Merge branch 'net-sched-fix-memory-leak-on-mirred-loop'

Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git

kernel os linux

Jamal Hadi Salim says:

====================
net/sched: Fix memory leak on mirred loop

Initialize at_ingress earlier before the if statement.
====================

Link: https://patch.msgid.link/20260101135608.253079-1-jhs@mojatatu.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

Jakub Kicinski 3 months ago f5e9ba95 d96bfb68

+60 -13

2 changed files

expand all

net

sched

act_mirred.c

tools

testing

selftests

tc-testing

tc-tests

actions

mirred.json

+13 -13

net/sched/act_mirred.c

··· 266 266 goto err_cant_do; 267 267 } 268 268 269 - /* we could easily avoid the clone only if called by ingress and clsact; 270 - * since we can't easily detect the clsact caller, skip clone only for 271 - * ingress - that covers the TC S/W datapath. 272 - */ 273 - at_ingress = skb_at_tc_ingress(skb); 274 - dont_clone = skb_at_tc_ingress(skb) && is_redirect && 275 - tcf_mirred_can_reinsert(retval); 276 - if (!dont_clone) { 277 - skb_to_send = skb_clone(skb, GFP_ATOMIC); 278 - if (!skb_to_send) 279 - goto err_cant_do; 280 - } 281 - 282 269 want_ingress = tcf_mirred_act_wants_ingress(m_eaction); 283 270 271 + at_ingress = skb_at_tc_ingress(skb); 284 272 if (dev == skb->dev && want_ingress == at_ingress) { 285 273 pr_notice_once("tc mirred: Loop (%s:%s --> %s:%s)\n", 286 274 netdev_name(skb->dev), ··· 276 288 netdev_name(dev), 277 289 want_ingress ? "ingress" : "egress"); 278 290 goto err_cant_do; 291 + } 292 + 293 + /* we could easily avoid the clone only if called by ingress and clsact; 294 + * since we can't easily detect the clsact caller, skip clone only for 295 + * ingress - that covers the TC S/W datapath. 296 + */ 297 + dont_clone = skb_at_tc_ingress(skb) && is_redirect && 298 + tcf_mirred_can_reinsert(retval); 299 + if (!dont_clone) { 300 + skb_to_send = skb_clone(skb, GFP_ATOMIC); 301 + if (!skb_to_send) 302 + goto err_cant_do; 279 303 } 280 304 281 305 /* All mirred/redirected skbs should clear previous ct info */

+47

tools/testing/selftests/tc-testing/tc-tests/actions/mirred.json

··· 1098 1098 "teardown": [ 1099 1099 "$TC qdisc del dev $DUMMY root" 1100 1100 ] 1101 + }, 1102 + { 1103 + "id": "4ed9", 1104 + "name": "Try to redirect to self on egress with clsact", 1105 + "category": [ 1106 + "filter", 1107 + "mirred" 1108 + ], 1109 + "plugins": { 1110 + "requires": [ 1111 + "nsPlugin" 1112 + ] 1113 + }, 1114 + "setup": [ 1115 + "$IP link set dev $DUMMY up || true", 1116 + "$IP addr add 10.10.10.10/24 dev $DUMMY || true", 1117 + "$TC qdisc add dev $DUMMY clsact", 1118 + "$TC filter add dev $DUMMY egress protocol ip prio 10 matchall action mirred egress redirect dev $DUMMY index 1" 1119 + ], 1120 + "cmdUnderTest": "ping -c1 -W0.01 -I $DUMMY 10.10.10.1", 1121 + "expExitCode": "1", 1122 + "verifyCmd": "$TC -j -s actions get action mirred index 1", 1123 + "matchJSON": [ 1124 + { 1125 + "total acts": 0 1126 + }, 1127 + { 1128 + "actions": [ 1129 + { 1130 + "order": 1, 1131 + "kind": "mirred", 1132 + "mirred_action": "redirect", 1133 + "direction": "egress", 1134 + "index": 1, 1135 + "stats": { 1136 + "packets": 1, 1137 + "overlimits": 1 1138 + }, 1139 + "not_in_hw": true 1140 + } 1141 + ] 1142 + } 1143 + ], 1144 + "teardown": [ 1145 + "$TC qdisc del dev $DUMMY clsact" 1146 + ] 1101 1147 } 1148 + 1102 1149 ]