From patchwork Sun Nov 14 15:18:25 2010 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alexey Dobriyan X-Patchwork-Id: 71118 X-Patchwork-Delegate: davem@davemloft.net Return-Path: X-Original-To: patchwork-incoming@ozlabs.org Delivered-To: patchwork-incoming@ozlabs.org Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by ozlabs.org (Postfix) with ESMTP id DFEE1B7129 for ; Mon, 15 Nov 2010 02:18:37 +1100 (EST) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756025Ab0KNPSd (ORCPT ); Sun, 14 Nov 2010 10:18:33 -0500 Received: from mail-ew0-f46.google.com ([209.85.215.46]:47388 "EHLO mail-ew0-f46.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1755826Ab0KNPSc (ORCPT ); Sun, 14 Nov 2010 10:18:32 -0500 Received: by ewy8 with SMTP id 8so389252ewy.19 for ; Sun, 14 Nov 2010 07:18:31 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:cc:subject :message-id:mime-version:content-type:content-disposition:user-agent; bh=SOIDbSWD/QkYc25Z2pVeMb90lsg3167HNvoBBqHoexY=; b=FjkeiofWJSFg6wJxSM4WE8CzxvUxFQbgie43g9O38sFCqa1v/9eCB3+y0D0JAOx9kX fAzEAmGB+8AxS4maLUhiZsgXBdFxoQLZR3AVjcbhv018rw4PIyZUTMmQpECE7WHj3fyz H0kuIkh1lGE3UymHRu+krqTnnuLCddtHD/K8g= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:cc:subject:message-id:mime-version:content-type :content-disposition:user-agent; b=pJygIc2OxdEAuQfzoafFiQcr5X33P92fIOEkY4egsukuk1hdlA1FR/gWul+DQ3Y4gQ +wL2laQz+I/uqO3j5ntXFGl6/+wsSELBBv13bIkcesMchzLVt+Gsde1UJk0ByewPCdoj SUx1ugR6c8XLCa8xouOHkvrDd7eR4QYm6vD1s= Received: by 10.213.32.76 with SMTP id b12mr4492418ebd.88.1289747910084; Sun, 14 Nov 2010 07:18:30 -0800 (PST) Received: from core2.telecom.by (vulture-nat-36.telecom.by [213.184.224.36]) by mx.google.com with ESMTPS id v56sm5561008eeh.14.2010.11.14.07.18.28 (version=TLSv1/SSLv3 cipher=RC4-MD5); Sun, 14 Nov 2010 07:18:29 -0800 (PST) Date: Sun, 14 Nov 2010 17:18:25 +0200 From: Alexey Dobriyan To: davem@davemloft.net Cc: shemminger@linux-foundation.org, netdev@vger.kernel.org Subject: [PATCH] tcp: restrict net.ipv4.tcp_adv_min_scale (#20312) Message-ID: <20101114151825.GA25137@core2.telecom.by> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.20 (2009-06-14) Sender: netdev-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: netdev@vger.kernel.org tcp_win_from_space() does the following: if (sysctl_tcp_adv_win_scale <= 0) return space >> (-sysctl_tcp_adv_win_scale); else return space - (space >> sysctl_tcp_adv_win_scale); "space" is int. As per C99 6.5.7 (3) shifting int for 32 or more bits is undefined behaviour. Indeed, if sysctl_tcp_adv_win_scale is exactly 32, space >> 32 equals space and function returns 0; Which means we busyloop in tcp_fixup_rcvbuf(). Restrict net.ipv4.tcp_adv_win_scale to [-31, 31]. Fix https://bugzilla.kernel.org/show_bug.cgi?id=20312 Steps to reproduce: echo 32 >/proc/sys/net/ipv4/tcp_adv_win_scale wget www.kernel.org [softlockup] Signed-off-by: Alexey Dobriyan --- -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html --- a/net/ipv4/sysctl_net_ipv4.c +++ b/net/ipv4/sysctl_net_ipv4.c @@ -26,6 +26,8 @@ static int zero; static int tcp_retr1_max = 255; static int ip_local_port_range_min[] = { 1, 1 }; static int ip_local_port_range_max[] = { 65535, 65535 }; +static int _minus_31 = -31; +static int _31 = 31; /* Update system visible IP port range */ static void set_local_port_range(int range[2]) @@ -426,7 +428,9 @@ static struct ctl_table ipv4_table[] = { .data = &sysctl_tcp_adv_win_scale, .maxlen = sizeof(int), .mode = 0644, - .proc_handler = proc_dointvec + .proc_handler = proc_dointvec_minmax, + .extra1 = &_minus_31, + .extra2 = &_31, }, { .procname = "tcp_tw_reuse",