tcp: ulp: avoid module refcnt leak in tcp_set_ulp

__tcp_ulp_find_autoload returns tcp_ulp_ops after taking a reference on
the module. Then, if ->init fails, tcp_set_ulp propagates the error but
nothing releases that reference.

Fixes: 734942cc4ea6 ("tcp: ULP infrastructure")
Signed-off-by: Sabrina Dubroca <sd@queasysnail.net>
Signed-off-by: David S. Miller <davem@davemloft.net>

diff --git a/net/ipv4/tcp_ulp.c b/net/ipv4/tcp_ulp.c
index 2417f55374c593c89b2aeb1ec4f6e6e74bb1395f..6bb9e14c710a7e2bfa58ee63ff6e02461a22cbec 100644 (file)
--- a/net/ipv4/tcp_ulp.c
+++ b/net/ipv4/tcp_ulp.c
@@ -122,14 +122,14 @@ int tcp_set_ulp(struct sock *sk, const char *name)
 
        ulp_ops = __tcp_ulp_find_autoload(name);
        if (!ulp_ops)
-               err = -ENOENT;
-       else
-               err = ulp_ops->init(sk);
+               return -ENOENT;
 
-       if (err)
-               goto out;
+       err = ulp_ops->init(sk);
+       if (err) {
+               module_put(ulp_ops->owner);
+               return err;
+       }
 
        icsk->icsk_ulp_ops = ulp_ops;
- out:
-       return err;
+       return 0;
 }