If memory allocation for nla_memdup_cookie() fails
module_put has to be guarded by the same condition as it was
before the TCA_ACT_COOKIE has been added as stated in the
comment afterwards:

/* module count goes up only when brand new policy is created
 * if it exists and is only bound to in a_o->init() then
 * ACT_P_CREATED is not returned (a zero is).
 */

Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com>
---

Note that I'm unsure about this patch. The hangups weren't very reliable
and I couldn't actually reproduce them when building from git/master (as
I can only test a fraction of my usual workload with it as a lot of my
data (VMs & containers utilizing veths and tap devices) is on ZFS...).
In any case it can't harm to take another look at the error handling
here.

 net/sched/act_api.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/net/sched/act_api.c b/net/sched/act_api.c
index 8cc883c063f0..795ac092b723 100644
--- a/net/sched/act_api.c
+++ b/net/sched/act_api.c
@@ -608,15 +608,19 @@ struct tc_action *tcf_action_init_1(struct net *net, 
struct nlattr *nla,
                int cklen = nla_len(tb[TCA_ACT_COOKIE]);
 
                if (cklen > TC_COOKIE_MAX_SIZE) {
-                       err = -EINVAL;
                        tcf_hash_release(a, bind);
-                       goto err_mod;
+                       if (err != ACT_P_CREATED)
+                               module_put(a_o->owner);
+                       err = -EINVAL;
+                       goto err_out;
                }
 
                if (nla_memdup_cookie(a, tb) < 0) {
-                       err = -ENOMEM;
                        tcf_hash_release(a, bind);
-                       goto err_mod;
+                       if (err != ACT_P_CREATED)
+                               module_put(a_o->owner);
+                       err = -ENOMEM;
+                       goto err_out;
                }
        }
 
-- 
2.11.0


Reply via email to