1 files changed, 5 insertions, 70 deletions
diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c
index 193fd8637f9f..8700379685e0 100644
--- a/net/core/rtnetlink.c
+++ b/net/core/rtnetlink.c
@@ -49,6 +49,7 @@
 #include <net/udp.h>
 #include <net/sock.h>
 #include <net/pkt_sched.h>
+#include <net/netlink.h>
 DECLARE_MUTEX(rtnl_sem);
@@ -519,8 +520,6 @@ rtnetlink_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh, int *errp)
        }
        if (kind == 2 && nlh->nlmsg_flags&NLM_F_DUMP) {
-                u32 rlen;
                if (link->dumpit == NULL)
                        link = &(rtnetlink_links[PF_UNSPEC][type]);
@@ -531,10 +530,8 @@ rtnetlink_rcv_msg(struct sk_buff *skb, struct nlmsghdr *nlh, int *errp)
                                                link->dumpit, NULL)) != 0) {
                        return -1;
                }
-                rlen = NLMSG_ALIGN(nlh->nlmsg_len);
-                if (rlen > skb->len)
+                netlink_queue_skip(nlh, skb);
-                        rlen = skb->len;
-                skb_pull(skb, rlen);
                return -1;
        }
@@ -573,75 +570,13 @@ err_inval:
        return -1;
 }
-/* 
- * Process one packet of messages.
- * Malformed skbs with wrong lengths of messages are discarded silently.
- */
-static inline int rtnetlink_rcv_skb(struct sk_buff *skb)
-{
-        int err;
-        struct nlmsghdr * nlh;
-        while (skb->len >= NLMSG_SPACE(0)) {
-                u32 rlen;
-                nlh = (struct nlmsghdr *)skb->data;
-                if (nlh->nlmsg_len < sizeof(*nlh) || skb->len < nlh->nlmsg_len)
-                        return 0;
-                rlen = NLMSG_ALIGN(nlh->nlmsg_len);
-                if (rlen > skb->len)
-                        rlen = skb->len;
-                if (rtnetlink_rcv_msg(skb, nlh, &err)) {
-                        /* Not error, but we must interrupt processing here:
-                         *   Note, that in this case we do not pull message
-                         *   from skb, it will be processed later.
-                         */
-                        if (err == 0)
-                                return -1;
-                        netlink_ack(skb, nlh, err);
-                } else if (nlh->nlmsg_flags&NLM_F_ACK)
-                        netlink_ack(skb, nlh, 0);
-                skb_pull(skb, rlen);
-        }
-        return 0;
-}
-/*
- *  rtnetlink input queue processing routine:
- *      - process as much as there was in the queue upon entry.
- *      - feed skbs to rtnetlink_rcv_skb, until it refuse a message,
- *        that will occur, when a dump started.
- */
 static void rtnetlink_rcv(struct sock *sk, int len)
 {
-        unsigned int qlen = skb_queue_len(&sk->sk_receive_queue);
+        unsigned int qlen = 0;
        do {
-                struct sk_buff *skb;
                rtnl_lock();
+                netlink_run_queue(sk, &qlen, &rtnetlink_rcv_msg);
-                if (qlen > skb_queue_len(&sk->sk_receive_queue))
-                        qlen = skb_queue_len(&sk->sk_receive_queue);
-                for (; qlen; qlen--) {
-                        skb = skb_dequeue(&sk->sk_receive_queue);
-                        if (rtnetlink_rcv_skb(skb)) {
-                                if (skb->len)
-                                        skb_queue_head(&sk->sk_receive_queue,
-                                                       skb);
-                                else {
-                                        kfree_skb(skb);
