1 From 550b16ca026832bbca1a6b2f9dec779f19054ea1 Mon Sep 17 00:00:00 2001
2 From: holt@sgi.com <holt@sgi.com>
3 Date: Wed, 20 Oct 2010 02:03:37 +0000
4 Subject: Limit sysctl_tcp_mem and sysctl_udp_mem initializers to prevent integer overflows.
7 On a 16TB x86_64 machine, sysctl_tcp_mem[2], sysctl_udp_mem[2], and
8 sysctl_sctp_mem[2] can integer overflow. Set limit such that they are
9 maximized without overflowing.
11 Signed-off-by: Robin Holt <holt@sgi.com>
12 To: "David S. Miller" <davem@davemloft.net>
13 Cc: Willy Tarreau <w@1wt.eu>
14 Cc: linux-kernel@vger.kernel.org
15 Cc: netdev@vger.kernel.org
16 Cc: linux-sctp@vger.kernel.org
17 Cc: Alexey Kuznetsov <kuznet@ms2.inr.ac.ru>
18 Cc: "Pekka Savola (ipv6)" <pekkas@netcore.fi>
19 Cc: James Morris <jmorris@namei.org>
20 Cc: Hideaki YOSHIFUJI <yoshfuji@linux-ipv6.org>
21 Cc: Patrick McHardy <kaber@trash.net>
22 Cc: Vlad Yasevich <vladislav.yasevich@hp.com>
23 Cc: Sridhar Samudrala <sri@us.ibm.com>
24 Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
26 net/ipv4/tcp.c | 4 +++-
27 net/ipv4/udp.c | 4 +++-
28 net/sctp/protocol.c | 4 +++-
29 3 files changed, 9 insertions(+), 3 deletions(-)
33 @@ -3252,12 +3252,14 @@ void __init tcp_init(void)
35 /* Set the pressure threshold to be a fraction of global memory that
36 * is up to 1/2 at 256 MB, decreasing toward zero with the amount of
37 - * memory, with a floor of 128 pages.
38 + * memory, with a floor of 128 pages, and a ceiling that prevents an
41 nr_pages = totalram_pages - totalhigh_pages;
42 limit = min(nr_pages, 1UL<<(28-PAGE_SHIFT)) >> (20-PAGE_SHIFT);
43 limit = (limit * (nr_pages >> (20-PAGE_SHIFT))) >> (PAGE_SHIFT-11);
44 limit = max(limit, 128UL);
45 + limit = min(limit, INT_MAX * 4UL / 3 / 2);
46 sysctl_tcp_mem[0] = limit / 4 * 3;
47 sysctl_tcp_mem[1] = limit;
48 sysctl_tcp_mem[2] = sysctl_tcp_mem[0] * 2;
51 @@ -2167,12 +2167,14 @@ void __init udp_init(void)
52 udp_table_init(&udp_table, "UDP");
53 /* Set the pressure threshold up by the same strategy of TCP. It is a
54 * fraction of global memory that is up to 1/2 at 256 MB, decreasing
55 - * toward zero with the amount of memory, with a floor of 128 pages.
56 + * toward zero with the amount of memory, with a floor of 128 pages,
57 + * and a ceiling that prevents an integer overflow.
59 nr_pages = totalram_pages - totalhigh_pages;
60 limit = min(nr_pages, 1UL<<(28-PAGE_SHIFT)) >> (20-PAGE_SHIFT);
61 limit = (limit * (nr_pages >> (20-PAGE_SHIFT))) >> (PAGE_SHIFT-11);
62 limit = max(limit, 128UL);
63 + limit = min(limit, INT_MAX * 4UL / 3 / 2);
64 sysctl_udp_mem[0] = limit / 4 * 3;
65 sysctl_udp_mem[1] = limit;
66 sysctl_udp_mem[2] = sysctl_udp_mem[0] * 2;
67 --- a/net/sctp/protocol.c
68 +++ b/net/sctp/protocol.c
69 @@ -1161,7 +1161,8 @@ SCTP_STATIC __init int sctp_init(void)
71 /* Set the pressure threshold to be a fraction of global memory that
72 * is up to 1/2 at 256 MB, decreasing toward zero with the amount of
73 - * memory, with a floor of 128 pages.
74 + * memory, with a floor of 128 pages, and a ceiling that prevents an
76 * Note this initalizes the data in sctpv6_prot too
77 * Unabashedly stolen from tcp_init
79 @@ -1169,6 +1170,7 @@ SCTP_STATIC __init int sctp_init(void)
80 limit = min(nr_pages, 1UL<<(28-PAGE_SHIFT)) >> (20-PAGE_SHIFT);
81 limit = (limit * (nr_pages >> (20-PAGE_SHIFT))) >> (PAGE_SHIFT-11);
82 limit = max(limit, 128UL);
83 + limit = min(limit, INT_MAX * 4UL / 3 / 2);
84 sysctl_sctp_mem[0] = limit / 4 * 3;
85 sysctl_sctp_mem[1] = limit;
86 sysctl_sctp_mem[2] = sysctl_sctp_mem[0] * 2;
projects / thirdparty / kernel / stable-queue.git / blob