[NET]: Add skb->truesize assertion checking.
Add some sanity checking. truesize should be at least sizeof(struct sk_buff) plus the current packet length. If not, then truesize is seriously mangled and deserves a kernel log message. Currently we'll do the check for release of stream socket buffers. But we can add checks to more spots over time. Incorporating ideas from Herbert Xu. Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
b60b49ea6a
commit
dc6de33674
|
@ -344,6 +344,13 @@ extern void skb_over_panic(struct sk_buff *skb, int len,
|
|||
void *here);
|
||||
extern void skb_under_panic(struct sk_buff *skb, int len,
|
||||
void *here);
|
||||
extern void skb_truesize_bug(struct sk_buff *skb);
|
||||
|
||||
static inline void skb_truesize_check(struct sk_buff *skb)
|
||||
{
|
||||
if (unlikely((int)skb->truesize < sizeof(struct sk_buff) + skb->len))
|
||||
skb_truesize_bug(skb);
|
||||
}
|
||||
|
||||
extern int skb_append_datato_frags(struct sock *sk, struct sk_buff *skb,
|
||||
int getfrag(void *from, char *to, int offset,
|
||||
|
|
|
@ -454,6 +454,7 @@ static inline void sk_stream_set_owner_r(struct sk_buff *skb, struct sock *sk)
|
|||
|
||||
static inline void sk_stream_free_skb(struct sock *sk, struct sk_buff *skb)
|
||||
{
|
||||
skb_truesize_check(skb);
|
||||
sock_set_flag(sk, SOCK_QUEUE_SHRUNK);
|
||||
sk->sk_wmem_queued -= skb->truesize;
|
||||
sk->sk_forward_alloc += skb->truesize;
|
||||
|
|
|
@ -112,6 +112,14 @@ void skb_under_panic(struct sk_buff *skb, int sz, void *here)
|
|||
BUG();
|
||||
}
|
||||
|
||||
void skb_truesize_bug(struct sk_buff *skb)
|
||||
{
|
||||
printk(KERN_ERR "SKB BUG: Invalid truesize (%u) "
|
||||
"len=%u, sizeof(sk_buff)=%Zd\n",
|
||||
skb->truesize, skb->len, sizeof(struct sk_buff));
|
||||
}
|
||||
EXPORT_SYMBOL(skb_truesize_bug);
|
||||
|
||||
/* Allocate a new skbuff. We do this ourselves so we can fill in a few
|
||||
* 'private' fields and also do memory statistics to find all the
|
||||
* [BEEP] leaks.
|
||||
|
|
|
@ -176,6 +176,7 @@ void sk_stream_rfree(struct sk_buff *skb)
|
|||
{
|
||||
struct sock *sk = skb->sk;
|
||||
|
||||
skb_truesize_check(skb);
|
||||
atomic_sub(skb->truesize, &sk->sk_rmem_alloc);
|
||||
sk->sk_forward_alloc += skb->truesize;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue