The sk_alloc() function suffers from two problems: 1 (major). The error path is not clean in it - if the security call fails, the net namespace is not put, if the try_module_get fails additionally the security context is not released; 2 (minor). The zero_it argument is misleading, as it doesn't just zeroes it, but performs some extra setup. Besides this argument is used only in one place - in the sk_clone().
So this set fixes these problems and performs some additional cleanup. Signed-off-by: Pavel Emelyanov <[EMAIL PROTECTED]> - To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html
