From: 张胜举 <zhangshen...@cmss.chinamobile.com> Date: Mon, 29 Feb 2016 22:16:37 +0800
>> On Mon, 2016-02-29 at 12:22 +0000, Zhang Shengju wrote: >> > If skb_reorder_vlan_header() failed, skb is freed and NULL is returned. >> > Then at skb_vlan_untag(), it will free skbuff again which cause double >> > free. >> >> On skb_reorder_vlan_header() failure, skb_vlan_untag() will call >> kfree_skb() using the return value of skb_reorder_vlan_header(), that is >> NULL. kfree_skb() is a noop when the argument is NULL. >> >> The current code seams safe. >> >> Paolo > Hi Paolo, even current code is safe, this's still a potential problem. We > should make an > assumption that inner function doesn't free skb, and let outside function > take care of this. No, the current code is intentional and perfectly fine. Fix real bugs, not imaginary ones. Thanks.
