This is a note to let you know that I've just added the patch titled udp: fix integer overflow while computing available space in sk_rcvbuf to the 4.19-stable tree which can be found at: http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary The filename of the patch is: udp-fix-integer-overflow-while-computing-available-space-in-sk_rcvbuf.patch and it can be found in the queue-4.19 subdirectory. If you, or anyone else, feels it should not be added to the stable tree, please let <stable@xxxxxxxxxxxxxxx> know about it. >From foo@baz Wed 01 Jan 2020 10:36:29 PM CET From: Antonio Messina <amessina@xxxxxxxxxx> Date: Thu, 19 Dec 2019 15:08:03 +0100 Subject: udp: fix integer overflow while computing available space in sk_rcvbuf From: Antonio Messina <amessina@xxxxxxxxxx> [ Upstream commit feed8a4fc9d46c3126fb9fcae0e9248270c6321a ] When the size of the receive buffer for a socket is close to 2^31 when computing if we have enough space in the buffer to copy a packet from the queue to the buffer we might hit an integer overflow. When an user set net.core.rmem_default to a value close to 2^31 UDP packets are dropped because of this overflow. This can be visible, for instance, with failure to resolve hostnames. This can be fixed by casting sk_rcvbuf (which is an int) to unsigned int, similarly to how it is done in TCP. Signed-off-by: Antonio Messina <amessina@xxxxxxxxxx> Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx> Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> --- net/ipv4/udp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) --- a/net/ipv4/udp.c +++ b/net/ipv4/udp.c @@ -1412,7 +1412,7 @@ int __udp_enqueue_schedule_skb(struct so * queue contains some other skb */ rmem = atomic_add_return(size, &sk->sk_rmem_alloc); - if (rmem > (size + sk->sk_rcvbuf)) + if (rmem > (size + (unsigned int)sk->sk_rcvbuf)) goto uncharge_drop; spin_lock(&list->lock); Patches currently in stable-queue which might be from amessina@xxxxxxxxxx are queue-4.19/udp-fix-integer-overflow-while-computing-available-space-in-sk_rcvbuf.patch