ipvs: check that ip_vs_conn_tab_bits is between 8 and 20

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

ip_vs_conn_tab_bits may be provided by the user through the
conn_tab_bits module parameter. If this value is greater than 31, or
less than 0, the shift operator used to derive tab_size causes undefined
behaviour.

Fix this checking ip_vs_conn_tab_bits value to be in the range specified
in ipvs Kconfig. If not, simply use default value.

Fixes: 6f7edb4881bf ("IPVS: Allow boot time change of hash size")
Reported-by: Yi Chen <yiche@redhat.com>
Signed-off-by: Andrea Claudi <aclaudi@redhat.com>
Acked-by: Julian Anastasov <ja@ssi.bg>
Acked-by: Simon Horman <horms@verge.net.au>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>

authored by

Andrea Claudi and committed by

Pablo Neira Ayuso 4 years ago 69e73dbf 7bbc3d38

1 changed file

expand all

net

netfilter

ipvs

ip_vs_conn.c

net/netfilter/ipvs/ip_vs_conn.c

··· 1468 1468 int idx; 1469 1469 1470 1470 /* Compute size and mask */ 1471 + if (ip_vs_conn_tab_bits < 8 || ip_vs_conn_tab_bits > 20) { 1472 + pr_info("conn_tab_bits not in [8, 20]. Using default value\n"); 1473 + ip_vs_conn_tab_bits = CONFIG_IP_VS_TAB_BITS; 1474 + } 1471 1475 ip_vs_conn_tab_size = 1 << ip_vs_conn_tab_bits; 1472 1476 ip_vs_conn_tab_mask = ip_vs_conn_tab_size - 1; 1473 1477