From: Eric Dumazet <eric.dumazet@gmail.com>
To: David Miller <davem@davemloft.net>
Cc: shawn.lu@ericsson.com, netdev@vger.kernel.org, xiaoclu@gmail.com
Subject: [PATCH net-next] tcp: md5: use sock_kmalloc() to limit md5 keys
Date: Tue, 31 Jan 2012 21:56:48 +0100 [thread overview]
Message-ID: <1328043408.2617.9.camel@edumazet-laptop> (raw)
In-Reply-To: <20120131.121510.2256411938697193634.davem@davemloft.net>
There is no limit on number of MD5 keys an application can attach to a
tcp socket.
This patch adds a per tcp socket limit based
on /proc/sys/net/core/optmem_max
With current default optmem_max values, this allows about 150 keys on
64bit arches, and 88 keys on 32bit arches.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
---
net/ipv4/tcp_ipv4.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 1d5fd82..da5d322 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -943,11 +943,11 @@ int tcp_md5_do_add(struct sock *sk, const union tcp_md5_addr *addr,
tp->md5sig_info = md5sig;
}
- key = kmalloc(sizeof(*key), gfp);
+ key = sock_kmalloc(sk, sizeof(*key), gfp);
if (!key)
return -ENOMEM;
if (hlist_empty(&md5sig->head) && !tcp_alloc_md5sig_pool(sk)) {
- kfree(key);
+ sock_kfree_s(sk, key, sizeof(*key));
return -ENOMEM;
}
@@ -971,6 +971,7 @@ int tcp_md5_do_del(struct sock *sk, const union tcp_md5_addr *addr, int family)
if (!key)
return -ENOENT;
hlist_del_rcu(&key->node);
+ atomic_sub(sizeof(*key), &sk->sk_omem_alloc);
kfree_rcu(key, rcu);
if (hlist_empty(&tp->md5sig_info->head))
tcp_free_md5sig_pool();
@@ -988,6 +989,7 @@ void tcp_clear_md5_list(struct sock *sk)
tcp_free_md5sig_pool();
hlist_for_each_entry_safe(key, pos, n, &tp->md5sig_info->head, node) {
hlist_del_rcu(&key->node);
+ atomic_sub(sizeof(*key), &sk->sk_omem_alloc);
kfree_rcu(key, rcu);
}
}
next prev parent reply other threads:[~2012-01-31 20:56 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-01-31 2:07 [PATCH] tcp: md5: fix md5 RST when both sides have listener Shawn Lu
2012-01-31 2:16 ` Eric Dumazet
2012-01-31 2:37 ` Shawn Lu
2012-01-31 8:39 ` Shawn Lu
2012-01-31 9:05 ` Eric Dumazet
2012-01-31 13:33 ` Eric Dumazet
2012-01-31 15:18 ` [PATCH net-next] tcp: md5: rcu conversion Eric Dumazet
2012-01-31 15:38 ` Eric Dumazet
2012-01-31 17:15 ` David Miller
2012-01-31 20:56 ` Eric Dumazet [this message]
2012-01-31 21:13 ` [PATCH net-next] tcp: md5: use sock_kmalloc() to limit md5 keys David Miller
2012-01-31 17:14 ` [PATCH net-next] tcp: md5: rcu conversion David Miller
2012-01-31 18:15 ` [PATCH] tcp: md5: fix md5 RST when both sides have listener Shawn Lu
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1328043408.2617.9.camel@edumazet-laptop \
--to=eric.dumazet@gmail.com \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
--cc=shawn.lu@ericsson.com \
--cc=xiaoclu@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox