Quite a few drivers allow very low settings for dev->mtu. My static checker complains this could cause some underflow problems when we do the subtractions in set_sync_mesg_maxlen(). I don't know that it's harmful necessarily, but it seems like an easy thing to prevent the underflows. Signed-off-by: Dan Carpenter <dan.carpenter@xxxxxxxxxx> --- Please review this one carefully, because I'm not very sure of myself here. diff --git a/net/netfilter/ipvs/ip_vs_sync.c b/net/netfilter/ipvs/ip_vs_sync.c index b08ba95..b4e148b 100644 --- a/net/netfilter/ipvs/ip_vs_sync.c +++ b/net/netfilter/ipvs/ip_vs_sync.c @@ -1352,7 +1352,7 @@ static int set_sync_mesg_maxlen(struct net *net, int sync_state) { struct netns_ipvs *ipvs = net_ipvs(net); struct net_device *dev; - int num; + unsigned int num; if (sync_state == IP_VS_STATE_MASTER) { dev = __dev_get_by_name(net, ipvs->master_mcast_ifn); @@ -1363,7 +1363,8 @@ static int set_sync_mesg_maxlen(struct net *net, int sync_state) sizeof(struct udphdr) - SYNC_MESG_HEADER_LEN - 20) / SIMPLE_CONN_SIZE; ipvs->send_mesg_maxlen = SYNC_MESG_HEADER_LEN + - SIMPLE_CONN_SIZE * min(num, MAX_CONNS_PER_SYNCBUFF); + SIMPLE_CONN_SIZE * min_t(uint, num, + MAX_CONNS_PER_SYNCBUFF); IP_VS_DBG(7, "setting the maximum length of sync sending " "message %d.\n", ipvs->send_mesg_maxlen); } else if (sync_state == IP_VS_STATE_BACKUP) { @@ -1371,8 +1372,11 @@ static int set_sync_mesg_maxlen(struct net *net, int sync_state) if (!dev) return -ENODEV; - ipvs->recv_mesg_maxlen = dev->mtu - - sizeof(struct iphdr) - sizeof(struct udphdr); + if (dev->mtu < sizeof(struct iphdr) + sizeof(struct udphdr)) + ipvs->recv_mesg_maxlen = 0; + else + ipvs->recv_mesg_maxlen = dev->mtu - + sizeof(struct iphdr) - sizeof(struct udphdr); IP_VS_DBG(7, "setting the maximum length of sync receiving " "message %d.\n", ipvs->recv_mesg_maxlen); } -- To unsubscribe from this list: send the line "unsubscribe netfilter-devel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html