netfilter: nf_flow_table: fix missing error check for rhashtable_insert_fast (43c8f131) · Commits · 戴 / test

rhashtable_insert_fast() may return an error value when memory allocation fails, but flow_offload_add() does not check for errors. This patch just adds missing error checking. Fixes: ("netfilter: add generic flow table infrastructure") Signed-off-by:

Taehee Yoo <ap420073@gmail.com> Signed-off-by:

Pablo Neira Ayuso <pablo@netfilter.org>

net/netfilter/nf_flow_table_core.c

+18 −7

Original line number	Diff line number	Diff line
		@@ -185,14 +185,25 @@ static const struct rhashtable_params nf_flow_offload_rhash_params = {

		int flow_offload_add(struct nf_flowtable flow_table, struct flow_offload flow)
		{
		flow->timeout = (u32)jiffies;
		int err;

		rhashtable_insert_fast(&flow_table->rhashtable,
		&flow->tuplehash[FLOW_OFFLOAD_DIR_ORIGINAL].node,
		err = rhashtable_insert_fast(&flow_table->rhashtable,
		&flow->tuplehash[0].node,
		nf_flow_offload_rhash_params);
		rhashtable_insert_fast(&flow_table->rhashtable,
		&flow->tuplehash[FLOW_OFFLOAD_DIR_REPLY].node,
		if (err < 0)
		return err;

		err = rhashtable_insert_fast(&flow_table->rhashtable,
		&flow->tuplehash[1].node,
		nf_flow_offload_rhash_params);
		if (err < 0) {
		rhashtable_remove_fast(&flow_table->rhashtable,
		&flow->tuplehash[0].node,
		nf_flow_offload_rhash_params);
		return err;
		}

		flow->timeout = (u32)jiffies;
		return 0;
		}
		EXPORT_SYMBOL_GPL(flow_offload_add);

Admin message