Re: [PATCH] ipv4: kernel panic when only one unsecured port available

Mon, 15 Oct 2007 13:06:26 -0700 

On Tue, 09 Oct 2007 15:59:14 +0200
Anton Arapov <[EMAIL PROTECTED]> wrote:

> Steps to reproduce:
> Server:
>   [EMAIL PROTECTED] ~]# cat /etc/exports
>   /export *(ro,insecure)
> // there is insecure ... I am using ports like "1024 to 61000"
>   [EMAIL PROTECTED] ~] service nfs restart 
> 
> Client:
>   [EMAIL PROTECTED] ~]# echo 32768 32768 > 
> /proc/sys/net/ipv4/ip_local_port_range
>   32768   32768
> // two same numbers, for ex "32769 32769" etc.
>   [EMAIL PROTECTED] ~]# cat /proc/sys/net/ipv4/ip_local_port_range
>   32768   32768
>   [EMAIL PROTECTED] ~]# mount server:/export /import
>   
> Actual results:
>   Kernel always panics 
> 
> --------------------------------------------------------------------
> [PATCH] ipv4: kernel panic when only one unsecured port available
> 
>   Patch prevents division by zero. Kernel panics if only one 
> unsecured port available.
> 
> Signed-off-by: Anton Arapov <[EMAIL PROTECTED]>
> ---
> 
>  net/ipv4/inet_connection_sock.c |    2 +-
>  1 files changed, 1 insertions(+), 1 deletions(-)
> 
> diff --git a/net/ipv4/inet_connection_sock.c b/net/ipv4/inet_connection_sock.c
> index fbe7714..00ad079 100644
> --- a/net/ipv4/inet_connection_sock.c
> +++ b/net/ipv4/inet_connection_sock.c
> @@ -80,7 +80,7 @@ int inet_csk_get_port(struct inet_hashinfo *hashinfo,
>               int low = sysctl_local_port_range[0];
>               int high = sysctl_local_port_range[1];
>               int remaining = (high - low) + 1;
> -             int rover = net_random() % (high - low) + low;
> +             int rover = net_random() % remaining + low;
>  
>               do {
>                       head = &hashinfo->bhash[inet_bhashfn(rover, 
> hashinfo->bhash_size)];
> 

This code has recently been reworked, but from my reading, that
divide-by-zero can still occur.  And given that the numbers in
/proc/sys/net/ipv4/ip_local_port_range are inclusive, the arithmetic in
inet_csk_get_port() seems to just be wrong?

So we have this, against David's current devel tree:

--- 
a/net/ipv4/inet_connection_sock.c~ipv4-kernel-panic-when-only-one-unsecured-port-available
+++ a/net/ipv4/inet_connection_sock.c
@@ -93,7 +93,7 @@ int inet_csk_get_port(struct inet_hashin
                int remaining, rover, low, high;
 
                inet_get_local_port_range(&low, &high);
-               remaining = high - low;
+               remaining = high - low + 1;
                rover = net_random() % remaining + low;
 
                do {
_


btw, mime-mangled gpg-fancified emails are rather a pain to handle at the
receivnig end.  Good old text/plain works better, please.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Reply via email to