It's possible to assign an invalid value to the net.core.somaxconn
sysctl variable, because there is no checks at all.
The sk_max_ack_backlog field of the sock structure is defined as
unsigned short. Therefore, the backlog argument in inet_listen()
shouldn't exceed USHRT_MAX. The backlog argument in the listen() syscall
is truncated to the somaxconn value. So, the somaxconn value shouldn't
exceed 65535 (USHRT_MAX).
Also, negative values of somaxconn are meaningless.
before:
$ sysctl -w net.core.somaxconn=256
net.core.somaxconn = 256
$ sysctl -w net.core.somaxconn=65536
net.core.somaxconn = 65536
$ sysctl -w net.core.somaxconn=-100
net.core.somaxconn = -100
after:
$ sysctl -w net.core.somaxconn=256
net.core.somaxconn = 256
$ sysctl -w net.core.somaxconn=65536
error: "Invalid argument" setting key "net.core.somaxconn"
$ sysctl -w net.core.somaxconn=-100
error: "Invalid argument" setting key "net.core.somaxconn"
Signed-off-by: Roman Gushchin <[email protected]>
---
net/core/sysctl_net_core.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c
index cfdb46a..2ff093b 100644
--- a/net/core/sysctl_net_core.c
+++ b/net/core/sysctl_net_core.c
@@ -20,7 +20,9 @@
#include <net/sock.h>
#include <net/net_ratelimit.h>
+static int zero = 0;
static int one = 1;
+static int ushort_max = USHRT_MAX;
#ifdef CONFIG_RPS
static int rps_sock_flow_sysctl(ctl_table *table, int write,
@@ -204,7 +206,9 @@ static struct ctl_table netns_core_table[] = {
.data = &init_net.core.sysctl_somaxconn,
.maxlen = sizeof(int),
.mode = 0644,
- .proc_handler = proc_dointvec
+ .extra1 = &zero,
+ .extra2 = &ushort_max,
+ .proc_handler = proc_dointvec_minmax
},
{ }
};
--
1.8.1.2
On Wed, 2013-07-31 at 17:57 +0400, Roman Gushchin wrote:
> It's possible to assign an invalid value to the net.core.somaxconn
> sysctl variable, because there is no checks at all.
>
> The sk_max_ack_backlog field of the sock structure is defined as
> unsigned short. Therefore, the backlog argument in inet_listen()
> shouldn't exceed USHRT_MAX. The backlog argument in the listen() syscall
> is truncated to the somaxconn value. So, the somaxconn value shouldn't
> exceed 65535 (USHRT_MAX).
> Also, negative values of somaxconn are meaningless.
>
> before:
> $ sysctl -w net.core.somaxconn=256
> net.core.somaxconn = 256
> $ sysctl -w net.core.somaxconn=65536
> net.core.somaxconn = 65536
> $ sysctl -w net.core.somaxconn=-100
> net.core.somaxconn = -100
>
> after:
> $ sysctl -w net.core.somaxconn=256
> net.core.somaxconn = 256
> $ sysctl -w net.core.somaxconn=65536
> error: "Invalid argument" setting key "net.core.somaxconn"
> $ sysctl -w net.core.somaxconn=-100
> error: "Invalid argument" setting key "net.core.somaxconn"
>
> Signed-off-by: Roman Gushchin <[email protected]>
> ---
> net/core/sysctl_net_core.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
We had a discussion about this one month ago, as Changli Gao posted a
patch. http://patchwork.ozlabs.org/patch/255460/
So proper credits would be nice ;)
Based on a prior patch from Changli Gao
Reported-by: Changli Gao <[email protected]>
Suggested-by: Eric Dumazet <[email protected]>
Acked-by: Eric Dumazet <[email protected]>
-------- Original Message --------
Subject: Re: [PATCH] net: check net.core.somaxconn sysctl values
Date: Wed, 31 Jul 2013 07:37:37 -0700
From: Eric Dumazet <[email protected]>
To: Roman Gushchin <[email protected]>
CC: David S. Miller <[email protected]>, [email protected], [email protected], [email protected], [email protected]
On Wed, 2013-07-31 at 17:57 +0400, Roman Gushchin wrote:
> It's possible to assign an invalid value to the net.core.somaxconn
> sysctl variable, because there is no checks at all.
>
> The sk_max_ack_backlog field of the sock structure is defined as
> unsigned short. Therefore, the backlog argument in inet_listen()
> shouldn't exceed USHRT_MAX. The backlog argument in the listen() syscall
> is truncated to the somaxconn value. So, the somaxconn value shouldn't
> exceed 65535 (USHRT_MAX).
