git.ipfire.org Git - thirdparty/kernel/stable.git/commit

author	Jeremy Kerr <jk@codeconstruct.com.au>
	Wed, 18 Dec 2024 03:53:01 +0000 (11:53 +0800)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 27 Dec 2024 13:02:07 +0000 (14:02 +0100)
commit	b2b4eddf2f18836817971ae5c1e196c210c9d10f
tree	f7a9af683b2ae6b755e4e35e3d68f619ade1a78e	tree
parent	7e1ad75dccf3f8d6c801243dc064626b33599724	commit \| diff

net: mctp: handle skb cleanup on sock_queue failures

commit ce1219c3f76bb131d095e90521506d3c6ccfa086 upstream.

Currently, we don't use the return value from sock_queue_rcv_skb, which
means we may leak skbs if a message is not successfully queued to a
socket.

Instead, ensure that we're freeing the skb where the sock hasn't
otherwise taken ownership of the skb by adding checks on the
sock_queue_rcv_skb() to invoke a kfree on failure.

In doing so, rather than using the 'rc' value to trigger the
kfree_skb(), use the skb pointer itself, which is more explicit.

Also, add a kunit test for the sock delivery failure cases.

Fixes: 4a992bbd3650 ("mctp: Implement message fragmentation & reassembly")
Cc: stable@vger.kernel.org
Signed-off-by: Jeremy Kerr <jk@codeconstruct.com.au>
Link: https://patch.msgid.link/20241218-mctp-next-v2-1-1c1729645eaa@codeconstruct.com.au
Signed-off-by: Paolo Abeni <pabeni@redhat.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

net/mctp/route.c		diff \| blob \| blame \| history
net/mctp/test/route-test.c		diff \| blob \| blame \| history