Message ID | fcddc06204f166d2ef0d75360b89f6f629a3b0c4.1622737854.git.paskripkin@gmail.com |
---|---|
State | Accepted |
Commit | b53558a950a89824938e9811eddfc8efcd94e1bb |
Headers | show |
Series | None | expand |
On Thu, 3 Jun 2021 19:39:11 +0300 Pavel Skripkin <paskripkin@gmail.com> wrote: > In case of caif_enroll_dev() fail, allocated > link_support won't be assigned to the corresponding > structure. So simply free allocated pointer in case > of error > > Fixes: 7c18d2205ea7 ("caif: Restructure how link caif link layer > enroll") Cc: stable@vger.kernel.org > Reported-and-tested-by: > syzbot+7ec324747ce876a29db6@syzkaller.appspotmail.com Signed-off-by: > Pavel Skripkin <paskripkin@gmail.com> --- > net/caif/caif_dev.c | 5 ++++- > 1 file changed, 4 insertions(+), 1 deletion(-) > > diff --git a/net/caif/caif_dev.c b/net/caif/caif_dev.c > index fffbe41440b3..440139706130 100644 > --- a/net/caif/caif_dev.c > +++ b/net/caif/caif_dev.c > @@ -370,6 +370,7 @@ static int caif_device_notify(struct > notifier_block *me, unsigned long what, struct cflayer *layer, > *link_support; int head_room = 0; > struct caif_device_entry_list *caifdevs; > + int res; > > cfg = get_cfcnfg(dev_net(dev)); > caifdevs = caif_device_list(dev_net(dev)); > @@ -395,8 +396,10 @@ static int caif_device_notify(struct > notifier_block *me, unsigned long what, break; > } > } > - caif_enroll_dev(dev, caifdev, link_support, > head_room, > + res = caif_enroll_dev(dev, caifdev, link_support, > head_room, &layer, NULL); > + if (res) > + cfserl_release(link_support); > caifdev->flowctrl = dev_flowctrl; > break; > One thing Im wondering about is should I return this error from caif_device_notify()? I look forward to hearing your perspective on this question and patch series :) With regards, Pavel Skripkin
diff --git a/net/caif/caif_dev.c b/net/caif/caif_dev.c index fffbe41440b3..440139706130 100644 --- a/net/caif/caif_dev.c +++ b/net/caif/caif_dev.c @@ -370,6 +370,7 @@ static int caif_device_notify(struct notifier_block *me, unsigned long what, struct cflayer *layer, *link_support; int head_room = 0; struct caif_device_entry_list *caifdevs; + int res; cfg = get_cfcnfg(dev_net(dev)); caifdevs = caif_device_list(dev_net(dev)); @@ -395,8 +396,10 @@ static int caif_device_notify(struct notifier_block *me, unsigned long what, break; } } - caif_enroll_dev(dev, caifdev, link_support, head_room, + res = caif_enroll_dev(dev, caifdev, link_support, head_room, &layer, NULL); + if (res) + cfserl_release(link_support); caifdev->flowctrl = dev_flowctrl; break;
In case of caif_enroll_dev() fail, allocated link_support won't be assigned to the corresponding structure. So simply free allocated pointer in case of error Fixes: 7c18d2205ea7 ("caif: Restructure how link caif link layer enroll") Cc: stable@vger.kernel.org Reported-and-tested-by: syzbot+7ec324747ce876a29db6@syzkaller.appspotmail.com Signed-off-by: Pavel Skripkin <paskripkin@gmail.com> --- net/caif/caif_dev.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-)