aboutsummaryrefslogtreecommitdiffstats
path: root/net
diff options
context:
space:
mode:
Diffstat (limited to 'net')
-rw-r--r--net/bridge/netfilter/ebtables.c20
-rw-r--r--net/core/skbuff.c8
-rw-r--r--net/core/stream.c1
-rw-r--r--net/ipv4/tcp_output.c10
-rw-r--r--net/llc/llc_input.c3
-rw-r--r--net/socket.c1
6 files changed, 26 insertions, 17 deletions
diff --git a/net/bridge/netfilter/ebtables.c b/net/bridge/netfilter/ebtables.c
index 84b9af76f0a2..3a13ed643459 100644
--- a/net/bridge/netfilter/ebtables.c
+++ b/net/bridge/netfilter/ebtables.c
@@ -831,7 +831,7 @@ static int translate_table(struct ebt_replace *repl,
831 return -ENOMEM; 831 return -ENOMEM;
832 for_each_possible_cpu(i) { 832 for_each_possible_cpu(i) {
833 newinfo->chainstack[i] = 833 newinfo->chainstack[i] =
834 vmalloc(udc_cnt * sizeof(struct ebt_chainstack)); 834 vmalloc(udc_cnt * sizeof(*(newinfo->chainstack[0])));
835 if (!newinfo->chainstack[i]) { 835 if (!newinfo->chainstack[i]) {
836 while (i) 836 while (i)
837 vfree(newinfo->chainstack[--i]); 837 vfree(newinfo->chainstack[--i]);
@@ -841,8 +841,7 @@ static int translate_table(struct ebt_replace *repl,
841 } 841 }
842 } 842 }
843 843
844 cl_s = (struct ebt_cl_stack *) 844 cl_s = vmalloc(udc_cnt * sizeof(*cl_s));
845 vmalloc(udc_cnt * sizeof(struct ebt_cl_stack));
846 if (!cl_s) 845 if (!cl_s)
847 return -ENOMEM; 846 return -ENOMEM;
848 i = 0; /* the i'th udc */ 847 i = 0; /* the i'th udc */
@@ -944,8 +943,7 @@ static int do_replace(void __user *user, unsigned int len)
944 943
945 countersize = COUNTER_OFFSET(tmp.nentries) * 944 countersize = COUNTER_OFFSET(tmp.nentries) *
946 (highest_possible_processor_id()+1); 945 (highest_possible_processor_id()+1);
947 newinfo = (struct ebt_table_info *) 946 newinfo = vmalloc(sizeof(*newinfo) + countersize);
948 vmalloc(sizeof(struct ebt_table_info) + countersize);
949 if (!newinfo) 947 if (!newinfo)
950 return -ENOMEM; 948 return -ENOMEM;
951 949
@@ -967,8 +965,7 @@ static int do_replace(void __user *user, unsigned int len)
967 /* the user wants counters back 965 /* the user wants counters back
968 the check on the size is done later, when we have the lock */ 966 the check on the size is done later, when we have the lock */
969 if (tmp.num_counters) { 967 if (tmp.num_counters) {
970 counterstmp = (struct ebt_counter *) 968 counterstmp = vmalloc(tmp.num_counters * sizeof(*counterstmp));
971 vmalloc(tmp.num_counters * sizeof(struct ebt_counter));
972 if (!counterstmp) { 969 if (!counterstmp) {
973 ret = -ENOMEM; 970 ret = -ENOMEM;
974 goto free_entries; 971 goto free_entries;
@@ -1148,8 +1145,7 @@ int ebt_register_table(struct ebt_table *table)
1148 1145
1149 countersize = COUNTER_OFFSET(table->table->nentries) * 1146 countersize = COUNTER_OFFSET(table->table->nentries) *
1150 (highest_possible_processor_id()+1); 1147 (highest_possible_processor_id()+1);
1151 newinfo = (struct ebt_table_info *) 1148 newinfo = vmalloc(sizeof(*newinfo) + countersize);
1152 vmalloc(sizeof(struct ebt_table_info) + countersize);
1153 ret = -ENOMEM; 1149 ret = -ENOMEM;
1154 if (!newinfo) 1150 if (!newinfo)
1155 return -ENOMEM; 1151 return -ENOMEM;
@@ -1247,8 +1243,7 @@ static int update_counters(void __user *user, unsigned int len)
1247 if (hlp.num_counters == 0) 1243 if (hlp.num_counters == 0)
1248 return -EINVAL; 1244 return -EINVAL;
1249 1245
1250 if ( !(tmp = (struct ebt_counter *) 1246 if (!(tmp = vmalloc(hlp.num_counters * sizeof(*tmp)))) {
1251 vmalloc(hlp.num_counters * sizeof(struct ebt_counter))) ){
1252 MEMPRINT("Update_counters && nomemory\n"); 1247 MEMPRINT("Update_counters && nomemory\n");
1253 return -ENOMEM; 1248 return -ENOMEM;
1254 } 1249 }
@@ -1377,8 +1372,7 @@ static int copy_everything_to_user(struct ebt_table *t, void __user *user,
1377 BUGPRINT("Num_counters wrong\n"); 1372 BUGPRINT("Num_counters wrong\n");
1378 return -EINVAL; 1373 return -EINVAL;
1379 } 1374 }
1380 counterstmp = (struct ebt_counter *) 1375 counterstmp = vmalloc(nentries * sizeof(*counterstmp));
1381 vmalloc(nentries * sizeof(struct ebt_counter));
1382 if (!counterstmp) { 1376 if (!counterstmp) {
1383 MEMPRINT("Couldn't copy counters, out of memory\n"); 1377 MEMPRINT("Couldn't copy counters, out of memory\n");
1384 return -ENOMEM; 1378 return -ENOMEM;
diff --git a/net/core/skbuff.c b/net/core/skbuff.c
index 09464fa8d72f..fb3770f9c094 100644
--- a/net/core/skbuff.c
+++ b/net/core/skbuff.c
@@ -112,6 +112,14 @@ void skb_under_panic(struct sk_buff *skb, int sz, void *here)
112 BUG(); 112 BUG();
113} 113}
114 114
115void skb_truesize_bug(struct sk_buff *skb)
116{
117 printk(KERN_ERR "SKB BUG: Invalid truesize (%u) "
118 "len=%u, sizeof(sk_buff)=%Zd\n",
119 skb->truesize, skb->len, sizeof(struct sk_buff));
120}
121EXPORT_SYMBOL(skb_truesize_bug);
122
115/* Allocate a new skbuff. We do this ourselves so we can fill in a few 123/* Allocate a new skbuff. We do this ourselves so we can fill in a few
116 * 'private' fields and also do memory statistics to find all the 124 * 'private' fields and also do memory statistics to find all the
117 * [BEEP] leaks. 125 * [BEEP] leaks.
