net: sched: act_ife: always release ife action on init error

Action init API was changed to always take reference to action, even when
overwriting existing action. Substitute conditional action release, which
was executed only if action is newly created, with unconditional release in
tcf_ife_init() error handling code to prevent double free or memory leak in
case of overwrite.

Fixes: 4e8ddd7f1758 ("net: sched: don't release reference on action overwrite")
Reported-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: Vlad Buslov <vladbu@mellanox.com>
Acked-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

1 files changed, 2 insertions, 6 deletions

diff --git a/net/sched/act_ife.c b/net/sched/act_ife.c
index fdb928ca81bb..d1081bdf1bdb 100644
--- a/net/sched/act_ife.c
+++ b/net/sched/act_ife.c
@@ -551,9 +551,6 @@ static int tcf_ife_init(struct net *net, struct nlattr *nla,
                                        NULL, NULL);
                 if (err) {
 metadata_parse_err:
-                        if (ret == ACT_P_CREATED)
-                                tcf_idr_release(*a, bind);
-
                         if (exists)
                                 spin_unlock_bh(&ife->tcf_lock);
                         tcf_idr_release(*a, bind);
@@ -574,11 +571,10 @@ metadata_parse_err:
                  */
                 err = use_all_metadata(ife);
                 if (err) {
-                        if (ret == ACT_P_CREATED)
-                                tcf_idr_release(*a, bind);
-
                         if (exists)
                                 spin_unlock_bh(&ife->tcf_lock);
+                        tcf_idr_release(*a, bind);
+
                         kfree(p);
                         return err;
                 }