On Mon, Mar 02, 2020 at 09:58:50PM +0100, Florian Westphal wrote:
> If hook registration fails, the hooks allocated via nft_netdev_hook_alloc
> need to be freed.
>
> We can't change the goto label to 'goto 5' -- while it does fix the memleak
> it does cause a warning splat from the netfilter core (the hooks were not
> registered).
It seems test/shell crashes after this, looking. It works after
reverting.
> Fixes: 3f0465a9ef02 ("netfilter: nf_tables: dynamically allocate hooks per net_device in flowtables")
> Reported-by: syzbot+a2ff6fa45162a5ed4dd3@xxxxxxxxxxxxxxxxxxxxxxxxx
> Signed-off-by: Florian Westphal <fw@xxxxxxxxx>
> ---
> net/netfilter/nf_tables_api.c | 7 ++++++-
> 1 file changed, 6 insertions(+), 1 deletion(-)
>
> diff --git a/net/netfilter/nf_tables_api.c b/net/netfilter/nf_tables_api.c
> index d1318bdf49ca..bb064aa4154b 100644
> --- a/net/netfilter/nf_tables_api.c
> +++ b/net/netfilter/nf_tables_api.c
> @@ -6300,8 +6300,13 @@ static int nf_tables_newflowtable(struct net *net, struct sock *nlsk,
> goto err4;
>
> err = nft_register_flowtable_net_hooks(ctx.net, table, flowtable);
> - if (err < 0)
> + if (err < 0) {
> + list_for_each_entry_safe(hook, next, &flowtable->hook_list, list) {
> + list_del_rcu(&hook->list);
> + kfree_rcu(hook, rcu);
> + }
> goto err4;
> + }
>
> err = nft_trans_flowtable_add(&ctx, NFT_MSG_NEWFLOWTABLE, flowtable);
> if (err < 0)
> --
> 2.24.1
>
