Received: by 2002:a05:7412:b10a:b0:f3:1519:9f41 with SMTP id az10csp2289927rdb; Sun, 3 Dec 2023 10:10:10 -0800 (PST) X-Google-Smtp-Source: AGHT+IHz+ljUTvBYMOOzua6Mi5PUNOM5GY9mH0vu6i//VnsrzBHxJfMQPdA6zcBWT/mgCH/wVsrR X-Received: by 2002:a05:6a00:1354:b0:6ce:2731:a087 with SMTP id k20-20020a056a00135400b006ce2731a087mr3162080pfu.54.1701627010639; Sun, 03 Dec 2023 10:10:10 -0800 (PST) ARC-Seal: i=2; a=rsa-sha256; t=1701627010; cv=pass; d=google.com; s=arc-20160816; b=FeqPFv773xAeP8YjWSqpSNY/0iAsGmf+7uo2i8Y1nHKTa4CENMgGN0uNy2WCDR7WIA k0RxwHviv0NchWtHzuXv0FJ3ehWahPErnWBJZ7dCJ15FppxR/4WeZ+sJB3KjJerIMVOc 8TDi6SqqGUsSSy/OQkUcLzRZSeOKeeWnOs69rb1KTqyBJFlB4NIdbFxeh2svtBUJ+KGE ZFS1VdMN5O29uAbr6PznM2zzBXrwr0NSvVnN9uuxwuowJ7xr7MbH/TOrORoYDQym0dvo f6RhwR5MA1sGNReAoAkYZ4yafitsjJWvc01uK1eOkS8cGGS+7I9KNeXXSqf76h6P2rXW WzHg== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:user-agent:importance:content-transfer-encoding :mime-version:subject:references:in-reply-to:message-id:cc:to:from :date:dkim-signature; bh=jig7nqOtSLq3le2nJnQ+h5DRxXbpyeM6+FUUU6eub08=; fh=uL5RiuOtZkSe6o2zj4aILxg82hstoMNioIhSyyKGUQE=; b=XyOxqSEt6/X1iC6eWwMuGko+7ZMaNEai1PBVz6FLGOB3NphYkAYmnMibES6WS7eCEm 9lgvj25H0xJ9BhjtUCOl5XKk4Fe/O/amTpO0uPa5vi3mO+By28k8dwefZiLrilU7rhNi rLYWUMbSOt5rIVNlRACi3TvQtaq9fDLP7g2tXvAJIRQk+XjJ1g1sJbFWNWNXtCMrPOo4 /SiwRsbAQ2WdLH73gfP1aGQzu3Sqar68Ss4L/r26ugLKbjr4gMR6WOmiUMBqkdA3aRSh DN80Kpx/fVaMayGofN8ONbU62zskUPqRTSWJPTV0KtPovv8nZfi9hib0bwy4fhDmiPCy GvwA== ARC-Authentication-Results: i=2; mx.google.com; dkim=pass header.i=@siddh.me header.s=zmail header.b=ISmc0HM7; arc=pass (i=1 spf=pass spfdomain=siddh.me dkim=pass dkdomain=siddh.me dmarc=pass fromdomain=siddh.me>); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siddh.me Return-Path: Received: from howler.vger.email (howler.vger.email. [2620:137:e000::3:4]) by mx.google.com with ESMTPS id d4-20020a056a0010c400b006cdeb7e9f6dsi6313263pfu.234.2023.12.03.10.10.10 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Sun, 03 Dec 2023 10:10:10 -0800 (PST) Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) client-ip=2620:137:e000::3:4; Authentication-Results: mx.google.com; dkim=pass header.i=@siddh.me header.s=zmail header.b=ISmc0HM7; arc=pass (i=1 spf=pass spfdomain=siddh.me dkim=pass dkdomain=siddh.me dmarc=pass fromdomain=siddh.me>); spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::3:4 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=siddh.me Received: from out1.vger.email (depot.vger.email [IPv6:2620:137:e000::3:0]) by howler.vger.email (Postfix) with ESMTP id 009518060516; Sun, 3 Dec 2023 10:10:07 -0800 (PST) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.103.11 at howler.vger.email Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229739AbjLCSJj (ORCPT + 99 others); Sun, 3 Dec 2023 13:09:39 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:37090 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229450AbjLCSJi (ORCPT ); Sun, 3 Dec 2023 13:09:38 -0500 Received: from sender-of-o51.zoho.in (sender-of-o51.zoho.in [103.117.158.51]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 024F1D6; Sun, 3 Dec 2023 10:09:40 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1701626931; cv=none; d=zohomail.in; s=zohoarc; b=HD013oKEY/KfaGYVjdW0BKpb8BZryAHUC477hAmAi2Lngfq1KZjZNa+kXnRaSJesAEjtilcX2HzPFQ+SIN7T5MrugYui3pUrOn8HiQQFXLo4mtOX5JyOCM0bKOCB2z75hPyAD/3iNA8n5IChsjEBJX380gBBTVvEucKMJn+Tuxs= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.in; s=zohoarc; t=1701626931; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:MIME-Version:Message-ID:References:Subject:Subject:To:To:Message-Id:Reply-To; bh=jig7nqOtSLq3le2nJnQ+h5DRxXbpyeM6+FUUU6eub08=; b=I/jEA/xvVZl5u/aVb2qGfb0njKhX+yqejs6qBiX+agCmPoQt//qusk+exmqKaVLZzcowDbPmurbfXPnkjalzhxIdw0Vhiat8qjKsQB/0kgj3yxLcDBYN/Us2toQtAhYescc4Zsk/4x0vvU8YfZekPyPFf1yuNsbauVhZNJA4tqY= ARC-Authentication-Results: i=1; mx.zohomail.in; dkim=pass header.i=siddh.me; spf=pass smtp.mailfrom=code@siddh.me; dmarc=pass