[PATCH] ipv4: kernel panic when only one unsecured port available

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH] ipv4: kernel panic when only one unsecured port available
@ 2007-10-09 14:01 Anton Arapov
  2007-10-10  6:54 ` Denis V. Lunev
  0 siblings, 1 reply; 7+ messages in thread
From: Anton Arapov @ 2007-10-09 14:01 UTC (permalink / raw)
  To: netdev

[-- Attachment #1: Type: text/plain, Size: 1584 bytes --]

Steps to reproduce:
Server:
  [root@server ~]# cat /etc/exports
  /export *(ro,insecure)
// there is insecure ... I am using ports like "1024 to 61000"
  [root@server ~] service nfs restart 

Client:
  1.[root@client ~]# echo 32768 32768 > /proc/sys/net/ipv4/ip_local_port_range
  32768   32768
// two same numbers, for ex "32769 32769" etc.
  2.[root@client ~]# cat /proc/sys/net/ipv4/ip_local_port_range
  32768   32768
  3.[root@client ~]# mount server:/export /import
  
Actual results:
  Kernel always panics 

--------------------------------------------------------------------
[PATCH] ipv4: kernel panic when only one unsecured port available

  Patch prevents division by zero. Kernel panics if only one 
unsecured port available.

Signed-off-by: Anton Arapov <aarapov@redhat.com>
---

 net/ipv4/inet_connection_sock.c |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
index fbe7714..00ad079 100644
--- a/net/ipv4/inet_connection_sock.c
+++ b/net/ipv4/inet_connection_sock.c
@@ -80,7 +80,7 @@ int inet_csk_get_port(struct inet_hashinfo *hashinfo,
 		int low = sysctl_local_port_range[0];
 		int high = sysctl_local_port_range[1];
 		int remaining = (high - low) + 1;
-		int rover = net_random() % (high - low) + low;
+		int rover = net_random() % remaining + low;
 
 		do {
 			head = &hashinfo->bhash[inet_bhashfn(rover, hashinfo->bhash_size)];

-- 
Anton Arapov, <aarapov@redhat.com>
Kernel Development, Red Hat
GPG Key ID: 0x6FA8C812

[-- Attachment #2: Type: application/pgp-signature, Size: 188 bytes --]

^ permalink raw reply related	[flat|nested] 7+ messages in thread

* Re: [PATCH] ipv4: kernel panic when only one unsecured port available
  2007-10-09 14:01 [PATCH] ipv4: kernel panic when only one unsecured port available Anton Arapov
@ 2007-10-10  6:54 ` Denis V. Lunev
  2007-10-10  8:19   ` Anton Arapov
  0 siblings, 1 reply; 7+ messages in thread
From: Denis V. Lunev @ 2007-10-10  6:54 UTC (permalink / raw)
  To: Anton Arapov; +Cc: netdev

This code is broken from the very beginning.

iris den # cat /proc/sys/net/ipv4/ip_local_port_range
32768   61000
iris den # echo 32768 32 >/proc/sys/net/ipv4/ip_local_port_range
iris den # cat /proc/sys/net/ipv4/ip_local_port_range
32768   32
iris den # echo 32768 61000 >/proc/sys/net/ipv4/ip_local_port_range

Regards,
	Den

Anton Arapov wrote:
> Steps to reproduce:
> Server:
>   [root@server ~]# cat /etc/exports
>   /export *(ro,insecure)
> // there is insecure ... I am using ports like "1024 to 61000"
>   [root@server ~] service nfs restart 
> 
> Client:
>   1.[root@client ~]# echo 32768 32768 > /proc/sys/net/ipv4/ip_local_port_range
>   32768   32768
> // two same numbers, for ex "32769 32769" etc.
>   2.[root@client ~]# cat /proc/sys/net/ipv4/ip_local_port_range
>   32768   32768
>   3.[root@client ~]# mount server:/export /import
>   
> Actual results:
>   Kernel always panics 
> 
> --------------------------------------------------------------------
> [PATCH] ipv4: kernel panic when only one unsecured port available
> 
>   Patch prevents division by zero. Kernel panics if only one 
> unsecured port available.
> 
> Signed-off-by: Anton Arapov <aarapov@redhat.com>
> ---
> 
>  net/ipv4/inet_connection_sock.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
> index fbe7714..00ad079 100644
> --- a/net/ipv4/inet_connection_sock.c
> +++ b/net/ipv4/inet_connection_sock.c
> @@ -80,7 +80,7 @@ int inet_csk_get_port(struct inet_hashinfo *hashinfo,
>  		int low = sysctl_local_port_range[0];
>  		int high = sysctl_local_port_range[1];
>  		int remaining = (high - low) + 1;
> -		int rover = net_random() % (high - low) + low;
> +		int rover = net_random() % remaining + low;
>  
>  		do {
>  			head = &hashinfo->bhash[inet_bhashfn(rover, hashinfo->bhash_size)];
> 


