diff mbox series

ipvs:set sock send/receive buffer correctly

Message ID 501e5522-1d69-7c67-a1bc-fd8502d3b5d1@huawei.com
State Awaiting Upstream
Delegated to: David Miller
Headers show
Series ipvs:set sock send/receive buffer correctly | expand

Commit Message

Miaohe Lin April 17, 2019, 9:18 a.m. UTC 
From: Jie Liu <liujie165@huawei.com>

If we set sysctl_wmem_max or sysctl_rmem_max larger than INT_MAX,
the send/receive buffer of sock will be an negative value. Same as
when the val is larger than INT_MAX/2.

Fixes: 1c003b1580e2 ("ipvs: wakeup master thread")
Reported-by: Qiang Ning <ningqiang1@huawei.com>
Reviewed-by: Miaohe Lin <linmiaohe@huawei.com>
Signed-off-by: Jie Liu <liujie165@huawei.com>
---
 net/netfilter/ipvs/ip_vs_sync.c | 10 ++++------
 1 file changed, 4 insertions(+), 6 deletions(-)

Comments

Eric Dumazet April 17, 2019, 1:18 p.m. UTC | #1 
On 04/17/2019 02:18 AM, linmiaohe wrote:
> From: Jie Liu <liujie165@huawei.com>
> 
> If we set sysctl_wmem_max or sysctl_rmem_max larger than INT_MAX,
> the send/receive buffer of sock will be an negative value. Same as
> when the val is larger than INT_MAX/2.
> 
> Fixes: 1c003b1580e2 ("ipvs: wakeup master thread")
> Reported-by: Qiang Ning <ningqiang1@huawei.com>
> Reviewed-by: Miaohe Lin <linmiaohe@huawei.com>
> Signed-off-by: Jie Liu <liujie165@huawei.com>
> ---
>  net/netfilter/ipvs/ip_vs_sync.c | 10 ++++------
>  1 file changed, 4 insertions(+), 6 deletions(-)
> 
> diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c
> index 2526be6b3d90..c0e4cbed6e74 100644
> --- a/net/netfilter/ipvs/ip_vs_sync.c
> +++ b/net/netfilter/ipvs/ip_vs_sync.c
> @@ -1278,14 +1278,12 @@ static void set_sock_size(struct sock *sk, int mode, int val)
>  	/* setsockopt(sock, SOL_SOCKET, SO_RCVBUF, &val, sizeof(val)); */
>  	lock_sock(sk);
>  	if (mode) {
> -		val = clamp_t(int, val, (SOCK_MIN_SNDBUF + 1) / 2,
> -			      sysctl_wmem_max);
> -		sk->sk_sndbuf = val * 2;
> +		val = min_t(u32, val, sysctl_wmem_max);
> +		sk->sk_sndbuf = max_t(int, val * 2, SOCK_MIN_SNDBUF);

What prevents val * 2 to overflow ? 

Code in sock_setsockopt() looks quite different.

