Re: [PATCH] net: af_key: fix refcount leak in pfkey_spdadd()

Next message: Bjorn Helgaas: "Re: [PATCH v7 1/3] PCI: Add public pcie_valid_speed() for shared validation"
Previous message: Bjorn Andersson: "[PATCH] arm64: dts: qcom: glymur: fix QUP serial engine IRQs"
In reply to: WenTao Liang: "[PATCH] net: af_key: fix refcount leak in pfkey_spdadd()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Sabrina Dubroca

Date: Thu Jun 11 2026 - 13:50:08 EST

2026-06-12, 00:37:43 +0800, WenTao Liang wrote:
> In pfkey_spdadd(), an xfrm policy is allocated via xfrm_policy_alloc()
> with a refcount of 1. On the success path the policy is eventually freed
> by xfrm_pol_put(), which decrements the refcount and calls
> xfrm_policy_destroy() only when it reaches zero. However, all error
> paths directly call xfrm_policy_destroy() without releasing the initial
> reference, leaking the policy object.

Uhm... have you looked at what xfrm_policy_destroy and xfrm_pol_put
do?

--
Sabrina