Skip to content

Commit

Permalink
[AX.25]: Fix unchecked rose_add_loopback_neigh uses
Browse files Browse the repository at this point in the history 
rose_add_loopback_neigh uses kmalloc and the callers were ignoring the
error value.  Rewrite to let the caller deal with the allocation.  This
allows the use of static allocation of kmalloc use entirely.

Signed-off-by: Ralf Baechle <[email protected]>
Signed-off-by: David S. Miller <[email protected]>
  • Loading branch information
@ralfbaechle
ralfbaechle authored and David S. Miller committed Dec 18, 2006
1 parent a159aaa commit a3d3840
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 28 deletions.
4 changes: 2 additions & 2 deletions include/net/rose.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -188,12 +188,12 @@ extern void rose_kick(struct sock *);
extern void rose_enquiry_response(struct sock *);

/* rose_route.c */
extern struct rose_neigh *rose_loopback_neigh;
extern struct rose_neigh rose_loopback_neigh;
extern struct file_operations rose_neigh_fops;
extern struct file_operations rose_nodes_fops;
extern struct file_operations rose_routes_fops;

extern int __must_check rose_add_loopback_neigh(void);
extern void rose_add_loopback_neigh(void);
extern int __must_check rose_add_loopback_node(rose_address *);
extern void rose_del_loopback_node(rose_address *);
extern void rose_rt_device_down(struct net_device *);
Expand Down
5 changes: 3 additions & 2 deletions net/rose/rose_loopback.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -79,15 +79,16 @@ static void rose_loopback_timer(unsigned long param)

skb->h.raw = skb->data;

if ((sk = rose_find_socket(lci_o, rose_loopback_neigh)) != NULL) {
sk = rose_find_socket(lci_o, &rose_loopback_neigh);
if (sk) {
if (rose_process_rx_frame(sk, skb) == 0)
kfree_skb(skb);
continue;
}

if (frametype == ROSE_CALL_REQUEST) {
if ((dev = rose_dev_get(dest)) != NULL) {
if (rose_rx_call_request(skb, dev, rose_loopback_neigh, lci_o) == 0)
if (rose_rx_call_request(skb, dev, &rose_loopback_neigh, lci_o) == 0)
kfree_skb(skb);
} else {
kfree_skb(skb);
Expand Down
45 changes: 21 additions & 24 deletions net/rose/rose_route.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,7 +46,7 @@ static DEFINE_SPINLOCK(rose_neigh_list_lock);
static struct rose_route *rose_route_list;
static DEFINE_SPINLOCK(rose_route_list_lock);

struct rose_neigh *rose_loopback_neigh;
struct rose_neigh rose_loopback_neigh;

/*
* Add a new route to a node, and in the process add the node and the
Expand Down Expand Up @@ -361,33 +361,30 @@ static int rose_del_node(struct rose_route_struct *rose_route,
/*
* Add the loopback neighbour.
*/
int rose_add_loopback_neigh(void)
void rose_add_loopback_neigh(void)
{
if ((rose_loopback_neigh = kmalloc(sizeof(struct rose_neigh), GFP_ATOMIC)) == NULL)
return -ENOMEM;
struct rose_neigh *sn = &rose_loopback_neigh;

rose_loopback_neigh->callsign = null_ax25_address;
rose_loopback_neigh->digipeat = NULL;
rose_loopback_neigh->ax25 = NULL;
rose_loopback_neigh->dev = NULL;
rose_loopback_neigh->count = 0;
rose_loopback_neigh->use = 0;
rose_loopback_neigh->dce_mode = 1;
rose_loopback_neigh->loopback = 1;
rose_loopback_neigh->number = rose_neigh_no++;
rose_loopback_neigh->restarted = 1;
sn->callsign = null_ax25_address;
sn->digipeat = NULL;
sn->ax25 = NULL;
sn->dev = NULL;
sn->count = 0;
sn->use = 0;
sn->dce_mode = 1;
sn->loopback = 1;
sn->number = rose_neigh_no++;
sn->restarted = 1;

skb_queue_head_init(&rose_loopback_neigh->queue);
skb_queue_head_init(&sn->queue);

init_timer(&rose_loopback_neigh->ftimer);
init_timer(&rose_loopback_neigh->t0timer);
init_timer(&sn->ftimer);
init_timer(&sn->t0timer);

spin_lock_bh(&rose_neigh_list_lock);
rose_loopback_neigh->next = rose_neigh_list;
rose_neigh_list = rose_loopback_neigh;
sn->next = rose_neigh_list;
rose_neigh_list = sn;
spin_unlock_bh(&rose_neigh_list_lock);

return 0;
}

/*
Expand Down Expand Up @@ -421,13 +418,13 @@ int rose_add_loopback_node(rose_address *address)
rose_node->mask = 10;
rose_node->count = 1;
rose_node->loopback = 1;
rose_node->neighbour[0] = rose_loopback_neigh;
rose_node->neighbour[0] = &rose_loopback_neigh;

/* Insert at the head of list. Address is always mask=10 */
rose_node->next = rose_node_list;
rose_node_list = rose_node;

rose_loopback_neigh->count++;
rose_loopback_neigh.count++;

out:
spin_unlock_bh(&rose_node_list_lock);
Expand Down Expand Up @@ -458,7 +455,7 @@ void rose_del_loopback_node(rose_address *address)

rose_remove_node(rose_node);

rose_loopback_neigh->count--;
rose_loopback_neigh.count--;

out:
spin_unlock_bh(&rose_node_list_lock);
Expand Down

0 comments on commit a3d3840

Please sign in to comment.