From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To: linux-kernel@vger.kernel.org
Cc: Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
stable@vger.kernel.org, Ying Xue <ying.xue@windriver.com>,
Erik Hugne <erik.hugne@ericsson.com>,
Jon Maloy <jon.maloy@ericsson.com>,
"David S. Miller" <davem@davemloft.net>
Subject: [PATCH 3.13 06/65] tipc: fix connection refcount leak
Date: Fri, 11 Apr 2014 09:10:38 -0700 [thread overview]
Message-ID: <20140411160958.613015282@linuxfoundation.org> (raw)
In-Reply-To: <20140411160957.714773410@linuxfoundation.org>
3.13-stable review patch. If anyone has any objections, please let me know.
------------------
From: Ying Xue <ying.xue@windriver.com>
[ Upstream commit 4652edb70e8a7eebbe47fa931940f65522c36e8f ]
When tipc_conn_sendmsg() calls tipc_conn_lookup() to query a
connection instance, its reference count value is increased if
it's found. But subsequently if it's found that the connection is
closed, the work of sending message is not queued into its server
send workqueue, and the connection reference count is not decreased.
This will cause a reference count leak. To reproduce this problem,
an application would need to open and closes topology server
connections with high intensity.
We fix this by immediately decrementing the connection reference
count if a send fails due to the connection being closed.
Signed-off-by: Ying Xue <ying.xue@windriver.com>
Acked-by: Erik Hugne <erik.hugne@ericsson.com>
Reviewed-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
net/tipc/server.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
--- a/net/tipc/server.c
+++ b/net/tipc/server.c
@@ -427,10 +427,12 @@ int tipc_conn_sendmsg(struct tipc_server
list_add_tail(&e->list, &con->outqueue);
spin_unlock_bh(&con->outqueue_lock);
- if (test_bit(CF_CONNECTED, &con->flags))
+ if (test_bit(CF_CONNECTED, &con->flags)) {
if (!queue_work(s->send_wq, &con->swork))
conn_put(con);
-
+ } else {
+ conn_put(con);
+ }
return 0;
}
next prev parent reply other threads:[~2014-04-11 16:10 UTC|newest]
Thread overview: 68+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-04-11 16:10 [PATCH 3.13 00/65] 3.13.10-stable review Greg Kroah-Hartman
2014-04-11 16:10 ` [PATCH 3.13 01/65] selinux: correctly label /proc inodes in use before the policy is loaded Greg Kroah-Hartman
2014-04-11 16:10 ` [PATCH 3.13 02/65] net: fix for a race condition in the inet frag code Greg Kroah-Hartman
2014-04-11 16:10 ` [PATCH 3.13 03/65] net: sctp: fix skb leakage in COOKIE ECHO path of chunk->auth_chunk Greg Kroah-Hartman
2014-04-11 16:10 ` [PATCH 3.13 04/65] bridge: multicast: add sanity check for query source addresses Greg Kroah-Hartman
2014-04-11 16:10 ` [PATCH 3.13 05/65] tipc: allow connection shutdown callback to be invoked in advance Greg Kroah-Hartman
2014-04-11 16:10 ` Greg Kroah-Hartman [this message]
2014-04-11 16:10 ` [PATCH 3.13 07/65] tipc: drop subscriber connection id invalidation Greg Kroah-Hartman
