ipc/mqueue: improve exception handling in do_mq_notify()

Null pointers were assigned to local variables in a few cases as exception handling. The jump target “out” was used where no meaningful data processing actions should eventually be performed by branches of an if statement then. Use an additional jump target for calling dev_kfree_skb() directly. Return also directly after error conditions were detected when no extra clean-up is needed by this function implementation. Link: http://lkml.kernel.org/r/592ef10e-0b69-72d0-9789-fc48f638fdfd@web.de Signed-off-by: Markus Elfring <elfring@users.sourceforge.net> Cc: Davidlohr Bueso <dave@stgolabs.net> Cc: Manfred Spraul <manfred@colorfullife.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

ipc/mqueue: improve exception handling in do_mq_notify()
Null pointers were assigned to local variables in a few cases as exception handling. The jump target “out” was used where no meaningful data processing actions should eventually be performed by branches of an if statement then. Use an additional jump target for calling dev_kfree_skb() directly. Return also directly after error conditions were detected when no extra clean-up is needed by this function implementation. Link: http://lkml.kernel.org/r/592ef10e-0b69-72d0-9789-fc48f638fdfd@web.de Signed-off-by: Markus Elfring <elfring@users.sourceforge.net> Cc: Davidlohr Bueso <dave@stgolabs.net> Cc: Manfred Spraul <manfred@colorfullife.com> Signed-off-by: Andrew Morton <akpm@linux-foundation.org> Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>
Markus Elfring · Linus Torvalds
1 parent 97b0b1ad58
Showing 1 changed file with 8 additions and 12 deletions Side-by-side Diff
ipc/mqueue.c
@@ -1240,15 +1240,14 @@
  
 			/* create the notify skb */
 			nc = alloc_skb(NOTIFY_COOKIE_LEN, GFP_KERNEL);
-			if (!nc) {
-				ret = -ENOMEM;
-				goto out;
-			}
+			if (!nc)
+				return -ENOMEM;
+
 			if (copy_from_user(nc->data,
 					notification->sigev_value.sival_ptr,
 					NOTIFY_COOKIE_LEN)) {
 				ret = -EFAULT;
-				goto out;
+				goto free_skb;
 			}
  
 			/* TODO: add a header? */
@@ -1264,8 +1263,7 @@
 			fdput(f);
 			if (IS_ERR(sock)) {
 				ret = PTR_ERR(sock);
-				sock = NULL;
-				goto out;
+				goto free_skb;
 			}
  
 			timeo = MAX_SCHEDULE_TIMEOUT;
@@ -1274,11 +1272,8 @@
 				sock = NULL;
 				goto retry;
 			}
-			if (ret) {
-				sock = NULL;
-				nc = NULL;
-				goto out;
-			}
+			if (ret)
+				return ret;
 		}
 	}
  
@@ -1334,6 +1329,7 @@
 	if (sock)
 		netlink_detachskb(sock, nc);
 	else
+free_skb:
 		dev_kfree_skb(nc);
  
 	return ret;
...	...	@@ -1240,15 +1240,14 @@
1240	1240
1241	1241	/* create the notify skb */
1242	1242	nc = alloc_skb(NOTIFY_COOKIE_LEN, GFP_KERNEL);
1243		- if (!nc) {
1244		- ret = -ENOMEM;
1245		- goto out;
1246		- }
	1243	+ if (!nc)
	1244	+ return -ENOMEM;
	1245	+
1247	1246	if (copy_from_user(nc->data,
1248	1247	notification->sigev_value.sival_ptr,
1249	1248	NOTIFY_COOKIE_LEN)) {
1250	1249	ret = -EFAULT;
1251		- goto out;
	1250	+ goto free_skb;
1252	1251	}
1253	1252
1254	1253	/* TODO: add a header? */
...	...	@@ -1264,8 +1263,7 @@
1264	1263	fdput(f);
1265	1264	if (IS_ERR(sock)) {
1266	1265	ret = PTR_ERR(sock);
1267		- sock = NULL;
1268		- goto out;
	1266	+ goto free_skb;
1269	1267	}
1270	1268
1271	1269	timeo = MAX_SCHEDULE_TIMEOUT;
...	...	@@ -1274,11 +1272,8 @@
1274	1272	sock = NULL;
1275	1273	goto retry;
1276	1274	}
1277		- if (ret) {
1278		- sock = NULL;
1279		- nc = NULL;
1280		- goto out;
1281		- }
	1275	+ if (ret)
	1276	+ return ret;
1282	1277	}
1283	1278	}
1284	1279
...	...	@@ -1334,6 +1329,7 @@
1334	1329	if (sock)
1335	1330	netlink_detachskb(sock, nc);
1336	1331	else
	1332	+free_skb:
1337	1333	dev_kfree_skb(nc);
1338	1334
1339	1335	return ret;