We must free allocated skb when genlmsg_put() return fails.
Fixes: 1555d204e743 ("devlink: Support for pipeline debug (dpipe)")
Signed-off-by: Haishuang Yan <[email protected]>
---
net/core/devlink.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/net/core/devlink.c b/net/core/devlink.c
index b0b87a2..70b69c6 100644
--- a/net/core/devlink.c
+++ b/net/core/devlink.c
@@ -1680,8 +1680,10 @@ static int devlink_dpipe_tables_fill(struct genl_info *info,
hdr = genlmsg_put(skb, info->snd_portid, info->snd_seq,
&devlink_nl_family, NLM_F_MULTI, cmd);
- if (!hdr)
+ if (!hdr) {
+ nlmsg_free(skb);
return -EMSGSIZE;
+ }
if (devlink_nl_put_handle(skb, devlink))
goto nla_put_failure;
--
1.8.3.1
On 06/04/2017 03:49 PM, Haishuang Yan wrote:
> We must free allocated skb when genlmsg_put() return fails.
>
> Fixes: 1555d204e743 ("devlink: Support for pipeline debug (dpipe)")
> Signed-off-by: Haishuang Yan <[email protected]>
> ---
> net/core/devlink.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/net/core/devlink.c b/net/core/devlink.c
> index b0b87a2..70b69c6 100644
> --- a/net/core/devlink.c
> +++ b/net/core/devlink.c
> @@ -1680,8 +1680,10 @@ static int devlink_dpipe_tables_fill(struct genl_info *info,
>
> hdr = genlmsg_put(skb, info->snd_portid, info->snd_seq,
> &devlink_nl_family, NLM_F_MULTI, cmd);
> - if (!hdr)
> + if (!hdr) {
> + nlmsg_free(skb);
> return -EMSGSIZE;
> + }
>
> if (devlink_nl_put_handle(skb, devlink))
> goto nla_put_failure;
>
Thanks! I think it a bit better to set the err and goto
down the error path below (only nlmsg_free()). Headrs_fill()
also suffers from this problem.