^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] ipv4: kernel panic when only one unsecured port available
  2007-10-10  6:54 ` Denis V. Lunev
@ 2007-10-10  8:19   ` Anton Arapov
  2007-10-10  8:27     ` Denis V. Lunev
  0 siblings, 1 reply; 7+ messages in thread
From: Anton Arapov @ 2007-10-10  8:19 UTC (permalink / raw)
  To: Denis V. Lunev; +Cc: netdev

[-- Attachment #1: Type: text/plain, Size: 792 bytes --]

Hi,

"Denis V. Lunev" <den@sw.ru> writes:
> This code is broken from the very beginning.
>
> iris den # cat /proc/sys/net/ipv4/ip_local_port_range
> 32768   61000
> iris den # echo 32768 32 >/proc/sys/net/ipv4/ip_local_port_range
> iris den # cat /proc/sys/net/ipv4/ip_local_port_range
> 32768   32
> iris den # echo 32768 61000 >/proc/sys/net/ipv4/ip_local_port_range

  If you're talking about checks in sysctl, I believe it should be
another patch for sysctl only, and I'm going to push it via -mm tree.

  the devision by zero exists in inet_connection_socket.c, and must be
fixed for sure because the situation with the same min and max port
numbers in sysctl are possible and not prohibited.

Cheers!
-- 
Anton Arapov, <aarapov@redhat.com>
GPG Key ID: 0x6FA8C812

[-- Attachment #2: Type: application/pgp-signature, Size: 188 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] ipv4: kernel panic when only one unsecured port available
  2007-10-10  8:19   ` Anton Arapov
@ 2007-10-10  8:27     ` Denis V. Lunev
  2007-10-10  8:31       ` Anton Arapov
  0 siblings, 1 reply; 7+ messages in thread
From: Denis V. Lunev @ 2007-10-10  8:27 UTC (permalink / raw)
  To: Anton Arapov; +Cc: netdev

Anton Arapov wrote:
> Hi,
> 
> "Denis V. Lunev" <den@sw.ru> writes:
>> This code is broken from the very beginning.
>>
>> iris den # cat /proc/sys/net/ipv4/ip_local_port_range
>> 32768   61000
>> iris den # echo 32768 32 >/proc/sys/net/ipv4/ip_local_port_range
>> iris den # cat /proc/sys/net/ipv4/ip_local_port_range
>> 32768   32
>> iris den # echo 32768 61000 >/proc/sys/net/ipv4/ip_local_port_range
> 
>   If you're talking about checks in sysctl, I believe it should be
> another patch for sysctl only, and I'm going to push it via -mm tree.
> 
>   the devision by zero exists in inet_connection_socket.c, and must be
> fixed for sure because the situation with the same min and max port
> numbers in sysctl are possible and not prohibited.
> 
> Cheers!

your patch change nothing :( unfortunately. If I set '32768 32767' it
will oops again.

Regards,
	Den

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] ipv4: kernel panic when only one unsecured port available
  2007-10-10  8:27     ` Denis V. Lunev
@ 2007-10-10  8:31       ` Anton Arapov
  2007-10-10  8:38         ` Denis V. Lunev
  0 siblings, 1 reply; 7+ messages in thread
From: Anton Arapov @ 2007-10-10  8:31 UTC (permalink / raw)
  To: Denis V. Lunev; +Cc: netdev

[-- Attachment #1: Type: text/plain, Size: 1230 bytes --]

"Denis V. Lunev" <den@sw.ru> writes:
> Anton Arapov wrote: 
>> "Denis V. Lunev" <den@sw.ru> writes:
>>> This code is broken from the very beginning.
>>>
>>> iris den # cat /proc/sys/net/ipv4/ip_local_port_range
>>> 32768   61000
>>> iris den # echo 32768 32 >/proc/sys/net/ipv4/ip_local_port_range
>>> iris den # cat /proc/sys/net/ipv4/ip_local_port_range
>>> 32768   32
>>> iris den # echo 32768 61000 >/proc/sys/net/ipv4/ip_local_port_range
>> 
>>   If you're talking about checks in sysctl, I believe it should be
>> another patch for sysctl only, and I'm going to push it via -mm tree.
>> 
>>   the devision by zero exists in inet_connection_socket.c, and must be
>> fixed for sure because the situation with the same min and max port
>> numbers in sysctl are possible and not prohibited.
>> 
>> Cheers!
>
> your patch change nothing :( unfortunately. If I set '32768 32767' it
> will oops again.