>  		sk->sk_userlocks |= SOCK_SNDBUF_LOCK;
>  	} else {
> -		val = clamp_t(int, val, (SOCK_MIN_RCVBUF + 1) / 2,
> -			      sysctl_rmem_max);
> -		sk->sk_rcvbuf = val * 2;
> +		val = min_t(u32, val, sysctl_rmem_max);
> +		sk->sk_rcvbuf = max_t(int, val * 2, SOCK_MIN_RCVBUF);
>  		sk->sk_userlocks |= SOCK_RCVBUF_LOCK;
>  	}
>  	release_sock(sk);
>
Miaohe Lin April 18, 2019, 1:45 a.m. UTC | #2 
On 2019/4/17 21:18, Eric Dumazet wrote:
> 
> 
> On 04/17/2019 02:18 AM, linmiaohe wrote:
>> From: Jie Liu <liujie165@huawei.com>
>>
>> If we set sysctl_wmem_max or sysctl_rmem_max larger than INT_MAX,
>> the send/receive buffer of sock will be an negative value. Same as
>> when the val is larger than INT_MAX/2.
>>
>> Fixes: 1c003b1580e2 ("ipvs: wakeup master thread")
>> Reported-by: Qiang Ning <ningqiang1@huawei.com>
>> Reviewed-by: Miaohe Lin <linmiaohe@huawei.com>
>> Signed-off-by: Jie Liu <liujie165@huawei.com>
>> ---
>>  net/netfilter/ipvs/ip_vs_sync.c | 10 ++++------
>>  1 file changed, 4 insertions(+), 6 deletions(-)
>>
>> diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c
>> index 2526be6b3d90..c0e4cbed6e74 100644
>> --- a/net/netfilter/ipvs/ip_vs_sync.c
>> +++ b/net/netfilter/ipvs/ip_vs_sync.c
>> @@ -1278,14 +1278,12 @@ static void set_sock_size(struct sock *sk, int mode, int val)
>>  	/* setsockopt(sock, SOL_SOCKET, SO_RCVBUF, &val, sizeof(val)); */
>>  	lock_sock(sk);
>>  	if (mode) {
>> -		val = clamp_t(int, val, (SOCK_MIN_SNDBUF + 1) / 2,
>> -			      sysctl_wmem_max);
>> -		sk->sk_sndbuf = val * 2;
>> +		val = min_t(u32, val, sysctl_wmem_max);
>> +		sk->sk_sndbuf = max_t(int, val * 2, SOCK_MIN_SNDBUF);
> 
> What prevents val * 2 to overflow ? 
> 
> Code in sock_setsockopt() looks quite different.
> .
> 
In fact, I just implemented this function with reference to
sock_setsockopt(). When val * 2 overflow, we will set the
buffer as SOCK_MIN_SNDBUF, just as sock_setsockopt() do.
Eric Dumazet April 18, 2019, 2:02 a.m. UTC | #3 
On 04/17/2019 06:45 PM, linmiaohe wrote:
> 

> In fact, I just implemented this function with reference to
> sock_setsockopt(). When val * 2 overflow, we will set the
> buffer as SOCK_MIN_SNDBUF, just as sock_setsockopt() do.
> 

I do not think so.

Please check latest linux kernel, not some old version.

commit 4057765f2dee79cb92f9067909477303360be8d3    sock: consistent handling of extreme SO_SNDBUF/SO_RCVBUF values
Miaohe Lin April 18, 2019, 2:17 a.m. UTC | #4 
On 2019/4/18 10:02, Eric Dumazet wrote:
> 
> 
> On 04/17/2019 06:45 PM, linmiaohe wrote:
>>
> 
>> In fact, I just implemented this function with reference to
>> sock_setsockopt(). When val * 2 overflow, we will set the
>> buffer as SOCK_MIN_SNDBUF, just as sock_setsockopt() do.
>>
> 
> I do not think so.
> 
> Please check latest linux kernel, not some old version.
> 
> commit 4057765f2dee79cb92f9067909477303360be8d3    sock: consistent handling of extreme SO_SNDBUF/SO_RCVBUF values
> 
> .
> 

Thank you for your patience, you are right. My version is not the newest.
I will update my patch according to the newest version. Thanks again.
diff mbox series

Patch

diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c
index 2526be6b3d90..c0e4cbed6e74 100644
--- a/net/netfilter/ipvs/ip_vs_sync.c
+++ b/net/netfilter/ipvs/ip_vs_sync.c
@@ -1278,14 +1278,12 @@  static void set_sock_size(struct sock *sk, int mode, int val)
 	/* setsockopt(sock, SOL_SOCKET, SO_RCVBUF, &val, sizeof(val)); */
 	lock_sock(sk);
 	if (mode) {
-		val = clamp_t(int, val, (SOCK_MIN_SNDBUF + 1) / 2,
-			      sysctl_wmem_max);
-		sk->sk_sndbuf = val * 2;
+		val = min_t(u32, val, sysctl_wmem_max);
+		sk->sk_sndbuf = max_t(int, val * 2, SOCK_MIN_SNDBUF);
 		sk->sk_userlocks |= SOCK_SNDBUF_LOCK;
 	} else {
-		val = clamp_t(int, val, (SOCK_MIN_RCVBUF + 1) / 2,
-			      sysctl_rmem_max);
-		sk->sk_rcvbuf = val * 2;
+		val = min_t(u32, val, sysctl_rmem_max);
+		sk->sk_rcvbuf = max_t(int, val * 2, SOCK_MIN_RCVBUF);
 		sk->sk_userlocks |= SOCK_RCVBUF_LOCK;
 	}
 	release_sock(sk);