On 2014-02-11 18:26, Antonio Quartulli wrote: > On 08/02/14 16:45, Simon Wunderlich wrote: >> Since batadv_orig_node_new() sets the refcount to two, assuming that >> the calling function will use a reference for putting the orig_node into >> a hash or similar, both references must be freed if initialization of >> the orig_node fails. Otherwise that object may be leaked in that error >> case. >> >> Reported-by: Antonio Quartulli <[email protected]> >> Signed-off-by: Simon Wunderlich <[email protected]> >> --- >> bat_iv_ogm.c | 2 ++ >> 1 file changed, 2 insertions(+) >> >> diff --git a/bat_iv_ogm.c b/bat_iv_ogm.c >> index 6f4fcdc..6000337 100644 >> --- a/bat_iv_ogm.c >> +++ b/bat_iv_ogm.c >> @@ -256,6 +256,8 @@ batadv_iv_ogm_orig_get(struct batadv_priv *bat_priv, >> const uint8_t *addr) >> free_bcast_own: >> kfree(orig_node->bat_iv.bcast_own); >> free_orig_node: >> + /* free twice, as batadv_orig_node_new set refcount to 2 */ >> + batadv_orig_node_free_ref(orig_node); >> batadv_orig_node_free_ref(orig_node); > > Coudln't we just invoke kfree(orig_node) here ? I think that if we hit > this point it is because the node has not added to the hash and > therefore it i snot used in any other context. This way we avoid the > double free_ref() and we don't trgger the whole RCU mechanism. > > Or am I missing something?
batadv_<type>_free_ref() might have side effect that are not handled by kfree alone... -- Kind Regards Martin Hundebøll Frederiks Allé 99, 1.th 8000 Aarhus C Denmark +45 61 65 54 61 [email protected]
signature.asc
Description: OpenPGP digital signature
