[PKT_SCHED]: Fix memory leak when dumping in pedit action
[linux-2.6] / net / sched / pedit.c
1 /*
2  * net/sched/pedit.c    Generic packet editor
3  *
4  *              This program is free software; you can redistribute it and/or
5  *              modify it under the terms of the GNU General Public License
6  *              as published by the Free Software Foundation; either version
7  *              2 of the License, or (at your option) any later version.
8  *
9  * Authors:     Jamal Hadi Salim (2002-4)
10  */
11
12 #include <asm/uaccess.h>
13 #include <asm/system.h>
14 #include <asm/bitops.h>
15 #include <linux/config.h>
16 #include <linux/types.h>
17 #include <linux/kernel.h>
18 #include <linux/sched.h>
19 #include <linux/string.h>
20 #include <linux/mm.h>
21 #include <linux/socket.h>
22 #include <linux/sockios.h>
23 #include <linux/in.h>
24 #include <linux/errno.h>
25 #include <linux/interrupt.h>
26 #include <linux/netdevice.h>
27 #include <linux/skbuff.h>
28 #include <linux/rtnetlink.h>
29 #include <linux/module.h>
30 #include <linux/init.h>
31 #include <linux/proc_fs.h>
32 #include <net/sock.h>
33 #include <net/pkt_sched.h>
34 #include <linux/tc_act/tc_pedit.h>
35 #include <net/tc_act/tc_pedit.h>
36
37
38 #define PEDIT_DEB 1
39
40 /* use generic hash table */
41 #define MY_TAB_SIZE     16
42 #define MY_TAB_MASK     15
43 static u32 idx_gen;
44 static struct tcf_pedit *tcf_pedit_ht[MY_TAB_SIZE];
45 static DEFINE_RWLOCK(pedit_lock);
46
47 #define tcf_st          tcf_pedit
48 #define tc_st           tc_pedit
49 #define tcf_t_lock      pedit_lock
50 #define tcf_ht          tcf_pedit_ht
51
52 #define CONFIG_NET_ACT_INIT 1
53 #include <net/pkt_act.h>
54
55 static int
56 tcf_pedit_init(struct rtattr *rta, struct rtattr *est, struct tc_action *a,
57                int ovr, int bind)
58 {
59         struct rtattr *tb[TCA_PEDIT_MAX];
60         struct tc_pedit *parm;
61         int ret = 0;
62         struct tcf_pedit *p;
63         struct tc_pedit_key *keys = NULL;
64         int ksize;
65
66         if (rta == NULL || rtattr_parse_nested(tb, TCA_PEDIT_MAX, rta) < 0)
67                 return -EINVAL;
68
69         if (tb[TCA_PEDIT_PARMS - 1] == NULL ||
70             RTA_PAYLOAD(tb[TCA_PEDIT_PARMS-1]) < sizeof(*parm))
71                 return -EINVAL;
72         parm = RTA_DATA(tb[TCA_PEDIT_PARMS-1]);
73         ksize = parm->nkeys * sizeof(struct tc_pedit_key);
74         if (RTA_PAYLOAD(tb[TCA_PEDIT_PARMS-1]) < sizeof(*parm) + ksize)
75                 return -EINVAL;
76
77         p = tcf_hash_check(parm->index, a, ovr, bind);
78         if (p == NULL) {
79                 if (!parm->nkeys)
80                         return -EINVAL;
81                 p = tcf_hash_create(parm->index, est, a, sizeof(*p), ovr, bind);
82                 if (p == NULL)
83                         return -ENOMEM;
84                 keys = kmalloc(ksize, GFP_KERNEL);
85                 if (keys == NULL) {
86                         kfree(p);
87                         return -ENOMEM;
88                 }
89                 ret = ACT_P_CREATED;
90         } else {
91                 if (!ovr) {
92                         tcf_hash_release(p, bind);
93                         return -EEXIST;
94                 }
95                 if (p->nkeys && p->nkeys != parm->nkeys) {
96                         keys = kmalloc(ksize, GFP_KERNEL);
97                         if (keys == NULL)
98                                 return -ENOMEM;
99                 }
100         }
101
102         spin_lock_bh(&p->lock);
103         p->flags = parm->flags;
104         p->action = parm->action;
105         if (keys) {
106                 kfree(p->keys);
107                 p->keys = keys;
108                 p->nkeys = parm->nkeys;
109         }
110         memcpy(p->keys, parm->keys, ksize);
111         spin_unlock_bh(&p->lock);
112         if (ret == ACT_P_CREATED)
113                 tcf_hash_insert(p);
114         return ret;
115 }
116
117 static int
118 tcf_pedit_cleanup(struct tc_action *a, int bind)
119 {
120         struct tcf_pedit *p = PRIV(a, pedit);
121
122         if (p != NULL) {
123                 struct tc_pedit_key *keys = p->keys;
124                 if (tcf_hash_release(p, bind)) {
125                         kfree(keys);
126                         return 1;
127                 }
128         }
129         return 0;
130 }
131
132 static int
133 tcf_pedit(struct sk_buff *skb, struct tc_action *a, struct tcf_result *res)
134 {
135         struct tcf_pedit *p = PRIV(a, pedit);
136         int i, munged = 0;
137         u8 *pptr;
138
139         if (!(skb->tc_verd & TC_OK2MUNGE)) {
140                 /* should we set skb->cloned? */
141                 if (pskb_expand_head(skb, 0, 0, GFP_ATOMIC)) {
142                         return p->action;
143                 }
144         }
145
146         pptr = skb->nh.raw;
147
148         spin_lock(&p->lock);
149
150         p->tm.lastuse = jiffies;
