dccp: fix bug in cache allocation
authorGerrit Renker <gerrit@erg.abdn.ac.uk>
Mon, 1 Feb 2010 02:12:19 +0000 (02:12 +0000)
committerDavid S. Miller <davem@davemloft.net>
Thu, 4 Feb 2010 03:00:30 +0000 (19:00 -0800)
This fixes a bug introduced in commit de4ef86cfce60d2250111f34f8a084e769f23b16
("dccp: fix dccp rmmod when kernel configured to use slub", 17 Jan): the
vsnprintf used sizeof(slab_name_fmt), which became truncated to 4 bytes, since
slab_name_fmt is now a 4-byte pointer and no longer a 32-character array.

This lead to error messages such as
 FATAL: Error inserting dccp: No buffer space available

 >> kernel: [ 1456.341501] kmem_cache_create: duplicate cache cci
generated due to the truncation after the 3rd character.

Fixed for the moment by introducing a symbolic constant. Tested to fix the bug.

Signed-off-by: Gerrit Renker <gerrit@erg.abdn.ac.uk>
Acked-by: Neil Horman <nhorman@tuxdriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/dccp/ccid.c
net/dccp/ccid.h

index 57dfb9c8c4f23f0a2ab132843b3b42fb2e2dc203..ff16e9df196972fef0c097c3aa464438a2ad556b 100644 (file)
@@ -83,7 +83,7 @@ static struct kmem_cache *ccid_kmem_cache_create(int obj_size, char *slab_name_f
        va_list args;
 
        va_start(args, fmt);
-       vsnprintf(slab_name_fmt, sizeof(slab_name_fmt), fmt, args);
+       vsnprintf(slab_name_fmt, CCID_SLAB_NAME_LENGTH, fmt, args);
        va_end(args);
 
        slab = kmem_cache_create(slab_name_fmt, sizeof(struct ccid) + obj_size, 0,
index 269958bf7fe91e12edd0686652d097b87b42b245..6df6f8ac963664e2174b55c890ce7f45cbe05128 100644 (file)
@@ -19,7 +19,9 @@
 #include <linux/list.h>
 #include <linux/module.h>
 
-#define CCID_MAX 255
+/* maximum value for a CCID (RFC 4340, 19.5) */
+#define CCID_MAX               255
+#define CCID_SLAB_NAME_LENGTH  32
 
 struct tcp_info;
 
@@ -49,8 +51,8 @@ struct ccid_operations {
        const char              *ccid_name;
        struct kmem_cache       *ccid_hc_rx_slab,
                                *ccid_hc_tx_slab;
-       char                    ccid_hc_rx_slab_name[32];
-       char                    ccid_hc_tx_slab_name[32];
+       char                    ccid_hc_rx_slab_name[CCID_SLAB_NAME_LENGTH];
+       char                    ccid_hc_tx_slab_name[CCID_SLAB_NAME_LENGTH];
        __u32                   ccid_hc_rx_obj_size,
                                ccid_hc_tx_obj_size;
        /* Interface Routines */