From mboxrd@z Thu Jan 1 00:00:00 1970 From: Florian Westphal Subject: Re: [PATCH] audit: remove the audit freelist Date: Tue, 29 Nov 2016 18:24:50 +0100 Message-ID: <20161129172450.GD26930@breakpoint.cc> References: <1479215774-29810-1-git-send-email-fw@strlen.de> <20161129161233.GG6897@madcap2.tricolour.ca> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Content-Disposition: inline In-Reply-To: <20161129161233.GG6897@madcap2.tricolour.ca> Sender: linux-kernel-owner@vger.kernel.org To: Richard Guy Briggs Cc: Florian Westphal , linux-kernel@vger.kernel.org, linux-audit@redhat.com List-Id: linux-audit@redhat.com Richard Guy Briggs wrote: > > static void audit_buffer_free(struct audit_buffer *ab) > > { > > - unsigned long flags; > > - > > if (!ab) > > return; > > > > kfree_skb(ab->skb); > > - spin_lock_irqsave(&audit_freelist_lock, flags); > > - if (audit_freelist_count > AUDIT_MAXFREE) > > - kfree(ab); > > - else { > > - audit_freelist_count++; > > - list_add(&ab->list, &audit_freelist); > > - } > > - spin_unlock_irqrestore(&audit_freelist_lock, flags); > > + kfree(ab); > > } [..] > > nlh = nlmsg_put(ab->skb, 0, 0, type, 0, 0); > > if (!nlh) > > - goto out_kfree_skb; > > + goto err; > > > > return ab; > > > > -out_kfree_skb: > > - kfree_skb(ab->skb); > > - ab->skb = NULL; > > Why is the kfree_skb() skipped on error from nlmsg_put()? I don't see > much risk in nlmsg_put() failing considering the very simple arguments, > however the code path is not trivial either. if nlmsg_put fails we jump to err and ... > > err: > > audit_buffer_free(ab); > > return NULL; ... ab->skb gets free'd by audit_buffer_free() here.