OpenSDV
/
original_kernel
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
original_kernel/net/ipv4
History
Alexey Dobriyan 0147fc058d tcp: restrict net.ipv4.tcp_adv_win_scale (#20312) 
tcp_win_from_space() does the following:

      if (sysctl_tcp_adv_win_scale <= 0)
              return space >> (-sysctl_tcp_adv_win_scale);
      else
              return space - (space >> sysctl_tcp_adv_win_scale);

"space" is int.

As per C99 6.5.7 (3) shifting int for 32 or more bits is
undefined behaviour.

Indeed, if sysctl_tcp_adv_win_scale is exactly 32,
space >> 32 equals space and function returns 0.

Which means we busyloop in tcp_fixup_rcvbuf().

Restrict net.ipv4.tcp_adv_win_scale to [-31, 31].

Fix https://bugzilla.kernel.org/show_bug.cgi?id=20312

Steps to reproduce:

      echo 32 >/proc/sys/net/ipv4/tcp_adv_win_scale
      wget www.kernel.org
      [softlockup]

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
 		2010-11-28 10:39:45 -08:00
..
netfilter ipv4: netfilter: ip_tables: fix information leak to userland 2010-11-03 08:45:06 +01:00
Kconfig Merge branch 'for-next' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2010-10-24 13:41:39 -07:00
Makefile
af_inet.c
ah4.c
arp.c
cipso_ipv4.c
datagram.c
devinet.c
esp4.c
fib_frontend.c fib: Fix fib zone and its hash leak on namespace stop 2010-10-28 10:27:03 -07:00
fib_hash.c fib: Fix fib zone and its hash leak on namespace stop 2010-10-28 10:27:03 -07:00
fib_lookup.h fib: fib_result_assign() should not change fib refcounts 2010-11-04 12:05:32 -07:00
fib_rules.c
fib_semantics.c
fib_trie.c net: allow GFP_HIGHMEM in __vmalloc() 2010-11-21 10:04:04 -08:00
gre.c tunnels: add _rcu annotations 2010-10-25 13:09:45 -07:00
icmp.c xfrm: update flowi saddr in icmp_send if unset 2010-11-16 11:43:39 -08:00
igmp.c inet: fix ip_mc_drop_socket() 2010-11-09 08:26:42 -08:00
inet_connection_sock.c
inet_diag.c inet_diag: Make sure we actually run the same bytecode we audited. 2010-11-04 12:26:34 -07:00
inet_fragment.c
inet_hashtables.c
inet_lro.c
inet_timewait_sock.c
inetpeer.c inetpeer: __rcu annotations 2010-10-27 11:37:33 -07:00
ip_forward.c
ip_fragment.c
ip_gre.c ip_gre: fix fallback tunnel setup 2010-10-30 16:21:28 -07:00
ip_input.c
ip_options.c
ip_output.c
ip_sockglue.c ipv4: add __rcu annotations to ip_ra_chain 2010-10-25 14:18:28 -07:00
ipcomp.c
ipconfig.c
ipip.c tunnels: Fix tunnels change rcu protection 2010-10-27 14:20:08 -07:00
ipmr.c
netfilter.c
proc.c net: avoid limits overflow 2010-11-10 12:12:00 -08:00
protocol.c net: add __rcu annotations to protocol 2010-10-27 11:37:31 -07:00
raw.c
route.c ipv4: add __rcu annotations to routes.c 2010-10-27 11:37:31 -07:00
syncookies.c
sysctl_net_ipv4.c tcp: restrict net.ipv4.tcp_adv_win_scale (#20312) 2010-11-28 10:39:45 -08:00
tcp.c tcp: Make TCP_MAXSEG minimum more correct. 2010-11-24 11:47:22 -08:00
tcp_bic.c
tcp_cong.c
tcp_cubic.c
tcp_diag.c
tcp_highspeed.c
tcp_htcp.c
tcp_hybla.c
tcp_illinois.c
tcp_input.c net: avoid limits overflow 2010-11-10 12:12:00 -08:00
tcp_ipv4.c netns: Don't leak others' openreq-s in proc 2010-11-27 22:57:48 -08:00
tcp_lp.c
tcp_minisocks.c
tcp_output.c
tcp_probe.c
tcp_scalable.c
tcp_timer.c
tcp_vegas.c
tcp_vegas.h
tcp_veno.c
tcp_westwood.c
tcp_yeah.c
tunnel4.c tunnels: add __rcu annotations 2010-10-27 11:37:32 -07:00
udp.c net: avoid limits overflow 2010-11-10 12:12:00 -08:00
udp_impl.h
udplite.c
xfrm4_input.c
xfrm4_mode_beet.c
xfrm4_mode_transport.c
xfrm4_mode_tunnel.c
xfrm4_output.c
xfrm4_policy.c
xfrm4_state.c
xfrm4_tunnel.c