kernel / kernel-source

Clone
Source Code
GIT

Files

  1.   57586e63b7f7f1f91c3b5e41483bbbb6b2ee04d7
  2.   patches.suse
  3.   bpf-Fix-SO_RCVBUF-SO_SNDBUF-handling-in-_bpf_setsock.patch
Blob Blame History Raw 
From: Kuniyuki Iwashima <kuniyu@amazon.co.jp>
Date: Tue, 4 Jan 2022 10:31:48 +0900
Subject: bpf: Fix SO_RCVBUF/SO_SNDBUF handling in _bpf_setsockopt().
Patch-mainline: v5.17-rc1
Git-commit: 04c350b1ae6bdb12b84009a4d0bf5ab4e621c47b
References: jsc#PED-1368

The commit 4057765f2dee ("sock: consistent handling of extreme
SO_SNDBUF/SO_RCVBUF values") added a change to prevent underflow
in setsockopt() around SO_SNDBUF/SO_RCVBUF.

This patch adds the same change to _bpf_setsockopt().

Fixes: 4057765f2dee ("sock: consistent handling of extreme SO_SNDBUF/SO_RCVBUF values")
Signed-off-by: Kuniyuki Iwashima <kuniyu@amazon.co.jp>
Signed-off-by: Alexei Starovoitov <ast@kernel.org>
Link: https://lore.kernel.org/bpf/20220104013153.97906-2-kuniyu@amazon.co.jp
Acked-by: Shung-Hsi Yu <shung-hsi.yu@suse.com>
---
 net/core/filter.c |    2 ++
 1 file changed, 2 insertions(+)

--- a/net/core/filter.c
+++ b/net/core/filter.c
@@ -4758,12 +4758,14 @@ static int _bpf_setsockopt(struct sock *
 		switch (optname) {
 		case SO_RCVBUF:
 			val = min_t(u32, val, sysctl_rmem_max);
+			val = min_t(int, val, INT_MAX / 2);
 			sk->sk_userlocks |= SOCK_RCVBUF_LOCK;
 			WRITE_ONCE(sk->sk_rcvbuf,
 				   max_t(int, val * 2, SOCK_MIN_RCVBUF));
 			break;
 		case SO_SNDBUF:
 			val = min_t(u32, val, sysctl_wmem_max);
+			val = min_t(int, val, INT_MAX / 2);
 			sk->sk_userlocks |= SOCK_SNDBUF_LOCK;
 			WRITE_ONCE(sk->sk_sndbuf,
 				   max_t(int, val * 2, SOCK_MIN_SNDBUF));
Powered by Pagure 5.13.3
DocumentationAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.