net: fix possible overflow in __sk_mem_raise_allocated()

[ Upstream commit 5bf325a53202b8728cf7013b72688c46071e212e ]

With many active TCP sockets, fat TCP sockets could fool
__sk_mem_raise_allocated() thanks to an overflow.

They would increase their share of the memory, instead
of decreasing it.

Signed-off-by: Eric Dumazet <edumazet@google.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/include/net/sock.h b/include/net/sock.h
index 0252c0d0031046bdba634a15422aad1525d8d6d2..4545a9ecc219356a5c5bfea765a6f4cb16ef6644 100644 (file)
--- a/include/net/sock.h
+++ b/include/net/sock.h
@@ -1272,7 +1272,7 @@ static inline void sk_sockets_allocated_inc(struct sock *sk)
        percpu_counter_inc(sk->sk_prot->sockets_allocated);
 }
 
-static inline int
+static inline u64
 sk_sockets_allocated_read_positive(struct sock *sk)
 {
        return percpu_counter_read_positive(sk->sk_prot->sockets_allocated);

diff --git a/net/core/sock.c b/net/core/sock.c
index ba4f843cdd1d17b786c7dced08e8782bc2fee382..bbde5f6a7dc9193b1c72f956861dd88b7a469825 100644 (file)
--- a/net/core/sock.c
+++ b/net/core/sock.c
@@ -2435,7 +2435,7 @@ int __sk_mem_raise_allocated(struct sock *sk, int size, int amt, int kind)
        }
 
        if (sk_has_memory_pressure(sk)) {
-               int alloc;
+               u64 alloc;
 
                if (!sk_under_memory_pressure(sk))
                        return 1;