Commit dc6de336 authored by David S. Miller's avatar David S. Miller
Browse files

[NET]: Add skb->truesize assertion checking.



Add some sanity checking.  truesize should be at least sizeof(struct
sk_buff) plus the current packet length.  If not, then truesize is
seriously mangled and deserves a kernel log message.

Currently we'll do the check for release of stream socket buffers.

But we can add checks to more spots over time.

Incorporating ideas from Herbert Xu.
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent b60b49ea
...@@ -344,6 +344,13 @@ extern void skb_over_panic(struct sk_buff *skb, int len, ...@@ -344,6 +344,13 @@ extern void skb_over_panic(struct sk_buff *skb, int len,
void *here); void *here);
extern void skb_under_panic(struct sk_buff *skb, int len, extern void skb_under_panic(struct sk_buff *skb, int len,
void *here); void *here);
extern void skb_truesize_bug(struct sk_buff *skb);
static inline void skb_truesize_check(struct sk_buff *skb)
{
if (unlikely((int)skb->truesize < sizeof(struct sk_buff) + skb->len))
skb_truesize_bug(skb);
}
extern int skb_append_datato_frags(struct sock *sk, struct sk_buff *skb, extern int skb_append_datato_frags(struct sock *sk, struct sk_buff *skb,
int getfrag(void *from, char *to, int offset, int getfrag(void *from, char *to, int offset,
......
...@@ -454,6 +454,7 @@ static inline void sk_stream_set_owner_r(struct sk_buff *skb, struct sock *sk) ...@@ -454,6 +454,7 @@ static inline void sk_stream_set_owner_r(struct sk_buff *skb, struct sock *sk)
static inline void sk_stream_free_skb(struct sock *sk, struct sk_buff *skb) static inline void sk_stream_free_skb(struct sock *sk, struct sk_buff *skb)
{ {
skb_truesize_check(skb);
sock_set_flag(sk, SOCK_QUEUE_SHRUNK); sock_set_flag(sk, SOCK_QUEUE_SHRUNK);
sk->sk_wmem_queued -= skb->truesize; sk->sk_wmem_queued -= skb->truesize;
sk->sk_forward_alloc += skb->truesize; sk->sk_forward_alloc += skb->truesize;
......
...@@ -112,6 +112,14 @@ void skb_under_panic(struct sk_buff *skb, int sz, void *here) ...@@ -112,6 +112,14 @@ void skb_under_panic(struct sk_buff *skb, int sz, void *here)
BUG(); BUG();
} }
void skb_truesize_bug(struct sk_buff *skb)
{
printk(KERN_ERR "SKB BUG: Invalid truesize (%u) "
"len=%u, sizeof(sk_buff)=%Zd\n",
skb->truesize, skb->len, sizeof(struct sk_buff));
}
EXPORT_SYMBOL(skb_truesize_bug);
/* Allocate a new skbuff. We do this ourselves so we can fill in a few /* Allocate a new skbuff. We do this ourselves so we can fill in a few
* 'private' fields and also do memory statistics to find all the * 'private' fields and also do memory statistics to find all the
* [BEEP] leaks. * [BEEP] leaks.
......
...@@ -176,6 +176,7 @@ void sk_stream_rfree(struct sk_buff *skb) ...@@ -176,6 +176,7 @@ void sk_stream_rfree(struct sk_buff *skb)
{ {
struct sock *sk = skb->sk; struct sock *sk = skb->sk;
skb_truesize_check(skb);
atomic_sub(skb->truesize, &sk->sk_rmem_alloc); atomic_sub(skb->truesize, &sk->sk_rmem_alloc);
sk->sk_forward_alloc += skb->truesize; sk->sk_forward_alloc += skb->truesize;
} }
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment