From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 74D9628EB for ; Mon, 30 Jan 2023 14:08:02 +0000 (UTC) Received: by smtp.kernel.org (Postfix) with ESMTPSA id E0113C433D2; Mon, 30 Jan 2023 14:08:01 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org; s=korg; t=1675087682; bh=33bPHrH0OmXJrbGxu1Py4VXTBA+BJIFLr5ZjqxedDAQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=aGdPXSektR4tXmdAv0e3R/nUCLTTd4Nd82MHG/DxgCfbvL31Kv9chQ6OEAF8cPmKF EEHKNlCko876OM9rUteBL6fG7yZgNGtr8Vi6BHkFK1UZx2plX0QsNevZ1t4D/vVZOQ 81JVnvik8XO++ZMl/a/vpjymLSCYqLGmhmje2i0U= From: Greg Kroah-Hartman To: stable@vger.kernel.org Cc: Greg Kroah-Hartman , patches@lists.linux.dev, Jeremy Kerr , "David S. Miller" , Sasha Levin Subject: [PATCH 6.1 289/313] net: mctp: add an explicit reference from a mctp_sk_key to sock Date: Mon, 30 Jan 2023 14:52:04 +0100 Message-Id: <20230130134350.193311790@linuxfoundation.org> X-Mailer: git-send-email 2.39.1 In-Reply-To: <20230130134336.532886729@linuxfoundation.org> References: <20230130134336.532886729@linuxfoundation.org> User-Agent: quilt/0.67 Precedence: bulk X-Mailing-List: patches@lists.linux.dev List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From: Jeremy Kerr [ Upstream commit de8a6b15d9654c3e4f672d76da9d9df8ee06331d ] Currently, we correlate the mctp_sk_key lifetime to the sock lifetime through the sock hash/unhash operations, but this is pretty tenuous, and there are cases where we may have a temporary reference to an unhashed sk. This change makes the reference more explicit, by adding a hold on the sock when it's associated with a mctp_sk_key, released on final key unref. Fixes: 73c618456dc5 ("mctp: locking, lifetime and validity changes for sk_keys") Signed-off-by: Jeremy Kerr Signed-off-by: David S. Miller Signed-off-by: Sasha Levin --- net/mctp/route.c | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/net/mctp/route.c b/net/mctp/route.c index f9a80b82dc51..ce10ba7ae839 100644 --- a/net/mctp/route.c +++ b/net/mctp/route.c @@ -147,6 +147,7 @@ static struct mctp_sk_key *mctp_key_alloc(struct mctp_sock *msk, key->valid = true; spin_lock_init(&key->lock); refcount_set(&key->refs, 1); + sock_hold(key->sk); return key; } @@ -165,6 +166,7 @@ void mctp_key_unref(struct mctp_sk_key *key) mctp_dev_release_key(key->dev, key); spin_unlock_irqrestore(&key->lock, flags); + sock_put(key->sk); kfree(key); } @@ -419,14 +421,14 @@ static int mctp_route_input(struct mctp_route *route, struct sk_buff *skb) * this function. */ rc = mctp_key_add(key, msk); - if (rc) { - kfree(key); - } else { + if (!rc) trace_mctp_key_acquire(key); - /* we don't need to release key->lock on exit */ - mctp_key_unref(key); - } + /* we don't need to release key->lock on exit, so + * clean up here and suppress the unlock via + * setting to NULL + */ + mctp_key_unref(key); key = NULL; } else { -- 2.39.0