Commit ce21ac1f authored by Xin Long's avatar Xin Long Committed by Kleber Sacilotto de Souza

sctp: implement memory accounting on tx path

Now when sending packets, sk_mem_charge() and sk_mem_uncharge() have been
used to set sk_forward_alloc. We just need to call sk_wmem_schedule() to
check if the allocated should be raised, and call sk_mem_reclaim() to
check if the allocated should be reduced when it's under memory pressure.

If sk_wmem_schedule() returns false, which means no memory is allowed to
allocate, it will block and wait for memory to become available.

Note different from tcp, sctp wait_for_buf happens before allocating any
skb, so memory accounting check is done with the whole msg_len before it
too.
Reported-by: default avatarMatteo Croce <mcroce@redhat.com>
Tested-by: default avatarMatteo Croce <mcroce@redhat.com>
Acked-by: default avatarNeil Horman <nhorman@tuxdriver.com>
Acked-by: default avatarMarcelo Ricardo Leitner <marcelo.leitner@gmail.com>
Signed-off-by: default avatarXin Long <lucien.xin@gmail.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>

CVE-2019-3874

(backported from commit 1033990a linux-next)
[tyhicks: Backport to 4.4:
 - sctp_sendmsg_to_asoc() does not yet exist and its code is still in
   sctp_sendmsg()
 - sctp_sendmsg() has slight context differences due to timeo being
   unconditionally assigned
 - sctp_sendmsg() doesn't call sctp_prsctp_prune() due to missing commit
   8dbdf1f5 ("sctp: implement prsctp PRIO policy")]
Signed-off-by: default avatarTyler Hicks <tyhicks@canonical.com>
Acked-by: default avatarStefan Bader <stefan.bader@canonical.com>
Acked-by: default avatarKleber Sacilotto de Souza <kleber.souza@canonical.com>
Signed-off-by: default avatarKleber Sacilotto de Souza <kleber.souza@canonical.com>
parent 642dd4d3
...@@ -1937,7 +1937,10 @@ static int sctp_sendmsg(struct sock *sk, struct msghdr *msg, size_t msg_len) ...@@ -1937,7 +1937,10 @@ static int sctp_sendmsg(struct sock *sk, struct msghdr *msg, size_t msg_len)
} }
timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT); timeo = sock_sndtimeo(sk, msg->msg_flags & MSG_DONTWAIT);
if (sctp_wspace(asoc) <= 0) { if (sk_under_memory_pressure(sk))
sk_mem_reclaim(sk);
if (sctp_wspace(asoc) <= 0 || !sk_wmem_schedule(sk, msg_len)) {
/* sk can be changed by peel off when waiting for buf. */ /* sk can be changed by peel off when waiting for buf. */
err = sctp_wait_for_sndbuf(asoc, &timeo, msg_len); err = sctp_wait_for_sndbuf(asoc, &timeo, msg_len);
if (err) { if (err) {
...@@ -6990,7 +6993,10 @@ static int sctp_wait_for_sndbuf(struct sctp_association *asoc, long *timeo_p, ...@@ -6990,7 +6993,10 @@ static int sctp_wait_for_sndbuf(struct sctp_association *asoc, long *timeo_p,
goto do_error; goto do_error;
if (signal_pending(current)) if (signal_pending(current))
goto do_interrupted; goto do_interrupted;
if ((int)msg_len <= sctp_wspace(asoc)) if (sk_under_memory_pressure(sk))
sk_mem_reclaim(sk);
if ((int)msg_len <= sctp_wspace(asoc) &&
sk_wmem_schedule(sk, msg_len))
break; break;
/* Let another process have a go. Since we are going /* Let another process have a go. Since we are going
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment