commit 0eb03d5a14377eecf6ed0ebf3cc2c9f48c12c7c6
author Pavel Emelyanov <xemul@openvz.org> Tue May 06 18:49:02 2008 +0400
committer John W. Linville <linville@tuxdriver.com> Mon May 12 21:22:19 2008 -0400
tree da81b29d4eb3aec06926d7bcf7c5fe94bd63fa84
parent f84e71a94cb5f88d86ab50c251e09379925b80b9

Fix not checked kmalloc() result.

The new_node kmallocation is not checked for success, so add
this check.

BTW, it also happens under the read_lock.

Signed-off-by: Pavel Emelyanov <xemul@openvz.org>
Signed-off-by: John W. Linville <linville@tuxdriver.com>

net/mac80211/mesh_pathtbl.c

diff --git a/net/mac80211/mesh_pathtbl.c b/net/mac80211/mesh_pathtbl.c
index 727aa52..1d2d051 100644
--- a/net/mac80211/mesh_pathtbl.c
+++ b/net/mac80211/mesh_pathtbl.c
@@ -164,13 +164,19 @@
 		err = -ENOMEM;
 		goto endadd2;
 	}
+	new_node = kmalloc(sizeof(struct mpath_node), GFP_KERNEL);
+	if (!new_node) {
+		kfree(new_mpath);
+		atomic_dec(&sdata->u.sta.mpaths);
+		err = -ENOMEM;
+		goto endadd2;
+	}
 
 	read_lock(&pathtbl_resize_lock);
 	memcpy(new_mpath->dst, dst, ETH_ALEN);
 	new_mpath->dev = dev;
 	new_mpath->flags = 0;
 	skb_queue_head_init(&new_mpath->frame_queue);
-	new_node = kmalloc(sizeof(struct mpath_node), GFP_KERNEL);
 	new_node->mpath = new_mpath;
 	new_mpath->timer.data = (unsigned long) new_mpath;
 	new_mpath->timer.function = mesh_path_timer;