LinuxLists.cc - [PATCH] net: tipc: fix possible refcount leak in tipc_sk

2022-06-29 02:42:33

Subject: [PATCH] net: tipc: fix possible refcount leak in tipc_sk_create()

sk need to be free when tipc_sk_insert fails. While tipc_sk_insert is hard
to fail, it's better to fix this.

Fixes: 07f6c4bc048a ("tipc: convert tipc reference table to use generic rhashtable")
Signed-off-by: Hangyu Hua <[email protected]>
---
net/tipc/socket.c | 1 +
1 file changed, 1 insertion(+)

diff --git a/net/tipc/socket.c b/net/tipc/socket.c
index 17f8c523e33b..43509c7e90fc 100644
--- a/net/tipc/socket.c
+++ b/net/tipc/socket.c
@@ -502,6 +502,7 @@ static int tipc_sk_create(struct net *net, struct socket *sock,
sock_init_data(sock, sk);
tipc_set_sk_state(sk, TIPC_OPEN);
if (tipc_sk_insert(tsk)) {
+ sk_free(sk);
pr_warn("Socket create failed; port number exhausted\n");
return -EINVAL;
}
--
2.25.1

2022-06-29 04:12:46

by Tung Quang Nguyen

[permalink] [raw]

Subject: RE: [PATCH] net: tipc: fix possible refcount leak in tipc_sk_create()

> sk need to be free when tipc_sk_insert fails. While tipc_sk_insert is hard
> to fail, it's better to fix this.
Incorrect English grammar. You should use a simple comment in changelog, for example: "Free sk in case tipc_sk_insert() fails."
>
> Fixes: 07f6c4bc048a ("tipc: convert tipc reference table to use generic rhashtable")
> Signed-off-by: Hangyu Hua <[email protected]>
> ---
> net/tipc/socket.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/net/tipc/socket.c b/net/tipc/socket.c
> index 17f8c523e33b..43509c7e90fc 100644
> --- a/net/tipc/socket.c
> +++ b/net/tipc/socket.c
> @@ -502,6 +502,7 @@ static int tipc_sk_create(struct net *net, struct socket *sock,
> sock_init_data(sock, sk);
> tipc_set_sk_state(sk, TIPC_OPEN);
> if (tipc_sk_insert(tsk)) {
> + sk_free(sk);
> pr_warn("Socket create failed; port number exhausted\n");
> return -EINVAL;
> }
> --
> 2.25.1

2022-06-29 06:58:38

by Hangyu Hua

[permalink] [raw]

Subject: Re: [PATCH] net: tipc: fix possible refcount leak in tipc_sk_create()

On 2022/6/29 11:49, Tung Quang Nguyen wrote:
>> sk need to be free when tipc_sk_insert fails. While tipc_sk_insert is hard
>> to fail, it's better to fix this.
> Incorrect English grammar. You should use a simple comment in changelog, for example: "Free sk in case tipc_sk_insert() fails."

Thanks a lot. I will fix this then send a v2.

Hangyu.

>>
>> Fixes: 07f6c4bc048a ("tipc: convert tipc reference table to use generic rhashtable")
>> Signed-off-by: Hangyu Hua <[email protected]>
>> ---
>> net/tipc/socket.c | 1 +
>> 1 file changed, 1 insertion(+)
>>
>> diff --git a/net/tipc/socket.c b/net/tipc/socket.c
>> index 17f8c523e33b..43509c7e90fc 100644
>> --- a/net/tipc/socket.c
>> +++ b/net/tipc/socket.c
>> @@ -502,6 +502,7 @@ static int tipc_sk_create(struct net *net, struct socket *sock,
>> sock_init_data(sock, sk);
>> tipc_set_sk_state(sk, TIPC_OPEN);
>> if (tipc_sk_insert(tsk)) {
>> + sk_free(sk);
>> pr_warn("Socket create failed; port number exhausted\n");
>> return -EINVAL;
>> }
>> --
>> 2.25.1
>