• Davide Caratti's avatar
    net/sched: act_ipt: fix refcount leak when replace fails · 8f67c90e
    Davide Caratti authored
    After commit 4e8ddd7f ("net: sched: don't release reference on action
    overwrite"), the error path of all actions was converted to drop refcount
    also when the action was being overwritten. But we forgot act_ipt_init(),
    in case allocation of 'tname' was not successful:
    
     # tc action add action xt -j LOG --log-prefix hello index 100
     tablename: mangle hook: NF_IP_POST_ROUTING
             target:  LOG level warning prefix "hello" index 100
     # tc action show action xt
     total acts 1
    
             action order 0: tablename: mangle  hook: NF_IP_POST_ROUTING
             target  LOG level warning prefix "hello"
             index 100 ref 1 bind 0
     # tc action replace action xt -j LOG --log-prefix world index 100
     tablename: mangle hook: NF_IP_POST_ROUTING
             target:  LOG level warning prefix "world" index 100
     RTNETLINK answers: Cannot allocate memory
     We have an error talking to the kernel
     # tc action show action xt
     total acts 1
    
             action order 0: tablename: mangle  hook: NF_IP_POST_ROUTING
             target  LOG level warning prefix "hello"
             index 100 ref 2 bind 0
    
    Ensure we call tcf_idr_release(), in case 'tname' allocation failed, also
    when the action is being replaced.
    
    Fixes: 4e8ddd7f ("net: sched: don't release reference on action overwrite")
    Signed-off-by: default avatarDavide Caratti <dcaratti@redhat.com>
    Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
    8f67c90e
act_ipt.c 10.6 KB