diff options
author | Eric Dumazet <eric.dumazet@gmail.com> | 2012-01-31 10:56:48 +0000 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2012-01-31 16:11:48 -0500 |
commit | 5f3d9cb2962967d9d7e03abb4a7ca275a9a3fea5 (patch) | |
tree | 7847eb10ad6a754ed2798bce28ea3d142484a164 | |
parent | a915da9b69273815527ccb3789421cb7027b545b (diff) |
tcp: md5: use sock_kmalloc() to limit md5 keys
There is no limit on number of MD5 keys an application can attach to a
tcp socket.
This patch adds a per tcp socket limit based
on /proc/sys/net/core/optmem_max
With current default optmem_max values, this allows about 150 keys on
64bit arches, and 88 keys on 32bit arches.
Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
-rw-r--r-- | net/ipv4/tcp_ipv4.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/net/ipv4/tcp_ipv4.c b/net/ipv4/tcp_ipv4.c index 1d5fd82c5c0..da5d3226771 100644 --- a/net/ipv4/tcp_ipv4.c +++ b/net/ipv4/tcp_ipv4.c @@ -943,11 +943,11 @@ int tcp_md5_do_add(struct sock *sk, const union tcp_md5_addr *addr, tp->md5sig_info = md5sig; } - key = kmalloc(sizeof(*key), gfp); + key = sock_kmalloc(sk, sizeof(*key), gfp); if (!key) return -ENOMEM; if (hlist_empty(&md5sig->head) && !tcp_alloc_md5sig_pool(sk)) { - kfree(key); + sock_kfree_s(sk, key, sizeof(*key)); return -ENOMEM; } @@ -971,6 +971,7 @@ int tcp_md5_do_del(struct sock *sk, const union tcp_md5_addr *addr, int family) if (!key) return -ENOENT; hlist_del_rcu(&key->node); + atomic_sub(sizeof(*key), &sk->sk_omem_alloc); kfree_rcu(key, rcu); if (hlist_empty(&tp->md5sig_info->head)) tcp_free_md5sig_pool(); @@ -988,6 +989,7 @@ void tcp_clear_md5_list(struct sock *sk) tcp_free_md5sig_pool(); hlist_for_each_entry_safe(key, pos, n, &tp->md5sig_info->head, node) { hlist_del_rcu(&key->node); + atomic_sub(sizeof(*key), &sk->sk_omem_alloc); kfree_rcu(key, rcu); } } |