-                                        qlen--;
-                                }
-                                break;
-                        }
-                        kfree_skb(skb);
-                }
                up(&rtnl_sem);
                netdev_run_todo();

diff --git a/net/core/rtnetlink.c b/net/core/rtnetlink.c index 193fd8637f9f..8700379685e0 100644 --- a/net/core/rtnetlink.c +++ b/net/core/rtnetlink.c
@@ -49,6 +49,7 @@
49	#include <net/udp.h>	49	#include <net/udp.h>
50	#include <net/sock.h>	50	#include <net/sock.h>
51	#include <net/pkt_sched.h>	51	#include <net/pkt_sched.h>
		52	#include <net/netlink.h>
52		53
53	DECLARE_MUTEX(rtnl_sem);	54	DECLARE_MUTEX(rtnl_sem);
54		55
@@ -519,8 +520,6 @@ rtnetlink_rcv_msg(struct sk_buff skb, struct nlmsghdr nlh, int *errp)
519	}	520	}
520		521
521	if (kind == 2 && nlh->nlmsg_flags&NLM_F_DUMP) {	522	if (kind == 2 && nlh->nlmsg_flags&NLM_F_DUMP) {
522	u32 rlen;
523
524	if (link->dumpit == NULL)	523	if (link->dumpit == NULL)
525	link = &(rtnetlink_links[PF_UNSPEC][type]);	524	link = &(rtnetlink_links[PF_UNSPEC][type]);
526		525
@@ -531,10 +530,8 @@ rtnetlink_rcv_msg(struct sk_buff skb, struct nlmsghdr nlh, int *errp)
531	link->dumpit, NULL)) != 0) {	530	link->dumpit, NULL)) != 0) {
532	return -1;	531	return -1;
533	}	532	}
534	rlen = NLMSG_ALIGN(nlh->nlmsg_len);	533
535	if (rlen > skb->len)	534	netlink_queue_skip(nlh, skb);
536	rlen = skb->len;
537	skb_pull(skb, rlen);
538	return -1;	535	return -1;
539	}	536	}
540		537
@@ -573,75 +570,13 @@ err_inval:
573	return -1;	570	return -1;
574	}	571	}
575		572
576	/*
577	* Process one packet of messages.
578	* Malformed skbs with wrong lengths of messages are discarded silently.
579	*/
580
581	static inline int rtnetlink_rcv_skb(struct sk_buff *skb)
582	{
583	int err;
584	struct nlmsghdr * nlh;
585
586	while (skb->len >= NLMSG_SPACE(0)) {
587	u32 rlen;
588
589	nlh = (struct nlmsghdr *)skb->data;
590	if (nlh->nlmsg_len < sizeof(*nlh) \|\| skb->len < nlh->nlmsg_len)
591	return 0;
592	rlen = NLMSG_ALIGN(nlh->nlmsg_len);
593	if (rlen > skb->len)
594	rlen = skb->len;
595	if (rtnetlink_rcv_msg(skb, nlh, &err)) {
596	/* Not error, but we must interrupt processing here:
597	* Note, that in this case we do not pull message
598	* from skb, it will be processed later.
599	*/
600	if (err == 0)
601	return -1;
602	netlink_ack(skb, nlh, err);
603	} else if (nlh->nlmsg_flags&NLM_F_ACK)
604	netlink_ack(skb, nlh, 0);
605	skb_pull(skb, rlen);
606	}
607
608	return 0;
609	}
610
611	/*
612	* rtnetlink input queue processing routine:
613	* - process as much as there was in the queue upon entry.
614	* - feed skbs to rtnetlink_rcv_skb, until it refuse a message,
615	* that will occur, when a dump started.
616	*/
617
618	static void rtnetlink_rcv(struct sock *sk, int len)	573	static void rtnetlink_rcv(struct sock *sk, int len)
619	{	574	{
620	unsigned int qlen = skb_queue_len(&sk->sk_receive_queue);	575	unsigned int qlen = 0;
621		576
622	do {	577	do {
623	struct sk_buff *skb;
624
625	rtnl_lock();	578	rtnl_lock();
626		579	netlink_run_queue(sk, &qlen, &rtnetlink_rcv_msg);
627	if (qlen > skb_queue_len(&sk->sk_receive_queue))
628	qlen = skb_queue_len(&sk->sk_receive_queue);
629
630	for (; qlen; qlen--) {
631	skb = skb_dequeue(&sk->sk_receive_queue);
632	if (rtnetlink_rcv_skb(skb)) {
633	if (skb->len)
634	skb_queue_head(&sk->sk_receive_queue,
635	skb);
636	else {
637	kfree_skb(skb);
638	qlen--;
639	}
640	break;
641	}
642	kfree_skb(skb);
643	}
644
645	up(&rtnl_sem);	580	up(&rtnl_sem);
646		581
647	netdev_run_todo();	582	netdev_run_todo();