This is a note to let you know that I've just added the patch titled
net/smc: put sk reference if close work was canceled
to the 6.1-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
net-smc-put-sk-reference-if-close-work-was-canceled.patch
and it can be found in the queue-6.1 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
commit 2daffade9ae01e94c5c2521448a0a5f202d39365
Author: D. Wythe <alibuda@xxxxxxxxxxxxxxxxx>
Date: Fri Nov 3 14:07:40 2023 +0800
net/smc: put sk reference if close work was canceled
[ Upstream commit aa96fbd6d78d9770323b21e2c92bd38821be8852 ]
Note that we always hold a reference to sock when attempting
to submit close_work. Therefore, if we have successfully
canceled close_work from pending, we MUST release that reference
to avoid potential leaks.
Fixes: 42bfba9eaa33 ("net/smc: immediate termination for SMCD link groups")
Signed-off-by: D. Wythe <alibuda@xxxxxxxxxxxxxxxxx>
Reviewed-by: Dust Li <dust.li@xxxxxxxxxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
diff --git a/net/smc/smc_close.c b/net/smc/smc_close.c
index 449ef454b53be..10219f55aad14 100644
--- a/net/smc/smc_close.c
+++ b/net/smc/smc_close.c
@@ -116,7 +116,8 @@ static void smc_close_cancel_work(struct smc_sock *smc)
struct sock *sk = &smc->sk;
release_sock(sk);
- cancel_work_sync(&smc->conn.close_work);
+ if (cancel_work_sync(&smc->conn.close_work))
+ sock_put(sk);
cancel_delayed_work_sync(&smc->conn.tx_work);
lock_sock(sk);
}
