Re: [PATCH 6.4 118/800] net/handshake: Unpin sock->file if a handshake is cancelled

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sun, Jul 16, 2023 at 08:43:58PM +0000, Chuck Lever III wrote:
> 
> 
> > On Jul 16, 2023, at 3:39 PM, Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
> > 
> > From: Chuck Lever <chuck.lever@xxxxxxxxxx>
> > 
> > [ Upstream commit f921bd41001ccff2249f5f443f2917f7ef937daf ]
> > 
> > If user space never calls DONE, sock->file's reference count remains
> > elevated. Enable sock->file to be freed eventually in this case.
> > 
> > Reported-by: Jakub Kacinski <kuba@xxxxxxxxxx>
> > Fixes: 3b3009ea8abb ("net/handshake: Create a NETLINK service for handling handshake requests")
> > Signed-off-by: Chuck Lever <chuck.lever@xxxxxxxxxx>
> > Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
> > Signed-off-by: Sasha Levin <sashal@xxxxxxxxxx>
> > ---
> > net/handshake/handshake.h | 1 +
> > net/handshake/request.c   | 4 ++++
> > 2 files changed, 5 insertions(+)
> > 
> > diff --git a/net/handshake/handshake.h b/net/handshake/handshake.h
> > index 4dac965c99df0..8aeaadca844fd 100644
> > --- a/net/handshake/handshake.h
> > +++ b/net/handshake/handshake.h
> > @@ -31,6 +31,7 @@ struct handshake_req {
> > struct list_head hr_list;
> > struct rhash_head hr_rhash;
> > unsigned long hr_flags;
> > + struct file *hr_file;
> > const struct handshake_proto *hr_proto;
> > struct sock *hr_sk;
> > void (*hr_odestruct)(struct sock *sk);
> > diff --git a/net/handshake/request.c b/net/handshake/request.c
> > index 94d5cef3e048b..d78d41abb3d99 100644
> > --- a/net/handshake/request.c
> > +++ b/net/handshake/request.c
> > @@ -239,6 +239,7 @@ int handshake_req_submit(struct socket *sock, struct handshake_req *req,
> > }
> > req->hr_odestruct = req->hr_sk->sk_destruct;
> > req->hr_sk->sk_destruct = handshake_sk_destruct;
> > + req->hr_file = sock->file;
> > 
> > ret = -EOPNOTSUPP;
> > net = sock_net(req->hr_sk);
> > @@ -334,6 +335,9 @@ bool handshake_req_cancel(struct sock *sk)
> > return false;
> > }
> > 
> > + /* Request accepted and waiting for DONE */
> > + fput(req->hr_file);
> > +
> > out_true:
> > trace_handshake_cancel(net, req, sk);
> > 
> > -- 
> > 2.39.2
> > 
> > 
> > 
> 
> Don't take this one. It's fixed by a later commit:
> 
> 361b6889ae636926cdff517add240c3c8e24593a
> 
> that reverts it.

How?  That commit is in 6.4 already, yet this commit, is from 6.5-rc1.

confused,

greg k-h
[Index of Archives]     [Linux Kernel]     [Kernel Development Newbies]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite Hiking]     [Linux Kernel]     [Linux SCSI]

  Powered by Linux