do_mq_notify(): saner skb freeing on failures

cleanup is convoluted enough as it is; it's easier to have early
failure outs do explicit kfree_skb(nc), rather than going to
contortions needed to reuse the cleanup from late failures.

Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
This commit is contained in:
Al Viro 2024-07-14 22:04:03 -04:00
parent f302edb9d8
commit 1aaf6a7e75

View File

@ -1347,8 +1347,8 @@ static int do_mq_notify(mqd_t mqdes, const struct sigevent *notification)
if (copy_from_user(nc->data,
notification->sigev_value.sival_ptr,
NOTIFY_COOKIE_LEN)) {
ret = -EFAULT;
goto free_skb;
kfree_skb(nc);
return -EFAULT;
}
/* TODO: add a header? */
@ -1357,16 +1357,14 @@ static int do_mq_notify(mqd_t mqdes, const struct sigevent *notification)
retry:
sock = netlink_getsockbyfd(notification->sigev_signo);
if (IS_ERR(sock)) {
ret = PTR_ERR(sock);
goto free_skb;
kfree_skb(nc);
return PTR_ERR(sock);
}
timeo = MAX_SCHEDULE_TIMEOUT;
ret = netlink_attachskb(sock, nc, &timeo, NULL);
if (ret == 1) {
sock = NULL;
if (ret == 1)
goto retry;
}
if (ret)
return ret;
}
@ -1425,10 +1423,6 @@ static int do_mq_notify(mqd_t mqdes, const struct sigevent *notification)
out:
if (sock)
netlink_detachskb(sock, nc);
else
free_skb:
dev_kfree_skb(nc);
return ret;
}