  Patch prevents the system crash. System traps on division by zero.

  Your case(MAX<MIN) must be handled by sysctl. Do you want to say
that I have to join patch for sysctl.c to this one? It's bad idea.

-- 
Anton Arapov, <aarapov@redhat.com>
Kernel Development, Red Hat
GPG Key ID: 0x6FA8C812

[-- Attachment #2: Type: application/pgp-signature, Size: 188 bytes --]

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] ipv4: kernel panic when only one unsecured port available
  2007-10-10  8:31       ` Anton Arapov
@ 2007-10-10  8:38         ` Denis V. Lunev
  2007-10-10  8:44           ` David Miller
  0 siblings, 1 reply; 7+ messages in thread
From: Denis V. Lunev @ 2007-10-10  8:38 UTC (permalink / raw)
  To: Anton Arapov; +Cc: netdev

Anton Arapov wrote:
> "Denis V. Lunev" <den@sw.ru> writes:
>> Anton Arapov wrote: 
>>> "Denis V. Lunev" <den@sw.ru> writes:
>>>> This code is broken from the very beginning.
>>>>
>>>> iris den # cat /proc/sys/net/ipv4/ip_local_port_range
>>>> 32768   61000
>>>> iris den # echo 32768 32 >/proc/sys/net/ipv4/ip_local_port_range
>>>> iris den # cat /proc/sys/net/ipv4/ip_local_port_range
>>>> 32768   32
>>>> iris den # echo 32768 61000 >/proc/sys/net/ipv4/ip_local_port_range
>>>   If you're talking about checks in sysctl, I believe it should be
>>> another patch for sysctl only, and I'm going to push it via -mm tree.
>>>
>>>   the devision by zero exists in inet_connection_socket.c, and must be
>>> fixed for sure because the situation with the same min and max port
>>> numbers in sysctl are possible and not prohibited.
>>>
>>> Cheers!
>> your patch change nothing :( unfortunately. If I set '32768 32767' it
>> will oops again.
> 
>   Patch prevents the system crash. System traps on division by zero.
> 
>   Your case(MAX<MIN) must be handled by sysctl. Do you want to say
> that I have to join patch for sysctl.c to this one? It's bad idea.
> 

both versions of settings, your ones and my ones are _useless_ in real
life. So, we do some sanity fixes. Am I right? If so, we must prevent
all versions of OOPS (aka division by zero here).

I'll send my vision in a moment...

Regards,
	Den

^ permalink raw reply	[flat|nested] 7+ messages in thread

* Re: [PATCH] ipv4: kernel panic when only one unsecured port available
  2007-10-10  8:38         ` Denis V. Lunev
@ 2007-10-10  8:44           ` David Miller
  0 siblings, 0 replies; 7+ messages in thread
From: David Miller @ 2007-10-10  8:44 UTC (permalink / raw)
  To: den; +Cc: aarapov, netdev

From: "Denis V. Lunev" <den@sw.ru>
Date: Wed, 10 Oct 2007 12:38:37 +0400

> both versions of settings, your ones and my ones are _useless_ in real
> life. So, we do some sanity fixes. Am I right? If so, we must prevent
> all versions of OOPS (aka division by zero here).
> 
> I'll send my vision in a moment...

I agree with Denis that we should plug all of the holes when fixing
this.

^ permalink raw reply	[flat|nested] 7+ messages in thread

end of thread, other threads:[~2007-10-10  8:44 UTC | newest]

Thread overview: 7+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-10-09 14:01 [PATCH] ipv4: kernel panic when only one unsecured port available Anton Arapov
2007-10-10  6:54 ` Denis V. Lunev
2007-10-10  8:19   ` Anton Arapov
2007-10-10  8:27     ` Denis V. Lunev
2007-10-10  8:31       ` Anton Arapov
2007-10-10  8:38         ` Denis V. Lunev
2007-10-10  8:44           ` David Miller

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).