If memory allocation for nla_memdup_cookie() fails
module_put has to be guarded by the same condition as it was
before the TCA_ACT_COOKIE has been added as stated in the
comment afterwards:
/* module count goes up only when brand new policy is created
* if it exists and is only bound to in a_o->init() then
* ACT_P_CREATED is not returned (a zero is).
*/
Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com>
---
Note that I'm unsure about this patch. The hangups weren't very reliable
and I couldn't actually reproduce them when building from git/master (as
I can only test a fraction of my usual workload with it as a lot of my
data (VMs & containers utilizing veths and tap devices) is on ZFS...).
In any case it can't harm to take another look at the error handling
here.
net/sched/act_api.c | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/net/sched/act_api.c b/net/sched/act_api.c
index 8cc883c063f0..795ac092b723 100644
--- a/net/sched/act_api.c
+++ b/net/sched/act_api.c
@@ -608,15 +608,19 @@ struct tc_action *tcf_action_init_1(struct net *net,
struct nlattr *nla,
int cklen = nla_len(tb[TCA_ACT_COOKIE]);
if (cklen > TC_COOKIE_MAX_SIZE) {
- err = -EINVAL;
tcf_hash_release(a, bind);
- goto err_mod;
+ if (err != ACT_P_CREATED)
+ module_put(a_o->owner);
+ err = -EINVAL;
+ goto err_out;
}
if (nla_memdup_cookie(a, tb) < 0) {
- err = -ENOMEM;
tcf_hash_release(a, bind);
- goto err_mod;
+ if (err != ACT_P_CREATED)
+ module_put(a_o->owner);
+ err = -ENOMEM;
+ goto err_out;
}
}
--
2.11.0
