[PATCH 6.1 176/195] net: mctp: put sock on tag allocation failure

27 Feb 2024

6.1-stable review patch.  If anyone has any objections, please let me know.
------------------
From: Jeremy Kerr jk@codeconstruct.com.au
[ Upstream commit 9990889be14288d4f1743e4768222d5032a79c27 ]
We may hold an extra reference on a socket if a tag allocation fails: we
optimistically allocate the sk_key, and take a ref there, but do not
drop if we end up not using the allocated key.
Ensure we're dropping the sock on this failure by doing a proper unref
rather than directly kfree()ing.
Fixes: de8a6b15d965 ("net: mctp: add an explicit reference from a mctp_sk_key to sock")
Signed-off-by: Jeremy Kerr jk@codeconstruct.com.au
Reviewed-by: Simon Horman horms@kernel.org
Link: https://lore.kernel.org/r/ce9b61e44d1cdae7797be0c5e3141baf582d23a0.170798348...
Signed-off-by: Jakub Kicinski kuba@kernel.org
Signed-off-by: Sasha Levin sashal@kernel.org
---
 net/mctp/route.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/net/mctp/route.c b/net/mctp/route.c
index 68be8f2b622dd..256bf0b89e6ca 100644
--- a/net/mctp/route.c
+++ b/net/mctp/route.c
@@ -663,7 +663,7 @@ struct mctp_sk_key *mctp_alloc_local_tag(struct mctp_sock *msk,
    spin_unlock_irqrestore(&mns->keys_lock, flags);
if (!tagbits) {
-		kfree(key);
+		mctp_key_unref(key);
    	return ERR_PTR(-EBUSY);
    }
-- 
2.43.0





    

2025

2024

2023

2022

2021

2020

2019

2018

2017

[PATCH 6.1 176/195] net: mctp: put sock on tag allocation failure