From mboxrd@z Thu Jan 1 00:00:00 1970 From: David Miller Subject: Re: [PATCH net 1/1] net sched actions: fix refcnt leak in skbmod Date: Fri, 11 May 2018 16:37:45 -0400 (EDT) Message-ID: <20180511.163745.2157469759187444780.davem@davemloft.net> References: <1526063733-7813-1-git-send-email-mrv@mojatatu.com> Mime-Version: 1.0 Content-Type: Text/Plain; charset=us-ascii Content-Transfer-Encoding: 7bit Cc: netdev@vger.kernel.org, kernel@mojatatu.com, jhs@mojatatu.com, xiyou.wangcong@gmail.com, jiri@resnulli.us To: mrv@mojatatu.com Return-path: Received: from shards.monkeyblade.net ([184.105.139.130]:50630 "EHLO shards.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750798AbeEKUhq (ORCPT ); Fri, 11 May 2018 16:37:46 -0400 In-Reply-To: <1526063733-7813-1-git-send-email-mrv@mojatatu.com> Sender: netdev-owner@vger.kernel.org List-ID: From: Roman Mashak Date: Fri, 11 May 2018 14:35:33 -0400 > When application fails to pass flags in netlink TLV when replacing > existing skbmod action, the kernel will leak refcnt: > > $ tc actions get action skbmod index 1 > total acts 0 > > action order 0: skbmod pipe set smac 00:11:22:33:44:55 > index 1 ref 1 bind 0 > > For example, at this point a buggy application replaces the action with > index 1 with new smac 00:aa:22:33:44:55, it fails because of zero flags, > however refcnt gets bumped: > > $ tc actions get actions skbmod index 1 > total acts 0 > > action order 0: skbmod pipe set smac 00:11:22:33:44:55 > index 1 ref 2 bind 0 > $ > > Tha patch fixes this by calling tcf_idr_release() on existing actions. > > Fixes: 86da71b57383d ("net_sched: Introduce skbmod action") > Signed-off-by: Roman Mashak Applied and queued up for -stable, thanks.