iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/net
History
Alexey Dobriyan 0147fc058d tcp: restrict net.ipv4.tcp_adv_win_scale (#20312) 
tcp_win_from_space() does the following:

      if (sysctl_tcp_adv_win_scale <= 0)
              return space >> (-sysctl_tcp_adv_win_scale);
      else
              return space - (space >> sysctl_tcp_adv_win_scale);

"space" is int.

As per C99 6.5.7 (3) shifting int for 32 or more bits is
undefined behaviour.

Indeed, if sysctl_tcp_adv_win_scale is exactly 32,
space >> 32 equals space and function returns 0.

Which means we busyloop in tcp_fixup_rcvbuf().

Restrict net.ipv4.tcp_adv_win_scale to [-31, 31].

Fix https://bugzilla.kernel.org/show_bug.cgi?id=20312

Steps to reproduce:

      echo 32 >/proc/sys/net/ipv4/tcp_adv_win_scale
      wget www.kernel.org
      [softlockup]

Signed-off-by: Alexey Dobriyan <adobriyan@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2010-11-28 10:39:45 -08:00
..
9p
net/9p: Return error on read with NULL buffer
2010-10-28 09:08:49 -05:00
802
net/802: add __rcu annotations
2010-10-25 13:09:44 -07:00
8021q
vlan: rcu annotations
2010-10-25 13:09:43 -07:00
appletalk
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
2010-04-11 14:53:53 -07:00
atm
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6
2010-10-23 11:47:02 -07:00
ax25
net: ax25: fix information leak to userland
2010-11-10 10:14:33 -08:00
bluetooth
Bluetooth: fix not setting security level when creating a rfcomm session
2010-11-09 00:56:10 -02:00
bridge
bridge: Forward reserved group addresses if !STP
2010-10-21 04:25:48 -07:00
caif
caif: Remove noisy printout when disconnecting caif socket
2010-11-03 18:50:04 -07:00
can
can-bcm: fix minor heap overflow
2010-11-12 14:07:14 -08:00
ceph
Net: ceph: Makefile: Remove unnessary code
2010-11-27 17:39:29 -08:00
core
net: allow GFP_HIGHMEM in __vmalloc()
2010-11-21 10:04:04 -08:00
dcb
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
2010-03-30 22:02:32 +09:00
dccp
dccp ccid-2: Stop polling
2010-10-28 10:27:01 -07:00
decnet
net: avoid limits overflow
2010-11-10 12:12:00 -08:00
dns_resolver
DNS: If the DNS server returns an error, allow that to be cached [ver #2]
2010-08-11 17:11:28 +00:00
dsa
phylib: available for any speed ethernet
2010-08-11 23:03:50 -07:00
econet
econet: fix CVE-2010-3848
2010-11-24 11:51:47 -08:00
ethernet
net: return operator cleanup
2010-09-23 14:33:39 -07:00
ieee802154
ieee802154: Fix possible NULL pointer dereference in wpan_phy_alloc
2010-05-23 23:11:07 -07:00
ipv4
tcp: restrict net.ipv4.tcp_adv_win_scale (#20312)
2010-11-28 10:39:45 -08:00
ipv6
ipv6: fix missing in6_ifa_put in addrconf
2010-11-22 07:37:36 -08:00
ipx
BKL: introduce CONFIG_BKL.
2010-10-21 15:44:13 +02:00
irda
net: irda: irttp: sync error paths of data- and udata-requests
2010-11-18 12:24:25 -08:00
iucv
[S390] cleanup lowcore access from external interrupts
2010-10-25 16:10:19 +02:00
key
net: return operator cleanup
2010-09-23 14:33:39 -07:00
l2tp
l2tp: kzalloc with swapped params in l2tp_dfs_seq_open
2010-11-01 06:56:02 -07:00
lapb
include cleanup: Update gfp.h and slab.h includes to prepare for breaking implicit slab.h inclusion from percpu.h
2010-03-30 22:02:32 +09:00
llc
net/llc: storing negative error codes in unsigned short
2010-09-16 22:38:23 -07:00
mac80211
mac80211: unset SDATA_STATE_OFFCHANNEL when cancelling a scan
2010-11-08 16:53:47 -05:00
netfilter
netfilter: fix IP_VS dependencies
2010-11-18 13:14:33 -08:00
netlabel
net: Remove unnecessary returns from void function()s
2010-05-17 23:23:14 -07:00
netlink
netlink: fix netlink_change_ngroups()
2010-10-24 16:25:39 -07:00
netrom
net: sk_sleep() helper
2010-04-20 16:37:13 -07:00
packet
net: Fix header size check for GSO case in recvmsg (af_packet)
2010-11-12 11:06:46 -08:00
phonet
phonet: remove the unused variable pn
2010-10-20 01:55:54 -07:00
rds
rds: Integer overflow in RDS cmsg handling
2010-11-17 12:20:52 -08:00
rfkill
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6
2010-10-23 11:47:02 -07:00
rose
Merge branch 'master' of master.kernel.org:/pub/scm/linux/kernel/git/davem/net-2.6
2010-09-27 01:03:03 -07:00
rxrpc
Add a dummy printk function for the maintenance of unused printks
2010-08-12 09:51:35 -07:00
sched
classifier: report statistics for basic classifier
2010-11-08 12:17:05 -08:00
sctp
net: avoid limits overflow
2010-11-10 12:12:00 -08:00
sunrpc
convert get_sb_single() users
2010-10-29 04:16:28 -04:00
tipc
net: tipc: fix information leak to userland
2010-11-09 09:25:46 -08:00
unix
af_unix: limit unix_tot_inflight
2010-11-24 09:15:27 -08:00
wanrouter
fix printk typo 'faild'
2010-08-09 11:25:17 +02:00
wimax
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-next-2.6
2010-05-20 21:04:44 -07:00
wireless
cfg80211: fix can_beacon_sec_chan, reenable HT40
2010-11-18 11:35:05 -05:00
x25
x25: Prevent crashing when parsing bad X.25 facilities
2010-11-12 12:44:42 -08:00
xfrm
net: allow GFP_HIGHMEM in __vmalloc()
2010-11-21 10:04:04 -08:00
compat.c
net: Limit socket I/O iovec total length to INT_MAX.
2010-10-28 11:47:52 -07:00
Kconfig
ceph: factor out libceph from Ceph file system
2010-10-20 15:37:28 -07:00
Makefile
ceph: factor out libceph from Ceph file system
2010-10-20 15:37:28 -07:00
nonet.c
llseek: automatically add .llseek fop
2010-10-15 15:53:27 +02:00
socket.c
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
2010-10-30 18:42:58 -07:00
sysctl_net.c
net: Remove unnecessary returns from void function()s
2010-05-17 23:23:14 -07:00
TUNABLE