net_sched: act: refuse to remove bound action outside

When an action is bonnd to a filter, there is no point to remove it outside. Currently we just silently decrease the refcnt, we should reject this explicitly with EPERM. Cc: Jamal Hadi Salim <jhs@mojatatu.com> Cc: David S. Miller <davem@davemloft.net> Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com> Signed-off-by: Jamal Hadi Salim <jhs@mojatatu.com> Signed-off-by: David S. Miller <davem@davemloft.net>
author: WANG Cong <xiyou.wangcong@gmail.com> 2014-02-11 20:07:34 -0500
committer: David S. Miller <davem@davemloft.net> 2014-02-12 19:23:32 -0500
commit: 55334a5db5cd32b207ac697cec3ec8e078f345d4 (patch)
tree: f4093d86b0d26f72f8bd68e1a7e1ea8fd1d476c3 /net/sched
parent: 4f1e9d8949b438c7791993515fc164312e9080e2 (diff)
1 files changed, 20 insertions, 6 deletions
diff --git a/net/sched/act_api.c b/net/sched/act_api.c
index c88d382d3b09..27e4c531ade1 100644
--- a/net/sched/act_api.c
+++ b/net/sched/act_api.c
@@ -53,6 +53,8 @@ int tcf_hash_release(struct tc_action *a, int bind)
        if (p) {
                if (bind)
                        p->tcfc_bindcnt--;
+                else if (p->tcfc_bindcnt > 0)
+                        return -EPERM;
                p->tcfc_refcnt--;
                if (p->tcfc_bindcnt <= 0 && p->tcfc_refcnt <= 0) {
@@ -123,6 +125,7 @@ static int tcf_del_walker(struct sk_buff *skb, struct tc_action *a)
        struct tcf_common *p;
        struct nlattr *nest;
        int i = 0, n_i = 0;
+        int ret = -EINVAL;
        nest = nla_nest_start(skb, a->order);
        if (nest == NULL)
@@ -133,10 +136,12 @@ static int tcf_del_walker(struct sk_buff *skb, struct tc_action *a)
                head = &hinfo->htab[tcf_hash(i, hinfo->hmask)];
                hlist_for_each_entry_safe(p, n, head, tcfc_head) {
                        a->priv = p;
-                        if (ACT_P_DELETED == tcf_hash_release(a, 0)) {
+                        ret = tcf_hash_release(a, 0);
+                        if (ret == ACT_P_DELETED) {
                                module_put(a->ops->owner);
                                n_i++;
-                        }
+                        } else if (ret < 0)
+                                goto nla_put_failure;
                }
        }
        if (nla_put_u32(skb, TCA_FCNT, n_i))
@@ -146,7 +151,7 @@ static int tcf_del_walker(struct sk_buff *skb, struct tc_action *a)
        return n_i;
 nla_put_failure:
        nla_nest_cancel(skb, nest);
-        return -EINVAL;
+        return ret;
 }
 static int tcf_generic_walker(struct sk_buff *skb, struct netlink_callback *cb,
@@ -401,16 +406,21 @@ exec_done:
 }
 EXPORT_SYMBOL(tcf_action_exec);
-void tcf_action_destroy(struct list_head *actions, int bind)
+int tcf_action_destroy(struct list_head *actions, int bind)
 {
        struct tc_action *a, *tmp;
+        int ret = 0;
        list_for_each_entry_safe(a, tmp, actions, list) {
-                if (tcf_hash_release(a, bind) == ACT_P_DELETED)
+                ret = tcf_hash_release(a, bind);
+                if (ret == ACT_P_DELETED)
                        module_put(a->ops->owner);
+                else if (ret < 0)
+                        return ret;
                list_del(&a->list);
                kfree(a);
        }
+        return ret;
 }
 int
@@ -838,7 +848,11 @@ tcf_del_notify(struct net *net, struct nlmsghdr *n, struct list_head *actions,
        }
        /* now do the delete */
-        tcf_action_destroy(actions, 0);
+        ret = tcf_action_destroy(actions, 0);
+        if (ret < 0) {
+                kfree_skb(skb);
+                return ret;
+        }
        ret = rtnetlink_send(skb, net, portid, RTNLGRP_TC,
                             n->nlmsg_flags & NLM_F_ECHO);
author	WANG Cong <xiyou.wangcong@gmail.com>	2014-02-11 20:07:34 -0500
committer	David S. Miller <davem@davemloft.net>	2014-02-12 19:23:32 -0500
commit	55334a5db5cd32b207ac697cec3ec8e078f345d4 (patch)
tree	f4093d86b0d26f72f8bd68e1a7e1ea8fd1d476c3 /net/sched
parent	4f1e9d8949b438c7791993515fc164312e9080e2 (diff)