net: 9p: fix possible refcount leak in p9_read_work()

[PATCH] net: 9p: fix possible refcount leak in p9_read_work()

Posted by Hangyu Hua 3 years, 9 months ago

p9_req_put need to be called when m->rreq->rc.sdata is NULL to avoid
possible refcount leak.

Fixes: 728356dedeff ("9p: Add refcount to p9_req_t")
Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
---

Add p9_req_put in the "No recv fcall for tag..." error path according to Dominique's suggestion.

 net/9p/trans_fd.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/9p/trans_fd.c b/net/9p/trans_fd.c
index 507974ce880c..090337f446d7 100644
--- a/net/9p/trans_fd.c
+++ b/net/9p/trans_fd.c
@@ -345,6 +345,7 @@ static void p9_read_work(struct work_struct *work)
 			p9_debug(P9_DEBUG_ERROR,
 				 "No recv fcall for tag %d (req %p), disconnecting!\n",
 				 m->rc.tag, m->rreq);
+			p9_req_put(m->rreq);
 			m->rreq = NULL;
 			err = -EIO;
 			goto error;
-- 
2.25.1

Re: [PATCH] net: 9p: fix possible refcount leak in p9_read_work()

Posted by asmadeus@codewreck.org 3 years, 9 months ago

Hangyu Hua wrote on Tue, Jul 12, 2022 at 06:44:38PM +0800:
> p9_req_put need to be called when m->rreq->rc.sdata is NULL to avoid
> possible refcount leak.
> 
> Fixes: 728356dedeff ("9p: Add refcount to p9_req_t")
> Signed-off-by: Hangyu Hua <hbh25y@gmail.com>

I realize I didn't reply to this -- I've reworded the commit message a
bit and queued it for 5.20:
https://github.com/martinetd/linux/commit/4ac7573e1f9333073fa8d303acc941c9b7ab7f61

I'll have a look at the RDMA path you pointed at once I can find time to
make this adapter work, and will credit you for it as well

--
Dominique