[PATCH net 2/2] rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer()

From: Eiichi Tsukata
Date: Sat Nov 20 2021 - 23:18:37 EST

Next message: Matthew Wilcox: "Re: [PATCH] mm: split thp synchronously on MADV_DONTNEED"
Previous message: Eiichi Tsukata: "[PATCH net 1/2] rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle()"
In reply to: Eiichi Tsukata: "[PATCH net 1/2] rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle()"
Next in thread: Marc Dionne: "Re: [PATCH net 2/2] rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Need to call rxrpc_put_local() for peer candidate before kfree() as it
holds a ref to rxrpc_local.

Fixes: 9ebeddef58c4 ("rxrpc: rxrpc_peer needs to hold a ref on the rxrpc_local record")
Signed-off-by: Eiichi Tsukata <eiichi.tsukata@xxxxxxxxxxx>
---
net/rxrpc/peer_object.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/net/rxrpc/peer_object.c b/net/rxrpc/peer_object.c
index 68396d052052..431b62bc1da2 100644
--- a/net/rxrpc/peer_object.c
+++ b/net/rxrpc/peer_object.c
@@ -364,10 +364,12 @@ struct rxrpc_peer *rxrpc_lookup_peer(struct rxrpc_sock *rx,

spin_unlock_bh(&rxnet->peer_hash_lock);

- if (peer)
+ if (peer) {
+ rxrpc_put_local(candidate->local);
kfree(candidate);
- else
+ } else {
peer = candidate;
+ }
}

_net("PEER %d {%pISp}", peer->debug_id, &peer->srx.transport);
--
2.33.1

Next message: Matthew Wilcox: "Re: [PATCH] mm: split thp synchronously on MADV_DONTNEED"
Previous message: Eiichi Tsukata: "[PATCH net 1/2] rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle()"
In reply to: Eiichi Tsukata: "[PATCH net 1/2] rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle()"
Next in thread: Marc Dionne: "Re: [PATCH net 2/2] rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]