skmsg: Fix a memory leak in sk_psock_verdict_apply()

If the dest psock does not set SK_PSOCK_TX_ENABLED,
the skb can't be queued anywhere so must be dropped.

This one is found during code review.

Fixes: 799aa7f98d53 ("skmsg: Avoid lock_sock() in sk_psock_backlog()")
Signed-off-by: Cong Wang <cong.wang@bytedance.com>
Signed-off-by: Daniel Borkmann <daniel@iogearbox.net>
Acked-by: John Fastabend <john.fastabend@gmail.com>
Acked-by: Jakub Sitnicki <jakub@cloudflare.com>
Link: https://lore.kernel.org/bpf/20210615021342.7416-6-xiyou.wangcong@gmail.com

diff --git a/net/core/skmsg.c b/net/core/skmsg.c
index 4334720..5464477 100644 (file)
--- a/net/core/skmsg.c
+++ b/net/core/skmsg.c
@@ -924,8 +924,13 @@ static void sk_psock_verdict_apply(struct sk_psock *psock,
                        if (sk_psock_test_state(psock, SK_PSOCK_TX_ENABLED)) {
                                skb_queue_tail(&psock->ingress_skb, skb);
                                schedule_work(&psock->work);
+                               err = 0;
                        }
                        spin_unlock_bh(&psock->ingress_lock);
+                       if (err < 0) {
+                               skb_bpf_redirect_clear(skb);
+                               goto out_free;
+                       }
                }
                break;
        case __SK_REDIRECT: