| From ca77fba821351190777b236ce749d7c4d353102e Mon Sep 17 00:00:00 2001 |
| From: Eiichi Tsukata <eiichi.tsukata@nutanix.com> |
| Date: Sun, 21 Nov 2021 04:16:07 +0000 |
| Subject: rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle() |
| |
| From: Eiichi Tsukata <eiichi.tsukata@nutanix.com> |
| |
| commit ca77fba821351190777b236ce749d7c4d353102e upstream. |
| |
| Need to call rxrpc_put_peer() for bundle candidate before kfree() as it |
| holds a ref to rxrpc_peer. |
| |
| [DH: v2: Changed to abstract out the bundle freeing code into a function] |
| |
| Fixes: 245500d853e9 ("rxrpc: Rewrite the client connection manager") |
| Signed-off-by: Eiichi Tsukata <eiichi.tsukata@nutanix.com> |
| Signed-off-by: David Howells <dhowells@redhat.com> |
| Reviewed-by: Marc Dionne <marc.dionne@auristor.com> |
| cc: linux-afs@lists.infradead.org |
| Link: https://lore.kernel.org/r/20211121041608.133740-1-eiichi.tsukata@nutanix.com/ # v1 |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| --- |
| net/rxrpc/conn_client.c | 14 +++++++++----- |
| 1 file changed, 9 insertions(+), 5 deletions(-) |
| |
| --- a/net/rxrpc/conn_client.c |
| +++ b/net/rxrpc/conn_client.c |
| @@ -135,16 +135,20 @@ struct rxrpc_bundle *rxrpc_get_bundle(st |
| return bundle; |
| } |
| |
| +static void rxrpc_free_bundle(struct rxrpc_bundle *bundle) |
| +{ |
| + rxrpc_put_peer(bundle->params.peer); |
| + kfree(bundle); |
| +} |
| + |
| void rxrpc_put_bundle(struct rxrpc_bundle *bundle) |
| { |
| unsigned int d = bundle->debug_id; |
| unsigned int u = atomic_dec_return(&bundle->usage); |
| |
| _debug("PUT B=%x %u", d, u); |
| - if (u == 0) { |
| - rxrpc_put_peer(bundle->params.peer); |
| - kfree(bundle); |
| - } |
| + if (u == 0) |
| + rxrpc_free_bundle(bundle); |
| } |
| |
| /* |
| @@ -334,7 +338,7 @@ static struct rxrpc_bundle *rxrpc_look_u |
| return candidate; |
| |
| found_bundle_free: |
| - kfree(candidate); |
| + rxrpc_free_bundle(candidate); |
| found_bundle: |
| rxrpc_get_bundle(bundle); |
| spin_unlock(&local->client_bundles_lock); |