Re: [PATCH] NFC: Read frag at a time when sending packets

Sasha Levin <sasha.levin@xxxxxxxxxx> · Mon, 04 Aug 2014 15:39:33 -0400

Ping?

On 06/19/2014 11:23 PM, Sasha Levin wrote:
> Right now userspace can pass a large chunk of data and the kernel
> will attempt to allocate all of it to copy it in from userspace.
> 
> The problem is that there is no upper limit on the size userspace
> can pass. Right now userspace can even force a machine to run out
> of memory by forcing the kernel to allocate large chunks of memory.
> 
> To avoid imposing a limit, instead of allocating the entire block,
> we can allocate just the size of the biggest frag possible and read
> it from userspace one frag at a time.
> 
> Signed-off-by: Sasha Levin <sasha.levin@xxxxxxxxxx>
> ---
> 
>  ** WARNING: COMPLETELY UNTESTED ** (I don't have the hardware).
> 
>  net/nfc/llcp_commands.c |   18 +++++++++---------
>  1 file changed, 9 insertions(+), 9 deletions(-)
> 
> diff --git a/net/nfc/llcp_commands.c b/net/nfc/llcp_commands.c
> index a3ad69a..da68924 100644
> --- a/net/nfc/llcp_commands.c
> +++ b/net/nfc/llcp_commands.c
> @@ -727,27 +727,27 @@ int nfc_llcp_send_ui_frame(struct nfc_llcp_sock *sock, u8 ssap, u8 dsap,
>  	if (local == NULL)
>  		return -ENODEV;
>  
> -	msg_data = kzalloc(len, GFP_KERNEL);
> +	remote_miu = sock->remote_miu > LLCP_MAX_MIU ?
> +			local->remote_miu : sock->remote_miu;
> +
> +	msg_data = kzalloc(remote_miu, GFP_KERNEL);
>  	if (msg_data == NULL)
>  		return -ENOMEM;
>  
> -	if (memcpy_fromiovec(msg_data, msg->msg_iov, len)) {
> -		kfree(msg_data);
> -		return -EFAULT;
> -	}
> -
>  	remaining_len = len;
>  	msg_ptr = msg_data;
>  
>  	do {
> -		remote_miu = sock->remote_miu > LLCP_MAX_MIU ?
> -				local->remote_miu : sock->remote_miu;
> -
>  		frag_len = min_t(size_t, remote_miu, remaining_len);
>  
>  		pr_debug("Fragment %zd bytes remaining %zd",
>  			 frag_len, remaining_len);
>  
> +		if (memcpy_fromiovec(msg_data, msg->msg_iov, frag_len)) {
> +			kfree(msg_data);
> +			return -EFAULT;
> +		}
> +
>  		pdu = nfc_alloc_send_skb(sock->dev, &sock->sk, MSG_DONTWAIT,
>  					 frag_len + LLCP_HEADER_SIZE, &err);
>  		if (pdu == NULL) {
> 

--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html