Bug 188781

Function kobject_create_and_add() returns a NULL pointer on failure. In function br_sysfs_addbr() defined in file net/bridge/br_sysfs_br.c, function kobject_create_and_add() is called (at line 897) and its return value is checked against NULL (at line 898), and when the return value is NULL, it will jump to label "out3" and returns the value of err. However, after the check of err at line 891, the value of err is 0. As a result, 0 (indicates success) will be returned even on failures. Maybe it is better to explicitly assign "-ENOMEM" to variable err before the jump instruction at line 901. Codes related to this bug are shown as below.

br_sysfs_addbr @@ net/bridge/br_sysfs_br.c
877 int br_sysfs_addbr(struct net_device *dev)
878 {
879     struct kobject *brobj = &dev->dev.kobj;
880     struct net_bridge *br = netdev_priv(dev);
881     int err;
882 
883     err = sysfs_create_group(brobj, &bridge_group);
884     if (err) {
885         pr_info("%s: can't create group %s/%s\n",
886             __func__, dev->name, bridge_group.name);
887         goto out1;
888     }
889 
890     err = sysfs_create_bin_file(brobj, &bridge_forward);
891     if (err) {
892         pr_info("%s: can't create attribute file %s/%s\n",
893             __func__, dev->name, bridge_forward.attr.name);
894         goto out2;
895     }
896 
897     br->ifobj = kobject_create_and_add(SYSFS_BRIDGE_PORT_SUBDIR, brobj);
898     if (!br->ifobj) {
899         pr_info("%s: can't add kobject (directory) %s/%s\n",
900             __func__, dev->name, SYSFS_BRIDGE_PORT_SUBDIR);
901         goto out3;         // insert "err = -ENOMEM;" before this jump instruction?
902     }
903     return 0;
904  out3:
905     sysfs_remove_bin_file(&dev->dev.kobj, &bridge_forward);
906  out2:
907     sysfs_remove_group(&dev->dev.kobj, &bridge_group);
908  out1:
909     return err;
910 
911 }

Thanks very much!