net/packet: fix 4gb buffer limit due to overflow check

Message ID	20190209203701.27252-1-kal.conley@dectris.com
State	Changes Requested
Delegated to:	David Miller
Headers	show Return-Path: <netdev-owner@vger.kernel.org> From: Kal Conley <kal.conley@dectris.com> To: davem@davemloft.net Cc: kal.conley@dectris.com, Willem de Bruijn <willemb@google.com>, Eric Dumazet <edumazet@google.com>, Greg Kroah-Hartman <gregkh@linuxfoundation.org>, Jeff Kirsher <jeffrey.t.kirsher@intel.com>, Alexander Duyck <alexander.h.duyck@intel.com>, Kirill Tkhai <ktkhai@virtuozzo.com>, Vincent Whitchurch <vincent.whitchurch@axis.com>, Li RongQing <lirongqing@baidu.com>, Magnus Karlsson <magnus.karlsson@intel.com>, netdev@vger.kernel.org (open list:NETWORKING [GENERAL]), linux-kernel@vger.kernel.org (open list) Subject: [PATCH] net/packet: fix 4gb buffer limit due to overflow check Date: Sat, 9 Feb 2019 21:37:00 +0100 Message-Id: <20190209203701.27252-1-kal.conley@dectris.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Sender: netdev-owner@vger.kernel.org Precedence: bulk
Series	net/packet: fix 4gb buffer limit due to overflow check \| expand net/packet: fix 4gb buffer limit due to overflow check

Message ID

20190209203701.27252-1-kal.conley@dectris.com

State

Changes Requested

Delegated to:

David Miller

Headers

From: Kal Conley <kal.conley@dectris.com>
To: davem@davemloft.net
Cc: kal.conley@dectris.com, Willem de Bruijn <willemb@google.com>,
	Eric Dumazet <edumazet@google.com>,
	Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
	Jeff Kirsher <jeffrey.t.kirsher@intel.com>,
	Alexander Duyck <alexander.h.duyck@intel.com>,
	Kirill Tkhai <ktkhai@virtuozzo.com>,
	Vincent Whitchurch <vincent.whitchurch@axis.com>,
	Li RongQing <lirongqing@baidu.com>,
	Magnus Karlsson <magnus.karlsson@intel.com>,
	netdev@vger.kernel.org (open list:NETWORKING [GENERAL]),
	linux-kernel@vger.kernel.org (open list)
Subject: [PATCH] net/packet: fix 4gb buffer limit due to overflow check
Date: Sat,  9 Feb 2019 21:37:00 +0100
Message-Id: <20190209203701.27252-1-kal.conley@dectris.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Sender: netdev-owner@vger.kernel.org
Precedence: bulk

Series

net/packet: fix 4gb buffer limit due to overflow check | expand

Commit Message

Kal Conley Feb. 9, 2019, 8:37 p.m. UTC

When calculating rb->frames_per_block * req->tp_block_nr the result
can overflow. Check it for overflow without limiting the total buffer
size to UINT_MAX.

This change fixes support for packet ring buffers >= UINT_MAX.
---
 net/packet/af_packet.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

David Miller Feb. 10, 2019, 3:01 a.m. UTC | #1

From: Kal Conley <kal.conley@dectris.com>
Date: Sat,  9 Feb 2019 21:37:00 +0100

> When calculating rb->frames_per_block * req->tp_block_nr the result
> can overflow. Check it for overflow without limiting the total buffer
> size to UINT_MAX.
> 
> This change fixes support for packet ring buffers >= UINT_MAX.

Please resubmit with a proper signoff and also an appropriate Fixes:
tag.

diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c
index d0945253f43b..d603a430378e 100644
--- a/net/packet/af_packet.c
+++ b/net/packet/af_packet.c
@@ -4291,7 +4291,7 @@  static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u,
 		rb->frames_per_block = req->tp_block_size / req->tp_frame_size;
 		if (unlikely(rb->frames_per_block == 0))
 			goto out;
-		if (unlikely(req->tp_block_size > UINT_MAX / req->tp_block_nr))
+		if (unlikely(rb->frames_per_block > UINT_MAX / req->tp_block_nr))
 			goto out;
 		if (unlikely((rb->frames_per_block * req->tp_block_nr) !=
 					req->tp_frame_nr))

net/packet: fix 4gb buffer limit due to overflow check

Commit Message

Comments

Patch