can: rx-offload: can_rx_offload_queue_tail(): fix error handling, avoid skb mem leak
authorMarc Kleine-Budde <mkl@pengutronix.de>
Wed, 9 Oct 2019 13:48:48 +0000 (15:48 +0200)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Thu, 5 Dec 2019 14:36:59 +0000 (15:36 +0100)
[ Upstream commit 6caf8a6d6586d44fd72f4aa1021d14aa82affafb ]

If the rx-offload skb_queue is full can_rx_offload_queue_tail() will not
queue the skb and return with an error.

This patch frees the skb in case of a full queue, which brings
can_rx_offload_queue_tail() in line with the
can_rx_offload_queue_sorted() function, which has been adjusted in the
previous patch.

The return value is adjusted to -ENOBUFS to better reflect the actual
problem.

The device stats handling is left to the caller.

Fixes: d254586c3453 ("can: rx-offload: Add support for HW fifo based irq offloading")
Reported-by: Kurt Van Dijck <dev.kurt@vandijck-laurijssen.be>
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Sasha Levin <sashal@kernel.org>
drivers/net/can/rx-offload.c

index 1a7c183e66783cebcac0b5c7b6bbcb258ce3dcad..b26987a136203a2558cdcc915dced74d805f8382 100644 (file)
@@ -261,8 +261,10 @@ int can_rx_offload_queue_tail(struct can_rx_offload *offload,
                              struct sk_buff *skb)
 {
        if (skb_queue_len(&offload->skb_queue) >
-           offload->skb_queue_len_max)
-               return -ENOMEM;
+           offload->skb_queue_len_max) {
+               kfree_skb(skb);
+               return -ENOBUFS;
+       }
 
        skb_queue_tail(&offload->skb_queue, skb);
        can_rx_offload_schedule(offload);