Compile tested only, and I know nothing about net/. Needs an ack from
maintainer.
'return genlmsg_cancel()' in taskstats_user_cmd/taskstats_exit_send looks
wrong to me. Unless we pass 'rep_skb' to the netlink layer we own sk_buff,
yes? This means we should always do kfree_skb() on failure.
Signed-off-by: Oleg Nesterov <[email protected]>
--- STATS/kernel/taskstats.c~1_skb 2006-10-29 15:12:51.000000000 +0300
+++ STATS/kernel/taskstats.c 2006-10-29 16:16:05.000000000 +0300
@@ -411,7 +411,7 @@ static int taskstats_user_cmd(struct sk_
return send_reply(rep_skb, info->snd_pid);
nla_put_failure:
- return genlmsg_cancel(rep_skb, reply);
+ genlmsg_cancel(rep_skb, reply);
err:
nlmsg_free(rep_skb);
return rc;
@@ -507,7 +507,6 @@ send:
nla_put_failure:
genlmsg_cancel(rep_skb, reply);
- goto ret;
err_skb:
nlmsg_free(rep_skb);
ret:
* Oleg Nesterov <[email protected]> 2006-10-29 16:24
> Compile tested only, and I know nothing about net/. Needs an ack from
> maintainer.
>
> 'return genlmsg_cancel()' in taskstats_user_cmd/taskstats_exit_send looks
> wrong to me. Unless we pass 'rep_skb' to the netlink layer we own sk_buff,
> yes? This means we should always do kfree_skb() on failure.
That's right.
> Signed-off-by: Oleg Nesterov <[email protected]>
>
> --- STATS/kernel/taskstats.c~1_skb 2006-10-29 15:12:51.000000000 +0300
> +++ STATS/kernel/taskstats.c 2006-10-29 16:16:05.000000000 +0300
> @@ -411,7 +411,7 @@ static int taskstats_user_cmd(struct sk_
> return send_reply(rep_skb, info->snd_pid);
>
> nla_put_failure:
> - return genlmsg_cancel(rep_skb, reply);
> + genlmsg_cancel(rep_skb, reply);
rc = genlmsg_cancel(...) or return value is undefined.
> err:
> nlmsg_free(rep_skb);
> return rc;
> @@ -507,7 +507,6 @@ send:
>
> nla_put_failure:
> genlmsg_cancel(rep_skb, reply);
> - goto ret;
> err_skb:
> nlmsg_free(rep_skb);
> ret:
>
On 10/29, Thomas Graf wrote:
>
> * Oleg Nesterov <[email protected]> 2006-10-29 16:24
> > nla_put_failure:
> > - return genlmsg_cancel(rep_skb, reply);
> > + genlmsg_cancel(rep_skb, reply);
>
> rc = genlmsg_cancel(...) or return value is undefined.
Thanks!
[PATCH] taskstats: fix sk_buff leak
Compile tested.
'return genlmsg_cancel()' in taskstats_user_cmd/taskstats_exit_send looks
wrong to me. Unless we pass 'rep_skb' to the netlink layer we own sk_buff.
This means we should always do kfree_skb() on failure.
Signed-off-by: Oleg Nesterov <[email protected]>
--- STATS/kernel/taskstats.c~1_skb 2006-10-29 15:12:51.000000000 +0300
+++ STATS/kernel/taskstats.c 2006-10-29 16:39:10.000000000 +0300
@@ -411,7 +411,7 @@ static int taskstats_user_cmd(struct sk_
return send_reply(rep_skb, info->snd_pid);
nla_put_failure:
- return genlmsg_cancel(rep_skb, reply);
+ rc = genlmsg_cancel(rep_skb, reply);
err:
nlmsg_free(rep_skb);
return rc;
@@ -507,7 +507,6 @@ send:
nla_put_failure:
genlmsg_cancel(rep_skb, reply);
- goto ret;
err_skb:
nlmsg_free(rep_skb);
ret: