[PATCH] net: check net.core.somaxconn sysctl values

[Roman Gushchin]

It's possible to assign an invalid value to the net.core.somaxconn
sysctl variable, because there is no checks at all.

The sk_max_ack_backlog field of the sock structure is defined as
unsigned short. Therefore, the backlog argument in inet_listen()
shouldn't exceed USHRT_MAX. The backlog argument in the listen() syscall
is truncated to the somaxconn value. So, the somaxconn value shouldn't
exceed 65535 (USHRT_MAX).
Also, negative values of somaxconn are meaningless.

before:
$ sysctl -w net.core.somaxconn=256
net.core.somaxconn = 256
$ sysctl -w net.core.somaxconn=65536
net.core.somaxconn = 65536
$ sysctl -w net.core.somaxconn=-100
net.core.somaxconn = -100

after:
$ sysctl -w net.core.somaxconn=256
net.core.somaxconn = 256
$ sysctl -w net.core.somaxconn=65536
error: "Invalid argument" setting key "net.core.somaxconn"
$ sysctl -w net.core.somaxconn=-100
error: "Invalid argument" setting key "net.core.somaxconn"

Signed-off-by: Roman Gushchin <kl...@yandex-team.ru>
---
net/core/sysctl_net_core.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c
index cfdb46a..2ff093b 100644
--- a/net/core/sysctl_net_core.c
+++ b/net/core/sysctl_net_core.c
@@ -20,7 +20,9 @@
#include <net/sock.h>
#include <net/net_ratelimit.h>

+static int zero = 0;
static int one = 1;
+static int ushort_max = USHRT_MAX;

#ifdef CONFIG_RPS
static int rps_sock_flow_sysctl(ctl_table *table, int write,
@@ -204,7 +206,9 @@ static struct ctl_table netns_core_table[] = {
.data = &init_net.core.sysctl_somaxconn,
.maxlen = sizeof(int),
.mode = 0644,
- .proc_handler = proc_dointvec
+ .extra1 = &zero,
+ .extra2 = &ushort_max,
+ .proc_handler = proc_dointvec_minmax
},
{ }
};
--
1.8.1.2

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majo...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

[Eric Dumazet]

We had a discussion about this one month ago, as Changli Gao posted a
patch. http://patchwork.ozlabs.org/patch/255460/

So proper credits would be nice ;)

Based on a prior patch from Changli Gao

Reported-by: Changli Gao <xia...@gmail.com>
Suggested-by: Eric Dumazet <edum...@google.com>

Acked-by: Eric Dumazet <edum...@google.com>

[Roman Gushchin]

[Roman Gushchin]

Ok :)

> Based on a prior patch from Changli Gao
>
> Reported-by: Changli Gao <xia...@gmail.com>
> Suggested-by: Eric Dumazet <edum...@google.com>
>
> Acked-by: Eric Dumazet <edum...@google.com>
>

Thanks!

PS I've forwarded your letter back to the lkml by mistake.
Sorry)

Regards,
Roman

[David Miller]

From: Roman Gushchin <kl...@yandex-team.ru>
Date: Wed, 31 Jul 2013 17:57:35 +0400

> ---
> net/core/sysctl_net_core.c | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c
> index cfdb46a..2ff093b 100644
> --- a/net/core/sysctl_net_core.c
> +++ b/net/core/sysctl_net_core.c
> @@ -20,7 +20,9 @@

This patch is against old sources, please respin it against the current
tree.

Thanks.

[Roman Gushchin]

On 01.08.2013 04:10, David Miller wrote:
> From: Roman Gushchin <kl...@yandex-team.ru>
> Date: Wed, 31 Jul 2013 17:57:35 +0400
>
>> ---
>> net/core/sysctl_net_core.c | 6 +++++-
>> 1 file changed, 5 insertions(+), 1 deletion(-)
>>
>> diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c
>> index cfdb46a..2ff093b 100644
>> --- a/net/core/sysctl_net_core.c
>> +++ b/net/core/sysctl_net_core.c
>> @@ -20,7 +20,9 @@
>
> This patch is against old sources, please respin it against the current
> tree.
>
> Thanks.
>

net: check net.core.somaxconn sysctl values

It's possible to assign an invalid value to the net.core.somaxconn
sysctl variable, because there is no checks at all.

