git.ipfire.org Git - thirdparty/linux.git/commit

author	Anderson Nascimento <anderson@allelesecurity.com>
	Wed, 8 Apr 2026 12:12:36 +0000 (13:12 +0100)
committer	Jakub Kicinski <kuba@kernel.org>
	Thu, 9 Apr 2026 01:44:32 +0000 (18:44 -0700)
commit	d666540d217e8d420544ebdfbadeedd623562733
tree	a48376d55b3b45d08d6e3192a09337d6b9c3ca53	tree \| snapshot
parent	65b3ffe0972ed023acc3981a0f7e1ae5d0208bd3	commit \| diff

rxrpc: Fix key reference count leak from call->key

When creating a client call in rxrpc_alloc_client_call(), the code obtains
a reference to the key. This is never cleaned up and gets leaked when the
call is destroyed.

Fix this by freeing call->key in rxrpc_destroy_call().

Before the patch, it shows the key reference counter elevated:

$ cat /proc/keys | grep afs@54321
1bffe9cd I--Q--i 8053480 4169w 3b010000 1000 1000 rxrpc afs@54321: ka
$

After the patch, the invalidated key is removed when the code exits:

$ cat /proc/keys | grep afs@54321
$

Fixes: f3441d4125fc ("rxrpc: Copy client call parameters into rxrpc_call earlier")
Signed-off-by: Anderson Nascimento <anderson@allelesecurity.com>
Co-developed-by: David Howells <dhowells@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Jeffrey Altman <jaltman@auristor.com>
cc: Marc Dionne <marc.dionne@auristor.com>
cc: Simon Horman <horms@kernel.org>
cc: linux-afs@lists.infradead.org
cc: stable@kernel.org
Link: https://patch.msgid.link/20260408121252.2249051-9-dhowells@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>