> Also, negative values of somaxconn are meaningless.
>
> before:
> $ sysctl -w net.core.somaxconn=256
> net.core.somaxconn = 256
> $ sysctl -w net.core.somaxconn=65536
> net.core.somaxconn = 65536
> $ sysctl -w net.core.somaxconn=-100
> net.core.somaxconn = -100
>
> after:
> $ sysctl -w net.core.somaxconn=256
> net.core.somaxconn = 256
> $ sysctl -w net.core.somaxconn=65536
> error: "Invalid argument" setting key "net.core.somaxconn"
> $ sysctl -w net.core.somaxconn=-100
> error: "Invalid argument" setting key "net.core.somaxconn"
>
> Signed-off-by: Roman Gushchin <[email protected]>
> ---
> net/core/sysctl_net_core.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
We had a discussion about this one month ago, as Changli Gao posted a
patch. http://patchwork.ozlabs.org/patch/255460/
So proper credits would be nice ;)
Based on a prior patch from Changli Gao
Reported-by: Changli Gao <[email protected]>
Suggested-by: Eric Dumazet <[email protected]>
Acked-by: Eric Dumazet <[email protected]>
On 31.07.2013 18:37, Eric Dumazet wrote:
> On Wed, 2013-07-31 at 17:57 +0400, Roman Gushchin wrote:
>> It's possible to assign an invalid value to the net.core.somaxconn
>> sysctl variable, because there is no checks at all.
>>
>> The sk_max_ack_backlog field of the sock structure is defined as
>> unsigned short. Therefore, the backlog argument in inet_listen()
>> shouldn't exceed USHRT_MAX. The backlog argument in the listen() syscall
>> is truncated to the somaxconn value. So, the somaxconn value shouldn't
>> exceed 65535 (USHRT_MAX).
>> Also, negative values of somaxconn are meaningless.
>>
>> before:
>> $ sysctl -w net.core.somaxconn=256
>> net.core.somaxconn = 256
>> $ sysctl -w net.core.somaxconn=65536
>> net.core.somaxconn = 65536
>> $ sysctl -w net.core.somaxconn=-100
>> net.core.somaxconn = -100
>>
>> after:
>> $ sysctl -w net.core.somaxconn=256
>> net.core.somaxconn = 256
>> $ sysctl -w net.core.somaxconn=65536
>> error: "Invalid argument" setting key "net.core.somaxconn"
>> $ sysctl -w net.core.somaxconn=-100
>> error: "Invalid argument" setting key "net.core.somaxconn"
>>
>> Signed-off-by: Roman Gushchin <[email protected]>
>> ---
>> net/core/sysctl_net_core.c | 6 +++++-
>> 1 file changed, 5 insertions(+), 1 deletion(-)
>
>
> We had a discussion about this one month ago, as Changli Gao posted a
> patch. http://patchwork.ozlabs.org/patch/255460/
>
> So proper credits would be nice ;)
Ok :)
> Based on a prior patch from Changli Gao
>
> Reported-by: Changli Gao <[email protected]>
> Suggested-by: Eric Dumazet <[email protected]>
>
> Acked-by: Eric Dumazet <[email protected]>
>
Thanks!
PS I've forwarded your letter back to the lkml by mistake.
Sorry)
Regards,
Roman
From: Roman Gushchin <[email protected]>
Date: Wed, 31 Jul 2013 17:57:35 +0400
> ---
> net/core/sysctl_net_core.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c
> index cfdb46a..2ff093b 100644
> --- a/net/core/sysctl_net_core.c
> +++ b/net/core/sysctl_net_core.c
> @@ -20,7 +20,9 @@
This patch is against old sources, please respin it against the current
tree.
Thanks.
On 01.08.2013 04:10, David Miller wrote:
> From: Roman Gushchin <[email protected]>
> Date: Wed, 31 Jul 2013 17:57:35 +0400
>
>> ---
>> net/core/sysctl_net_core.c | 6 +++++-
>> 1 file changed, 5 insertions(+), 1 deletion(-)
>>
>> diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c
>> index cfdb46a..2ff093b 100644
>> --- a/net/core/sysctl_net_core.c
>> +++ b/net/core/sysctl_net_core.c
>> @@ -20,7 +20,9 @@
>
> This patch is against old sources, please respin it against the current
> tree.
