Commit f8beafa5 authored by Florian Westphal's avatar Florian Westphal Committed by Kamal Mostafa

connector: bump skb->users before callback invocation

[ Upstream commit 55285bf0 ]

Dmitry reports memleak with syskaller program.
Problem is that connector bumps skb usecount but might not invoke callback.

So move skb_get to where we invoke the callback.
Reported-by: default avatarDmitry Vyukov <dvyukov@google.com>
Signed-off-by: default avatarFlorian Westphal <fw@strlen.de>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
Signed-off-by: default avatarKamal Mostafa <kamal@canonical.com>
parent 7b42666b
...@@ -178,26 +178,21 @@ static int cn_call_callback(struct sk_buff *skb) ...@@ -178,26 +178,21 @@ static int cn_call_callback(struct sk_buff *skb)
* *
* It checks skb, netlink header and msg sizes, and calls callback helper. * It checks skb, netlink header and msg sizes, and calls callback helper.
*/ */
static void cn_rx_skb(struct sk_buff *__skb) static void cn_rx_skb(struct sk_buff *skb)
{ {
struct nlmsghdr *nlh; struct nlmsghdr *nlh;
struct sk_buff *skb;
int len, err; int len, err;
skb = skb_get(__skb);
if (skb->len >= NLMSG_HDRLEN) { if (skb->len >= NLMSG_HDRLEN) {
nlh = nlmsg_hdr(skb); nlh = nlmsg_hdr(skb);
len = nlmsg_len(nlh); len = nlmsg_len(nlh);
if (len < (int)sizeof(struct cn_msg) || if (len < (int)sizeof(struct cn_msg) ||
skb->len < nlh->nlmsg_len || skb->len < nlh->nlmsg_len ||
len > CONNECTOR_MAX_MSG_SIZE) { len > CONNECTOR_MAX_MSG_SIZE)
kfree_skb(skb);
return; return;
}
err = cn_call_callback(skb); err = cn_call_callback(skb_get(skb));
if (err < 0) if (err < 0)
kfree_skb(skb); kfree_skb(skb);
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment