From: Davide Caratti Date: Fri, 22 Feb 2019 11:33:25 +0000 (+0100) Subject: net/sched: act_ipt: fix refcount leak when replace fails X-Git-Tag: v5.0~4^2~37 X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=8f67c90ee9148eab3d2b4393c3cf76489b27f87c;p=users%2Fdwmw2%2Flinux.git net/sched: act_ipt: fix refcount leak when replace fails After commit 4e8ddd7f1758 ("net: sched: don't release reference on action overwrite"), the error path of all actions was converted to drop refcount also when the action was being overwritten. But we forgot act_ipt_init(), in case allocation of 'tname' was not successful: # tc action add action xt -j LOG --log-prefix hello index 100 tablename: mangle hook: NF_IP_POST_ROUTING target: LOG level warning prefix "hello" index 100 # tc action show action xt total acts 1 action order 0: tablename: mangle hook: NF_IP_POST_ROUTING target LOG level warning prefix "hello" index 100 ref 1 bind 0 # tc action replace action xt -j LOG --log-prefix world index 100 tablename: mangle hook: NF_IP_POST_ROUTING target: LOG level warning prefix "world" index 100 RTNETLINK answers: Cannot allocate memory We have an error talking to the kernel # tc action show action xt total acts 1 action order 0: tablename: mangle hook: NF_IP_POST_ROUTING target LOG level warning prefix "hello" index 100 ref 2 bind 0 Ensure we call tcf_idr_release(), in case 'tname' allocation failed, also when the action is being replaced. Fixes: 4e8ddd7f1758 ("net: sched: don't release reference on action overwrite") Signed-off-by: Davide Caratti Signed-off-by: David S. Miller --- diff --git a/net/sched/act_ipt.c b/net/sched/act_ipt.c index 8af6c11d2482a..faa1addf89b3b 100644 --- a/net/sched/act_ipt.c +++ b/net/sched/act_ipt.c @@ -199,8 +199,7 @@ err3: err2: kfree(tname); err1: - if (ret == ACT_P_CREATED) - tcf_idr_release(*a, bind); + tcf_idr_release(*a, bind); return err; }