1 From foo@baz Mon Jan 21 09:11:03 CET 2019
2 From: Jason Gunthorpe <jgg@mellanox.com>
3 Date: Tue, 8 Jan 2019 23:27:06 +0000
4 Subject: packet: Do not leak dev refcounts on error exit
6 From: Jason Gunthorpe <jgg@mellanox.com>
8 [ Upstream commit d972f3dce8d161e2142da0ab1ef25df00e2f21a9 ]
10 'dev' is non NULL when the addr_len check triggers so it must goto a label
11 that does the dev_put otherwise dev will have a leaked refcount.
13 This bug causes the ib_ipoib module to become unloadable when using
14 systemd-network as it triggers this check on InfiniBand links.
16 Fixes: 99137b7888f4 ("packet: validate address length")
17 Reported-by: Leon Romanovsky <leonro@mellanox.com>
18 Signed-off-by: Jason Gunthorpe <jgg@mellanox.com>
19 Acked-by: Willem de Bruijn <willemb@google.com>
20 Signed-off-by: David S. Miller <davem@davemloft.net>
21 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
23 net/packet/af_packet.c | 4 ++--
24 1 file changed, 2 insertions(+), 2 deletions(-)
26 --- a/net/packet/af_packet.c
27 +++ b/net/packet/af_packet.c
28 @@ -2514,7 +2514,7 @@ static int tpacket_snd(struct packet_soc
29 addr = saddr->sll_halen ? saddr->sll_addr : NULL;
30 dev = dev_get_by_index(sock_net(&po->sk), saddr->sll_ifindex);
31 if (addr && dev && saddr->sll_halen < dev->addr_len)
37 @@ -2683,7 +2683,7 @@ static int packet_snd(struct socket *soc
38 addr = saddr->sll_halen ? saddr->sll_addr : NULL;
39 dev = dev_get_by_index(sock_net(sk), saddr->sll_ifindex);
40 if (addr && dev && saddr->sll_halen < dev->addr_len)