Re: [PATCH net,v3] tcp: fix a signed-integer-overflow bug in tcp_add_backlog()

From: Eric Dumazet
Date: Fri Oct 21 2022 - 12:02:02 EST

Next message: Anatoly Pugachev: "dpkg fails on sparc64 (was: [PATCH v4 4/7] mm/thp: Carry over dirty bit when thp splits on pmd)"
Previous message: Arnd Bergmann: "[PATCH 11/11] ARM: mmp: remove old PM support"
In reply to: Lu Wei: "[PATCH net,v3] tcp: fix a signed-integer-overflow bug in tcp_add_backlog()"
Next in thread: Kuniyuki Iwashima: "Re: [PATCH net,v3] tcp: fix a signed-integer-overflow bug in tcp_add_backlog()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Thu, Oct 20, 2022 at 8:03 PM Lu Wei <luwei32@xxxxxxxxxx> wrote:
>
> The type of sk_rcvbuf and sk_sndbuf in struct sock is int, and
> in tcp_add_backlog(), the variable limit is caculated by adding
> sk_rcvbuf, sk_sndbuf and 64 * 1024, it may exceed the max value
> of int and overflow. This patch reduces the limit budget by
> halving the sndbuf to solve this issue since ACK packets are much
> smaller than the payload.
>
> Fixes: c9c3321257e1 ("tcp: add tcp_add_backlog()")
> Signed-off-by: Lu Wei <luwei32@xxxxxxxxxx>

Reviewed-by: Eric Dumazet <edumazet@xxxxxxxxxx>

Next message: Anatoly Pugachev: "dpkg fails on sparc64 (was: [PATCH v4 4/7] mm/thp: Carry over dirty bit when thp splits on pmd)"
Previous message: Arnd Bergmann: "[PATCH 11/11] ARM: mmp: remove old PM support"
In reply to: Lu Wei: "[PATCH net,v3] tcp: fix a signed-integer-overflow bug in tcp_add_backlog()"
Next in thread: Kuniyuki Iwashima: "Re: [PATCH net,v3] tcp: fix a signed-integer-overflow bug in tcp_add_backlog()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]