From mboxrd@z Thu Jan 1 00:00:00 1970 From: Cong Wang Subject: Re: [PATCH net 1/1] net sched actions: fix refcnt leak in skbmod Date: Fri, 11 May 2018 12:09:14 -0700 Message-ID: References: <1526063733-7813-1-git-send-email-mrv@mojatatu.com> Mime-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Cc: David Miller , Linux Kernel Network Developers , kernel@mojatatu.com, Jamal Hadi Salim , Jiri Pirko To: Roman Mashak Return-path: Received: from mail-pg0-f67.google.com ([74.125.83.67]:33396 "EHLO mail-pg0-f67.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752146AbeEKTJf (ORCPT ); Fri, 11 May 2018 15:09:35 -0400 Received: by mail-pg0-f67.google.com with SMTP id v7-v6so18309pgs.0 for ; Fri, 11 May 2018 12:09:35 -0700 (PDT) In-Reply-To: <1526063733-7813-1-git-send-email-mrv@mojatatu.com> Sender: netdev-owner@vger.kernel.org List-ID: On Fri, May 11, 2018 at 11:35 AM, Roman Mashak wrote: > When application fails to pass flags in netlink TLV when replacing > existing skbmod action, the kernel will leak refcnt: > > $ tc actions get action skbmod index 1 > total acts 0 > > action order 0: skbmod pipe set smac 00:11:22:33:44:55 > index 1 ref 1 bind 0 > > For example, at this point a buggy application replaces the action with > index 1 with new smac 00:aa:22:33:44:55, it fails because of zero flags, > however refcnt gets bumped: > > $ tc actions get actions skbmod index 1 > total acts 0 > > action order 0: skbmod pipe set smac 00:11:22:33:44:55 > index 1 ref 2 bind 0 > $ > > Tha patch fixes this by calling tcf_idr_release() on existing actions. > > Fixes: 86da71b57383d ("net_sched: Introduce skbmod action") > Signed-off-by: Roman Mashak Acked-by: Cong Wang