ptr_ring: use kmalloc_array()

As found by syzkaller, malicious users can set whatever tx_queue_len on a tun device and eventually crash the kernel. Lets remove the ALIGN(XXX, SMP_CACHE_BYTES) thing since a small ring buffer is not fast anyway. Fixes: 2e0ab8ca83c1 ("ptr_ring: array based FIFO for pointers") Signed-off-by: Eric Dumazet <edumazet@google.com> Reported-by: Dmitry Vyukov <dvyukov@google.com> Cc: Michael S. Tsirkin <mst@redhat.com> Cc: Jason Wang <jasowang@redhat.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: Eric Dumazet <edumazet@google.com> 2017-08-16 10:36:47 -0700
committer: David S. Miller <davem@davemloft.net> 2017-08-16 16:28:47 -0700
commit: 81fbfe8adaf38d4f5a98c19bebfd41c5d6acaee8 (patch)
tree: d6b6fc17c19f0df3e916e55726dee279c055deb6 /include/linux/skb_array.h
parent: 120e9dabaf551c6dc03d3a10a1f026376cb1811c (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/include/linux/skb_array.h b/include/linux/skb_array.h
index 35226cd4efb0..8621ffdeecbf 100644
--- a/include/linux/skb_array.h
+++ b/include/linux/skb_array.h
@@ -193,7 +193,8 @@ static inline int skb_array_resize(struct skb_array *a, int size, gfp_t gfp)
 }
 
 static inline int skb_array_resize_multiple(struct skb_array **rings,
-					    int nrings, int size, gfp_t gfp)
+					    int nrings, unsigned int size,
+					    gfp_t gfp)
 {
 	BUILD_BUG_ON(offsetof(struct skb_array, ring));
 	return ptr_ring_resize_multiple((struct ptr_ring **)rings,
author	Eric Dumazet <edumazet@google.com>	2017-08-16 10:36:47 -0700
committer	David S. Miller <davem@davemloft.net>	2017-08-16 16:28:47 -0700
commit	81fbfe8adaf38d4f5a98c19bebfd41c5d6acaee8 (patch)
tree	d6b6fc17c19f0df3e916e55726dee279c055deb6 /include/linux/skb_array.h
parent	120e9dabaf551c6dc03d3a10a1f026376cb1811c (diff)