[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1371028618.3252.57.camel@edumazet-glaptop>
Date: Wed, 12 Jun 2013 02:16:58 -0700
From: Eric Dumazet <eric.dumazet@...il.com>
To: Dave Wiltshire <david.wiltshire@....com>
Cc: davem@...emloft.net, netdev@...r.kernel.org,
linux-kernel@...r.kernel.org, nsujir@...adcom.com,
mchan@...adcom.com, rmody@...cade.com, jcliburn@...il.com,
chris.snook@...il.com, jeffrey.t.kirsher@...el.com,
bruce.w.allan@...el.com, alexander.h.duyck@...el.com,
cooldavid@...ldavid.org, linux-driver@...gic.com,
linux-wimax@...el.com, wimax@...uxwimax.org,
linux-wireless@...r.kernel.org, viro@...iv.linux.org.uk,
eparis@...hat.com, edumazet@...gle.com, dev@...nvswitch.org,
jhs@...atatu.com
Subject: Re: [PATCH 1/3] skbuff: Update truesize in pskb_expand_head
On Wed, 2013-06-12 at 19:05 +1000, Dave Wiltshire wrote:
> Some call sites to pskb_expand_head subsequently update the skb truesize
> and others don't (even with non-zero arguments). This is likely a memory
> audit leak. Fixed this up by moving the memory accounting to the
> skbuff.c file and removing it from the calling sites.
>
> Signed-off-by: Dave Wiltshire <david.wiltshire@....com>
> ---
> drivers/net/wireless/mwl8k.c | 1 -
> kernel/audit.c | 2 --
> net/core/skbuff.c | 1 +
> net/netlink/af_netlink.c | 3 +--
> net/wireless/util.c | 2 --
> 5 files changed, 2 insertions(+), 7 deletions(-)
Ouch.
Sorry, you cannot do that.
skb->truesize is really complex, because there is a strong relation
between skb->truesize and memory accounting on sockets.
So pskb_expand_head() should not touch skb->truesize.
Only callers can do that when needed, and if possible.
An example of very careful truesize manipulation can be found in
tcp_tso_segment()
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Powered by blists - more mailing lists