netlink: Avoid netlink mmap alloc if msg size exceeds frame size

[karo-tx-linux.git] / net / netlink / af_netlink.c

diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index bca50b95c182300cbd89f8cfc21b17e9d6e31fe2..64334893c61cc2d0530afa2f28bff044102b183a 100644 (file)
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -1769,6 +1769,9 @@ struct sk_buff *netlink_alloc_skb(struct sock *ssk, unsigned int size,
        if (ring->pg_vec == NULL)
                goto out_put;
 
+       if (ring->frame_size - NL_MMAP_HDRLEN < size)
+               goto out_put;
+
        skb = alloc_skb_head(gfp_mask);
        if (skb == NULL)
                goto err1;
@@ -1778,6 +1781,7 @@ struct sk_buff *netlink_alloc_skb(struct sock *ssk, unsigned int size,
        if (ring->pg_vec == NULL)
                goto out_free;
 
+       /* check again under lock */
        maxlen = ring->frame_size - NL_MMAP_HDRLEN;
        if (maxlen < size)
                goto out_free;