rds: avoid calling sock_kfree_s() on allocation failure
authorCong Wang <cwang@twopensource.com>
Tue, 14 Oct 2014 19:35:08 +0000 (12:35 -0700)
committerDavid S. Miller <davem@davemloft.net>
Tue, 14 Oct 2014 21:00:19 +0000 (17:00 -0400)
It is okay to free a NULL pointer but not okay to mischarge the socket optmem
accounting. Compile test only.

Reported-by: rucsoftsec@gmail.com
Cc: Chien Yen <chien.yen@oracle.com>
Cc: Stephen Hemminger <stephen@networkplumber.org>
Signed-off-by: Cong Wang <cwang@twopensource.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/rds/rdma.c

index 4e37c1cbe8b2faf5928af6be551f3f5551684411..40084d843e9fe33bc1545f1f573a32780880e223 100644 (file)
@@ -564,12 +564,12 @@ int rds_cmsg_rdma_args(struct rds_sock *rs, struct rds_message *rm,
 
        if (rs->rs_bound_addr == 0) {
                ret = -ENOTCONN; /* XXX not a great errno */
-               goto out;
+               goto out_ret;
        }
 
        if (args->nr_local > UIO_MAXIOV) {
                ret = -EMSGSIZE;
-               goto out;
+               goto out_ret;
        }
 
        /* Check whether to allocate the iovec area */
@@ -578,7 +578,7 @@ int rds_cmsg_rdma_args(struct rds_sock *rs, struct rds_message *rm,
                iovs = sock_kmalloc(rds_rs_to_sk(rs), iov_size, GFP_KERNEL);
                if (!iovs) {
                        ret = -ENOMEM;
-                       goto out;
+                       goto out_ret;
                }
        }
 
@@ -696,6 +696,7 @@ out:
        if (iovs != iovstack)
                sock_kfree_s(rds_rs_to_sk(rs), iovs, iov_size);
        kfree(pages);
+out_ret:
        if (ret)
                rds_rdma_free_op(op);
        else