Re: [PATCH] tipc: Fix potential tipc_node refcnt leak in tipc_rcv

From: David Miller
Date: Sat Apr 18 2020 - 16:26:18 EST

Next message: Andy Lutomirski: "Re: [PATCH] x86/memcpy: Introduce memcpy_mcsafe_fast"
Previous message: Stefan Metzmacher: "Re: [PATCH] vfs: add faccessat2 syscall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Xiyu Yang <xiyuyang19@xxxxxxxxxxxx>
Date: Wed, 15 Apr 2020 16:40:28 +0800

> tipc_rcv() invokes tipc_node_find() twice, which returns a reference of
> the specified tipc_node object to "n" with increased refcnt.
>
> When tipc_rcv() returns or a new object is assigned to "n", the original
> local reference of "n" becomes invalid, so the refcount should be
> decreased to keep refcount balanced.
>
> The issue happens in some paths of tipc_rcv(), which forget to decrease
> the refcnt increased by tipc_node_find() and will cause a refcnt leak.
>
> Fix this issue by calling tipc_node_put() before the original object
> pointed by "n" becomes invalid.
>
> Signed-off-by: Xiyu Yang <xiyuyang19@xxxxxxxxxxxx>
> Signed-off-by: Xin Tan <tanxin.ctf@xxxxxxxxx>

Applied and queued up for -stable.

Next message: Andy Lutomirski: "Re: [PATCH] x86/memcpy: Introduce memcpy_mcsafe_fast"
Previous message: Stefan Metzmacher: "Re: [PATCH] vfs: add faccessat2 syscall"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]