net/9p: Fix a potential socket leak in p9_socket_open

[ Upstream commit dcc14cfd7debe11b825cb077e75d91d2575b4cb8 ]

Both p9_fd_create_tcp() and p9_fd_create_unix() will call
p9_socket_open(). If the creation of p9_trans_fd fails,
p9_fd_create_tcp() and p9_fd_create_unix() will return an
error directly instead of releasing the cscoket, which will
result in a socket leak.

This patch adds sock_release() to fix the leak issue.

Fixes: 6b18662e239a ("9p connect fixes")
Signed-off-by: Wang Hai <wanghai38@huawei.com>
ACKed-by: Al Viro <viro@zeniv.linux.org.uk>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/net/9p/trans_fd.c b/net/9p/trans_fd.c
index 31f2026..e1c2c92 100644 (file)
--- a/net/9p/trans_fd.c
+++ b/net/9p/trans_fd.c
@@ -864,8 +864,10 @@ static int p9_socket_open(struct p9_client *client, struct socket *csocket)
        struct file *file;
 
        p = kzalloc(sizeof(struct p9_trans_fd), GFP_KERNEL);
-       if (!p)
+       if (!p) {
+               sock_release(csocket);
                return -ENOMEM;
+       }
 
        csocket->sk->sk_allocation = GFP_NOIO;
        file = sock_alloc_file(csocket, 0, NULL);