Hello David,
> One could argue from a defensive programming perspective that
> this bug comes from the fact that the ifb_init_one() loop
> advances state before checking for errors ('i' is advanced before
> the 'err' check due to the loop construct), and that's why the
> error recovery code had to be coded specially :-)
Now when I look at it I might be wrong and it is not a bug at all.
It's just coded in weird way. Anyway isn't there kfree(ifbs) missing
on error path?
The patch below should clear things a bit (against plain 2.6.20-rc2-mm1).
Signed-off-by: Mariusz Kozlowski <[EMAIL PROTECTED]>
drivers/net/ifb.c | 16 ++++++++++------
1 file changed, 10 insertions(+), 6 deletions(-)
--- linux-2.6.20-rc2-mm1-a/drivers/net/ifb.c 2006-12-24 05:00:32.000000000
+0100
+++ linux-2.6.20-rc2-mm1-b/drivers/net/ifb.c 2007-01-02 11:35:48.000000000
+0100
@@ -264,18 +264,22 @@ static void ifb_free_one(int index)
static int __init ifb_init_module(void)
{
- int i, err = 0;
+ int i, err;
+
ifbs = kmalloc(numifbs * sizeof(void *), GFP_KERNEL);
if (!ifbs)
return -ENOMEM;
- for (i = 0; i < numifbs && !err; i++)
+ for (i = 0; i < numifbs; i++) {
err = ifb_init_one(i);
- if (err) {
- i--;
- while (--i >= 0)
- ifb_free_one(i);
+ if (err)
+ goto err;
}
+ return 0;
+err:
+ while (i--)
+ ifb_free_one(i);
+ kfree(ifbs);
return err;
}
--
Regards,
Mariusz Kozlowski
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
