diff options
Diffstat (limited to 'net/packet/af_packet.c')
| -rw-r--r-- | net/packet/af_packet.c | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/net/packet/af_packet.c b/net/packet/af_packet.c index 8d9f8042705a..93896d2092f6 100644 --- a/net/packet/af_packet.c +++ b/net/packet/af_packet.c | |||
| @@ -632,6 +632,7 @@ static void init_prb_bdqc(struct packet_sock *po, | |||
| 632 | p1->tov_in_jiffies = msecs_to_jiffies(p1->retire_blk_tov); | 632 | p1->tov_in_jiffies = msecs_to_jiffies(p1->retire_blk_tov); |
| 633 | p1->blk_sizeof_priv = req_u->req3.tp_sizeof_priv; | 633 | p1->blk_sizeof_priv = req_u->req3.tp_sizeof_priv; |
| 634 | 634 | ||
| 635 | p1->max_frame_len = p1->kblk_size - BLK_PLUS_PRIV(p1->blk_sizeof_priv); | ||
| 635 | prb_init_ft_ops(p1, req_u); | 636 | prb_init_ft_ops(p1, req_u); |
| 636 | prb_setup_retire_blk_timer(po, tx_ring); | 637 | prb_setup_retire_blk_timer(po, tx_ring); |
| 637 | prb_open_block(p1, pbd); | 638 | prb_open_block(p1, pbd); |
| @@ -1942,6 +1943,18 @@ static int tpacket_rcv(struct sk_buff *skb, struct net_device *dev, | |||
| 1942 | if ((int)snaplen < 0) | 1943 | if ((int)snaplen < 0) |
| 1943 | snaplen = 0; | 1944 | snaplen = 0; |
| 1944 | } | 1945 | } |
| 1946 | } else if (unlikely(macoff + snaplen > | ||
| 1947 | GET_PBDQC_FROM_RB(&po->rx_ring)->max_frame_len)) { | ||
| 1948 | u32 nval; | ||
| 1949 | |||
| 1950 | nval = GET_PBDQC_FROM_RB(&po->rx_ring)->max_frame_len - macoff; | ||
| 1951 | pr_err_once("tpacket_rcv: packet too big, clamped from %u to %u. macoff=%u\n", | ||
| 1952 | snaplen, nval, macoff); | ||
| 1953 | snaplen = nval; | ||
| 1954 | if (unlikely((int)snaplen < 0)) { | ||
| 1955 | snaplen = 0; | ||
| 1956 | macoff = GET_PBDQC_FROM_RB(&po->rx_ring)->max_frame_len; | ||
| 1957 | } | ||
| 1945 | } | 1958 | } |
| 1946 | spin_lock(&sk->sk_receive_queue.lock); | 1959 | spin_lock(&sk->sk_receive_queue.lock); |
| 1947 | h.raw = packet_current_rx_frame(po, skb, | 1960 | h.raw = packet_current_rx_frame(po, skb, |
| @@ -3783,6 +3796,10 @@ static int packet_set_ring(struct sock *sk, union tpacket_req_u *req_u, | |||
| 3783 | goto out; | 3796 | goto out; |
| 3784 | if (unlikely(req->tp_block_size & (PAGE_SIZE - 1))) | 3797 | if (unlikely(req->tp_block_size & (PAGE_SIZE - 1))) |
| 3785 | goto out; | 3798 | goto out; |
| 3799 | if (po->tp_version >= TPACKET_V3 && | ||
| 3800 | (int)(req->tp_block_size - | ||
| 3801 | BLK_PLUS_PRIV(req_u->req3.tp_sizeof_priv)) <= 0) | ||
| 3802 | goto out; | ||
| 3786 | if (unlikely(req->tp_frame_size < po->tp_hdrlen + | 3803 | if (unlikely(req->tp_frame_size < po->tp_hdrlen + |
| 3787 | po->tp_reserve)) | 3804 | po->tp_reserve)) |
| 3788 | goto out; | 3805 | goto out; |