sctp: count both sk and asoc sndbuf with skb truesize and sctp_chunk size

Now it's confusing that asoc sndbuf_used is doing memory accounting with
SCTP_DATA_SNDSIZE(chunk) + sizeof(sk_buff) + sizeof(sctp_chunk) while sk
sk_wmem_alloc is doing that with skb->truesize + sizeof(sctp_chunk).

It also causes sctp_prsctp_prune to count with a wrong freed memory when
sndbuf_policy is not set.

To make this right and also keep consistent between asoc sndbuf_used, sk
sk_wmem_alloc and sk_wmem_queued, use skb->truesize + sizeof(sctp_chunk)
for them.

Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/include/net/sctp/constants.h b/include/net/sctp/constants.h
index 86f034b524d46178e4d26e868be3a2bf87acac4a..8dadc74c22e765ad9287fde0084f789b8ca14222 100644 (file)
--- a/include/net/sctp/constants.h
+++ b/include/net/sctp/constants.h
@@ -148,11 +148,6 @@ SCTP_SUBTYPE_CONSTRUCTOR(PRIMITIVE,        enum sctp_event_primitive, primitive)
 #define sctp_chunk_is_data(a) (a->chunk_hdr->type == SCTP_CID_DATA || \
                               a->chunk_hdr->type == SCTP_CID_I_DATA)
 
-/* Calculate the actual data size in a data chunk */
-#define SCTP_DATA_SNDSIZE(c) ((int)((unsigned long)(c->chunk_end) - \
-                                   (unsigned long)(c->chunk_hdr) - \
-                                   sctp_datachk_len(&c->asoc->stream)))
-
 /* Internal error codes */
 enum sctp_ierror {
        SCTP_IERROR_NO_ERROR            = 0,

diff --git a/net/sctp/outqueue.c b/net/sctp/outqueue.c
index 42191ed9902b8dd38ad41b6221bd4210427b193b..9cb854b05342e57a6743ee1fd7e91cab7c09bbd2 100644 (file)
--- a/net/sctp/outqueue.c
+++ b/net/sctp/outqueue.c
@@ -385,9 +385,7 @@ static int sctp_prsctp_prune_sent(struct sctp_association *asoc,
                        asoc->outqueue.outstanding_bytes -= sctp_data_size(chk);
                }
 
-               msg_len -= SCTP_DATA_SNDSIZE(chk) +
-                          sizeof(struct sk_buff) +
-                          sizeof(struct sctp_chunk);
+               msg_len -= chk->skb->truesize + sizeof(struct sctp_chunk);
                if (msg_len <= 0)
                        break;
        }
@@ -421,9 +419,7 @@ static int sctp_prsctp_prune_unsent(struct sctp_association *asoc,
                        streamout->ext->abandoned_unsent[SCTP_PR_INDEX(PRIO)]++;
                }
 
-               msg_len -= SCTP_DATA_SNDSIZE(chk) +
-                          sizeof(struct sk_buff) +
-                          sizeof(struct sctp_chunk);
+               msg_len -= chk->skb->truesize + sizeof(struct sctp_chunk);
                sctp_chunk_free(chk);
                if (msg_len <= 0)
                        break;

diff --git a/net/sctp/socket.c b/net/sctp/socket.c
index f73e9d38d5ba734d7ee3347e4015fd30d355bbfa..c6f29505c34d62ad37533ef58ec6b22bcbe0e68a 100644 (file)
--- a/net/sctp/socket.c
+++ b/net/sctp/socket.c
@@ -166,12 +166,9 @@ static inline void sctp_set_owner_w(struct sctp_chunk *chunk)
        /* Save the chunk pointer in skb for sctp_wfree to use later.  */
        skb_shinfo(chunk->skb)->destructor_arg = chunk;
 
-       asoc->sndbuf_used += SCTP_DATA_SNDSIZE(chunk) +
-                               sizeof(struct sk_buff) +
-                               sizeof(struct sctp_chunk);
-
        refcount_add(sizeof(struct sctp_chunk), &sk->sk_wmem_alloc);
-       sk->sk_wmem_queued += chunk->skb->truesize;
+       asoc->sndbuf_used += chunk->skb->truesize + sizeof(struct sctp_chunk);
+       sk->sk_wmem_queued += chunk->skb->truesize + sizeof(struct sctp_chunk);
        sk_mem_charge(sk, chunk->skb->truesize);
 }
 
@@ -8460,17 +8457,11 @@ static void sctp_wfree(struct sk_buff *skb)
        struct sctp_association *asoc = chunk->asoc;
        struct sock *sk = asoc->base.sk;
 
-       asoc->sndbuf_used -= SCTP_DATA_SNDSIZE(chunk) +
-                               sizeof(struct sk_buff) +
-                               sizeof(struct sctp_chunk);
-
-       WARN_ON(refcount_sub_and_test(sizeof(struct sctp_chunk), &sk->sk_wmem_alloc));
-
-       /*
-        * This undoes what is done via sctp_set_owner_w and sk_mem_charge
-        */
-       sk->sk_wmem_queued   -= skb->truesize;
        sk_mem_uncharge(sk, skb->truesize);
+       sk->sk_wmem_queued -= skb->truesize + sizeof(struct sctp_chunk);
+       asoc->sndbuf_used -= skb->truesize + sizeof(struct sctp_chunk);
+       WARN_ON(refcount_sub_and_test(sizeof(struct sctp_chunk),
+                                     &sk->sk_wmem_alloc));
 
        if (chunk->shkey) {
                struct sctp_shared_key *shkey = chunk->shkey;