summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorEric Dumazet <eric.dumazet@gmail.com>2012-01-31 10:56:48 +0000
committerDavid S. Miller <davem@davemloft.net>2012-01-31 16:11:48 -0500
commit5f3d9cb2962967d9d7e03abb4a7ca275a9a3fea5 (patch)
tree7847eb10ad6a754ed2798bce28ea3d142484a164
parenta915da9b69273815527ccb3789421cb7027b545b (diff)
tcp: md5: use sock_kmalloc() to limit md5 keys
There is no limit on number of MD5 keys an application can attach to a tcp socket. This patch adds a per tcp socket limit based on /proc/sys/net/core/optmem_max With current default optmem_max values, this allows about 150 keys on 64bit arches, and 88 keys on 32bit arches. Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r--net/ipv4/tcp_ipv4.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c
index 1d5fd82c5c0..da5d3226771 100644
--- a/net/ipv4/tcp_ipv4.c
+++ b/net/ipv4/tcp_ipv4.c
@@ -943,11 +943,11 @@ int tcp_md5_do_add(struct sock *sk, const union tcp_md5_addr *addr,
tp->md5sig_info = md5sig;
}
- key = kmalloc(sizeof(*key), gfp);
+ key = sock_kmalloc(sk, sizeof(*key), gfp);
if (!key)
return -ENOMEM;
if (hlist_empty(&md5sig->head) && !tcp_alloc_md5sig_pool(sk)) {
- kfree(key);
+ sock_kfree_s(sk, key, sizeof(*key));
return -ENOMEM;
}
@@ -971,6 +971,7 @@ int tcp_md5_do_del(struct sock *sk, const union tcp_md5_addr *addr, int family)
if (!key)
return -ENOENT;
hlist_del_rcu(&key->node);
+ atomic_sub(sizeof(*key), &sk->sk_omem_alloc);
kfree_rcu(key, rcu);
if (hlist_empty(&tp->md5sig_info->head))
tcp_free_md5sig_pool();
@@ -988,6 +989,7 @@ void tcp_clear_md5_list(struct sock *sk)
tcp_free_md5sig_pool();
hlist_for_each_entry_safe(key, pos, n, &tp->md5sig_info->head, node) {
hlist_del_rcu(&key->node);
+ atomic_sub(sizeof(*key), &sk->sk_omem_alloc);
kfree_rcu(key, rcu);
}
}