From: Tuong Lien Date: Tue, 2 Jun 2020 04:46:40 +0000 (+0700) Subject: Revert "tipc: Fix potential tipc_node refcnt leak in tipc_rcv" X-Git-Tag: v5.15~3723^2~2^2~1 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=049fa17f7ae6b0971ad41b761479962facafea4b;p=platform%2Fkernel%2Flinux-starfive.git Revert "tipc: Fix potential tipc_node refcnt leak in tipc_rcv" This reverts commit de058420767df21e2b6b0f3bb36d1616fb962032. There is no actual tipc_node refcnt leak as stated in the above commit. The refcnt is hold carefully for the case of an asynchronous decryption (i.e. -EINPROGRESS/-EBUSY and skb = NULL is returned), so that the node object cannot be freed in the meantime. The counter will be re-balanced when the operation's callback arrives with the decrypted buffer if any. In other cases, e.g. a synchronous crypto the counter will be decreased immediately when it is done. Now with that commit, a kernel panic will occur when there is no node found (i.e. n = NULL) in the 'tipc_rcv()' or a premature release of the node object. This commit solves the issues by reverting the said commit, but keeping one valid case that the 'skb_linearize()' is failed. Acked-by: Jon Maloy Signed-off-by: Tuong Lien Tested-by: Hoang Le Signed-off-by: David S. Miller --- diff --git a/net/tipc/node.c b/net/tipc/node.c index 0312fb1..a4c2816 100644 --- a/net/tipc/node.c +++ b/net/tipc/node.c @@ -2038,7 +2038,6 @@ void tipc_rcv(struct net *net, struct sk_buff *skb, struct tipc_bearer *b) n = tipc_node_find_by_id(net, ehdr->id); } tipc_crypto_rcv(net, (n) ? n->crypto_rx : NULL, &skb, b); - tipc_node_put(n); if (!skb) return;