2014-04-11 16:10 ` [PATCH 3.13 08/65] tipc: fix memory leak during module removal Greg Kroah-Hartman
2014-04-11 16:10 ` [PATCH 3.13 09/65] tipc: dont log disabled tasklet handler errors Greg Kroah-Hartman
2014-04-11 16:10 ` [PATCH 3.13 10/65] inet: frag: make sure forced eviction removes all frags Greg Kroah-Hartman
2014-04-11 16:10 ` [PATCH 3.13 11/65] net: unix: non blocking recvmsg() should not return -EINTR Greg Kroah-Hartman
2014-04-11 16:10 ` [PATCH 3.13 12/65] ipv6: Fix exthdrs offload registration Greg Kroah-Hartman
2014-04-11 16:10 ` [PATCH 3.13 13/65] ipv6: dont set DST_NOCOUNT for remotely added routes Greg Kroah-Hartman
2014-04-11 16:10 ` [PATCH 3.13 14/65] bnx2: Fix shutdown sequence Greg Kroah-Hartman
2014-04-11 16:10 ` [PATCH 3.13 15/65] pkt_sched: fq: do not hold qdisc lock while allocating memory Greg Kroah-Hartman
2014-04-11 16:10 ` [PATCH 3.13 16/65] Xen-netback: Fix issue caused by using gso_type wrongly Greg Kroah-Hartman
2014-04-11 16:10 ` [PATCH 3.13 17/65] vlan: Set correct source MAC address with TX VLAN offload enabled Greg Kroah-Hartman
2014-04-11 16:10 ` [PATCH 3.13 18/65] skbuff: skb_segment: s/frag/nskb_frag/ Greg Kroah-Hartman
2014-04-11 16:10 ` [PATCH 3.13 19/65] skbuff: skb_segment: s/skb_frag/frag/ Greg Kroah-Hartman
2014-04-11 16:10 ` [PATCH 3.13 20/65] skbuff: skb_segment: s/skb/head_skb/ Greg Kroah-Hartman
2014-04-11 16:10 ` [PATCH 3.13 21/65] skbuff: skb_segment: s/fskb/list_skb/ Greg Kroah-Hartman
2014-04-11 16:10 ` [PATCH 3.13 22/65] skbuff: skb_segment: orphan frags before copying Greg Kroah-Hartman
2014-04-11 16:10 ` [PATCH 3.13 23/65] tcp: tcp_release_cb() should release socket ownership Greg Kroah-Hartman
2014-04-11 16:10 ` [PATCH 3.13 24/65] bridge: multicast: add sanity check for general query destination Greg Kroah-Hartman
2014-04-11 16:10 ` [PATCH 3.13 25/65] bridge: multicast: enable snooping on general queries only Greg Kroah-Hartman
2014-04-11 16:10 ` [PATCH 3.13 26/65] net: socket: error on a negative msg_namelen Greg Kroah-Hartman
2014-04-11 16:10 ` [PATCH 3.13 27/65] bonding: set correct vlan id for alb xmit path Greg Kroah-Hartman
2014-04-11 16:11 ` [PATCH 3.13 28/65] eth: fec: Fix lost promiscuous mode after reconnecting cable Greg Kroah-Hartman
2014-04-11 16:11 ` [PATCH 3.13 29/65] ipv6: Avoid unnecessary temporary addresses being generated Greg Kroah-Hartman
2014-04-11 16:11 ` [PATCH 3.13 30/65] ipv6: ip6_append_data_mtu do not handle the mtu of the second fragment properly Greg Kroah-Hartman
2014-04-11 16:11 ` [PATCH 3.13 31/65] net: cdc_ncm: fix control message ordering Greg Kroah-Hartman
2014-04-11 16:11 ` [PATCH 3.13 32/65] vxlan: fix potential NULL dereference in arp_reduce() Greg Kroah-Hartman
2014-04-11 16:11 ` [PATCH 3.13 33/65] vxlan: fix nonfunctional neigh_reduce() Greg Kroah-Hartman
2014-04-11 16:11 ` [PATCH 3.13 34/65] tcp: syncookies: do not use getnstimeofday() Greg Kroah-Hartman
