net: 9p: fix refcount leak in p9_read_work() error handling
authorHangyu Hua <hbh25y@gmail.com>
Wed, 13 Jul 2022 00:55:11 +0000 (09:55 +0900)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Wed, 17 Aug 2022 12:24:08 +0000 (14:24 +0200)
[ Upstream commit 4ac7573e1f9333073fa8d303acc941c9b7ab7f61 ]

p9_req_put need to be called when m->rreq->rc.sdata is NULL to avoid
temporary refcount leak.

Link: https://lkml.kernel.org/r/20220712104438.30800-1-hbh25y@gmail.com
Fixes: 728356dedeff ("9p: Add refcount to p9_req_t")
Signed-off-by: Hangyu Hua <hbh25y@gmail.com>
[Dominique: commit wording adjustments, p9_req_put argument fixes for rebase]
Signed-off-by: Dominique Martinet <asmadeus@codewreck.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
net/9p/trans_fd.c

index c55c8a6..6fe3719 100644 (file)
@@ -345,6 +345,7 @@ static void p9_read_work(struct work_struct *work)
                        p9_debug(P9_DEBUG_ERROR,
                                 "No recv fcall for tag %d (req %p), disconnecting!\n",
                                 m->rc.tag, m->rreq);
+                       p9_req_put(m->client, m->rreq);
                        m->rreq = NULL;
                        err = -EIO;
                        goto error;