Message ID | 20190710134011.221210-3-edumazet@google.com |
---|---|
State | Accepted |
Delegated to: | David Miller |
Headers | show |
Series | [net] ipv6: fix static key imbalance in fl_create() | expand |
From: Eric Dumazet <edumazet@google.com> Date: Wed, 10 Jul 2019 06:40:11 -0700 > fl_create() should call static_branch_deferred_inc() only in > case of success. > > Also we should not call fl_free() in error path, as this could > cause a static key imbalance. ... > Fixes: 59c820b2317f ("ipv6: elide flowlabel check if no exclusive leases exist") > Signed-off-by: Eric Dumazet <edumazet@google.com> > Acked-by: Willem de Bruijn <willemb@google.com> > Reported-by: syzbot <syzkaller@googlegroups.com> Applied.
diff --git a/net/ipv6/ip6_flowlabel.c b/net/ipv6/ip6_flowlabel.c index ad284b1fd308a646f27f715f35d9759fd50c5902..d64b83e856428195c1ecc963a263155c8b4528d0 100644 --- a/net/ipv6/ip6_flowlabel.c +++ b/net/ipv6/ip6_flowlabel.c @@ -435,8 +435,6 @@ fl_create(struct net *net, struct sock *sk, struct in6_flowlabel_req *freq, } fl->dst = freq->flr_dst; atomic_set(&fl->users, 1); - if (fl_shared_exclusive(fl) || fl->opt) - static_branch_deferred_inc(&ipv6_flowlabel_exclusive); switch (fl->share) { case IPV6_FL_S_EXCL: case IPV6_FL_S_ANY: @@ -451,10 +449,15 @@ fl_create(struct net *net, struct sock *sk, struct in6_flowlabel_req *freq, err = -EINVAL; goto done; } + if (fl_shared_exclusive(fl) || fl->opt) + static_branch_deferred_inc(&ipv6_flowlabel_exclusive); return fl; done: - fl_free(fl); + if (fl) { + kfree(fl->opt); + kfree(fl); + } *err_p = err; return NULL; }