On Fri, 2017-01-06 at 11:40 -0800, Eric Dumazet wrote:
> On Fri, 2017-01-06 at 18:39 +0100, Jesper Dangaard Brouer wrote:
>
>
> > @@ -648,13 +668,17 @@ void icmp_send(struct sk_buff *skb_in, int type, int
> > code, __be32 info)
> > }
> > }
> >
> > - icmp_param = kmalloc(sizeof(*icmp_param), GFP_ATOMIC);
> > - if (!icmp_param)
> > - return;
> > -
> > sk = icmp_xmit_lock(net);
> > if (!sk)
> > - goto out_free;
> > + goto out;
> > +
> > + /* Check global sysctl_icmp_msgs_per_sec ratelimit */
> > + if (!icmpv4_global_allow(net, type, code))
> > + goto out_unlock;
> > +
> > + icmp_param = kmalloc(sizeof(*icmp_param), GFP_ATOMIC);
> > + if (!icmp_param)
> > + goto out_unlock;
>
You could call icmp_xmit_lock() _after_ checking global limit perhaps.
That would remove one atomic op.
if (!icmpv4_global_allow(net, type, code))
goto out;
sk = icmp_xmit_lock(net);
if (!sk)
goto out;
