act_ife: fix a potential use-after-free
Immediately after module_put(), user could delete this
module, so e->ops could be already freed before we call
e->ops->release().
Fix this by moving module_put() after ops->release().
Fixes: ef6980b6be
("introduce IFE action")
Cc: Jamal Hadi Salim <jhs@mojatatu.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
parent
639505d439
commit
6d784f1625
|
@ -400,7 +400,6 @@ static void _tcf_ife_cleanup(struct tc_action *a)
|
|||
struct tcf_meta_info *e, *n;
|
||||
|
||||
list_for_each_entry_safe(e, n, &ife->metalist, metalist) {
|
||||
module_put(e->ops->owner);
|
||||
list_del(&e->metalist);
|
||||
if (e->metaval) {
|
||||
if (e->ops->release)
|
||||
|
@ -408,6 +407,7 @@ static void _tcf_ife_cleanup(struct tc_action *a)
|
|||
else
|
||||
kfree(e->metaval);
|
||||
}
|
||||
module_put(e->ops->owner);
|
||||
kfree(e);
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user