[stable] Patch "Limit sysctl_tcp_mem and sysctl_udp_mem initializers to prevent integer overflows." has been added to the 2.6.32-stable tree

[gregkh]

This is a note to let you know that I've just added the patch titled

    Limit sysctl_tcp_mem and sysctl_udp_mem initializers to prevent integer 
overflows.

to the 2.6.32-stable tree which can be found at:
    
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     
limit-sysctl_tcp_mem-and-sysctl_udp_mem-initializers-to-prevent-integer-overflows.patch
and it can be found in the queue-2.6.32 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <sta...@kernel.org> know about it.


>From a599d3751b0eb60592e8ee8e020c8239dcd25264 Mon Sep 17 00:00:00 2001
From: Robin Holt <h...@sgi.com>
Date: Wed, 20 Oct 2010 02:03:37 +0000
Subject: Limit sysctl_tcp_mem and sysctl_udp_mem initializers to prevent 
integer overflows.


From: Robin Holt <h...@sgi.com>

[ Upstream fixed this in a different way. -DaveM ]

On a 16TB x86_64 machine, sysctl_tcp_mem[2], sysctl_udp_mem[2], and
sysctl_sctp_mem[2] can integer overflow.  Set limit such that they are
maximized without overflowing.

Signed-off-by: Robin Holt <h...@sgi.com>
To: "David S. Miller" <da...@davemloft.net>
Cc: Willy Tarreau <w...@1wt.eu>
Cc: linux-ker...@vger.kernel.org
Cc: net...@vger.kernel.org
Cc: linux-s...@vger.kernel.org
Cc: Alexey Kuznetsov <kuz...@ms2.inr.ac.ru>
Cc: "Pekka Savola (ipv6)" <pek...@netcore.fi>
Cc: James Morris <jmor...@namei.org>
Cc: Hideaki YOSHIFUJI <yoshf...@linux-ipv6.org>
Cc: Patrick McHardy <ka...@trash.net>
Cc: Vlad Yasevich <vladislav.yasev...@hp.com>
Cc: Sridhar Samudrala <s...@us.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gre...@suse.de>
---
 net/ipv4/tcp.c      |    4 +++-
 net/ipv4/udp.c      |    4 +++-
 net/sctp/protocol.c |    4 +++-
 3 files changed, 9 insertions(+), 3 deletions(-)

--- a/net/ipv4/tcp.c
+++ b/net/ipv4/tcp.c
@@ -2940,12 +2940,14 @@ void __init tcp_init(void)
 
        /* Set the pressure threshold to be a fraction of global memory that
         * is up to 1/2 at 256 MB, decreasing toward zero with the amount of
-        * memory, with a floor of 128 pages.
+        * memory, with a floor of 128 pages, and a ceiling that prevents an
+        * integer overflow.
         */
        nr_pages = totalram_pages - totalhigh_pages;
        limit = min(nr_pages, 1UL<<(28-PAGE_SHIFT)) >> (20-PAGE_SHIFT);
        limit = (limit * (nr_pages >> (20-PAGE_SHIFT))) >> (PAGE_SHIFT-11);
        limit = max(limit, 128UL);
+       limit = min(limit, INT_MAX * 4UL / 3 / 2);
        sysctl_tcp_mem[0] = limit / 4 * 3;
        sysctl_tcp_mem[1] = limit;
        sysctl_tcp_mem[2] = sysctl_tcp_mem[0] * 2;
--- a/net/ipv4/udp.c
+++ b/net/ipv4/udp.c
@@ -1832,12 +1832,14 @@ void __init udp_init(void)
        udp_table_init(&udp_table);
        /* Set the pressure threshold up by the same strategy of TCP. It is a
         * fraction of global memory that is up to 1/2 at 256 MB, decreasing
-        * toward zero with the amount of memory, with a floor of 128 pages.
+        * toward zero with the amount of memory, with a floor of 128 pages,
+        * and a ceiling that prevents an integer overflow.
         */
        nr_pages = totalram_pages - totalhigh_pages;
        limit = min(nr_pages, 1UL<<(28-PAGE_SHIFT)) >> (20-PAGE_SHIFT);
        limit = (limit * (nr_pages >> (20-PAGE_SHIFT))) >> (PAGE_SHIFT-11);
        limit = max(limit, 128UL);
+       limit = min(limit, INT_MAX * 4UL / 3 / 2);
        sysctl_udp_mem[0] = limit / 4 * 3;
        sysctl_udp_mem[1] = limit;
        sysctl_udp_mem[2] = sysctl_udp_mem[0] * 2;
--- a/net/sctp/protocol.c
+++ b/net/sctp/protocol.c
@@ -1157,7 +1157,8 @@ SCTP_STATIC __init int sctp_init(void)
 
        /* Set the pressure threshold to be a fraction of global memory that
         * is up to 1/2 at 256 MB, decreasing toward zero with the amount of
-        * memory, with a floor of 128 pages.
+        * memory, with a floor of 128 pages, and a ceiling that prevents an
+        * integer overflow.
         * Note this initalizes the data in sctpv6_prot too
         * Unabashedly stolen from tcp_init
         */
@@ -1165,6 +1166,7 @@ SCTP_STATIC __init int sctp_init(void)
        limit = min(nr_pages, 1UL<<(28-PAGE_SHIFT)) >> (20-PAGE_SHIFT);
        limit = (limit * (nr_pages >> (20-PAGE_SHIFT))) >> (PAGE_SHIFT-11);
        limit = max(limit, 128UL);
+       limit = min(limit, INT_MAX * 4UL / 3 / 2);
        sysctl_sctp_mem[0] = limit / 4 * 3;
        sysctl_sctp_mem[1] = limit;
        sysctl_sctp_mem[2] = sysctl_sctp_mem[0] * 2;


Patches currently in stable-queue which might be from h...@sgi.com are

queue-2.6.32/sgi-xpc-xpc-fails-to-discover-partitions-with-all-nasids-above-128.patch
queue-2.6.32/limit-sysctl_tcp_mem-and-sysctl_udp_mem-initializers-to-prevent-integer-overflows.patch

_______________________________________________
stable mailing list
stable@linux.kernel.org
http://linux.kernel.org/mailman/listinfo/stable