This is a note to let you know that I've just added the patch titled
net/smc: Fix sock leak when release after smc_shutdown()
to the 5.17-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
net-smc-fix-sock-leak-when-release-after-smc_shutdow.patch
and it can be found in the queue-5.17 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit 495c6d21786560f964d57eae29279a6ab7c8b44a
Author: Tony Lu <tonylu@xxxxxxxxxxxxxxxxx>
Date: Thu Apr 14 15:51:03 2022 +0800
net/smc: Fix sock leak when release after smc_shutdown()
[ Upstream commit 1a74e99323746353bba11562a2f2d0aa8102f402 ]
Since commit e5d5aadcf3cd ("net/smc: fix sk_refcnt underflow on linkdown
and fallback"), for a fallback connection, __smc_release() does not call
sock_put() if its state is already SMC_CLOSED.
When calling smc_shutdown() after falling back, its state is set to
SMC_CLOSED but does not call sock_put(), so this patch calls it.
Reported-and-tested-by: syzbot+6e29a053eb165bd50de5@xxxxxxxxxxxxxxxxxxxxxxxxx
Fixes: e5d5aadcf3cd ("net/smc: fix sk_refcnt underflow on linkdown and fallback")
Signed-off-by: Tony Lu <tonylu@xxxxxxxxxxxxxxxxx>
Acked-by: Karsten Graul <kgraul@xxxxxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/net/smc/af_smc.c b/net/smc/af_smc.c
index 303c5e56e4df..68cd110722a4 100644
--- a/net/smc/af_smc.c
+++ b/net/smc/af_smc.c
@@ -2538,8 +2538,10 @@ static int smc_shutdown(struct socket *sock, int how)
if (smc->use_fallback) {
rc = kernel_sock_shutdown(smc->clcsock, how);
sk->sk_shutdown = smc->clcsock->sk->sk_shutdown;
- if (sk->sk_shutdown == SHUTDOWN_MASK)
+ if (sk->sk_shutdown == SHUTDOWN_MASK) {
sk->sk_state = SMC_CLOSED;
+ sock_put(sk);
+ }
goto out;
}
switch (how) {
