| Message ID | 20211121041608.133740-1-eiichi.tsukata@nutanix.com (mailing list archive) |
|---|---|
| State | Not Applicable |
| Delegated to: | Netdev Maintainers |
| Headers | show |
| Series | [net,1/2] rxrpc: Fix rxrpc_peer leak in rxrpc_look_up_bundle() | expand |
On Sun, Nov 21, 2021 at 12:17 AM Eiichi Tsukata <eiichi.tsukata@nutanix.com> wrote: > > Need to call rxrpc_put_peer() for bundle candidate before kfree() as it > holds a ref to rxrpc_peer. > > Fixes: 245500d853e9 ("rxrpc: Rewrite the client connection manager") > Signed-off-by: Eiichi Tsukata <eiichi.tsukata@nutanix.com> > --- > net/rxrpc/conn_client.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/net/rxrpc/conn_client.c b/net/rxrpc/conn_client.c > index dbea0bfee48e..46dcb33888ff 100644 > --- a/net/rxrpc/conn_client.c > +++ b/net/rxrpc/conn_client.c > @@ -328,6 +328,7 @@ static struct rxrpc_bundle *rxrpc_look_up_bundle(struct rxrpc_conn_parameters *c > return candidate; > > found_bundle_free: > + rxrpc_put_peer(candidate->params.peer); > kfree(candidate); > found_bundle: > rxrpc_get_bundle(bundle); > -- > 2.33.1 Reviewed-by: Marc Dionne <marc.dionne@auristor.com> Marc
Looks good, though I think a better way to do both of these cases is to abstract out the freeing sequence into its own function. David
diff --git a/net/rxrpc/conn_client.c b/net/rxrpc/conn_client.c index dbea0bfee48e..46dcb33888ff 100644 --- a/net/rxrpc/conn_client.c +++ b/net/rxrpc/conn_client.c @@ -328,6 +328,7 @@ static struct rxrpc_bundle *rxrpc_look_up_bundle(struct rxrpc_conn_parameters *c return candidate; found_bundle_free: + rxrpc_put_peer(candidate->params.peer); kfree(candidate); found_bundle: rxrpc_get_bundle(bundle);
Need to call rxrpc_put_peer() for bundle candidate before kfree() as it holds a ref to rxrpc_peer. Fixes: 245500d853e9 ("rxrpc: Rewrite the client connection manager") Signed-off-by: Eiichi Tsukata <eiichi.tsukata@nutanix.com> --- net/rxrpc/conn_client.c | 1 + 1 file changed, 1 insertion(+)