Message ID | 1269463664.2849.9.camel@edumazet-laptop |
---|---|
State | Not Applicable, archived |
Delegated to: | David Miller |
Headers | show |
Eric Dumazet wrote: > If dl_seq_start() memory allocation fails, we crash later in > dl_seq_stop(), trying to kfree(ERR_PTR(-ENOMEM)) Seems pretty counter intuitive to me that ->stop is invoked after ->start returned an error. Applied, thanks. -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Le jeudi 25 mars 2010 à 11:01 +0100, Patrick McHardy a écrit : > Eric Dumazet wrote: > > If dl_seq_start() memory allocation fails, we crash later in > > dl_seq_stop(), trying to kfree(ERR_PTR(-ENOMEM)) > > Seems pretty counter intuitive to me that ->stop is invoked after > ->start returned an error. Yes, I feel your pain :) At least ->next is not invoked :) -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
diff --git a/net/netfilter/xt_hashlimit.c b/net/netfilter/xt_hashlimit.c index 9e9c489..70d561a 100644 --- a/net/netfilter/xt_hashlimit.c +++ b/net/netfilter/xt_hashlimit.c @@ -879,7 +879,8 @@ static void dl_seq_stop(struct seq_file *s, void *v) struct xt_hashlimit_htable *htable = s->private; unsigned int *bucket = (unsigned int *)v; - kfree(bucket); + if (!IS_ERR(bucket)) + kfree(bucket); spin_unlock_bh(&htable->lock); }
If dl_seq_start() memory allocation fails, we crash later in dl_seq_stop(), trying to kfree(ERR_PTR(-ENOMEM)) Signed-off-by: Eric Dumazet <eric.dumazet@gmail.com> --- -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html