[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1285351237.2478.7.camel@edumazet-laptop>
Date: Fri, 24 Sep 2010 20:00:37 +0200
From: Eric Dumazet <eric.dumazet@...il.com>
To: Alban Crequy <alban.crequy@...labora.co.uk>
Cc: "David S. Miller" <davem@...emloft.net>,
Stephen Hemminger <shemminger@...tta.com>,
Cyrill Gorcunov <gorcunov@...nvz.org>,
Alexey Dobriyan <adobriyan@...il.com>,
Lennart Poettering <lennart@...ttering.net>,
Kay Sievers <kay.sievers@...y.org>,
Ian Molton <ian.molton@...labora.co.uk>,
netdev@...r.kernel.org, linux-kernel@...r.kernel.org,
dbus@...edesktop.org
Subject: Re: [PATCH 4/5] AF_UNIX: find peers on multicast Unix stream
sockets
Le vendredi 24 septembre 2010 à 18:25 +0100, Alban Crequy a écrit :
> @@ -1612,7 +1671,12 @@ static int unix_stream_sendmsg(struct kiocb *kiocb, struct socket *sock,
> } else {
> sunaddr = NULL;
> err = -ENOTCONN;
> - other = NULL; /* FIXME: get the list of other connection */
> + max_others = atomic_read(&unix_nr_multicast_socks);
> + others = kzalloc((max_others + 1) * sizeof(void *), GFP_KERNEL);
> + unix_find_other(sock_net(sk), u->addr->name,
> + u->addr->len, 0, u->addr->hash, 1, others, max_others, &err);
> + other = others[0];
> + kfree(others);
> if (!other)
> goto out_err;
> }
Seriously, this block sizing against unix_nr_multicast_socks is not
scalable. What happens if we have 1000 sockets ?
kzalloc() to clear 8000 bytes ?
Its also unsafe.
(say you kzalloc() a buffer for 2 sockets, and another cpu inserts a new
socket. unix_find_socket_byname() can overflow the buffer)
You should use a list, and allocates elements in
unix_find_socket_byname()
struct item {
struct item *next;
struct sock *s;
};
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists