CVE-2023-53999

In the Linux kernel, the following vulnerability has been resolved:

net/mlx5e: TC, Fix internal port memory leak

The flow rule can be splited, and the extra postact rules are added to postact table. It's possible to trigger memleak when the rule forwards packets from internal port and over tunnel, in the case that, for example, CT 'new' state offload is allowed. As intport object is assigned to the flow attribute of postact rule, and its refcnt is incremented by mlx5etcintportget(), but mlx5etcintportput() is not called, the refcnt is never decremented, then int_port is never freed.

The kmemleak reports the following error: unreferenced object 0xffff888128204b80 (size 64): comm "handler20", pid 50121, jiffies 4296973009 (age 642.932s) hex dump (first 32 bytes): 01 00 00 00 19 00 00 00 03 f0 00 00 04 00 00 00 ................ 98 77 67 41 81 88 ff ff 98 77 67 41 81 88 ff ff .wgA.....wgA.... backtrace: [<00000000e992680d>] kmalloctrace+0x27/0x120 [<000000009e945a98>] mlx5etcintportget+0x3f3/0xe20 [mlx5core] [<0000000035a537f0>] mlx5etcaddfdbflow+0x473/0xcf0 [mlx5core] [<0000000070c2cec6>] _mlx5eaddfdbflow+0x7cf/0xe90 [mlx5core] [<000000005cc84048>] mlx5econfigureflower+0xd40/0x4c40 [mlx5core] [<000000004f8a2031>] mlx5erepindroffload.isra.0+0x10e/0x1c0 [mlx5core] [<000000007df797dc>] mlx5erepindrsetuptccb+0x90/0x130 [mlx5core] [<0000000016c15cc3>] tcsetupcbadd+0x1cf/0x410 [<00000000a63305b4>] flhwreplacefilter+0x38f/0x670 [clsflower] [<000000008bc9e77c>] flchange+0x1fd5/0x4430 [clsflower] [<00000000e7f766e4>] tcnewtfilter+0x867/0x2010 [<00000000e101c0ef>] rtnetlinkrcvmsg+0x6fc/0x9f0 [<00000000e1111d44>] netlinkrcvskb+0x12c/0x360 [<0000000082dd6c8b>] netlinkunicast+0x438/0x710 [<00000000fc568f70>] netlinksendmsg+0x794/0xc50 [<0000000016e92590>] sock_sendmsg+0xc5/0x190

So fix this by moving int_port cleanup code to the flow attribute free helper, which is used by all the attribute free cases.