1. Patchew
  2. linux
  3. View series

[PATCH] net: qrtr: fix node refcount leak on ctrl packet alloc failure

Wentao Liang posted 1 patch 1 week, 4 days ago 
net/qrtr/af_qrtr.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
[PATCH] net: qrtr: fix node refcount leak on ctrl packet alloc failure
Posted by Wentao Liang 1 week, 4 days ago 
qrtr_send_resume_tx() calls qrtr_node_lookup() which takes a
reference on the returned node. If the subsequent call to
qrtr_alloc_ctrl_packet() fails due to memory allocation failure, the
function returns -ENOMEM without calling qrtr_node_release() to
release the node reference.

Add qrtr_node_release(node) before returning on the allocation failure
path to properly release the reference.

Cc: stable@vger.kernel.org
Fixes: cb6530b99faf ("net: qrtr: Move resume-tx transmission to recvmsg")
Signed-off-by: Wentao Liang <vulab@iscas.ac.cn>
---
 net/qrtr/af_qrtr.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/net/qrtr/af_qrtr.c b/net/qrtr/af_qrtr.c
index 7cec6a7859b0..c9f892427f7c 100644
--- a/net/qrtr/af_qrtr.c
+++ b/net/qrtr/af_qrtr.c
@@ -1009,8 +1009,10 @@ static int qrtr_send_resume_tx(struct qrtr_cb *cb)
 		return -EINVAL;
 
 	skb = qrtr_alloc_ctrl_packet(&pkt, GFP_KERNEL);
-	if (!skb)
+	if (!skb) {
+		qrtr_node_release(node);
 		return -ENOMEM;
+	}
 
 	pkt->cmd = cpu_to_le32(QRTR_TYPE_RESUME_TX);
 	pkt->client.node = cpu_to_le32(cb->dst_node);
-- 
2.34.1
Re: [PATCH] net: qrtr: fix node refcount leak on ctrl packet alloc failure
Posted by Manivannan Sadhasivam 1 week, 2 days ago 
On Thu, May 28, 2026 at 08:00:19AM +0000, Wentao Liang wrote:
> qrtr_send_resume_tx() calls qrtr_node_lookup() which takes a
> reference on the returned node. If the subsequent call to
> qrtr_alloc_ctrl_packet() fails due to memory allocation failure, the
> function returns -ENOMEM without calling qrtr_node_release() to
> release the node reference.
> 
> Add qrtr_node_release(node) before returning on the allocation failure
> path to properly release the reference.
> 
> Cc: stable@vger.kernel.org
> Fixes: cb6530b99faf ("net: qrtr: Move resume-tx transmission to recvmsg")
> Signed-off-by: Wentao Liang <vulab@iscas.ac.cn>

Reviewed-by: Manivannan Sadhasivam <mani@kernel.org>

- Mani

> ---
>  net/qrtr/af_qrtr.c | 4 +++-
>  1 file changed, 3 insertions(+), 1 deletion(-)
> 
> diff --git a/net/qrtr/af_qrtr.c b/net/qrtr/af_qrtr.c
> index 7cec6a7859b0..c9f892427f7c 100644
> --- a/net/qrtr/af_qrtr.c
> +++ b/net/qrtr/af_qrtr.c
> @@ -1009,8 +1009,10 @@ static int qrtr_send_resume_tx(struct qrtr_cb *cb)
>  		return -EINVAL;
>  
>  	skb = qrtr_alloc_ctrl_packet(&pkt, GFP_KERNEL);
> -	if (!skb)
> +	if (!skb) {
> +		qrtr_node_release(node);
>  		return -ENOMEM;
> +	}
>  
>  	pkt->cmd = cpu_to_le32(QRTR_TYPE_RESUME_TX);
>  	pkt->client.node = cpu_to_le32(cb->dst_node);
> -- 
> 2.34.1
> 

-- 
மணிவண்ணன் சதாசிவம்
Re: [PATCH] net: qrtr: fix node refcount leak on ctrl packet alloc failure
Posted by Alexander Lobakin 1 week, 4 days ago 
From: Wentao Liang <vulab@iscas.ac.cn>
Date: Thu, 28 May 2026 08:00:19 +0000

> [PATCH] net: qrtr: fix node refcount leak on ctrl packet alloc failure

Please specify the net tree in the subject prefix, i.e. [PATCH net].

> qrtr_send_resume_tx() calls qrtr_node_lookup() which takes a
> reference on the returned node. If the subsequent call to
> qrtr_alloc_ctrl_packet() fails due to memory allocation failure, the
> function returns -ENOMEM without calling qrtr_node_release() to
> release the node reference.
> 
> Add qrtr_node_release(node) before returning on the allocation failure
> path to properly release the reference.
> 
> Cc: stable@vger.kernel.org
> Fixes: cb6530b99faf ("net: qrtr: Move resume-tx transmission to recvmsg")
> Signed-off-by: Wentao Liang <vulab@iscas.ac.cn>

Reviewed-by: Alexander Lobakin <aleksander.lobakin@intel.com>

Thanks,
Olek

Patchew 2.1-devel-ea86937

© 2016 - 2026 Red Hat, Inc.