Re: [PATCH v2] tipc: stop tipc crypto on failure in tipc_node_create
From: Xin Long
Date: Tue Jul 25 2023 - 17:56:06 EST
On Tue, Jul 25, 2023 at 5:46 PM Fedor Pchelkin <pchelkin@xxxxxxxxx> wrote:
>
> If tipc_link_bc_create() fails inside tipc_node_create() for a newly
> allocated tipc node then we should stop its tipc crypto and free the
> resources allocated with a call to tipc_crypto_start().
>
> As the node ref is initialized to one to that point, just put the ref on
> tipc_link_bc_create() error case that would lead to tipc_node_free() be
> eventually executed and properly clean the node and its crypto resources.
>
> Found by Linux Verification Center (linuxtesting.org).
>
> Fixes: cb8092d70a6f ("tipc: move bc link creation back to tipc_node_create")
> Suggested-by: Xin Long <lucien.xin@xxxxxxxxx>
> Signed-off-by: Fedor Pchelkin <pchelkin@xxxxxxxxx>
> ---
> v1->v2: simplify the patch per Xin Long's advice: putting the ref on error
> case would solve the problem more conveniently; update the patch
> description accordingly.
>
> net/tipc/node.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/net/tipc/node.c b/net/tipc/node.c
> index 5e000fde8067..a9c5b6594889 100644
> --- a/net/tipc/node.c
> +++ b/net/tipc/node.c
> @@ -583,7 +583,7 @@ struct tipc_node *tipc_node_create(struct net *net, u32 addr, u8 *peer_id,
> n->capabilities, &n->bc_entry.inputq1,
> &n->bc_entry.namedq, snd_l, &n->bc_entry.link)) {
> pr_warn("Broadcast rcv link creation failed, no memory\n");
> - kfree(n);
> + tipc_node_put(n);
> n = NULL;
> goto exit;
> }
> --
> 2.41.0
>
Reviewed-by: Xin Long <lucien.xin@xxxxxxxxx>