Received: by 2002:a05:6a10:1287:0:0:0:0 with SMTP id d7csp686021pxv; Thu, 22 Jul 2021 09:42:51 -0700 (PDT) X-Google-Smtp-Source: ABdhPJyfCR+2cbKMKvx+Bq2Y9L2CtWazLcLlRaiNC7aN/97kgoovtDILo3oL/GYbISHEw4DskaKl X-Received: by 2002:a02:a69a:: with SMTP id j26mr385981jam.9.1626972171728; Thu, 22 Jul 2021 09:42:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1626972171; cv=none; d=google.com; s=arc-20160816; b=kzaKsAm+LmhyDe9qfouFJGyxqEkatO85NqNqdKJ4bXnloHmQmTHIeG/cY3lM712LmF RoFS/imZRLqDBpfKMEGwRhBXaUI9+IjNrVU9DdrOhKPTJlTRI8zIKzmQitYfYndf+tP5 +GFxT2mJPHmg3t4F3tbGc/2/1mBVlyy+d6IEPAYGaPDqfVaJhsiGFjz4JhLPBfuXTqXM nyG0oyp5z1jdhzcT4LD+fR3vIRdqeqPVDbk9S+gCLNSddoajjZuM71yoymPSKMo4i7+0 6scry98WA0oJukx9cNgTfcYD9iS//yHB9ibtPmB9F7tICcs8bluY+wm6cDtwD7mwWaWp f3ww== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=Kuns8S/zVn7XPgCpzccvD7rRKv/LZR1B/ntLUerUJF0=; b=ze9HNAfZfPHHGa5lJFU8svdZzDn+pmLzrLhJ1KacszlXKRVrIhIPBgmeIv7+LGD2/7 TKjg1J7C4Ew6ZYpBB0zMFYtTJM/vBFcJw/PElMRspKr9XjUDD87tiXfzCBxvgjy0cAYx WR4Q5nZKggdWdWlO4brXdZmwnagDXCWI2IV+74t+YCq2tFyr3JQ0lT+8wHYtzinhwf5k 0SyZ5+pQQVZH8jzmd62ZqRp95jBEHG61a4zqDvfZkwBqWtd9j8rD1CRvH5T95ba4Oniy HrtgItC3Xf+blbdcaX8Um3fL88AkDH2jy5BIHDHr8g7aWh34kDDTjwgJN9IYO0Tqtft1 /sbw== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=RBinBDTe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18]) by mx.google.com with ESMTP id i187si8694130iof.20.2021.07.22.09.42.38; Thu, 22 Jul 2021 09:42:51 -0700 (PDT) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18; Authentication-Results: mx.google.com; dkim=pass header.i=@linuxfoundation.org header.s=korg header.b=RBinBDTe; spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=linuxfoundation.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230003AbhGVQBU (ORCPT + 99 others); Thu, 22 Jul 2021 12:01:20 -0400 Received: from mail.kernel.org ([198.145.29.99]:35290 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S232723AbhGVP7A (ORCPT ); Thu, 22 Jul 2021 11:59:00 -0400 Received: by mail.kernel.org (Postfix) with ESMTPSA id 0C3B4613B7; Thu, 22 Jul 2021 16:39:32 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1626971973; bh=CBpg0I9t+iAacq5dKrWgPhxIjIYjrsIru2PcukA/+do=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=RBinBDTeY846Dx2pOKAdHXtmAEZId7bNEnoYiF1WAvpCv5PxWQ2shrZLgiDElz4XD MjuKyx55Ldjgd6O6uWiVN3Nz3baBwAtg2Z6rHKd4lUIyfYJCr+g1C+cfOVrf3+tOoP LFazyBYEmFScsS+4GxGt/4L9+eGU2RIZQjeEhhIY= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Louis Peens , Yinjun Zhang , Simon Horman , "David S. Miller" Subject: [PATCH 5.10 098/125] net/sched: act_ct: remove and free nf_table callbacks Date: Thu, 22 Jul 2021 18:31:29 +0200 Message-Id: <20210722155627.952316310@linuxfoundation.org> X-Mailer: git-send-email 2.32.0 In-Reply-To: <20210722155624.672583740@linuxfoundation.org> References: <20210722155624.672583740@linuxfoundation.org> User-Agent: quilt/0.66 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Louis Peens commit 77ac5e40c44eb78333fbc38482d61fc2af7dda0a upstream. When cleaning up the nf_table in tcf_ct_flow_table_cleanup_work there is no guarantee that the callback list, added to by nf_flow_table_offload_add_cb, is empty. This means that it is possible that the flow_block_cb memory allocated will be lost. Fix this by iterating the list and freeing the flow_block_cb entries before freeing the nf_table entry (via freeing ct_ft). Fixes: 978703f42549 ("netfilter: flowtable: Add API for registering to flow table events") Signed-off-by: Louis Peens Signed-off-by: Yinjun Zhang Signed-off-by: Simon Horman Signed-off-by: David S. Miller Signed-off-by: Greg Kroah-Hartman --- net/sched/act_ct.c | 11 +++++++++++ 1 file changed, 11 insertions(+) --- a/net/sched/act_ct.c +++ b/net/sched/act_ct.c @@ -320,11 +320,22 @@ err_alloc: static void tcf_ct_flow_table_cleanup_work(struct work_struct *work) { + struct flow_block_cb *block_cb, *tmp_cb; struct tcf_ct_flow_table *ct_ft; + struct flow_block *block; ct_ft = container_of(to_rcu_work(work), struct tcf_ct_flow_table, rwork); nf_flow_table_free(&ct_ft->nf_ft); + + /* Remove any remaining callbacks before cleanup */ + block = &ct_ft->nf_ft.flow_block; + down_write(&ct_ft->nf_ft.flow_block_lock); + list_for_each_entry_safe(block_cb, tmp_cb, &block->cb_list, list) { + list_del(&block_cb->list); + flow_block_cb_free(block_cb); + } + up_write(&ct_ft->nf_ft.flow_block_lock); kfree(ct_ft); module_put(THIS_MODULE);