From: Zbigniew Jędrzejewski-Szmek Date: Fri, 5 Jun 2020 12:16:04 +0000 (+0200) Subject: core/bpf-firewall: use the correct cleanup function X-Git-Tag: v246-rc1~105^2~5 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d02fd8b1c6e1eb5e6c587bf9098c55e7d01f99d6;p=thirdparty%2Fsystemd.git core/bpf-firewall: use the correct cleanup function On error, we'd just free the object, and not close the fd. While at it, let's use set_ensure_consume() to make sure we don't leak the object if it was already in the set. I'm not sure if that condition can be achieved. --- diff --git a/src/core/bpf-firewall.c b/src/core/bpf-firewall.c index a05ac8122d0..2ec274df018 100644 --- a/src/core/bpf-firewall.c +++ b/src/core/bpf-firewall.c @@ -595,7 +595,7 @@ static int load_bpf_progs_from_fs_to_set(Unit *u, char **filter_paths, Set **set set_clear(*set); STRV_FOREACH(bpf_fs_path, filter_paths) { - _cleanup_free_ BPFProgram *prog = NULL; + _cleanup_(bpf_program_unrefp) BPFProgram *prog = NULL; int r; r = bpf_program_new(BPF_PROG_TYPE_CGROUP_SKB, &prog); @@ -606,10 +606,9 @@ static int load_bpf_progs_from_fs_to_set(Unit *u, char **filter_paths, Set **set if (r < 0) return log_unit_error_errno(u, r, "Loading of ingress BPF program %s failed: %m", *bpf_fs_path); - r = set_ensure_put(set, &filter_prog_hash_ops, prog); + r = set_ensure_consume(set, &filter_prog_hash_ops, TAKE_PTR(prog)); if (r < 0) return log_unit_error_errno(u, r, "Can't add program to BPF program set: %m"); - TAKE_PTR(prog); } return 0;