From a88bc3022ac5c02aad9d755628c784c5df397da2 Mon Sep 17 00:00:00 2001
From: Keefe Liu <liuqifa@huawei.com>
Date: Sun, 28 Apr 2019 10:20:59 +0800
Subject: [PATCH] ipvlan: limit loop_delay ranges

euler inclusion
category: bugfix
bugzilla: 4411
CVE: NA

-------------------------------------------------

In order to avoid integer overflow, we should limit
the ranges of loop_delay value.

Fixes: f4661458116b ("ipvlan: Introduce local xmit queue for l2e mode")
Signed-off-by: Keefe Liu <liuqifa@huawei.com>
Reviewed-by: Wei Yongjun <weiyongjun1@huawei.com>
Signed-off-by: Yang Yingliang <yangyingliang@huawei.com>
---
 drivers/net/ipvlan/ipvlan_main.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/drivers/net/ipvlan/ipvlan_main.c b/drivers/net/ipvlan/ipvlan_main.c
index af3b5c950e35..99dd690bb936 100644
--- a/drivers/net/ipvlan/ipvlan_main.c
+++ b/drivers/net/ipvlan/ipvlan_main.c
@@ -9,6 +9,9 @@
 
 #include "ipvlan.h"
 
+static int one = 1;
+static int delay_max = 100;
+
 int sysctl_ipvlan_loop_qlen = 131072;
 int sysctl_ipvlan_loop_delay = 10;
 static int ipvlan_default_mode = IPVLAN_MODE_L3;
@@ -22,7 +25,9 @@ static struct ctl_table ipvlan_table[] = {
 		.data		= &sysctl_ipvlan_loop_delay,
 		.maxlen		= sizeof(int),
 		.mode		= 0644,
-		.proc_handler	= proc_dointvec,
+		.proc_handler   = proc_dointvec_minmax,
+		.extra1         = &one,
+		.extra2         = &delay_max,
 	},
 	{
 		.procname	= "loop_qlen",
-- 
GitLab