From b51fb7711a6d0e325d0fdb299cf67c4ec4b88b4b Mon Sep 17 00:00:00 2001 From: Michal Kubecek Date: Sat, 28 Mar 2020 00:01:03 +0100 Subject: [PATCH] ethtool: fix reference leak in ethnl_set_privflags() Andrew noticed that some handlers for *_SET commands leak a netdev reference if required ethtool_ops callbacks do not exist. One of them is ethnl_set_privflags(), a simple reproducer would be e.g. ip link add veth1 type veth peer name veth2 ethtool --set-priv-flags veth1 foo on ip link del veth1 Make sure dev_put() is called when ethtool_ops check fails. Fixes: f265d799596a ("ethtool: set device private flags with PRIVFLAGS_SET request") Reported-by: Andrew Lunn Signed-off-by: Michal Kubecek Signed-off-by: David S. Miller --- net/ethtool/privflags.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/net/ethtool/privflags.c b/net/ethtool/privflags.c index e8f03b33db9b..77447dceb109 100644 --- a/net/ethtool/privflags.c +++ b/net/ethtool/privflags.c @@ -175,9 +175,10 @@ int ethnl_set_privflags(struct sk_buff *skb, struct genl_info *info) return ret; dev = req_info.dev; ops = dev->ethtool_ops; + ret = -EOPNOTSUPP; if (!ops->get_priv_flags || !ops->set_priv_flags || !ops->get_sset_count || !ops->get_strings) - return -EOPNOTSUPP; + goto out_dev; rtnl_lock(); ret = ethnl_ops_begin(dev); @@ -204,6 +205,7 @@ int ethnl_set_privflags(struct sk_buff *skb, struct genl_info *info) ethnl_ops_complete(dev); out_rtnl: rtnl_unlock(); +out_dev: dev_put(dev); return ret; }