netlink: Avoid netlink mmap alloc if msg size exceeds frame size

An insufficent ring frame size configuration can lead to an unnecessary skb allocation for every Netlink message. Check frame size before taking the queue lock and allocating the skb and re-check with lock to be safe. Signed-off-by: N Thomas Graf <tgraf@suug.ch> Reviewed-by: N Daniel Borkmann <dborkman@redhat.com> Signed-off-by: N Jesse Gross <jesse@nicira.com>

netlink: Avoid netlink mmap alloc if msg size exceeds frame size
An insufficent ring frame size configuration can lead to an unnecessary skb allocation for every Netlink message. Check frame size before taking the queue lock and allocating the skb and re-check with lock to be safe. Signed-off-by: N Thomas Graf <tgraf@suug.ch> Reviewed-by: N Daniel Borkmann <dborkman@redhat.com> Signed-off-by: N Jesse Gross <jesse@nicira.com>
aae9f0e2 · Thomas Graf · Jesse Gross · bb9b18fb · aae9f0e2
隐藏空白更改
内联并排

Showing with 4 addition and 0 deletion

net/netlink/af_netlink.c net/netlink/af_netlink.c +4 -0

未找到文件。
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -1769,6 +1769,9 @@ struct sk_buff *netlink_alloc_skb(struct sock *ssk, unsigned int size,
 	if (ring->pg_vec == NULL)
 		goto out_put;

+	if (ring->frame_size - NL_MMAP_HDRLEN < size)
+		goto out_put;
+
 	skb = alloc_skb_head(gfp_mask);
 	if (skb == NULL)
 		goto err1;
@@ -1778,6 +1781,7 @@ struct sk_buff *netlink_alloc_skb(struct sock *ssk, unsigned int size,
 	if (ring->pg_vec == NULL)
 		goto out_free;

+	/* check again under lock */
 	maxlen = ring->frame_size - NL_MMAP_HDRLEN;
 	if (maxlen < size)
 		goto out_free;