Re: [PATCH net] net/sched: act_ct: fix nf_connlabels leak on two error paths

Next message: patchwork-bot+netdevbpf: "Re: [PATCHv2] net: emac: Fix NULL pointer dereference in emac_probe"
Previous message: Vasiliy Kovalev: "Re: [PATCH] net/9p: fix infinite loop in p9_client_rpc on fatal signal"
In reply to: Jamal Hadi Salim: "Re: [PATCH net] net/sched: act_ct: fix nf_connlabels leak on two error paths"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: patchwork-bot+netdevbpf

Date: Sun Jun 21 2026 - 18:10:29 EST

Hello:

This patch was applied to netdev/net.git (main)
by Jakub Kicinski <kuba@xxxxxxxxxx>:

On Wed, 17 Jun 2026 17:57:08 -0400 you wrote:
> tcf_ct_fill_params() calls nf_connlabels_get() (setting put_labels) when
> TCA_CT_LABELS is present, but two later error sites use a bare return
> instead of "goto err", skipping the err: nf_connlabels_put() cleanup.
> They also precede the "p->put_labels = put_labels" assignment, so the
> tcf_ct_params_free() fallback does not release the count either. Each
> failed RTM_NEWACTION on these paths leaks one nf_connlabels reference:
> net->ct.labels_used is incremented and never released. The action is
> reachable with CAP_NET_ADMIN over the netns, i.e. from an unprivileged
> user namespace on default-userns kernels.
>
> [...]

Here is the summary with links:
- [net] net/sched: act_ct: fix nf_connlabels leak on two error paths
https://git.kernel.org/netdev/net/c/16e088016f38

You are awesome, thank you!
--
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html