From: Cong Wang <xiyou.wangcong@gmail.com>
Date: Tue, 11 Sep 2018 22:12:17 +0000 (-0700)
Subject: tipc: check return value of __tipc_dump_start()
X-Git-Tag: v4.19~206^2~1
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=12a78b026f870c575d3a98998b25084aac5b3c61;p=platform%2Fkernel%2Flinux-rpi3.git

tipc: check return value of __tipc_dump_start()

When __tipc_dump_start() fails with running out of memory,
we have no reason to continue, especially we should avoid
calling tipc_dump_done().

Fixes: 8f5c5fcf3533 ("tipc: call start and done ops directly in __tipc_nl_compat_dumpit()")
Reported-and-tested-by: syzbot+3f8324abccfbf8c74a9f@syzkaller.appspotmail.com
Cc: Jon Maloy <jon.maloy@ericsson.com>
Cc: Ying Xue <ying.xue@windriver.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Acked-by: Ying Xue <ying.xue@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---

diff --git a/net/tipc/netlink_compat.c b/net/tipc/netlink_compat.c
index 82f6657..6376467 100644
--- a/net/tipc/netlink_compat.c
+++ b/net/tipc/netlink_compat.c
@@ -185,7 +185,10 @@ static int __tipc_nl_compat_dumpit(struct tipc_nl_compat_cmd_dump *cmd,
 		return -ENOMEM;
 
 	buf->sk = msg->dst_sk;
-	__tipc_dump_start(&cb, msg->net);
+	if (__tipc_dump_start(&cb, msg->net)) {
+		kfree_skb(buf);
+		return -ENOMEM;
+	}
 
 	do {
 		int rem;