Received: by 2002:a25:1985:0:0:0:0:0 with SMTP id 127csp870379ybz;
        Sat, 25 Apr 2020 06:09:10 -0700 (PDT)
X-Google-Smtp-Source: APiQypKQPDWhnL7RcyROIoxPsAfisQVQbD+8sbrzmWcy96crNt9pD1fVNUdNFyY+ymjB5thvIR7/
X-Received: by 2002:aa7:cd08:: with SMTP id b8mr11122447edw.96.1587820149874;
        Sat, 25 Apr 2020 06:09:09 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1587820149; cv=none;
        d=google.com; s=arc-20160816;
        b=WZljdIUtF4578RKHUxo7z/DgJAJfmaFpX1C7b4NgoSmgiDOd/jdW6DQpegyMdnv61P
         uAuoPmrlE0sWfCK2k1ZahbVmMC+EsDBLs3KF93WgzYNzyCIrbbWDaTXi7Kw0RgLUO5n9
         8m99qqsEnezTAPGxSGN4kJpHvvcABJ6Z8UHvyhp3hmma3m7aetYKFowOWxLIIAi/oVGN
         svlZ2JGsNp/fU1jGoRPzhkV4pycr5km7PZLbefJ/8qxmKUSVTx4/32onmWJYd3BRqHYX
         YVntiV71aUlqQYknsygU+9OiC4HG3OKQgV6voIt4gCkT4yfN1411qtVM32Ud5g7WOLT4
         BTmg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:message-id:date:subject:cc:to:from
         :dkim-signature;
        bh=mWFjwvcAfXgLbxUP3xHE2jVdSD94EmPgOkeX90eA2Ok=;
        b=xUIEBFAxWVUZ6lXs+glfz3B49zp3FjNpi30Lmv1GBSXo7HH5ild13jd1DBX8nwHYoJ
         Nji20brJocIS4+YhGIZ2Ixt8EcwY1afPzzseytKkQnl1jMy/qrcwClT2wwBiTedmkdIP
         8k99tUyYx4zlQd623nkqhtIptIM9DrwP1ckwqTic2UoknXqaI4/peAvYMtrIEQwOqGzY
         an42ZBa8HYajrdwQWXzT66ZypEMvVRqgVuCGv80u0tUcS5GNy7wCsx56DPstXFabNTq+
         cnUIZIbj/v94hS6KKgA+NQR8o/McAlhy43DWtfYvY0x1o2VcqfLqLM6lmkJxfdNJh1PL
         vrjQ==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@fudan.edu.cn header.s=dkim header.b="3Nq82/7A";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=fudan.edu.cn
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [23.128.96.18])
        by mx.google.com with ESMTP id dn4si4687859edb.239.2020.04.25.06.08.45;
        Sat, 25 Apr 2020 06:09:09 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) client-ip=23.128.96.18;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@fudan.edu.cn header.s=dkim header.b="3Nq82/7A";
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 23.128.96.18 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=REJECT sp=REJECT dis=NONE) header.from=fudan.edu.cn
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1726154AbgDYNHY (ORCPT <rfc822;kkoh.linux@gmail.com>
        + 99 others); Sat, 25 Apr 2020 09:07:24 -0400
Received: from mail.fudan.edu.cn ([202.120.224.73]:56312 "EHLO fudan.edu.cn"
        rhost-flags-OK-OK-OK-FAIL) by vger.kernel.org with ESMTP
        id S1726073AbgDYNHX (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Sat, 25 Apr 2020 09:07:23 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=fudan.edu.cn; s=dkim; h=Received:From:To:Cc:Subject:Date:
        Message-Id; bh=mWFjwvcAfXgLbxUP3xHE2jVdSD94EmPgOkeX90eA2Ok=; b=3
        Nq82/7A27IoxgVywwfFSJsUywySGmqGqO4tCB1cLkMK5Dd+7O524Ce+7laBdO5pq
        JOPYdcwP5uGODiyp7mtTfdntyvTl6dcPUnL7IGTUl79RXSWuETgBKjYkaf1CopdZ
        CLia/QIRNL7epNO0KrOoGZXePNzM8Uo2twuxfLLHxU=
Received: from localhost.localdomain (unknown [120.229.255.80])
        by app2 (Coremail) with SMTP id XQUFCgD3___2NaRe3oqpAA--.34609S3;
        Sat, 25 Apr 2020 21:07:03 +0800 (CST)
From:   Xiyu Yang <xiyuyang19@fudan.edu.cn>
To:     Andrew Hendry <andrew.hendry@gmail.com>,
        "David S. Miller" <davem@davemloft.net>,
        Jakub Kicinski <kuba@kernel.org>,
        Xiyu Yang <xiyuyang19@fudan.edu.cn>,
        Xin Tan <tanxin.ctf@gmail.com>,
        Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        Allison Randal <allison@lohutok.net>,
        Thomas Gleixner <tglx@linutronix.de>,
        linux-x25@vger.kernel.org, netdev@vger.kernel.org,
        linux-kernel@vger.kernel.org
Cc:     yuanxzhang@fudan.edu.cn, kjlu@umn.edu
Subject: [PATCH v2] net/x25: Fix x25_neigh refcnt leak when x25 disconnect
Date:   Sat, 25 Apr 2020 21:06:25 +0800
Message-Id: <1587819994-40137-1-git-send-email-xiyuyang19@fudan.edu.cn>
X-Mailer: git-send-email 2.7.4
X-CM-TRANSID: XQUFCgD3___2NaRe3oqpAA--.34609S3
X-Coremail-Antispam: 1UD129KBjvJXoW7ZrykKr4DtryfXr43KrW7Arb_yoW8Jw4UpF
        W2k397ZryqqF4kWF4kAFykWF1kC34qqw1UXrW5uw15Cr9rG39xArWYgrsIgr43ua93JFyj
        vw10grsxAF4vk3JanT9S1TB71UUUUUUqnTZGkaVYY2UrUUUUjbIjqfuFe4nvWSU5nxnvy2
        9KBjDU0xBIdaVrnRJUUU9E14x267AKxVW8JVW5JwAFc2x0x2IEx4CE42xK8VAvwI8IcIk0
        rVWrJVCq3wAFIxvE14AKwVWUJVWUGwA2ocxC64kIII0Yj41l84x0c7CEw4AK67xGY2AK02
        1l84ACjcxK6xIIjxv20xvE14v26w1j6s0DM28EF7xvwVC0I7IYx2IY6xkF7I0E14v26F4U
        JVW0owA2z4x0Y4vEx4A2jsIE14v26rxl6s0DM28EF7xvwVC2z280aVCY1x0267AKxVW0oV
        Cq3wAac4AC62xK8xCEY4vEwIxC4wAS0I0E0xvYzxvE52x082IY62kv0487Mc02F40EFcxC
        0VAKzVAqx4xG6I80ewAv7VC0I7IYx2IY67AKxVWUXVWUAwAv7VC2z280aVAFwI0_Jr0_Gr
        1lOx8S6xCaFVCjc4AY6r1j6r4UM4x0Y48IcxkI7VAKI48JM4x0x7Aq67IIx4CEVc8vx2IE
        rcIFxwACI402YVCY1x02628vn2kIc2xKxwCY02Avz4vE14v_Xr4l42xK82IYc2Ij64vIr4
        1l4I8I3I0E4IkC6x0Yz7v_Jr0_Gr1lx2IqxVAqx4xG67AKxVWUJVWUGwC20s026x8GjcxK
        67AKxVWUGVWUWwC2zVAF1VAY17CE14v26r1q6r43MIIYrxkI7VAKI48JMIIF0xvE2Ix0cI
        8IcVAFwI0_Jr0_JF4lIxAIcVC0I7IYx2IY6xkF7I0E14v26r4j6F4UMIIF0xvE42xK8VAv
        wI8IcIk0rVW3JVWrJr1lIxAIcVC2z280aVAFwI0_Jr0_Gr1lIxAIcVC2z280aVCY1x0267
        AKxVW8JVW8JrUvcSsGvfC2KfnxnUUI43ZEXa7VUjppB7UUUUU==
X-CM-SenderInfo: irzsiiysuqikmy6i3vldqovvfxof0/
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

