Merge branch 'net-sched-action-idr-leak'

Davide Caratti says: ==================== fix idr leak in actions This series fixes situations where a temporary failure to install a TC action results in the permanent impossibility to reuse the configured value of 'index'. Thanks to Cong Wang for the initial review. v2: fix build error in act_ipt.c, reported by kbuild test robot ==================== Acked-by: Cong Wang <xiyou.wangcong@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net>
2024-11-27 06:04:23 +08:00 · 2018-03-21 18:12:46 -04:00 · 2018-03-21 18:12:46 -04:00 · ba9a190872
commit ba9a190872
parent 3f2176dd7f f29cdfbe33
7 changed files with 12 additions and 9 deletions
--- a/net/sched/act_bpf.c
+++ b/net/sched/act_bpf.c
@ -352,7 +352,7 @@ static int tcf_bpf_init(struct net *net, struct nlattr *nla,
 	return res;
 out:
 	if (res == ACT_P_CREATED)
-		tcf_idr_cleanup(*act, est);
+		tcf_idr_release(*act, bind);

 	return ret;
 }
--- a/net/sched/act_ipt.c
+++ b/net/sched/act_ipt.c
@ -80,9 +80,12 @@ static void ipt_destroy_target(struct xt_entry_target *t)
 static void tcf_ipt_release(struct tc_action *a)
 {
 	struct tcf_ipt *ipt = to_ipt(a);
-	ipt_destroy_target(ipt->tcfi_t);
+
+	if (ipt->tcfi_t) {
+		ipt_destroy_target(ipt->tcfi_t);
+		kfree(ipt->tcfi_t);
+	}
 	kfree(ipt->tcfi_tname);
-	kfree(ipt->tcfi_t);
 }

 static const struct nla_policy ipt_policy[TCA_IPT_MAX + 1] = {
@ -187,7 +190,7 @@ err2:
 	kfree(tname);
 err1:
 	if (ret == ACT_P_CREATED)
-		tcf_idr_cleanup(*a, est);
+		tcf_idr_release(*a, bind);
 	return err;
 }

--- a/net/sched/act_pedit.c
+++ b/net/sched/act_pedit.c
@ -176,7 +176,7 @@ static int tcf_pedit_init(struct net *net, struct nlattr *nla,
 		p = to_pedit(*a);
 		keys = kmalloc(ksize, GFP_KERNEL);
 		if (keys == NULL) {
-			tcf_idr_cleanup(*a, est);
+			tcf_idr_release(*a, bind);
 			kfree(keys_ex);
 			return -ENOMEM;
 		}
--- a/net/sched/act_police.c
+++ b/net/sched/act_police.c
@ -194,7 +194,7 @@ failure:
 	qdisc_put_rtab(P_tab);
 	qdisc_put_rtab(R_tab);
 	if (ret == ACT_P_CREATED)
-		tcf_idr_cleanup(*a, est);
+		tcf_idr_release(*a, bind);
 	return err;
 }

--- a/net/sched/act_simple.c
+++ b/net/sched/act_simple.c
@ -121,7 +121,7 @@ static int tcf_simp_init(struct net *net, struct nlattr *nla,
 		d = to_defact(*a);
 		ret = alloc_defdata(d, defdata);
 		if (ret < 0) {
-			tcf_idr_cleanup(*a, est);
+			tcf_idr_release(*a, bind);
 			return ret;
 		}
 		d->tcf_action = parm->action;
--- a/net/sched/act_skbmod.c
+++ b/net/sched/act_skbmod.c
@ -152,7 +152,7 @@ static int tcf_skbmod_init(struct net *net, struct nlattr *nla,
 	ASSERT_RTNL();
 	p = kzalloc(sizeof(struct tcf_skbmod_params), GFP_KERNEL);
 	if (unlikely(!p)) {
-		if (ovr)
+		if (ret == ACT_P_CREATED)
 			tcf_idr_release(*a, bind);
 		return -ENOMEM;
 	}
--- a/net/sched/act_vlan.c
+++ b/net/sched/act_vlan.c
@ -195,7 +195,7 @@ static int tcf_vlan_init(struct net *net, struct nlattr *nla,
 	ASSERT_RTNL();
 	p = kzalloc(sizeof(*p), GFP_KERNEL);
 	if (!p) {
-		if (ovr)
+		if (ret == ACT_P_CREATED)
 			tcf_idr_release(*a, bind);
 		return -ENOMEM;
 	}