Skip to content

L
linux
Commit 5f3d9cb2 authored by Eric Dumazet's avatar Eric Dumazet Committed by David S. Miller
Browse files
Options

tcp: md5: use sock_kmalloc() to limit md5 keys 

There is no limit on number of MD5 keys an application can attach to a
tcp socket.

This patch adds a per tcp socket limit based
on /proc/sys/net/core/optmem_max

With current default optmem_max values, this allows about 150 keys on
64bit arches, and 88 keys on 32bit arches.
Signed-off-by: default avatarEric Dumazet <eric.dumazet@gmail.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent a915da9b
Hide whitespace changes
Inline Side-by-side
Showing with 4 additions and 2 deletions
net/ipv4/tcp_ipv4.c
View file @ 5f3d9cb2
......@@ -943,11 +943,11 @@ int tcp_md5_do_add(struct sock *sk, const union tcp_md5_addr *addr,
tp->md5sig_info = md5sig;
}
key = kmalloc(sizeof(*key), gfp);
key = sock_kmalloc(sk, sizeof(*key), gfp);
if (!key)
return -ENOMEM;
if (hlist_empty(&md5sig->head) && !tcp_alloc_md5sig_pool(sk)) {
kfree(key);
sock_kfree_s(sk, key, sizeof(*key));
return -ENOMEM;
}
......@@ -971,6 +971,7 @@ int tcp_md5_do_del(struct sock *sk, const union tcp_md5_addr *addr, int family)
if (!key)
return -ENOENT;
hlist_del_rcu(&key->node);
atomic_sub(sizeof(*key), &sk->sk_omem_alloc);
kfree_rcu(key, rcu);
if (hlist_empty(&tp->md5sig_info->head))
tcp_free_md5sig_pool();
......@@ -988,6 +989,7 @@ void tcp_clear_md5_list(struct sock *sk)
tcp_free_md5sig_pool();
hlist_for_each_entry_safe(key, pos, n, &tp->md5sig_info->head, node) {
hlist_del_rcu(&key->node);
atomic_sub(sizeof(*key), &sk->sk_omem_alloc);
kfree_rcu(key, rcu);
}
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment
GitLab Nexedi Edition | About GitLab | About Nexedi | 沪ICP备2021021310号-2 | 沪ICP备2021021310号-7