Re: [PATCH 2/2] rxrpc: Fix key reference count leak in rxrpc_alloc_client_call()

Next message: kernel test robot: "Re: [PATCH net-next 2/2] r8152: add helper functions for PHY OCP registers"
Previous message: Heiner Kallweit: "Re: [PATCH net-next v1 2/4] r8169: add sfp mode for RTL8116af"
Next in thread: David Howells: "Re: [PATCH 2/2] rxrpc: Fix key reference count leak in rxrpc_alloc_client_call()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: David Howells

Date: Wed Mar 18 2026 - 17:47:22 EST

Anderson Nascimento <anderson@xxxxxxxxxxxxxxxxxx> wrote:

> @@ -227,6 +227,7 @@ static struct rxrpc_call *rxrpc_alloc_client_call(struct rxrpc_sock *rx,
>
> ret = rxrpc_init_client_call_security(call);
> if (ret < 0) {
> + key_put(call->key);
> rxrpc_prefail_call(call, RXRPC_CALL_LOCAL_ERROR, ret);
> rxrpc_put_call(call, rxrpc_call_put_discard_error);
> return ERR_PTR(ret);

It's probably better to do this in rxrpc_destroy_call() if we can as a last
fallback. In fact it's probably always leaking the call->key, not just under
this circumstance.

David