connection: dont leak sync replies

If a timeout occurs before we can queue a reply to a message, we might
queue it _after_ the sync caller already returned and dropped its ref.
Avoid this by using the 'waiting' flag to sync between sender and
receiver.

Signed-off-by: David Herrmann <dh.herrmann@gmail.com>

diff --git a/connection.c b/connection.c
index 68b0cad5a8a650323721d841f8ce399b46559e1d..104234a68122205f303e14827723fadb55bea51f 100644 (file)
--- a/connection.c
+++ b/connection.c
@@ -665,6 +665,7 @@ static int kdbus_conn_wait_reply(struct kdbus_ep *ep,
        mutex_unlock(&conn_dst->lock);
 
        mutex_lock(&conn_src->lock);
+       reply_wait->waiting = false;
        entry = reply_wait->queue_entry;
        if (entry) {
                if (ret == 0)
@@ -816,7 +817,7 @@ int kdbus_conn_kmsg_send(struct kdbus_ep *ep,
                 * The connection's queue will never get to see it.
                 */
                mutex_lock(&conn_dst->lock);
-               if (kdbus_conn_active(conn_dst))
+               if (reply_wake->waiting && kdbus_conn_active(conn_dst))
                        ret = kdbus_queue_entry_alloc(conn_dst, kmsg,
                                                      &reply_wake->queue_entry);
                else