header.from= DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; t=1701626931; s=zmail; d=siddh.me; i=code@siddh.me; h=Date:Date:From:From:To:To:Cc:Cc:Message-ID:In-Reply-To:References:Subject:Subject:MIME-Version:Content-Type:Content-Transfer-Encoding:Message-Id:Reply-To; bh=jig7nqOtSLq3le2nJnQ+h5DRxXbpyeM6+FUUU6eub08=; b=ISmc0HM7xP436viT81IWbs+UyQ6qOS8WGreQyEiChIdL45uKHjio113JYcwwsjQg aXs62Nm26/R+RpYbMbpXVs1XMsr0cAw1IhmbHQ8zESEDK9RdIWV6A7aQJ3N7/Ouv1zo X6Y0PbMOo+RhCdMAHY9wkN8gebwkpFycOVBBuEgA= Received: from mail.zoho.in by mx.zoho.in with SMTP id 1701626900046660.6408974070963; Sun, 3 Dec 2023 23:38:20 +0530 (IST) Date: Sun, 03 Dec 2023 23:38:20 +0530 From: Siddh Raman Pant To: "Suman Ghosh" Cc: "Krzysztof Kozlowski" , "David S. Miller" , "Eric Dumazet" , "Jakub Kicinski" , "Paolo Abeni" , "netdev@vger.kernel.org" , "linux-kernel@vger.kernel.org" , "Samuel Ortiz" , "syzbot+bbe84a4010eeea00982d@syzkaller.appspotmail.com" Message-ID: <18c30ddee40.70f9a1a945075.1438711881490299499@siddh.me> In-Reply-To: References: <476cccdcb57645784889fc82f0c7c10ff4c8b8c0.1701530776.git.code@siddh.me> Subject: RE: [EXT] [PATCH net-next v2 1/2] nfc: llcp_core: Hold a ref to llcp_local->dev when holding a ref to llcp_local MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Importance: Medium User-Agent: Zoho Mail X-Mailer: Zoho Mail X-Spam-Status: No, score=-0.9 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI, SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=unavailable autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on howler.vger.email Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org X-Greylist: Sender passed SPF test, not delayed by milter-greylist-4.6.4 (howler.vger.email [0.0.0.0]); Sun, 03 Dec 2023 10:10:08 -0800 (PST) On Sun, 03 Dec 2023 22:29:39 +0530, Suman Ghosh wrote: > Hi Siddh, >=20 > >@@ -180,6 +183,7 @@ int nfc_llcp_local_put(struct nfc_llcp_local *local) > > =C2=A0=C2=A0=C2=A0=C2=A0if (local =3D=3D NULL) > > =C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0return 0; > > > >+=C2=A0=C2=A0=C2=A0=C2=A0nfc_put_device(local->dev); > [Suman] One question here, if we consider the path, nfc_llcp_mac_is_down(= ) -> > nfc_llcp_socket_release() -> nfc_llcp_local_put(), then inside > nfc_llcp_socket_release() we are already doing nfc_put_device() if=20 > "sk->sk_state =3D=3D LLCP_CONNECTED", with this change we are doing it ag= ain. > I guess you need to add some check to avoid that. Let me know if I am > missing something. The socket state is set to LLCP_CONNECTED in just two places: nfc_llcp_recv_connect() and nfc_llcp_recv_cc(). nfc_get_device() is used prior to setting the socket state to LLCP_CONNECTED in nfc_llcp_recv_connect(). After that, it calls nfc_llcp_send_cc(), which I suppose is a connection PDU by some Google-fu (NFC specs is paywalled). In nfc_llcp_recv_cc(), we do not use nfc_get_device(), but since one must send cc (which is done in nfc_llcp_recv_connect()), I think we are good here. This patch change doesn't touch any other refcounting. We increment the refcount whenever we get the local, and decrement when we put it. nfc_llcp_find_local() involves getting it, so all users of that function increment the refcount, which is also the case with nfc_llcp_mac_is_down(). The last nfc_llcp_local_put() then correctly decrements the refcount. If there is indeed a refcount error due to LLCP_CONNECTED, it probably exists without this patch too. > > =C2=A0=C2=A0=C2=A0=C2=A0new_sock->local =3D nfc_llcp_local_get(local); > >+=C2=A0=C2=A0=C2=A0=C2=A0if (!new_sock->local) { > >+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0reason =3D LLCP_DM_REJ; > >+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0release_sock(&sock->sk)= ; > >+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0sock_put(&sock->sk); > >+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0sock_put(&new_sock->sk)= ; > [Suman] don't we need to free new_sock? nfc_llcp_sock_free()? > > [...] > > >+=C2=A0=C2=A0=C2=A0=C2=A0local->dev =3D nfc_get_device(ndev->idx); > >+=C2=A0=C2=A0=C2=A0=C2=A0if (!local->dev) > >+=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0=C2=A0return -ENODEV; > [Suman] Memory leak here. Need to call kfree(local). Yes, you are correct. Very stupid of me. Will send a v3. Thanks, Siddh