>
> Thanks.
>
net: check net.core.somaxconn sysctl values
It's possible to assign an invalid value to the net.core.somaxconn
sysctl variable, because there is no checks at all.
The sk_max_ack_backlog field of the sock structure is defined as
unsigned short. Therefore, the backlog argument in inet_listen()
shouldn't exceed USHRT_MAX. The backlog argument in the listen() syscall
is truncated to the somaxconn value. So, the somaxconn value shouldn't
exceed 65535 (USHRT_MAX).
Also, negative values of somaxconn are meaningless.
before:
$ sysctl -w net.core.somaxconn=256
net.core.somaxconn = 256
$ sysctl -w net.core.somaxconn=65536
net.core.somaxconn = 65536
$ sysctl -w net.core.somaxconn=-100
net.core.somaxconn = -100
after:
$ sysctl -w net.core.somaxconn=256
net.core.somaxconn = 256
$ sysctl -w net.core.somaxconn=65536
error: "Invalid argument" setting key "net.core.somaxconn"
$ sysctl -w net.core.somaxconn=-100
error: "Invalid argument" setting key "net.core.somaxconn"
Based on a prior patch from Changli Gao.
Signed-off-by: Roman Gushchin <[email protected]>
Reported-by: Changli Gao <[email protected]>
Suggested-by: Eric Dumazet <[email protected]>
Acked-by: Eric Dumazet <[email protected]>
---
net/core/sysctl_net_core.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c
index 6609686..7c37dcd 100644
--- a/net/core/sysctl_net_core.c
+++ b/net/core/sysctl_net_core.c
@@ -21,7 +21,9 @@
#include <net/net_ratelimit.h>
#include <net/busy_poll.h>
+static int zero = 0;
static int one = 1;
+static int ushort_max = USHRT_MAX;
#ifdef CONFIG_RPS
static int rps_sock_flow_sysctl(struct ctl_table *table, int write,
@@ -339,7 +341,9 @@ static struct ctl_table netns_core_table[] = {
.data = &init_net.core.sysctl_somaxconn,
.maxlen = sizeof(int),
.mode = 0644,
- .proc_handler = proc_dointvec
+ .extra1 = &zero,
+ .extra2 = &ushort_max,
+ .proc_handler = proc_dointvec_minmax
},
{ }
};
--
1.8.1.2
From: Roman Gushchin <[email protected]>
Date: Thu, 01 Aug 2013 13:04:16 +0400
> On 01.08.2013 04:10, David Miller wrote:
>> From: Roman Gushchin <[email protected]>
>> Date: Wed, 31 Jul 2013 17:57:35 +0400
>>
>>> ---
>>> net/core/sysctl_net_core.c | 6 +++++-
>>> 1 file changed, 5 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c
>>> index cfdb46a..2ff093b 100644
>>> --- a/net/core/sysctl_net_core.c
>>> +++ b/net/core/sysctl_net_core.c
>>> @@ -20,7 +20,9 @@
>>
>> This patch is against old sources, please respin it against the
>> current
>> tree.
>>
>> Thanks.
>>
>
> net: check net.core.somaxconn sysctl values
Still doesn't apply, and it's because your email client has corrupted
the patch.
Please read Documentation/email-clients.txt to learn how to fix this
problem, and then send a test patch to yourself.
Only when you can successfully apply the test patch you send to
yourself should you repost your patch here.
Thanks.
It's possible to assign an invalid value to the net.core.somaxconn
sysctl variable, because there is no checks at all.
The sk_max_ack_backlog field of the sock structure is defined as
unsigned short. Therefore, the backlog argument in inet_listen()
shouldn't exceed USHRT_MAX. The backlog argument in the listen() syscall
is truncated to the somaxconn value. So, the somaxconn value shouldn't
exceed 65535 (USHRT_MAX).
Also, negative values of somaxconn are meaningless.
before:
$ sysctl -w net.core.somaxconn=256
net.core.somaxconn = 256
$ sysctl -w net.core.somaxconn=65536
net.core.somaxconn = 65536
$ sysctl -w net.core.somaxconn=-100
net.core.somaxconn = -100
after:
$ sysctl -w net.core.somaxconn=256
net.core.somaxconn = 256
$ sysctl -w net.core.somaxconn=65536
error: "Invalid argument" setting key "net.core.somaxconn"
$ sysctl -w net.core.somaxconn=-100
error: "Invalid argument" setting key "net.core.somaxconn"
Based on a prior patch from Changli Gao.
