net: sched: fix memleak for chain zero

There's a memleak happening for chain 0. The thing is, chain 0 needs to
be always present, not created on demand. Therefore tcf_block_get upon
creation of block calls the tcf_chain_create function directly. The
chain is created with refcnt == 1, which is not correct in this case and
causes the memleak. So move the refcnt increment into tcf_chain_get
function even for the case when chain needs to be created.

Reported-by: Jakub Kicinski <kubakici@wp.pl>
Fixes: 5bc1701881e3 ("net: sched: introduce multichain support for filters")
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
Tested-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/sched/cls_api.c b/net/sched/cls_api.c
index ea6c65fd5fc5fa31669191470d963bc851822a00..c743f03cfebd1cb274cd0e80046591d38ee56700 100644 (file)
--- a/net/sched/cls_api.c
+++ b/net/sched/cls_api.c
@@ -182,7 +182,7 @@ static struct tcf_chain *tcf_chain_create(struct tcf_block *block,
        list_add_tail(&chain->list, &block->chain_list);
        chain->block = block;
        chain->index = chain_index;
-       chain->refcnt = 1;
+       chain->refcnt = 0;
        return chain;
 }
 
@@ -217,15 +217,15 @@ struct tcf_chain *tcf_chain_get(struct tcf_block *block, u32 chain_index,
        struct tcf_chain *chain;
 
        list_for_each_entry(chain, &block->chain_list, list) {
-               if (chain->index == chain_index) {
-                       chain->refcnt++;
-                       return chain;
-               }
+               if (chain->index == chain_index)
+                       goto incref;
        }
-       if (create)
-               return tcf_chain_create(block, chain_index);
-       else
-               return NULL;
+       chain = create ? tcf_chain_create(block, chain_index) : NULL;
+
+incref:
+       if (chain)
+               chain->refcnt++;
+       return chain;
 }
 EXPORT_SYMBOL(tcf_chain_get);