diff options
author | Al Viro <viro@zeniv.linux.org.uk> | 2024-07-14 22:04:03 -0400 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2024-11-03 01:28:06 -0500 |
commit | 1aaf6a7e7520ea4d2d24406fb695195f554d1572 (patch) | |
tree | a1f96e78edcbdf315d3ab8cada1173b8a09d877d | |
parent | f302edb9d822804e72df3fa6ba270234050c678b (diff) | |
download | lwn-1aaf6a7e7520ea4d2d24406fb695195f554d1572.tar.gz lwn-1aaf6a7e7520ea4d2d24406fb695195f554d1572.zip |
do_mq_notify(): saner skb freeing on failures
cleanup is convoluted enough as it is; it's easier to have early
failure outs do explicit kfree_skb(nc), rather than going to
contortions needed to reuse the cleanup from late failures.
Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
-rw-r--r-- | ipc/mqueue.c | 16 |
1 files changed, 5 insertions, 11 deletions
diff --git a/ipc/mqueue.c b/ipc/mqueue.c index fd05e3d4f7b6..48640a362637 100644 --- a/ipc/mqueue.c +++ b/ipc/mqueue.c @@ -1347,8 +1347,8 @@ static int do_mq_notify(mqd_t mqdes, const struct sigevent *notification) if (copy_from_user(nc->data, notification->sigev_value.sival_ptr, NOTIFY_COOKIE_LEN)) { - ret = -EFAULT; - goto free_skb; + kfree_skb(nc); + return -EFAULT; } /* TODO: add a header? */ @@ -1357,16 +1357,14 @@ static int do_mq_notify(mqd_t mqdes, const struct sigevent *notification) retry: sock = netlink_getsockbyfd(notification->sigev_signo); if (IS_ERR(sock)) { - ret = PTR_ERR(sock); - goto free_skb; + kfree_skb(nc); + return PTR_ERR(sock); } timeo = MAX_SCHEDULE_TIMEOUT; ret = netlink_attachskb(sock, nc, &timeo, NULL); - if (ret == 1) { - sock = NULL; + if (ret == 1) goto retry; - } if (ret) return ret; } @@ -1425,10 +1423,6 @@ out_fput: out: if (sock) netlink_detachskb(sock, nc); - else -free_skb: - dev_kfree_skb(nc); - return ret; } |