Richard Guy Briggs <r...@redhat.com> wrote: > > static void audit_buffer_free(struct audit_buffer *ab) > > { > > - unsigned long flags; > > - > > if (!ab) > > return; > > > > kfree_skb(ab->skb); > > - spin_lock_irqsave(&audit_freelist_lock, flags); > > - if (audit_freelist_count > AUDIT_MAXFREE) > > - kfree(ab); > > - else { > > - audit_freelist_count++; > > - list_add(&ab->list, &audit_freelist); > > - } > > - spin_unlock_irqrestore(&audit_freelist_lock, flags); > > + kfree(ab); > > } [..]
> > nlh = nlmsg_put(ab->skb, 0, 0, type, 0, 0); > > if (!nlh) > > - goto out_kfree_skb; > > + goto err; > > > > return ab; > > > > -out_kfree_skb: > > - kfree_skb(ab->skb); > > - ab->skb = NULL; > > Why is the kfree_skb() skipped on error from nlmsg_put()? I don't see > much risk in nlmsg_put() failing considering the very simple arguments, > however the code path is not trivial either. if nlmsg_put fails we jump to err and ... > > err: > > audit_buffer_free(ab); > > return NULL; ... ab->skb gets free'd by audit_buffer_free() here.