On 17-01-23 07:58 AM, Simon Horman wrote:
Hi Jamal,
On Sun, Jan 22, 2017 at 03:25:50PM -0500, Jamal Hadi Salim wrote:
...
@@ -33,6 +34,8 @@ static void free_tcf(struct rcu_head *head)
free_percpu(p->cpu_bstats);
free_percpu(p->cpu_qstats);
+ kfree(p->act_cookie->data);
Does the above need to be protected by a check for p->act_cookie being non-NULL?
Indeed it does.
+ kfree(p->act_cookie);
kfree(p);
}
...
@@ -575,6 +584,33 @@ struct tc_action *tcf_action_init_1(struct net *net,
struct nlattr *nla,
if (err < 0)
goto err_mod;
+ if (tb[TCA_ACT_COOKIE]) {
+ int cklen = nla_len(tb[TCA_ACT_COOKIE]);
+
+ if (cklen > TC_COOKIE_MAX_SIZE) {
+ err = -EINVAL;
+ tcf_hash_release(a, bind);
+ goto err_mod;
+ }
+
+ a->act_cookie = kzalloc(sizeof(*a->act_cookie), GFP_KERNEL);
+ if (!a->act_cookie) {
+ err = -ENOMEM;
+ tcf_hash_release(a, bind);
+ goto err_mod;
+ }
+
+ a->act_cookie->data = nla_memdup(tb[TCA_ACT_COOKIE],
+ GFP_KERNEL);
+ if (!a->act_cookie->data) {
+ err = -ENOMEM;
+ kfree(a->act_cookie);
+ tcf_hash_release(a, bind);
+ goto err_mod;
+ }
+ a->act_cookie->len = cklen;
FWIW, the above looks correct but it also looks like the error handling
could be done less verbosely if the logic was moved to a separate function.
I will make the change.
Thanks Simon.
cheers,
jamal
