cls_bpf: don't decrement net's refcount when offload fails
authorJakub Kicinski <jakub.kicinski@netronome.com>
Mon, 27 Nov 2017 19:11:41 +0000 (11:11 -0800)
committerDavid S. Miller <davem@davemloft.net>
Tue, 28 Nov 2017 20:49:44 +0000 (15:49 -0500)
commit25415cec502a1232b19fffc85465882b19a90415
tree7c76f230ca07a34f95b4a29a0e73b177bd6cb8ae
parent15fe076edea787807a7cdc168df832544b58eba6
cls_bpf: don't decrement net's refcount when offload fails

When cls_bpf offload was added it seemed like a good idea to
call cls_bpf_delete_prog() instead of extending the error
handling path, since the software state is fully initialized
at that point.  This handling of errors without jumping to
the end of the function is error prone, as proven by later
commit missing that extra call to __cls_bpf_delete_prog().

__cls_bpf_delete_prog() is now expected to be invoked with
a reference on exts->net or the field zeroed out.  The call
on the offload's error patch does not fullfil this requirement,
leading to each error stealing a reference on net namespace.

Create a function undoing what cls_bpf_set_parms() did and
use it from __cls_bpf_delete_prog() and the error path.

Fixes: aae2c35ec892 ("cls_bpf: use tcf_exts_get_net() before call_rcu()")
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Reviewed-by: Simon Horman <simon.horman@netronome.com>
Acked-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/sched/cls_bpf.c