[Devel] [PATCH RHEL7 COMMIT] ve/veth: fix skb leak in veth_xmit

[Konstantin Khorenko]

The commit is pushed to "branch-rh7-3.10.0-123.1.2-ovz" and will appear at https://src.openvz.org/scm/ovz/vzkernel.git
after rh7-3.10.0-123.1.2.vz7.5.24
------>
commit 68509f9ab9ba17ee6a4c34aeb0f22e8f007a3aea
Author: Vladimir Davydov <vdavydov at parallels.com>
Date:   Wed Jul 1 14:21:14 2015 +0400

    ve/veth: fix skb leak in veth_xmit
    
    If ndo_start_xmit returns NETDEV_TX_OK, it must take care of the packet
    by itself. That means, if veth_xmit drops a packet, it must free it, but
    currently it does not. This results in skb leak. Fix it.
    
    Fixes: 69a0d2fdb4efd ("ve/veth: filter packages accoding with mac addresses")
    
    Signed-off-by: Vladimir Davydov <vdavydov at parallels.com>
    Acked-by: Andrew Vagin <avagin at odin.com>
---
 drivers/net/veth.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/drivers/net/veth.c b/drivers/net/veth.c
index 1d85174..99afacc 100644
--- a/drivers/net/veth.c
+++ b/drivers/net/veth.c
@@ -151,8 +151,10 @@ static netdev_tx_t veth_xmit(struct sk_buff *skb, struct net_device *dev)
 		skb->ip_summed = CHECKSUM_UNNECESSARY;
 
 
-	if (dev->features & NETIF_F_VENET && !vzethdev_filter(skb, dev, rcv))
+	if (dev->features & NETIF_F_VENET && !vzethdev_filter(skb, dev, rcv)) {
+		kfree_skb(skb);
 		goto drop;
+	}
 
 	if (likely(dev_forward_skb(rcv, skb) == NET_RX_SUCCESS)) {
 		struct pcpu_vstats *stats = this_cpu_ptr(dev->vstats);