diff options
author | Davide Caratti <dcaratti@redhat.com> | 2018-03-19 15:31:22 +0100 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2018-03-21 18:11:46 -0400 |
commit | bbc09e7842a5023ba5bc0f8d559b9dd464e44006 (patch) | |
tree | eafb8fa4764448bbb04cf638c5d6a1f2e872e94c /net/sched/act_bpf.c | |
parent | 3f2176dd7fe9e4eb1444766741fe4ea6535eb6d8 (diff) | |
download | lwn-bbc09e7842a5023ba5bc0f8d559b9dd464e44006.tar.gz lwn-bbc09e7842a5023ba5bc0f8d559b9dd464e44006.zip |
net/sched: fix idr leak on the error path of tcf_bpf_init()
when the following command sequence is entered
# tc action add action bpf bytecode '4,40 0 0 12,31 0 1 2048,6 0 0 262144,6 0 0 0' index 100
RTNETLINK answers: Invalid argument
We have an error talking to the kernel
# tc action add action bpf bytecode '4,40 0 0 12,21 0 1 2048,6 0 0 262144,6 0 0 0' index 100
RTNETLINK answers: No space left on device
We have an error talking to the kernel
act_bpf correctly refuses to install the first TC rule, because 31 is not
a valid instruction. However, it refuses to install the second TC rule,
even if the BPF code is correct. Furthermore, it's no more possible to
install any other rule having the same value of 'index' until act_bpf
module is unloaded/inserted again. After the idr has been reserved, call
tcf_idr_release() instead of tcf_idr_cleanup(), to fix this issue.
Fixes: 65a206c01e8e ("net/sched: Change act_api and act_xxx modules to use IDR")
Acked-by: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: Davide Caratti <dcaratti@redhat.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/sched/act_bpf.c')
-rw-r--r-- | net/sched/act_bpf.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/net/sched/act_bpf.c b/net/sched/act_bpf.c index b3f2c15affa7..9d2cabf1dc7e 100644 --- a/net/sched/act_bpf.c +++ b/net/sched/act_bpf.c @@ -352,7 +352,7 @@ static int tcf_bpf_init(struct net *net, struct nlattr *nla, return res; out: if (res == ACT_P_CREATED) - tcf_idr_cleanup(*act, est); + tcf_idr_release(*act, bind); return ret; } |