Skip to content

Commit

Permalink
net/handshake: Unpin sock->file if a handshake is cancelled
Browse files Browse the repository at this point in the history
If user space never calls DONE, sock->file's reference count remains
elevated. Enable sock->file to be freed eventually in this case.

Reported-by: Jakub Kacinski <[email protected]>
Fixes: 3b3009e ("net/handshake: Create a NETLINK service for handling handshake requests")
Signed-off-by: Chuck Lever <[email protected]>
Signed-off-by: Jakub Kicinski <[email protected]>
  • Loading branch information
chucklever authored and kuba-moo committed May 25, 2023
1 parent fc49088 commit 1ce77c9
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 0 deletions.
1 change: 1 addition & 0 deletions net/handshake/handshake.h
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ struct handshake_req {
struct list_head hr_list;
struct rhash_head hr_rhash;
unsigned long hr_flags;
struct file *hr_file;
const struct handshake_proto *hr_proto;
struct sock *hr_sk;
void (*hr_odestruct)(struct sock *sk);
Expand Down
4 changes: 4 additions & 0 deletions net/handshake/request.c
Original file line number Diff line number Diff line change
Expand Up @@ -239,6 +239,7 @@ int handshake_req_submit(struct socket *sock, struct handshake_req *req,
}
req->hr_odestruct = req->hr_sk->sk_destruct;
req->hr_sk->sk_destruct = handshake_sk_destruct;
req->hr_file = sock->file;

ret = -EOPNOTSUPP;
net = sock_net(req->hr_sk);
Expand Down Expand Up @@ -334,6 +335,9 @@ bool handshake_req_cancel(struct sock *sk)
return false;
}

/* Request accepted and waiting for DONE */
fput(req->hr_file);

out_true:
trace_handshake_cancel(net, req, sk);

Expand Down

0 comments on commit 1ce77c9

Please sign in to comment.