From: Herbert Xu Date: Tue, 22 Apr 2014 09:15:34 +0000 (+0800) Subject: macvlan: Fix leak and NULL dereference on error path X-Git-Tag: submit/tizen/20160607.132125~4450^2~335 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=e676f197a7a9aae9c75b0d9acc97e07de07dd1f0;p=sdk%2Femulator%2Femulator-kernel.git macvlan: Fix leak and NULL dereference on error path The recent patch that moved broadcasts to process context added a couple of bugs on the error path where we may dereference NULL or leak an skb. This patch fixes them. Reported-by: Dan Carpenter Signed-off-by: Herbert Xu Signed-off-by: David S. Miller --- diff --git a/drivers/net/macvlan.c b/drivers/net/macvlan.c index 8b8220fcdd3d..cfb27c865417 100644 --- a/drivers/net/macvlan.c +++ b/drivers/net/macvlan.c @@ -239,25 +239,28 @@ static void macvlan_process_broadcast(struct work_struct *w) static void macvlan_broadcast_enqueue(struct macvlan_port *port, struct sk_buff *skb) { + struct sk_buff *nskb; int err = -ENOMEM; - skb = skb_clone(skb, GFP_ATOMIC); - if (!skb) + nskb = skb_clone(skb, GFP_ATOMIC); + if (!nskb) goto err; spin_lock(&port->bc_queue.lock); if (skb_queue_len(&port->bc_queue) < skb->dev->tx_queue_len) { - __skb_queue_tail(&port->bc_queue, skb); + __skb_queue_tail(&port->bc_queue, nskb); err = 0; } spin_unlock(&port->bc_queue.lock); if (err) - goto err; + goto free_nskb; schedule_work(&port->bc_work); return; +free_nskb: + kfree_skb(nskb); err: atomic_long_inc(&skb->dev->rx_dropped); }