projects / openvswitch / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 583fce1)
datapath: Avoid double-free on skb_clone failure in ODPAT_OUTPUT_GROUP.
authorBen Pfaff <blp@nicira.com>
Wed, 27 May 2009 18:37:08 +0000 (11:37 -0700)
committerBen Pfaff <blp@nicira.com>
Wed, 27 May 2009 18:37:08 +0000 (11:37 -0700)
output_group() has no business freeing the skb passed into it, but it was
doing so in case of allocation failure.  Since execute_actions() would
also later free it, this was a serious error.

Thanks to Justin for pointing out the problem.

datapath/actions.c patch | blob | history

diff --git a/datapath/actions.c b/datapath/actions.c
index 6bbb9f99d6c666940a64a9f1c18c7fd5b7ee0213..d9b92f1d62b3f25d88a60cbd6d364b73c5eebc53 100644 (file)
--- a/datapath/actions.c
+++ b/datapath/actions.c
@@ -313,6 +313,8 @@ error:
        kfree_skb(skb);
 }
 
+/* Never consumes 'skb'.  Returns a port that 'skb' should be sent to, -1 if
+ * none.  */
 static int output_group(struct datapath *dp, __u16 group,
                        struct sk_buff *skb, gfp_t gfp)
 {
@@ -328,10 +330,8 @@ static int output_group(struct datapath *dp, __u16 group,
                        continue;
                if (prev_port != -1) {
                        struct sk_buff *clone = skb_clone(skb, gfp);
-                       if (!clone) {
-                               kfree_skb(skb);
+                       if (!clone)
                                return -1;
-                       }
                        do_output(dp, clone, prev_port);
                }
                prev_port = p->port_no;
Unnamed repository; edit this file to name it for gitweb.