Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit aae9f0e2 authored by Thomas Graf's avatar Thomas Graf Committed by Jesse Gross
Browse files

netlink: Avoid netlink mmap alloc if msg size exceeds frame size 



An insufficent ring frame size configuration can lead to an
unnecessary skb allocation for every Netlink message. Check frame
size before taking the queue lock and allocating the skb and
re-check with lock to be safe.

Signed-off-by: default avatarThomas Graf <tgraf@suug.ch>
Reviewed-by: default avatarDaniel Borkmann <dborkman@redhat.com>
Signed-off-by: default avatarJesse Gross <jesse@nicira.com>
parent bb9b18fb

net/netlink/af_netlink.c

+4 −0
Original line number Diff line number Diff line
@@ -1769,6 +1769,9 @@ struct sk_buff *netlink_alloc_skb(struct sock *ssk, unsigned int size, 
	if (ring->pg_vec == NULL)

		goto out_put;



	if (ring->frame_size - NL_MMAP_HDRLEN < size)

		goto out_put;



	skb = alloc_skb_head(gfp_mask);

	if (skb == NULL)

		goto err1;
@@ -1778,6 +1781,7 @@ struct sk_buff *netlink_alloc_skb(struct sock *ssk, unsigned int size, 
	if (ring->pg_vec == NULL)

		goto out_free;



	/* check again under lock */

	maxlen = ring->frame_size - NL_MMAP_HDRLEN;

	if (maxlen < size)

		goto out_free;