]> git.ipfire.org Git - thirdparty/linux.git/commitdiff
projects / thirdparty / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e3c6508)
net: qrtr: fix node refcount leak on ctrl packet alloc failure
authorWentao Liang <vulab@iscas.ac.cn>
Thu, 28 May 2026 08:00:19 +0000 (08:00 +0000)
committerJakub Kicinski <kuba@kernel.org>
Tue, 2 Jun 2026 02:53:45 +0000 (19:53 -0700)
qrtr_send_resume_tx() calls qrtr_node_lookup() which takes a
reference on the returned node. If the subsequent call to
qrtr_alloc_ctrl_packet() fails due to memory allocation failure, the
function returns -ENOMEM without calling qrtr_node_release() to
release the node reference.

Add qrtr_node_release(node) before returning on the allocation failure
path to properly release the reference.

Signed-off-by: Wentao Liang <vulab@iscas.ac.cn>
Reviewed-by: Alexander Lobakin <aleksander.lobakin@intel.com>
Reviewed-by: Manivannan Sadhasivam <mani@kernel.org>
Link: https://patch.msgid.link/20260528080019.1176700-1-vulab@iscas.ac.cn
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
net/qrtr/af_qrtr.c patch | blob | blame | history

diff --git a/net/qrtr/af_qrtr.c b/net/qrtr/af_qrtr.c
index 7cec6a7859b035664a7e38d9827aa77149db1947..c9f892427f7c885af1bee87bc550dd979d289b29 100644 (file)
--- a/net/qrtr/af_qrtr.c
+++ b/net/qrtr/af_qrtr.c
@@ -1009,8 +1009,10 @@ static int qrtr_send_resume_tx(struct qrtr_cb *cb)
                return -EINVAL;
 
        skb = qrtr_alloc_ctrl_packet(&pkt, GFP_KERNEL);
-       if (!skb)
+       if (!skb) {
+               qrtr_node_release(node);
                return -ENOMEM;
+       }
 
        pkt->cmd = cpu_to_le32(QRTR_TYPE_RESUME_TX);
        pkt->client.node = cpu_to_le32(cb->dst_node);
A mirror of Linus' kernel repository