aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorPavel Emelyanov <xemul@openvz.org>2007-11-11 01:08:30 -0500
committerDavid S. Miller <davem@davemloft.net>2007-11-11 01:08:30 -0500
commit284b327be2f86cf751316ff344b6945e580e654f (patch)
tree61a5e5b353be80e092795e357863509861a6a774
parent5c80f1ae9842a8b7985acd0f02efb9828effb05f (diff)
[UNIX]: The unix_nr_socks limit can be exceeded
The unix_nr_socks value is limited with the 2 * get_max_files() value, as seen from the unix_create1(). However, the check and the actual increment are separated with the GFP_KERNEL allocation, so this limit can be exceeded under a memory pressure - task may go to sleep freeing the pages and some other task will be allowed to allocate a new sock and so on and so forth. So make the increment before the check (similar thing is done in the sock_kmalloc) and go to kmalloc after this. Signed-off-by: Pavel Emelyanov <xemul@openvz.org> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/unix/af_unix.c7
1 files changed, 4 insertions, 3 deletions
diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index ab9048ac197..e835da8fc09 100644
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -599,15 +599,14 @@ static struct sock * unix_create1(struct net *net, struct socket *sock)
599 struct sock *sk = NULL; 599 struct sock *sk = NULL;
600 struct unix_sock *u; 600 struct unix_sock *u;
601 601
602 if (atomic_read(&unix_nr_socks) >= 2*get_max_files()) 602 atomic_inc(&unix_nr_socks);
603 if (atomic_read(&unix_nr_socks) > 2 * get_max_files())
603 goto out; 604 goto out;
604 605
605 sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_proto); 606 sk = sk_alloc(net, PF_UNIX, GFP_KERNEL, &unix_proto);
606 if (!sk) 607 if (!sk)
607 goto out; 608 goto out;
608 609
609 atomic_inc(&unix_nr_socks);
610
611 sock_init_data(sock,sk); 610 sock_init_data(sock,sk);
612 lockdep_set_class(&sk->sk_receive_queue.lock, 611 lockdep_set_class(&sk->sk_receive_queue.lock,
613 &af_unix_sk_receive_queue_lock_key); 612 &af_unix_sk_receive_queue_lock_key);
@@ -625,6 +624,8 @@ static struct sock * unix_create1(struct net *net, struct socket *sock)
625 init_waitqueue_head(&u->peer_wait); 624 init_waitqueue_head(&u->peer_wait);
626 unix_insert_socket(unix_sockets_unbound, sk); 625 unix_insert_socket(unix_sockets_unbound, sk);
627out: 626out:
627 if (sk == NULL)
628 atomic_dec(&unix_nr_socks);
628 return sk; 629 return sk;
629} 630}
630 631