Commit 69e73dbf authored Sep 10, 2021 by Andrea Claudi Committed by Pablo Neira Ayuso Sep 14, 2021

ipvs: check that ip_vs_conn_tab_bits is between 8 and 20



ip_vs_conn_tab_bits may be provided by the user through the
conn_tab_bits module parameter. If this value is greater than 31, or
less than 0, the shift operator used to derive tab_size causes undefined
behaviour.

Fix this checking ip_vs_conn_tab_bits value to be in the range specified
in ipvs Kconfig. If not, simply use default value.

Fixes: 6f7edb48 ("IPVS: Allow boot time change of hash size")
Reported-by: Yi Chen <yiche@redhat.com>
Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
Acked-by: Julian Anastasov <ja@ssi.bg>
Acked-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

parent 7bbc3d38

net/netfilter/ipvs/ip_vs_conn.c

+4 −0

Original line number	Diff line number	Diff line
		@@ -1468,6 +1468,10 @@ int __init ip_vs_conn_init(void)
		int idx;

		/* Compute size and mask */
		if (ip_vs_conn_tab_bits < 8 \|\| ip_vs_conn_tab_bits > 20) {
		pr_info("conn_tab_bits not in [8, 20]. Using default value\n");
		ip_vs_conn_tab_bits = CONFIG_IP_VS_TAB_BITS;
		}
		ip_vs_conn_tab_size = 1 << ip_vs_conn_tab_bits;
		ip_vs_conn_tab_mask = ip_vs_conn_tab_size - 1;