[PATCH net] net/9p: Fix a potential socket leak in p9_socket_open

From: Wang Hai
Date: Thu Nov 24 2022 - 03:10:23 EST

Next message: Tommaso Merciai: "Re: [PATCH] dma-buf: A collection of typo and documentation fixes"
Previous message: Marco Elver: "Re: [syzbot] kernel BUG in assfail"
Next in thread: asmadeus: "Re: [PATCH net] net/9p: Fix a potential socket leak in p9_socket_open"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Both p9_fd_create_tcp() and p9_fd_create_unix() will call
p9_socket_open(). If the creation of p9_trans_fd fails,
p9_fd_create_tcp() and p9_fd_create_unix() will return an
error directly instead of releasing the cscoket, which will
result in a socket leak.

This patch adds sock_release() to fix the leak issue.

Fixes: 6b18662e239a ("9p connect fixes")
Signed-off-by: Wang Hai <wanghai38@xxxxxxxxxx>
---
net/9p/trans_fd.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/net/9p/trans_fd.c b/net/9p/trans_fd.c
index 56a186768750..f834726d21ea 100644
--- a/net/9p/trans_fd.c
+++ b/net/9p/trans_fd.c
@@ -860,8 +860,10 @@ static int p9_socket_open(struct p9_client *client, struct socket *csocket)
struct file *file;

p = kzalloc(sizeof(struct p9_trans_fd), GFP_KERNEL);
- if (!p)
+ if (!p) {
+ sock_release(csocket);
return -ENOMEM;
+ }

csocket->sk->sk_allocation = GFP_NOIO;
file = sock_alloc_file(csocket, 0, NULL);
--
2.17.1

Next message: Tommaso Merciai: "Re: [PATCH] dma-buf: A collection of typo and documentation fixes"
Previous message: Marco Elver: "Re: [syzbot] kernel BUG in assfail"
Next in thread: asmadeus: "Re: [PATCH net] net/9p: Fix a potential socket leak in p9_socket_open"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]