151
152         if (p->nkeys > 0) {
153                 struct tc_pedit_key *tkey = p->keys;
154
155                 for (i = p->nkeys; i > 0; i--, tkey++) {
156                         u32 *ptr;
157                         int offset = tkey->off;
158
159                         if (tkey->offmask) {
160                                 if (skb->len > tkey->at) {
161                                          char *j = pptr + tkey->at;
162                                          offset += ((*j & tkey->offmask) >> 
163                                                    tkey->shift);
164                                 } else {
165                                         goto bad;
166                                 }
167                         }
168
169                         if (offset % 4) {
170                                 printk("offset must be on 32 bit boundaries\n");
171                                 goto bad;
172                         }
173                         if (skb->len < 0 || (offset > 0 && offset > skb->len)) {
174                                 printk("offset %d cant exceed pkt length %d\n",
175                                        offset, skb->len);
176                                 goto bad;
177                         }
178
179                         ptr = (u32 *)(pptr+offset);
180                         /* just do it, baby */
181                         *ptr = ((*ptr & tkey->mask) ^ tkey->val);
182                         munged++;
183                 }
184                 
185                 if (munged)
186                         skb->tc_verd = SET_TC_MUNGED(skb->tc_verd);
187                 goto done;
188         } else {
189                 printk("pedit BUG: index %d\n",p->index);
190         }
191
192 bad:
193         p->qstats.overlimits++;
194 done:
195         p->bstats.bytes += skb->len;
196         p->bstats.packets++;
197         spin_unlock(&p->lock);
198         return p->action;
199 }
200
201 static int
202 tcf_pedit_dump(struct sk_buff *skb, struct tc_action *a,int bind, int ref)
203 {
204         unsigned char *b = skb->tail;
205         struct tc_pedit *opt;
206         struct tcf_pedit *p = PRIV(a, pedit);
207         struct tcf_t t;
208         int s; 
209                 
210         s = sizeof(*opt) + p->nkeys * sizeof(struct tc_pedit_key);
211
212         /* netlink spinlocks held above us - must use ATOMIC */
213         opt = kmalloc(s, GFP_ATOMIC);
214         if (opt == NULL)
215                 return -ENOBUFS;
216         memset(opt, 0, s);
217
218         memcpy(opt->keys, p->keys, p->nkeys * sizeof(struct tc_pedit_key));
219         opt->index = p->index;
220         opt->nkeys = p->nkeys;
221         opt->flags = p->flags;
222         opt->action = p->action;
223         opt->refcnt = p->refcnt - ref;
224         opt->bindcnt = p->bindcnt - bind;
225
226
227 #ifdef PEDIT_DEB
228         {                
229                 /* Debug - get rid of later */
230                 int i;
231                 struct tc_pedit_key *key = opt->keys;
232
233                 for (i=0; i<opt->nkeys; i++, key++) {
234                         printk( "\n key #%d",i);
235                         printk( "  at %d: val %08x mask %08x",
236                         (unsigned int)key->off,
237                         (unsigned int)key->val,
238                         (unsigned int)key->mask);
239                 }
240         }
241 #endif
242
243         RTA_PUT(skb, TCA_PEDIT_PARMS, s, opt);
244         t.install = jiffies_to_clock_t(jiffies - p->tm.install);
245         t.lastuse = jiffies_to_clock_t(jiffies - p->tm.lastuse);
246         t.expires = jiffies_to_clock_t(p->tm.expires);
247         RTA_PUT(skb, TCA_PEDIT_TM, sizeof(t), &t);
248         kfree(opt);
249         return skb->len;
250
251 rtattr_failure:
252         skb_trim(skb, b - skb->data);
253         kfree(opt);
254         return -1;
255 }
256
257 static
258 struct tc_action_ops act_pedit_ops = {
259         .kind           =       "pedit",
260         .type           =       TCA_ACT_PEDIT,
261         .capab          =       TCA_CAP_NONE,
262         .owner          =       THIS_MODULE,
263         .act            =       tcf_pedit,
264         .dump           =       tcf_pedit_dump,
265         .cleanup        =       tcf_pedit_cleanup,
266         .lookup         =       tcf_hash_search,
267         .init           =       tcf_pedit_init,
268         .walk           =       tcf_generic_walker
269 };
270
271 MODULE_AUTHOR("Jamal Hadi Salim(2002-4)");
272 MODULE_DESCRIPTION("Generic Packet Editor actions");
273 MODULE_LICENSE("GPL");
274
275 static int __init
276 pedit_init_module(void)
277 {
278         return tcf_register_action(&act_pedit_ops);
279 }
280
281 static void __exit
282 pedit_cleanup_module(void)
283 {
284         tcf_unregister_action(&act_pedit_ops);
285 }
286
287 module_init(pedit_init_module);
288 module_exit(pedit_cleanup_module);
289