Function kobject_create_and_add() returns a NULL pointer on failure. In function br_sysfs_addbr() defined in file net/bridge/br_sysfs_br.c, function kobject_create_and_add() is called (at line 897) and its return value is checked against NULL (at line 898), and when the return value is NULL, it will jump to label "out3" and returns the value of err. However, after the check of err at line 891, the value of err is 0. As a result, 0 (indicates success) will be returned even on failures. Maybe it is better to explicitly assign "-ENOMEM" to variable err before the jump instruction at line 901. Codes related to this bug are shown as below. br_sysfs_addbr @@ net/bridge/br_sysfs_br.c 877 int br_sysfs_addbr(struct net_device *dev) 878 { 879 struct kobject *brobj = &dev->dev.kobj; 880 struct net_bridge *br = netdev_priv(dev); 881 int err; 882 883 err = sysfs_create_group(brobj, &bridge_group); 884 if (err) { 885 pr_info("%s: can't create group %s/%s\n", 886 __func__, dev->name, bridge_group.name); 887 goto out1; 888 } 889 890 err = sysfs_create_bin_file(brobj, &bridge_forward); 891 if (err) { 892 pr_info("%s: can't create attribute file %s/%s\n", 893 __func__, dev->name, bridge_forward.attr.name); 894 goto out2; 895 } 896 897 br->ifobj = kobject_create_and_add(SYSFS_BRIDGE_PORT_SUBDIR, brobj); 898 if (!br->ifobj) { 899 pr_info("%s: can't add kobject (directory) %s/%s\n", 900 __func__, dev->name, SYSFS_BRIDGE_PORT_SUBDIR); 901 goto out3; // insert "err = -ENOMEM;" before this jump instruction? 902 } 903 return 0; 904 out3: 905 sysfs_remove_bin_file(&dev->dev.kobj, &bridge_forward); 906 out2: 907 sysfs_remove_group(&dev->dev.kobj, &bridge_group); 908 out1: 909 return err; 910 911 } Thanks very much!
Created attachment 256417 [details] The patch fixes the bug The patch has been merged into the latest version of the Linux kernel. So I will close the bug.