Re: [PATCH] net: qrtr: fix node refcount leak on ctrl packet alloc failure

Next message: Krzysztof Kozlowski: "Re: [PATCH v5 3/7] dt-bindings: clock: qcom: Add support for CAMCC for Eliza"
Previous message: Sean Christopherson: "[PATCH v2 02/20] KVM: x86/xen: Use read_trylock() for GPC locks in hardirq/atomic paths"
In reply to: Alexander Lobakin: "Re: [PATCH] net: qrtr: fix node refcount leak on ctrl packet alloc failure"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Manivannan Sadhasivam

Date: Fri May 29 2026 - 13:46:20 EST

On Thu, May 28, 2026 at 08:00:19AM +0000, Wentao Liang wrote:
> qrtr_send_resume_tx() calls qrtr_node_lookup() which takes a
> reference on the returned node. If the subsequent call to
> qrtr_alloc_ctrl_packet() fails due to memory allocation failure, the
> function returns -ENOMEM without calling qrtr_node_release() to
> release the node reference.
>
> Add qrtr_node_release(node) before returning on the allocation failure
> path to properly release the reference.
>
> Cc: stable@xxxxxxxxxxxxxxx
> Fixes: cb6530b99faf ("net: qrtr: Move resume-tx transmission to recvmsg")
> Signed-off-by: Wentao Liang <vulab@xxxxxxxxxxx>

Reviewed-by: Manivannan Sadhasivam <mani@xxxxxxxxxx>

- Mani

> ---
> net/qrtr/af_qrtr.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/net/qrtr/af_qrtr.c b/net/qrtr/af_qrtr.c
> index 7cec6a7859b0..c9f892427f7c 100644
> --- a/net/qrtr/af_qrtr.c
> +++ b/net/qrtr/af_qrtr.c
> @@ -1009,8 +1009,10 @@ static int qrtr_send_resume_tx(struct qrtr_cb *cb)
> return -EINVAL;
>
> skb = qrtr_alloc_ctrl_packet(&pkt, GFP_KERNEL);
> - if (!skb)
> + if (!skb) {
> + qrtr_node_release(node);
> return -ENOMEM;
> + }
>
> pkt->cmd = cpu_to_le32(QRTR_TYPE_RESUME_TX);
> pkt->client.node = cpu_to_le32(cb->dst_node);
> --
> 2.34.1
>

--
மணிவண்ணன் சதாசிவம்