Signed-off-by: Roman Gushchin <[email protected]>
Reported-by: Changli Gao <[email protected]>
Suggested-by: Eric Dumazet <[email protected]>
Acked-by: Eric Dumazet <[email protected]>
---
net/core/sysctl_net_core.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c
index 6609686..7c37dcd 100644
--- a/net/core/sysctl_net_core.c
+++ b/net/core/sysctl_net_core.c
@@ -21,7 +21,9 @@
#include <net/net_ratelimit.h>
#include <net/busy_poll.h>
+static int zero = 0;
static int one = 1;
+static int ushort_max = USHRT_MAX;
#ifdef CONFIG_RPS
static int rps_sock_flow_sysctl(struct ctl_table *table, int write,
@@ -339,7 +341,9 @@ static struct ctl_table netns_core_table[] = {
.data = &init_net.core.sysctl_somaxconn,
.maxlen = sizeof(int),
.mode = 0644,
- .proc_handler = proc_dointvec
+ .extra1 = &zero,
+ .extra2 = &ushort_max,
+ .proc_handler = proc_dointvec_minmax
},
{ }
};
--
1.8.1.2
From: Roman Gushchin <[email protected]>
Date: Fri, 2 Aug 2013 18:36:40 +0400
> It's possible to assign an invalid value to the net.core.somaxconn
> sysctl variable, because there is no checks at all.
>
> The sk_max_ack_backlog field of the sock structure is defined as
> unsigned short. Therefore, the backlog argument in inet_listen()
> shouldn't exceed USHRT_MAX. The backlog argument in the listen() syscall
> is truncated to the somaxconn value. So, the somaxconn value shouldn't
> exceed 65535 (USHRT_MAX).
> Also, negative values of somaxconn are meaningless.
>
> before:
> $ sysctl -w net.core.somaxconn=256
> net.core.somaxconn = 256
> $ sysctl -w net.core.somaxconn=65536
> net.core.somaxconn = 65536
> $ sysctl -w net.core.somaxconn=-100
> net.core.somaxconn = -100
>
> after:
> $ sysctl -w net.core.somaxconn=256
> net.core.somaxconn = 256
> $ sysctl -w net.core.somaxconn=65536
> error: "Invalid argument" setting key "net.core.somaxconn"
> $ sysctl -w net.core.somaxconn=-100
> error: "Invalid argument" setting key "net.core.somaxconn"
>
> Based on a prior patch from Changli Gao.
>
> Signed-off-by: Roman Gushchin <[email protected]>
> Reported-by: Changli Gao <[email protected]>
> Suggested-by: Eric Dumazet <[email protected]>
> Acked-by: Eric Dumazet <[email protected]>
Applied, thanks.
On 03.08.2013 02:19, David Miller wrote:
> From: Roman Gushchin <[email protected]>
> Date: Fri, 2 Aug 2013 18:36:40 +0400
>
>> It's possible to assign an invalid value to the net.core.somaxconn
>> sysctl variable, because there is no checks at all.
>>
>> The sk_max_ack_backlog field of the sock structure is defined as
>> unsigned short. Therefore, the backlog argument in inet_listen()
>> shouldn't exceed USHRT_MAX. The backlog argument in the listen() syscall
>> is truncated to the somaxconn value. So, the somaxconn value shouldn't
>> exceed 65535 (USHRT_MAX).
>> Also, negative values of somaxconn are meaningless.
>>
>> before:
>> $ sysctl -w net.core.somaxconn=256
>> net.core.somaxconn = 256
>> $ sysctl -w net.core.somaxconn=65536
>> net.core.somaxconn = 65536
>> $ sysctl -w net.core.somaxconn=-100
>> net.core.somaxconn = -100
>>
>> after:
>> $ sysctl -w net.core.somaxconn=256
>> net.core.somaxconn = 256
>> $ sysctl -w net.core.somaxconn=65536
>> error: "Invalid argument" setting key "net.core.somaxconn"
>> $ sysctl -w net.core.somaxconn=-100
>> error: "Invalid argument" setting key "net.core.somaxconn"
>>
>> Based on a prior patch from Changli Gao.
>>
>> Signed-off-by: Roman Gushchin <[email protected]>
>> Reported-by: Changli Gao <[email protected]>
>> Suggested-by: Eric Dumazet <[email protected]>
>> Acked-by: Eric Dumazet <[email protected]>
>
> Applied, thanks.
Thank you!
Regards,
Roman
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>