netlink: Avoid netlink mmap alloc if msg size exceeds frame size

An insufficent ring frame size configuration can lead to an unnecessary skb allocation for every Netlink message. Check frame size before taking the queue lock and allocating the skb and re-check with lock to be safe. Signed-off-by: Thomas Graf <tgraf@suug.ch> Reviewed-by: Daniel Borkmann <dborkman@redhat.com> Signed-off-by: Jesse Gross <jesse@nicira.com>
author: Thomas Graf <tgraf@suug.ch> 2013-11-30 07:21:31 -0500
committer: Jesse Gross <jesse@nicira.com> 2014-01-06 18:52:06 -0500
commit: aae9f0e22c07f6b97752741156ac0b3637d37a1a (patch)
tree: 164aafabd87e384e55527a37ab67761ef7473c86 /net/netlink
parent: bb9b18fb55b03477fe5bdd3e97245d6d4d3dee4f (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index bca50b95c182..64334893c61c 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -1769,6 +1769,9 @@ struct sk_buff *netlink_alloc_skb(struct sock *ssk, unsigned int size,
        if (ring->pg_vec == NULL)
                goto out_put;
+        if (ring->frame_size - NL_MMAP_HDRLEN < size)
+                goto out_put;
        skb = alloc_skb_head(gfp_mask);
        if (skb == NULL)
                goto err1;
@@ -1778,6 +1781,7 @@ struct sk_buff *netlink_alloc_skb(struct sock *ssk, unsigned int size,
        if (ring->pg_vec == NULL)
                goto out_free;
+        /* check again under lock */
        maxlen = ring->frame_size - NL_MMAP_HDRLEN;
        if (maxlen < size)
                goto out_free;
author	Thomas Graf <tgraf@suug.ch>	2013-11-30 07:21:31 -0500
committer	Jesse Gross <jesse@nicira.com>	2014-01-06 18:52:06 -0500
commit	aae9f0e22c07f6b97752741156ac0b3637d37a1a (patch)
tree	164aafabd87e384e55527a37ab67761ef7473c86 /net/netlink
parent	bb9b18fb55b03477fe5bdd3e97245d6d4d3dee4f (diff)