connector: bump skb->users before callback invocation

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Dmitry reports memleak with syskaller program.
Problem is that connector bumps skb usecount but might not invoke callback.

So move skb_get to where we invoke the callback.

Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Florian Westphal <fw@strlen.de>
Signed-off-by: David S. Miller <davem@davemloft.net>

authored by

Florian Westphal and committed by

David S. Miller 10 years ago 55285bf0 3934aa4c

+3 -8

1 changed file

expand all

drivers

connector

connector.c

+3 -8

drivers/connector/connector.c

··· 179 179 * 180 180 * It checks skb, netlink header and msg sizes, and calls callback helper. 181 181 */ 182 - static void cn_rx_skb(struct sk_buff *__skb) 182 + static void cn_rx_skb(struct sk_buff *skb) 183 183 { 184 184 struct nlmsghdr *nlh; 185 - struct sk_buff *skb; 186 185 int len, err; 187 - 188 - skb = skb_get(__skb); 189 186 190 187 if (skb->len >= NLMSG_HDRLEN) { 191 188 nlh = nlmsg_hdr(skb); ··· 190 193 191 194 if (len < (int)sizeof(struct cn_msg) || 192 195 skb->len < nlh->nlmsg_len || 193 - len > CONNECTOR_MAX_MSG_SIZE) { 194 - kfree_skb(skb); 196 + len > CONNECTOR_MAX_MSG_SIZE) 195 197 return; 196 - } 197 198 198 - err = cn_call_callback(skb); 199 + err = cn_call_callback(skb_get(skb)); 199 200 if (err < 0) 200 201 kfree_skb(skb); 201 202 }