diff --git a/net/core/stream.c b/net/core/stream.c
index 35e25259fd95..e9489696f694 100644
--- a/net/core/stream.c
+++ b/net/core/stream.c
@@ -176,6 +176,7 @@ void sk_stream_rfree(struct sk_buff *skb)
176{ 176{
177 struct sock *sk = skb->sk; 177 struct sock *sk = skb->sk;
178 178
179 skb_truesize_check(skb);
179 atomic_sub(skb->truesize, &sk->sk_rmem_alloc); 180 atomic_sub(skb->truesize, &sk->sk_rmem_alloc);
180 sk->sk_forward_alloc += skb->truesize; 181 sk->sk_forward_alloc += skb->truesize;
181} 182}
diff --git a/net/ipv4/tcp_output.c b/net/ipv4/tcp_output.c
index 44df1db726a3..a28ae593b976 100644
--- a/net/ipv4/tcp_output.c
+++ b/net/ipv4/tcp_output.c
@@ -533,6 +533,7 @@ int tcp_fragment(struct sock *sk, struct sk_buff *skb, u32 len, unsigned int mss
533 struct tcp_sock *tp = tcp_sk(sk); 533 struct tcp_sock *tp = tcp_sk(sk);
534 struct sk_buff *buff; 534 struct sk_buff *buff;
535 int nsize, old_factor; 535 int nsize, old_factor;
536 int nlen;
536 u16 flags; 537 u16 flags;
537 538
538 BUG_ON(len > skb->len); 539 BUG_ON(len > skb->len);
@@ -552,8 +553,10 @@ int tcp_fragment(struct sock *sk, struct sk_buff *skb, u32 len, unsigned int mss
552 if (buff == NULL) 553 if (buff == NULL)
553 return -ENOMEM; /* We'll just try again later. */ 554 return -ENOMEM; /* We'll just try again later. */
554 555
555 buff->truesize = skb->len - len; 556 sk_charge_skb(sk, buff);
556 skb->truesize -= buff->truesize; 557 nlen = skb->len - len - nsize;
558 buff->truesize += nlen;
559 skb->truesize -= nlen;
557 560
558 /* Correct the sequence numbers. */ 561 /* Correct the sequence numbers. */
559 TCP_SKB_CB(buff)->seq = TCP_SKB_CB(skb)->seq + len; 562 TCP_SKB_CB(buff)->seq = TCP_SKB_CB(skb)->seq + len;
@@ -1039,7 +1042,8 @@ static int tso_fragment(struct sock *sk, struct sk_buff *skb, unsigned int len,
1039 if (unlikely(buff == NULL)) 1042 if (unlikely(buff == NULL))
1040 return -ENOMEM; 1043 return -ENOMEM;
1041 1044
1042 buff->truesize = nlen; 1045 sk_charge_skb(sk, buff);
1046 buff->truesize += nlen;
1043 skb->truesize -= nlen; 1047 skb->truesize -= nlen;
1044 1048
1045 /* Correct the sequence numbers. */ 1049 /* Correct the sequence numbers. */
diff --git a/net/llc/llc_input.c b/net/llc/llc_input.c
index 8f3addf0724c..d62e0f9b9da3 100644
--- a/net/llc/llc_input.c
+++ b/net/llc/llc_input.c
@@ -118,7 +118,8 @@ static inline int llc_fixup_skb(struct sk_buff *skb)
118 u16 pdulen = eth_hdr(skb)->h_proto, 118 u16 pdulen = eth_hdr(skb)->h_proto,
119 data_size = ntohs(pdulen) - llc_len; 119 data_size = ntohs(pdulen) - llc_len;
120 120
121 skb_trim(skb, data_size); 121 if (unlikely(pskb_trim_rcsum(skb, data_size)))
122 return 0;
122 } 123 }
123 return 1; 124 return 1;
124} 125}
diff --git a/net/socket.c b/net/socket.c
index 23898f45f713..0ce12dfc7a71 100644
--- a/net/socket.c
+++ b/net/socket.c
@@ -490,6 +490,7 @@ static struct socket *sockfd_lookup_light(int fd, int *err, int *fput_needed)
490 struct file *file; 490 struct file *file;
491 struct socket *sock; 491 struct socket *sock;
492 492
493 *err = -EBADF;
493 file = fget_light(fd, fput_needed); 494 file = fget_light(fd, fput_needed);
494 if (file) { 495 if (file) {
495 sock = sock_from_file(file, err); 496 sock = sock_from_file(file, err);
generated by cgit v1.2.2 (git 2.25.0) at 2024-12-19 10:13:23 -0500