pktgen: Dont leak kernel memory (66ed1e5e) · Commits · e / devices / android_kernel_teracube_2e

net/core/pktgen.c

+10 −5

Original line number	Diff line number	Diff line
		@@ -335,6 +335,7 @@ struct pktgen_dev {
		__u32 cur_src_mac_offset;
		__be32 cur_saddr;
		__be32 cur_daddr;
		__u16 ip_id;
		__u16 cur_udp_dst;
		__u16 cur_udp_src;
		__u16 cur_queue_map;
		@@ -2630,6 +2631,8 @@ static struct sk_buff fill_packet_ipv4(struct net_device odev,
		iph->protocol = IPPROTO_UDP; /* UDP */
		iph->saddr = pkt_dev->cur_saddr;
		iph->daddr = pkt_dev->cur_daddr;
		iph->id = htons(pkt_dev->ip_id);
		pkt_dev->ip_id++;
		iph->frag_off = 0;
		iplen = 20 + 8 + datalen;
		iph->tot_len = htons(iplen);
		@@ -2641,24 +2644,26 @@ static struct sk_buff fill_packet_ipv4(struct net_device odev,
		skb->dev = odev;
		skb->pkt_type = PACKET_HOST;

		if (pkt_dev->nfrags <= 0)
		if (pkt_dev->nfrags <= 0) {
		pgh = (struct pktgen_hdr *)skb_put(skb, datalen);
		else {
		memset(pgh + 1, 0, datalen - sizeof(struct pktgen_hdr));
		} else {
		int frags = pkt_dev->nfrags;
		int i;
		int i, len;

		pgh = (struct pktgen_hdr )(((char )(udph)) + 8);

		if (frags > MAX_SKB_FRAGS)
		frags = MAX_SKB_FRAGS;
		if (datalen > frags * PAGE_SIZE) {
		skb_put(skb, datalen - frags * PAGE_SIZE);
		len = datalen - frags * PAGE_SIZE;
		memset(skb_put(skb, len), 0, len);
		datalen = frags * PAGE_SIZE;
		}

		i = 0;
		while (datalen > 0) {
		struct page *page = alloc_pages(GFP_KERNEL, 0);
		struct page *page = alloc_pages(GFP_KERNEL \| __GFP_ZERO, 0);
		skb_shinfo(skb)->frags[i].page = page;
		skb_shinfo(skb)->frags[i].page_offset = 0;
		skb_shinfo(skb)->frags[i].size =