projects / platform / kernel / linux-starfive.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: edbd82c)
netfilter: nf_flow_table: fix missing error check for rhashtable_insert_fast
authorTaehee Yoo <ap420073@gmail.com>
Thu, 2 May 2019 16:56:38 +0000 (01:56 +0900)
committerPablo Neira Ayuso <pablo@netfilter.org>
Sun, 5 May 2019 22:36:30 +0000 (00:36 +0200)
rhashtable_insert_fast() may return an error value when memory
allocation fails, but flow_offload_add() does not check for errors.
This patch just adds missing error checking.

Fixes: ac2a66665e23 ("netfilter: add generic flow table infrastructure")
Signed-off-by: Taehee Yoo <ap420073@gmail.com>
Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
net/netfilter/nf_flow_table_core.c patch | blob | history

diff --git a/net/netfilter/nf_flow_table_core.c b/net/netfilter/nf_flow_table_core.c
index 7aabfd4..a9e4f74 100644 (file)
--- a/net/netfilter/nf_flow_table_core.c
+++ b/net/netfilter/nf_flow_table_core.c
@@ -185,14 +185,25 @@ static const struct rhashtable_params nf_flow_offload_rhash_params = {
 
 int flow_offload_add(struct nf_flowtable *flow_table, struct flow_offload *flow)
 {
-       flow->timeout = (u32)jiffies;
+       int err;
 
-       rhashtable_insert_fast(&flow_table->rhashtable,
-                              &flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].node,
-                              nf_flow_offload_rhash_params);
-       rhashtable_insert_fast(&flow_table->rhashtable,
-                              &flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].node,
-                              nf_flow_offload_rhash_params);
+       err = rhashtable_insert_fast(&flow_table->rhashtable,
+                                    &flow->tuplehash[0].node,
+                                    nf_flow_offload_rhash_params);
+       if (err < 0)
+               return err;
+
+       err = rhashtable_insert_fast(&flow_table->rhashtable,
+                                    &flow->tuplehash[1].node,
+                                    nf_flow_offload_rhash_params);
+       if (err < 0) {
+               rhashtable_remove_fast(&flow_table->rhashtable,
+                                      &flow->tuplehash[0].node,
+                                      nf_flow_offload_rhash_params);
+               return err;
+       }
+
+       flow->timeout = (u32)jiffies;
        return 0;
 }
 EXPORT_SYMBOL_GPL(flow_offload_add);
Domain: System / Kernel;