin
2024-11-24 13:38 ` [PATCH AUTOSEL 6.11 30/87] net: ethernet: fs_enet: " Sasha Levin
2024-11-24 13:38 ` [PATCH AUTOSEL 6.11 31/87] net/sched: cbs: Fix integer overflow in cbs_set_port_rate() Sasha Levin
2024-11-24 13:38 ` [PATCH AUTOSEL 6.11 32/87] af_packet: avoid erroring out after sock_init_data() in packet_create() Sasha Levin
2024-11-24 13:38 ` [PATCH AUTOSEL 6.11 36/87] net: ieee802154: do not leave a dangling sk pointer in ieee802154_create() Sasha Levin
2024-11-24 13:38 ` [PATCH AUTOSEL 6.11 37/87] net: inet: do not leave a dangling sk pointer in inet_create() Sasha Levin
2024-11-24 13:38 ` [PATCH AUTOSEL 6.11 38/87] net: inet6: do not leave a dangling sk pointer in inet6_create() Sasha Levin
2024-11-24 13:38 ` [PATCH AUTOSEL 6.11 45/87] net: sfp: change quirks for Alcatel Lucent G-010S-P Sasha Levin
2024-11-24 13:38 ` [PATCH AUTOSEL 6.11 46/87] net: stmmac: Programming sequence for VLAN packets with split header Sasha Levin
2024-11-24 13:38 ` [PATCH AUTOSEL 6.11 51/87] netlink: specs: Add missing bitset attrs to ethtool spec Sasha Levin
2024-11-24 13:38 ` [PATCH AUTOSEL 6.11 59/87] fsl/fman: Validate cell-index value obtained from Device Tree Sasha Levin
2024-11-24 13:38 ` [PATCH AUTOSEL 6.11 60/87] net/tcp: Add missing lockdep annotations for TCP-AO hlist traversals Sasha Levin
2024-11-24 13:38 ` [PATCH AUTOSEL 6.11 61/87] net: enetc: remove ERR050089 workaround for i.MX95 Sasha Levin
2024-11-24 13:38 ` [PATCH AUTOSEL 6.11 62/87] net: enetc: add i.MX95 EMDIO support Sasha Levin
2024-11-24 13:38 ` [PATCH AUTOSEL 6.11 67/87] virtio-net: fix overflow inside virtnet_rq_alloc Sasha Levin
2024-11-24 13:38 ` Sasha Levin [this message]
2024-11-24 13:38 ` [PATCH AUTOSEL 6.11 74/87] dsa: qca8k: Use nested lock to avoid splat Sasha Levin
2024-11-24 13:38 ` [PATCH AUTOSEL 6.11 80/87] Bluetooth: Add new quirks for ATS2851 Sasha Levin
2024-11-24 13:39 ` [PATCH AUTOSEL 6.11 85/87] rocker: fix link status detection in rocker_carrier_init() Sasha Levin
2024-11-24 13:39 ` [PATCH AUTOSEL 6.11 86/87] net/neighbor: clear error in case strict check is not set Sasha Levin
2024-11-24 13:39 ` [PATCH AUTOSEL 6.11 87/87] netpoll: Use rcu_access_pointer() in __netpoll_setup Sasha Levin
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20241124134102.3344326-73-sashal@kernel.org \
--to=sashal@kernel.org \
--cc=d.kandybka@gmail.com \
--cc=davem@davemloft.net \
--cc=edumazet@google.com \
--cc=kuba@kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=martineau@kernel.org \
--cc=matttbe@kernel.org \
--cc=mptcp@lists.linux.dev \
--cc=netdev@vger.kernel.org \
--cc=pabeni@redhat.com \
--cc=stable@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).