x25_connect() invokes x25_get_neigh(), which returns a reference of the
specified x25_neigh object to "x25->neighbour" with increased refcnt.

When x25 connect success and returns, the reference still be hold by
"x25->neighbour", so the refcount should be decreased in
x25_disconnect() to keep refcount balanced.

The reference counting issue happens in x25_disconnect(), which forgets
to decrease the refcnt increased by x25_get_neigh() in x25_connect(),
causing a refcnt leak.

Fix this issue by calling x25_neigh_put() before x25_disconnect()
returns.

Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn>
Signed-off-by: Xin Tan <tanxin.ctf@gmail.com>
---
Changes in v2:
- Fix x25_neigh refcnt leak in x25_disconnect() rather than in
x25_connect()
---
 net/x25/x25_subr.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/net/x25/x25_subr.c b/net/x25/x25_subr.c
index 8aa415a38814..8b1b06cabcbf 100644
--- a/net/x25/x25_subr.c
+++ b/net/x25/x25_subr.c
@@ -357,6 +357,10 @@ void x25_disconnect(struct sock *sk, int reason, unsigned char cause,
 		sk->sk_state_change(sk);
 		sock_set_flag(sk, SOCK_DEAD);
 	}
+	read_lock_bh(&x25_list_lock);
+	x25_neigh_put(x25->neighbour);
+	x25->neighbour = NULL;
+	read_unlock_bh(&x25_list_lock);
 }
 
 /*
-- 
2.7.4