af_unix: Fix memleak of newsk in unix_stream_connect().

When prepare_peercred() fails in unix_stream_connect(),
unix_release_sock() is not called for newsk, and the memory
is leaked.

Let's move prepare_peercred() before unix_create1().

Fixes: fd0a109a0f6b ("net, pidfs: prepare for handing out pidfds for reaped sk->sk_peer_pid")
Signed-off-by: Kuniyuki Iwashima <kuniyu@google.com>
Link: https://patch.msgid.link/20260207232236.2557549-1-kuniyu@google.com
Signed-off-by: Paolo Abeni <pabeni@redhat.com>

diff --git a/net/unix/af_unix.c b/net/unix/af_unix.c
index d0511225799ba32416378f01ab0b6cb072437934..f6d56e70c7a2c387fda6d06f30653cd662463f39 100644 (file)
--- a/net/unix/af_unix.c
+++ b/net/unix/af_unix.c
@@ -1650,10 +1650,9 @@ static int unix_stream_connect(struct socket *sock, struct sockaddr_unsized *uad
 
        timeo = sock_sndtimeo(sk, flags & O_NONBLOCK);
 
-       /* First of all allocate resources.
-        * If we will make it after state is locked,
-        * we will have to recheck all again in any case.
-        */
+       err = prepare_peercred(&peercred);
+       if (err)
+               goto out;
 
        /* create new sock for complete connection */
        newsk = unix_create1(net, NULL, 0, sock->type);
@@ -1662,10 +1661,6 @@ static int unix_stream_connect(struct socket *sock, struct sockaddr_unsized *uad
                goto out;
        }
 
-       err = prepare_peercred(&peercred);
-       if (err)
-               goto out;
-
        /* Allocate skb for sending to listening sock */
        skb = sock_wmalloc(newsk, 1, 0, GFP_KERNEL);
        if (!skb) {