From: Oleg Nesterov <oleg@tv-sign.ru>

prepare_reply() adds GENL_HDRLEN to the payload (genlmsg_total_size()), but
then it does genlmsg_put()->nlmsg_put().  This means we forget to reserve a
room for 'struct nlmsghdr', no?

Signed-off-by: Oleg Nesterov <oleg@tv-sign.ru>
Signed-off-by: Andrew Morton <akpm@osdl.org>
---

 kernel/taskstats.c |    3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff -puN kernel/taskstats.c~taskstats-fix-sk_buff-size-calculation kernel/taskstats.c
--- a/kernel/taskstats.c~taskstats-fix-sk_buff-size-calculation
+++ a/kernel/taskstats.c
@@ -77,7 +77,8 @@ static int prepare_reply(struct genl_inf
 	/*
 	 * If new attributes are added, please revisit this allocation
 	 */
-	skb = nlmsg_new(genlmsg_total_size(size), GFP_KERNEL);
+	size = nlmsg_total_size(genlmsg_total_size(size));
+	skb = nlmsg_new(size, GFP_KERNEL);
 	if (!skb)
 		return -ENOMEM;
 
_