Commit 1819b837 authored by Allan Stephens's avatar Allan Stephens Committed by David S. Miller

[TIPC]: Correct "off by 1" error in socket queue limit enforcement

This patch fixes a bug that allowed TIPC to queue 1 more message
than allowed by the socket receive queue threshold limits.  The
patch also improves the threshold code's logic and naming to help
prevent this sort of error from recurring in the future.
Signed-off-by: default avatarAllan Stephens <allan.stephens@windriver.com>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent 7a8036c2
...@@ -1079,15 +1079,15 @@ static int recv_stream(struct kiocb *iocb, struct socket *sock, ...@@ -1079,15 +1079,15 @@ static int recv_stream(struct kiocb *iocb, struct socket *sock,
} }
/** /**
* queue_overloaded - test if queue overload condition exists * rx_queue_full - determine if receive queue can accept another message
* @msg: message to be added to queue
* @queue_size: current size of queue * @queue_size: current size of queue
* @base: nominal maximum size of queue * @base: nominal maximum size of queue
* @msg: message to be added to queue
* *
* Returns 1 if queue is currently overloaded, 0 otherwise * Returns 1 if queue is unable to accept message, 0 otherwise
*/ */
static int queue_overloaded(u32 queue_size, u32 base, struct tipc_msg *msg) static int rx_queue_full(struct tipc_msg *msg, u32 queue_size, u32 base)
{ {
u32 threshold; u32 threshold;
u32 imp = msg_importance(msg); u32 imp = msg_importance(msg);
...@@ -1104,7 +1104,7 @@ static int queue_overloaded(u32 queue_size, u32 base, struct tipc_msg *msg) ...@@ -1104,7 +1104,7 @@ static int queue_overloaded(u32 queue_size, u32 base, struct tipc_msg *msg)
if (msg_connected(msg)) if (msg_connected(msg))
threshold *= 4; threshold *= 4;
return (queue_size > threshold); return (queue_size >= threshold);
} }
/** /**
...@@ -1189,16 +1189,14 @@ static u32 dispatch(struct tipc_port *tport, struct sk_buff *buf) ...@@ -1189,16 +1189,14 @@ static u32 dispatch(struct tipc_port *tport, struct sk_buff *buf)
/* Reject message if there isn't room to queue it */ /* Reject message if there isn't room to queue it */
if (unlikely((u32)atomic_read(&tipc_queue_size) > recv_q_len = (u32)atomic_read(&tipc_queue_size);
OVERLOAD_LIMIT_BASE)) { if (unlikely(recv_q_len >= OVERLOAD_LIMIT_BASE)) {
if (queue_overloaded(atomic_read(&tipc_queue_size), if (rx_queue_full(msg, recv_q_len, OVERLOAD_LIMIT_BASE))
OVERLOAD_LIMIT_BASE, msg))
return TIPC_ERR_OVERLOAD; return TIPC_ERR_OVERLOAD;
} }
recv_q_len = skb_queue_len(&tsock->sk.sk_receive_queue); recv_q_len = skb_queue_len(&tsock->sk.sk_receive_queue);
if (unlikely(recv_q_len > (OVERLOAD_LIMIT_BASE / 2))) { if (unlikely(recv_q_len >= (OVERLOAD_LIMIT_BASE / 2))) {
if (queue_overloaded(recv_q_len, if (rx_queue_full(msg, recv_q_len, OVERLOAD_LIMIT_BASE / 2))
OVERLOAD_LIMIT_BASE / 2, msg))
return TIPC_ERR_OVERLOAD; return TIPC_ERR_OVERLOAD;
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment