Re: [PATCH net 2/2] rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer()
From: Marc Dionne
Date: Tue Nov 23 2021 - 09:12:07 EST
On Sun, Nov 21, 2021 at 12:17 AM Eiichi Tsukata
<eiichi.tsukata@xxxxxxxxxxx> wrote:
>
> Need to call rxrpc_put_local() for peer candidate before kfree() as it
> holds a ref to rxrpc_local.
>
> Fixes: 9ebeddef58c4 ("rxrpc: rxrpc_peer needs to hold a ref on the rxrpc_local record")
> Signed-off-by: Eiichi Tsukata <eiichi.tsukata@xxxxxxxxxxx>
> ---
> net/rxrpc/peer_object.c | 6 ++++--
> 1 file changed, 4 insertions(+), 2 deletions(-)
>
> diff --git a/net/rxrpc/peer_object.c b/net/rxrpc/peer_object.c
> index 68396d052052..431b62bc1da2 100644
> --- a/net/rxrpc/peer_object.c
> +++ b/net/rxrpc/peer_object.c
> @@ -364,10 +364,12 @@ struct rxrpc_peer *rxrpc_lookup_peer(struct rxrpc_sock *rx,
>
> spin_unlock_bh(&rxnet->peer_hash_lock);
>
> - if (peer)
> + if (peer) {
> + rxrpc_put_local(candidate->local);
> kfree(candidate);
> - else
> + } else {
> peer = candidate;
> + }
> }
>
> _net("PEER %d {%pISp}", peer->debug_id, &peer->srx.transport);
> --
> 2.33.1
Reviewed-by: Marc Dionne <marc.dionne@xxxxxxxxxxxx>
Marc