Patch "xfrm: release all offloaded policy memory" has been added to the 6.3-stable tree

Sasha Levin <sashal@xxxxxxxxxx> · Mon, 22 May 2023 07:46:55 -0400

This is a note to let you know that I've just added the patch titled

    xfrm: release all offloaded policy memory

to the 6.3-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     xfrm-release-all-offloaded-policy-memory.patch
and it can be found in the queue-6.3 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.



commit cf9209cde032ec21bbf4d452d7747dee01f05edb
Author: Leon Romanovsky <leon@xxxxxxxxxx>
Date:   Wed Apr 19 15:19:07 2023 +0300

    xfrm: release all offloaded policy memory
    
    [ Upstream commit 94b95dfaa814f565d92f5a65f0ff12a483095522 ]
    
    Failure to add offloaded policy will cause to the following
    error once user will try to reload driver.
    
    Unregister_netdevice: waiting for eth3 to become free. Usage count = 2
    
    This was caused by xfrm_dev_policy_add() which increments reference
    to net_device. That reference was supposed to be decremented
    in xfrm_dev_policy_free(). However the latter wasn't called.
    
     unregister_netdevice: waiting for eth3 to become free. Usage count = 2
     leaked reference.
      xfrm_dev_policy_add+0xff/0x3d0
      xfrm_policy_construct+0x352/0x420
      xfrm_add_policy+0x179/0x320
      xfrm_user_rcv_msg+0x1d2/0x3d0
      netlink_rcv_skb+0xe0/0x210
      xfrm_netlink_rcv+0x45/0x50
      netlink_unicast+0x346/0x490
      netlink_sendmsg+0x3b0/0x6c0
      sock_sendmsg+0x73/0xc0
      sock_write_iter+0x13b/0x1f0
      vfs_write+0x528/0x5d0
      ksys_write+0x120/0x150
      do_syscall_64+0x3d/0x90
      entry_SYSCALL_64_after_hwframe+0x46/0xb0
    
    Fixes: 919e43fad516 ("xfrm: add an interface to offload policy")
    Signed-off-by: Leon Romanovsky <leonro@xxxxxxxxxx>
    Reviewed-by: Simon Horman <simon.horman@xxxxxxxxxxxx>
    Reviewed-by: Eric Dumazet <edumazet@xxxxxxxxxx>
    Signed-off-by: Steffen Klassert <steffen.klassert@xxxxxxxxxxx>
    Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>

diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 103af2b3e986f..af8fbcbfbe691 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -1978,6 +1978,7 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh,
 
 	if (err) {
 		xfrm_dev_policy_delete(xp);
+		xfrm_dev_policy_free(xp);
 		security_xfrm_policy_free(xp->security);
 		kfree(xp);
 		return err;






