Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 297dbde1 authored by Tejun Heo's avatar Tejun Heo Committed by David S. Miller
Browse files

netprio_cgroup: limit the maximum css->id to USHRT_MAX 



netprio builds per-netdev contiguous priomap array which is indexed by
css->id.  The array is allocated using kzalloc() effectively limiting
the maximum ID supported to some thousand range.  This patch caps the
maximum supported css->id to USHRT_MAX which should be way above what
is actually useable.

This allows reducing sock->sk_cgrp_prioidx to u16 from u32.  The freed
up part will be used to overload the cgroup related fields.
sock->sk_cgrp_prioidx's position is swapped with sk_mark so that the
two cgroup related fields are adjacent.

Signed-off-by: default avatarTejun Heo <tj@kernel.org>
Acked-by: default avatarDaniel Wagner <daniel.wagner@bmw-carit.de>
Cc: Daniel Borkmann <daniel@iogearbox.net>
CC: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent bc9b145a

include/net/sock.h

+5 −5
Original line number Diff line number Diff line
@@ -288,7 +288,6 @@ struct cg_proto; 
  *	@sk_ack_backlog: current listen backlog

  *	@sk_max_ack_backlog: listen backlog set in listen()

  *	@sk_priority: %SO_PRIORITY setting

  *	@sk_cgrp_prioidx: socket group's priority map index

  *	@sk_type: socket type (%SOCK_STREAM, etc)

  *	@sk_protocol: which protocol this socket belongs in this network family

  *	@sk_peer_pid: &struct pid for this socket's peer
@@ -309,6 +308,7 @@ struct cg_proto; 
  *	@sk_send_head: front of stuff to transmit

  *	@sk_security: used by security modules

  *	@sk_mark: generic packet mark

  *	@sk_cgrp_prioidx: socket group's priority map index

  *	@sk_classid: this socket's cgroup classid

  *	@sk_cgrp: this socket's cgroup-specific proto data

  *	@sk_write_pending: a write to stream socket waits to start
@@ -425,9 +425,7 @@ struct sock { 
	u32			sk_ack_backlog;

	u32			sk_max_ack_backlog;

	__u32			sk_priority;

#if IS_ENABLED(CONFIG_CGROUP_NET_PRIO)

	__u32			sk_cgrp_prioidx;

#endif

	__u32			sk_mark;

	struct pid		*sk_peer_pid;

	const struct cred	*sk_peer_cred;

	long			sk_rcvtimeo;
@@ -445,7 +443,9 @@ struct sock { 
#ifdef CONFIG_SECURITY

	void			*sk_security;

#endif

	__u32			sk_mark;

#if IS_ENABLED(CONFIG_CGROUP_NET_PRIO)

	u16			sk_cgrp_prioidx;

#endif

#ifdef CONFIG_CGROUP_NET_CLASSID

	u32			sk_classid;

#endif

net/core/netprio_cgroup.c

+9 −0
Original line number Diff line number Diff line
@@ -27,6 +27,12 @@ 


#include <linux/fdtable.h>



/*

 * netprio allocates per-net_device priomap array which is indexed by

 * css->id.  Limiting css ID to 16bits doesn't lose anything.

 */

#define NETPRIO_ID_MAX		USHRT_MAX



#define PRIOMAP_MIN_SZ		128



/*
@@ -144,6 +150,9 @@ static int cgrp_css_online(struct cgroup_subsys_state *css) 
	struct net_device *dev;

	int ret = 0;



	if (css->id > NETPRIO_ID_MAX)

		return -ENOSPC;



	if (!parent_css)

		return 0;