diff options
author | David S. Miller <davem@sunset.davemloft.net> | 2006-04-20 11:10:50 +0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2006-04-20 11:10:50 +0400 |
commit | dc6de33674608f978ec29f5c2f7e3af458c06f78 (patch) | |
tree | 1b314717cdb27cf75478c13f85249f85f6997f48 /include | |
parent | b60b49ea6a3e1f8dcaf4148dad0daab61ab766d2 (diff) | |
download | linux-dc6de33674608f978ec29f5c2f7e3af458c06f78.tar.xz |
[NET]: Add skb->truesize assertion checking.
Add some sanity checking. truesize should be at least sizeof(struct
sk_buff) plus the current packet length. If not, then truesize is
seriously mangled and deserves a kernel log message.
Currently we'll do the check for release of stream socket buffers.
But we can add checks to more spots over time.
Incorporating ideas from Herbert Xu.
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'include')
-rw-r--r-- | include/linux/skbuff.h | 7 | ||||
-rw-r--r-- | include/net/sock.h | 1 |
2 files changed, 8 insertions, 0 deletions
diff --git a/include/linux/skbuff.h b/include/linux/skbuff.h index c4619a428d9b..f8f234708b98 100644 --- a/include/linux/skbuff.h +++ b/include/linux/skbuff.h @@ -344,6 +344,13 @@ extern void skb_over_panic(struct sk_buff *skb, int len, void *here); extern void skb_under_panic(struct sk_buff *skb, int len, void *here); +extern void skb_truesize_bug(struct sk_buff *skb); + +static inline void skb_truesize_check(struct sk_buff *skb) +{ + if (unlikely((int)skb->truesize < sizeof(struct sk_buff) + skb->len)) + skb_truesize_bug(skb); +} extern int skb_append_datato_frags(struct sock *sk, struct sk_buff *skb, int getfrag(void *from, char *to, int offset, diff --git a/include/net/sock.h b/include/net/sock.h index af2b0544586e..ff8b0dad7b0f 100644 --- a/include/net/sock.h +++ b/include/net/sock.h @@ -454,6 +454,7 @@ static inline void sk_stream_set_owner_r(struct sk_buff *skb, struct sock *sk) static inline void sk_stream_free_skb(struct sock *sk, struct sk_buff *skb) { + skb_truesize_check(skb); sock_set_flag(sk, SOCK_QUEUE_SHRUNK); sk->sk_wmem_queued -= skb->truesize; sk->sk_forward_alloc += skb->truesize; |