Re: [PATCH] devlink: fix refcount leak in devlink_nl_reload_doit()

From: Jiri Pirko

Date: Fri Jun 12 2026 - 04:26:23 EST


Thu, Jun 11, 2026 at 06:25:57PM +0200, vulab@xxxxxxxxxxx wrote:
>When devlink_nl_reload_doit() is asked to change network namespace
>(via DEVLINK_ATTR_NETNS_*) but the reload action is not
>DEVLINK_RELOAD_ACTION_DRIVER_REINIT, it calls devlink_netns_get()
>which acquires a reference on the destination net namespace. Then,
>after detecting that namespace change is only supported for reinit
>action, it returns -EOPNOTSUPP without releasing the reference, thus
>leaking the net namespace.
>
>Fix the leak by releasing the reference with put_net() before
>returning the error, for example by adding it directly on that error
>path. A cleaner alternative is to introduce a common cleanup label
>that performs the put_net() if the pointer is non-NULL.

This para is very odd. Your AI is probably providing you 2 alternatives.
Please adjust. Fix looks fine to me as is.


>
>Cc: stable@xxxxxxxxxxxxxxx

No need to cc that, afaik.


>Fixes: 2edd92570441 ("devlink: don't allow to change net namespace for FW_ACTIVATE reload action")
>Signed-off-by: WenTao Liang <vulab@xxxxxxxxxxx>
>---
> net/devlink/dev.c | 1 +
> 1 file changed, 1 insertion(+)
>
>diff --git a/net/devlink/dev.c b/net/devlink/dev.c
>index 57b2b8f03543..fd5633fa88ec 100644
>--- a/net/devlink/dev.c
>+++ b/net/devlink/dev.c
>@@ -578,6 +578,7 @@ int devlink_nl_reload_doit(struct sk_buff *skb, struct genl_info *info)
> action != DEVLINK_RELOAD_ACTION_DRIVER_REINIT) {
> NL_SET_ERR_MSG_MOD(info->extack,
> "Changing namespace is only supported for reinit action");
>+ put_net(dest_net);
> return -EOPNOTSUPP;
> }
> }
>--
>2.50.1 (Apple Git-155)
>