From: Dan Carpenter <dan.carpenter@oracle•com>
To: stable@vger•kernel.org
Cc: Greg Kroah-Hartman <greg@kroah•com>, Zhu Yi <yi.zhu@intel•com>,
netdev@vger•kernel.org, Eric Dumazet <eric.dumazet@gmail•com>
Subject: [patch 4/8 2.6.32] sctp: use limited socket backlog
Date: Sun, 13 Nov 2011 23:18:24 +0300 [thread overview]
Message-ID: <20111113201823.GE1362@elgon.mountain> (raw)
In-Reply-To: <20111113201336.GA1362@elgon.mountain>
This applied without changes to the original patch.
>From 50b1a782f845140f4138f14a1ce8a4a6dd0cc82f Mon Sep 17 00:00:00 2001
From: Zhu Yi <yi.zhu@intel•com>
Date: Thu, 4 Mar 2010 18:01:44 +0000
Subject: [PATCH] sctp: use limited socket backlog
Make sctp adapt to the limited socket backlog change.
Cc: Vlad Yasevich <vladislav.yasevich@hp•com>
Cc: Sridhar Samudrala <sri@us•ibm.com>
Signed-off-by: Zhu Yi <yi.zhu@intel•com>
Signed-off-by: David S. Miller <davem@davemloft•net>
Signed-off-by: Dan Carpenter <dan.carpenter@oracle•com>
---
net/sctp/input.c | 42 +++++++++++++++++++++++++++---------------
net/sctp/socket.c | 3 +++
2 files changed, 30 insertions(+), 15 deletions(-)
diff --git a/net/sctp/input.c b/net/sctp/input.c
index c0c973e..cbc0636 100644
--- a/net/sctp/input.c
+++ b/net/sctp/input.c
@@ -75,7 +75,7 @@ static struct sctp_association *__sctp_lookup_association(
const union sctp_addr *peer,
struct sctp_transport **pt);
-static void sctp_add_backlog(struct sock *sk, struct sk_buff *skb);
+static int sctp_add_backlog(struct sock *sk, struct sk_buff *skb);
/* Calculate the SCTP checksum of an SCTP packet. */
@@ -265,8 +265,13 @@ int sctp_rcv(struct sk_buff *skb)
}
if (sock_owned_by_user(sk)) {
+ if (sctp_add_backlog(sk, skb)) {
+ sctp_bh_unlock_sock(sk);
+ sctp_chunk_free(chunk);
+ skb = NULL; /* sctp_chunk_free already freed the skb */
+ goto discard_release;
+ }
SCTP_INC_STATS_BH(SCTP_MIB_IN_PKT_BACKLOG);
- sctp_add_backlog(sk, skb);
} else {
SCTP_INC_STATS_BH(SCTP_MIB_IN_PKT_SOFTIRQ);
sctp_inq_push(&chunk->rcvr->inqueue, chunk);
@@ -336,8 +341,10 @@ int sctp_backlog_rcv(struct sock *sk, struct sk_buff *skb)
sctp_bh_lock_sock(sk);
if (sock_owned_by_user(sk)) {
- sk_add_backlog(sk, skb);
- backloged = 1;
+ if (sk_add_backlog_limited(sk, skb))
+ sctp_chunk_free(chunk);
+ else
+ backloged = 1;
} else
sctp_inq_push(inqueue, chunk);
@@ -362,22 +369,27 @@ done:
return 0;
}
-static void sctp_add_backlog(struct sock *sk, struct sk_buff *skb)
+static int sctp_add_backlog(struct sock *sk, struct sk_buff *skb)
{
struct sctp_chunk *chunk = SCTP_INPUT_CB(skb)->chunk;
struct sctp_ep_common *rcvr = chunk->rcvr;
+ int ret;
- /* Hold the assoc/ep while hanging on the backlog queue.
- * This way, we know structures we need will not disappear from us
- */
- if (SCTP_EP_TYPE_ASSOCIATION == rcvr->type)
- sctp_association_hold(sctp_assoc(rcvr));
- else if (SCTP_EP_TYPE_SOCKET == rcvr->type)
- sctp_endpoint_hold(sctp_ep(rcvr));
- else
- BUG();
+ ret = sk_add_backlog_limited(sk, skb);
+ if (!ret) {
+ /* Hold the assoc/ep while hanging on the backlog queue.
+ * This way, we know structures we need will not disappear
+ * from us
+ */
+ if (SCTP_EP_TYPE_ASSOCIATION == rcvr->type)
+ sctp_association_hold(sctp_assoc(rcvr));
+ else if (SCTP_EP_TYPE_SOCKET == rcvr->type)
+ sctp_endpoint_hold(sctp_ep(rcvr));
+ else
+ BUG();
+ }
+ return ret;
- sk_add_backlog(sk, skb);
}
/* Handle icmp frag needed error. */
diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index f6d1e59..dfc5c12 100644
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -3720,6 +3720,9 @@ SCTP_STATIC int sctp_init_sock(struct sock *sk)
SCTP_DBG_OBJCNT_INC(sock);
percpu_counter_inc(&sctp_sockets_allocated);
+ /* Set socket backlog limit. */
+ sk->sk_backlog.limit = sysctl_sctp_rmem[1];
+
local_bh_disable();
sock_prot_inuse_add(sock_net(sk), sk->sk_prot, 1);
local_bh_enable();
--
1.7.8.rc0.dirty
next prev parent reply other threads:[~2011-11-13 20:18 UTC|newest]
Thread overview: 12+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-11-13 20:13 [patch 0/8 2.6.32] CVE-2010-4251: packet backlog can get too large Dan Carpenter
2011-11-13 20:17 ` [patch 2/8 2.6.32] udp: use limited socket backlog Dan Carpenter
2011-11-13 20:18 ` [patch 3/8 2.6.32] x25: " Dan Carpenter
2011-11-13 20:18 ` Dan Carpenter [this message]
2011-11-13 20:18 ` [patch 5/8 2.6.32] tipc: " Dan Carpenter
2011-11-13 20:19 ` [patch 6/8 2.6.32] tcp: " Dan Carpenter
2011-11-13 20:19 ` [patch 7/8 2.6.32] llc: " Dan Carpenter
2011-11-13 20:19 ` [patch 8/8 2.6.32] net: backlog functions rename Dan Carpenter
2011-11-13 20:58 ` [patch 0/8 2.6.32] CVE-2010-4251: packet backlog can get too large David Miller
2011-11-13 23:29 ` Ben Hutchings
2011-11-14 3:24 ` David Miller
2011-11-14 18:11 ` Greg KH
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20111113201823.GE1362@elgon.mountain \
--to=dan.carpenter@oracle$(echo .)com \
--cc=eric.dumazet@gmail$(echo .)com \
--cc=greg@kroah$(echo .)com \
--cc=netdev@vger$(echo .)kernel.org \
--cc=stable@vger$(echo .)kernel.org \
--cc=yi.zhu@intel$(echo .)com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox