summaryrefslogtreecommitdiffhomepage
path: root/pkg/sentry/socket
diff options
context:
space:
mode:
authorKevin Krakauer <krakauer@google.com>2021-07-12 22:34:44 -0700
committergVisor bot <gvisor-bot@google.com>2021-07-12 22:37:11 -0700
commite35d20f79c4604c41a3b912b41aae322adf96bc7 (patch)
tree3134a6c001ae3368be2021b6d06e95cd5174918a /pkg/sentry/socket
parent520795aaad701854e9ffe84de1108954cf2b77f8 (diff)
netstack: move SO_SNDBUF/RCVBUF clamping logic out of //pkg/tcpip
- Keeps Linux-specific behavior out of //pkg/tcpip - Makes it clearer that clamping is done only for setsockopt calls from users - Removes code duplication PiperOrigin-RevId: 384389809
Diffstat (limited to 'pkg/sentry/socket')
-rw-r--r--pkg/sentry/socket/netstack/netstack.go28
1 files changed, 26 insertions, 2 deletions
diff --git a/pkg/sentry/socket/netstack/netstack.go b/pkg/sentry/socket/netstack/netstack.go
index 5d5c4ebbd..ea736e446 100644
--- a/pkg/sentry/socket/netstack/netstack.go
+++ b/pkg/sentry/socket/netstack/netstack.go
@@ -1682,6 +1682,26 @@ func SetSockOpt(t *kernel.Task, s socket.SocketOps, ep commonEndpoint, level int
return nil
}
+func clampBufSize(newSz, min, max int64) int64 {
+ // packetOverheadFactor is used to multiply the value provided by the user on
+ // a setsockopt(2) for setting the send/receive buffer sizes sockets.
+ const packetOverheadFactor = 2
+
+ if newSz > max {
+ newSz = max
+ }
+
+ if newSz < math.MaxInt32/packetOverheadFactor {
+ newSz *= packetOverheadFactor
+ if newSz < min {
+ newSz = min
+ }
+ } else {
+ newSz = math.MaxInt32
+ }
+ return newSz
+}
+
// setSockOptSocket implements SetSockOpt when level is SOL_SOCKET.
func setSockOptSocket(t *kernel.Task, s socket.SocketOps, ep commonEndpoint, name int, optVal []byte) *syserr.Error {
switch name {
@@ -1691,7 +1711,9 @@ func setSockOptSocket(t *kernel.Task, s socket.SocketOps, ep commonEndpoint, nam
}
v := hostarch.ByteOrder.Uint32(optVal)
- ep.SocketOptions().SetSendBufferSize(int64(v), true /* notify */)
+ min, max := ep.SocketOptions().SendBufferLimits()
+ clamped := clampBufSize(int64(v), min, max)
+ ep.SocketOptions().SetSendBufferSize(clamped, true /* notify */)
return nil
case linux.SO_RCVBUF:
@@ -1700,7 +1722,9 @@ func setSockOptSocket(t *kernel.Task, s socket.SocketOps, ep commonEndpoint, nam
}
v := hostarch.ByteOrder.Uint32(optVal)
- ep.SocketOptions().SetReceiveBufferSize(int64(v), true /* notify */)
+ min, max := ep.SocketOptions().ReceiveBufferLimits()
+ clamped := clampBufSize(int64(v), min, max)
+ ep.SocketOptions().SetReceiveBufferSize(clamped, true /* notify */)
return nil
case linux.SO_REUSEADDR: