From nobody Thu Dec 18 23:23:42 2025 Received: from mail-pl1-f169.google.com (mail-pl1-f169.google.com [209.85.214.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 4E924195FE8 for ; Wed, 17 Dec 2025 01:15:54 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.214.169 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765934155; cv=none; b=cEsnrzsdgrOOKKmDrxstfUPmJzvYOuCCePjQo7cYz+42dItVrBH7qttaNsCB/rR7WLSVYKVVrNoMTCnuuF6P5czwyL245pNuwhIbm0rTqYO0WNS/yl2zPUr1a+sDhs+cRCLzz65eMVBgx8+6F8TSHLzJdkm0V3KZrpENTv/kCXQ= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1765934155; c=relaxed/simple; bh=5NqdR0KahKnnPoX+6MD1dyWNtJM/5gJGED+S8VpfHBE=; h=From:To:Cc:Subject:Date:Message-Id:In-Reply-To:References: MIME-Version; b=tfJvPJeJGtfkD7t33b3GCXMx9R7VNY/YToVPkymtE3DbTyfMh9ne26dSMSa+x5uNEXZ3viDnvfSOeZQDDfmFo4aKb8TYMModWwC91DAJR6JIMxHKfsdRAyUbbq62x7k3c5Ov+tRJm2bFjd5ae7Vh7GSxBd3s+/zlFmkWu/1ChBQ= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com; spf=pass smtp.mailfrom=gmail.com; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b=mO6/Qka3; arc=none smtp.client-ip=209.85.214.169 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=gmail.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=gmail.com header.i=@gmail.com header.b="mO6/Qka3" Received: by mail-pl1-f169.google.com with SMTP id d9443c01a7336-29e346af955so7486295ad.0 for ; Tue, 16 Dec 2025 17:15:54 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1765934153; x=1766538953; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:from:to:cc:subject:date :message-id:reply-to; bh=oAPpQXLFQFMqUELx3ET/17MTkGzZAB2Bx7aG6WIuk/g=; b=mO6/Qka3JfRVoiIP16g7khJ4iOnCKB/oZZ19aZYjUBxyv3+6S5fIfaF5/bglcGYFE4 qBpobkRyrpZWRAw5M4zegE5rfVMVNE3nEWDoLKTe8KSoQD79CYUkGOzDF5W9BuECBCV7 0mU//LiPmsGKObdNr6/BiN0Ct58+RPfSo1p6LyRDdFMPCwEB3vw02uPa3oJPGLlDIof1 kN9xvJzHvmYQBszGGH1e9Ok+Qo82hStTZx+jS6ADDIlIFrzlvwgRPRxa1W5f2gxj8uIs zMb6z4zyw5etHlJQZ+ahoDI5Ne0dk8Z3aNq2jJb3kUkvf4cByjBMQTeeTYk88vbPlUgM rMPg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1765934153; x=1766538953; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:cc:to:from:x-gm-gg:x-gm-message-state:from :to:cc:subject:date:message-id:reply-to; bh=oAPpQXLFQFMqUELx3ET/17MTkGzZAB2Bx7aG6WIuk/g=; b=X23yaOa11YnwAZ61is9sdz84KcMXu2/b1NOEnC4mGZ34qcvmwPftjNOBgW/5q+aivR 0YWk/ylza2+dsvu/6Tj2IOH3enU1n51L/KKXh1/gsRE79yKM6yT3KMWLMFlWVRtcYkhx 5ZvVekmivuSh8Be/nfA/Fd9e4LW/0Jbc2uyspzvsbSILT8okHuzS0JSWpUmpU2oh8sMR BkcVNyE0Jp3yNCmvBJcYKxJKju8p5EjoOkLRin39kur2PE9KwmeCKSjB+BI4RkHd1iTv FYdqjiM8DlTcZLBSa5ztuM0oKl7iZq5Ptye88DeOueT/BJ4+yQ5HmEmkcEXQ4DV4W/od k8KQ== X-Forwarded-Encrypted: i=1; AJvYcCVn82YKWabmXb8VoTTamlOIML0KRdGHw/tm32Z7w7RBcpzcVVw2BizyHpRCSc9avRlWFNeK63jt5bj8lgA=@vger.kernel.org X-Gm-Message-State: AOJu0YwwX62ydPmr0sp5yvxv2ORPDxZcSzDWr85RMtRr1iDGlCdd3cvj SfS+lGLZ0HDL9KpasF5Y5Fj8XB4vRnxHw0V3SvzrR4Sr7/GjuskNmjUF X-Gm-Gg: AY/fxX6wiDm2ueYsLJbLHK8/ZeXD6ftNzVlpxgfHPZlUn0Mj30Y02z2IGv6T0Dv7/0f 2HfjoU70VK77t67c0jvhdPanxK8+KY3qRkXbgcnIidqmF1Rf6D/y4Zbb9CgysbEF/dTBjzajIJz 1iQ5ptRd5cV9ckjoQy9A4uAXnHNKuk4phIShg/4i+3qB7M40+fVL3qqFvYvSDi0MZtSVsd/mPx8 xvE+tGwgW0qjlughiRkbVzFpblGnZja6ix3RGSldBz5F38dmUbI1l+h3u0qxL7a+82K5WeOtZzT YsvMNO9KIFP/KBENhDfVl5muszDd8jClVgaAGT/G6n7zbunppTsMwxzFEdX/06SOMr0R9UuIk5C E3s1Lj0NQ3UVv/biHwUbGV+xUVARYKjhmwvUaIZvy/Vq9Su9KrdbgjB5koXcPYpANq8LlBrdDYr /yLxNN6g5rlRuMznzdzH2RUmzdsshqpvECGj2bnXIYAmuNOaeAxksZ2Mw9fi4M+ERu/74KDlOB X-Google-Smtp-Source: AGHT+IFZrDf9vqRQ/g6EePpa5uBEVkMmx0VjSy5xkIfuhbvdzQMUtH3Bh0xKcFCQL8LtdAKwzvNqvQ== X-Received: by 2002:a17:90b:3f0e:b0:349:2cdd:434a with SMTP id 98e67ed59e1d1-34abd7602f0mr12147245a91.5.1765934153401; Tue, 16 Dec 2025 17:15:53 -0800 (PST) Received: from poi.localdomain (KD118158218050.ppp-bb.dion.ne.jp. [118.158.218.50]) by smtp.gmail.com with ESMTPSA id 98e67ed59e1d1-34cfdc61cecsm641012a91.9.2025.12.16.17.15.50 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 16 Dec 2025 17:15:52 -0800 (PST) From: Qianchang Zhao To: Krzysztof Kozlowski , Paolo Abeni , Jakub Kicinski Cc: "David S. Miller" , Eric Dumazet , Simon Horman , netdev@vger.kernel.org, linux-kernel@vger.kernel.org, stable@vger.kernel.org, Zhitong Liu , Qianchang Zhao Subject: [PATCH] nfc: llcp: stop processing on LLCP_CLOSED in nfc_llcp_recv_hdlc() Date: Wed, 17 Dec 2025 10:15:38 +0900 Message-Id: <20251217011538.16029-1-pioooooooooip@gmail.com> X-Mailer: git-send-email 2.34.1 In-Reply-To: <307c2afe-8e8e-4edf-b6d1-1056fe8949f6@kernel.org> References: <307c2afe-8e8e-4edf-b6d1-1056fe8949f6@kernel.org> Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" nfc_llcp_sock_get() takes a reference on the LLCP socket via sock_hold(). In nfc_llcp_recv_hdlc(), the LLCP_CLOSED branch releases the socket lock and drops the reference, but the function continues to operate on llcp_sock/sk = and later runs release_sock() and nfc_llcp_sock_put() again on the common exit = path. Return immediately after the CLOSED cleanup to avoid refcount/lock imbalanc= e and to avoid using the socket after dropping the reference. Reported-by: Qianchang Zhao Reported-by: Zhitong Liu Cc: stable@vger.kernel.org Signed-off-by: Qianchang Zhao --- net/nfc/llcp_core.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/nfc/llcp_core.c b/net/nfc/llcp_core.c index beeb3b4d2..be01ec9f4 100644 --- a/net/nfc/llcp_core.c +++ b/net/nfc/llcp_core.c @@ -1089,6 +1089,7 @@ static void nfc_llcp_recv_hdlc(struct nfc_llcp_local = *local, if (sk->sk_state =3D=3D LLCP_CLOSED) { release_sock(sk); nfc_llcp_sock_put(llcp_sock); + return; } =20 /* Pass the payload upstream */ --=20 2.34.1