The sk_max_ack_backlog field of the sock structure is defined as
unsigned short. Therefore, the backlog argument in inet_listen()
shouldn't exceed USHRT_MAX. The backlog argument in the listen() syscall
is truncated to the somaxconn value. So, the somaxconn value shouldn't
exceed 65535 (USHRT_MAX).
Also, negative values of somaxconn are meaningless.

before:
$ sysctl -w net.core.somaxconn=256
net.core.somaxconn = 256
$ sysctl -w net.core.somaxconn=65536
net.core.somaxconn = 65536
$ sysctl -w net.core.somaxconn=-100
net.core.somaxconn = -100

after:
$ sysctl -w net.core.somaxconn=256
net.core.somaxconn = 256
$ sysctl -w net.core.somaxconn=65536
error: "Invalid argument" setting key "net.core.somaxconn"
$ sysctl -w net.core.somaxconn=-100
error: "Invalid argument" setting key "net.core.somaxconn"

Based on a prior patch from Changli Gao.

Signed-off-by: Roman Gushchin <kl...@yandex-team.ru>

Reported-by: Changli Gao <xia...@gmail.com>
Suggested-by: Eric Dumazet <edum...@google.com>
Acked-by: Eric Dumazet <edum...@google.com>

---
net/core/sysctl_net_core.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c

index 6609686..7c37dcd 100644
--- a/net/core/sysctl_net_core.c
+++ b/net/core/sysctl_net_core.c
@@ -21,7 +21,9 @@
#include <net/net_ratelimit.h>
#include <net/busy_poll.h>

+static int zero = 0;
static int one = 1;
+static int ushort_max = USHRT_MAX;

#ifdef CONFIG_RPS

static int rps_sock_flow_sysctl(struct ctl_table *table, int write,
@@ -339,7 +341,9 @@ static struct ctl_table netns_core_table[] = {

.data = &init_net.core.sysctl_somaxconn,
.maxlen = sizeof(int),
.mode = 0644,
- .proc_handler = proc_dointvec
+ .extra1 = &zero,
+ .extra2 = &ushort_max,
+ .proc_handler = proc_dointvec_minmax
},
{ }
};
--
1.8.1.2

[David Miller]

From: Roman Gushchin <kl...@yandex-team.ru>
Date: Thu, 01 Aug 2013 13:04:16 +0400

> On 01.08.2013 04:10, David Miller wrote:
>> From: Roman Gushchin <kl...@yandex-team.ru>
>> Date: Wed, 31 Jul 2013 17:57:35 +0400
>>
>>> ---
>>> net/core/sysctl_net_core.c | 6 +++++-
>>> 1 file changed, 5 insertions(+), 1 deletion(-)
>>>
>>> diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c
>>> index cfdb46a..2ff093b 100644
>>> --- a/net/core/sysctl_net_core.c
>>> +++ b/net/core/sysctl_net_core.c
>>> @@ -20,7 +20,9 @@
>>
>> This patch is against old sources, please respin it against the
>> current
>> tree.
>>
>> Thanks.
>>
>
> net: check net.core.somaxconn sysctl values

Still doesn't apply, and it's because your email client has corrupted
the patch.

Please read Documentation/email-clients.txt to learn how to fix this
problem, and then send a test patch to yourself.

Only when you can successfully apply the test patch you send to
yourself should you repost your patch here.

Thanks.

[Roman Gushchin]

---
net/core/sysctl_net_core.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/net/core/sysctl_net_core.c b/net/core/sysctl_net_core.c

index 6609686..7c37dcd 100644
--- a/net/core/sysctl_net_core.c
+++ b/net/core/sysctl_net_core.c

@@ -21,7 +21,9 @@
#include <net/net_ratelimit.h>
#include <net/busy_poll.h>

+static int zero = 0;
static int one = 1;
+static int ushort_max = USHRT_MAX;

#ifdef CONFIG_RPS
static int rps_sock_flow_sysctl(struct ctl_table *table, int write,
@@ -339,7 +341,9 @@ static struct ctl_table netns_core_table[] = {
.data = &init_net.core.sysctl_somaxconn,
.maxlen = sizeof(int),
.mode = 0644,
- .proc_handler = proc_dointvec
+ .extra1 = &zero,
+ .extra2 = &ushort_max,
+ .proc_handler = proc_dointvec_minmax
},
{ }
};
--
1.8.1.2

[David Miller]

From: Roman Gushchin <kl...@yandex-team.ru>
Date: Fri, 2 Aug 2013 18:36:40 +0400

Applied, thanks.

[Roman Gushchin]

Thank you!

Regards,
Roman