[Devel] [PATCH VZ10] ve/netns: fix ucount leak on dec_netns_avail error path

[Pavel Tikhomirov]

Before we check out netns available count we've already taken ucount for
this netns, so we have to release this ucount back on error path.

Note: It was broken likely on rebase to vz9, in vz7 it is correct. But
since we don't have ve cgroup actively used in vz9 we can only apply it
to vz10.

https://virtuozzo.atlassian.net/browse/VSTOR-97997
Fixes: 81efae37daf92 ("ve/netns: limit number of network namespaces per container")
Signed-off-by: Pavel Tikhomirov <ptikhomirov at virtuozzo.com>
---
 net/core/net_namespace.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/net/core/net_namespace.c b/net/core/net_namespace.c
index d0ed9da9995ab..4b2dfff1682a3 100644
--- a/net/core/net_namespace.c
+++ b/net/core/net_namespace.c
@@ -519,13 +519,17 @@ struct net *copy_net_ns(unsigned long flags,
 #ifdef CONFIG_VE
 	rv = dec_netns_avail(ve);
 	if (rv < 0)
-		return ERR_PTR(rv);
+		goto dec_ucounts;
 #endif
 
 	net = net_alloc();
 	if (!net) {
 		rv = -ENOMEM;
+#ifdef CONFIG_VE
+		goto inc_avail_nr;
+#else
 		goto dec_ucounts;
+#endif
 	}
 
 	preinit_net(net, user_ns);
@@ -547,11 +551,12 @@ struct net *copy_net_ns(unsigned long flags,
 #endif
 		put_user_ns(user_ns);
 		net_free(net);
-dec_ucounts:
-		dec_net_namespaces(ucounts);
 #ifdef CONFIG_VE
+inc_avail_nr:
 		inc_netns_avail(ve);
 #endif
+dec_ucounts:
+		dec_net_namespaces(ucounts);
 		return ERR_PTR(rv);
 	}
 	return net;
-- 
2.51.0