2014-04-11 16:11 ` [PATCH 3.13 35/65] rtnetlink: fix fdb notification flags Greg Kroah-Hartman
2014-04-11 16:11 ` [PATCH 3.13 36/65] ipmr: fix mfc " Greg Kroah-Hartman
2014-04-11 16:11 ` [PATCH 3.13 37/65] ip6mr: " Greg Kroah-Hartman
2014-04-11 16:11 ` [PATCH 3.13 38/65] net: micrel : ks8851-ml: add vdd-supply support Greg Kroah-Hartman
2014-04-11 16:11 ` [PATCH 3.13 39/65] netpoll: fix the skb check in pkt_is_ns Greg Kroah-Hartman
2014-04-11 16:11 ` [PATCH 3.13 40/65] tipc: fix spinlock recursion bug for failed subscriptions Greg Kroah-Hartman
2014-04-11 16:11 ` [PATCH 3.13 41/65] ip_tunnel: Fix dst ref-count Greg Kroah-Hartman
2014-04-11 16:11 ` [PATCH 3.13 42/65] tg3: Do not include vlan acceleration features in vlan_features Greg Kroah-Hartman
2014-04-11 16:11 ` [PATCH 3.13 43/65] virtio-net: correct error handling of virtqueue_kick() Greg Kroah-Hartman
2014-04-11 16:11 ` [PATCH 3.13 44/65] usbnet: include wait queue head in device structure Greg Kroah-Hartman
2014-04-11 16:11 ` [PATCH 3.13 45/65] vlan: Set hard_header_len according to available acceleration Greg Kroah-Hartman
2014-04-11 16:11 ` [PATCH 3.13 46/65] vhost: fix total length when packets are too short Greg Kroah-Hartman
2014-04-11 16:11 ` [PATCH 3.13 47/65] vhost: validate vhost_get_vq_desc return value Greg Kroah-Hartman
2014-04-11 16:11 ` [PATCH 3.13 48/65] tcp: fix get_timewait4_sock() delay computation on 64bit Greg Kroah-Hartman
2014-04-11 16:11 ` [PATCH 3.13 49/65] xen-netback: remove pointless clause from if statement Greg Kroah-Hartman
2014-04-11 16:11 ` [PATCH 3.13 50/65] ipv6: some ipv6 statistic counters failed to disable bh Greg Kroah-Hartman
2014-04-11 16:11 ` [PATCH 3.13 51/65] netlink: dont compare the nul-termination in nla_strcmp Greg Kroah-Hartman
2014-04-11 16:11 ` [PATCH 3.13 52/65] xen-netback: disable rogue vif in kthread context Greg Kroah-Hartman
2014-04-11 16:11 ` [PATCH 3.13 53/65] Call efx_set_channels() before efx->type->dimension_resources() Greg Kroah-Hartman
2014-04-11 16:11 ` [PATCH 3.13 54/65] net: vxlan: fix crash when interface is created with no group Greg Kroah-Hartman
2014-04-11 16:11 ` [PATCH 3.13 55/65] isdnloop: Validate NUL-terminated strings from user Greg Kroah-Hartman
2014-04-11 16:11 ` [PATCH 3.13 56/65] isdnloop: several buffer overflows Greg Kroah-Hartman
2014-04-11 16:11 ` [PATCH 3.13 57/65] rds: prevent dereference of a NULL device in rds_iw_laddr_check Greg Kroah-Hartman
2014-04-11 16:11 ` [PATCH 3.13 58/65] powernow-k6: disable cache when changing frequency Greg Kroah-Hartman
2014-04-11 16:11 ` [PATCH 3.13 59/65] powernow-k6: correctly initialize default parameters Greg Kroah-Hartman
2014-04-11 16:11 ` [PATCH 3.13 60/65] powernow-k6: reorder frequencies Greg Kroah-Hartman
2014-04-11 16:11 ` [PATCH 3.13 61/65] ARC: [nsimosci] Change .dts to use generic 8250 UART Greg Kroah-Hartman
2014-04-11 16:11 ` [PATCH 3.13 62/65] ARC: [nsimosci] Unbork console Greg Kroah-Hartman
2014-04-11 16:11 ` [PATCH 3.13 63/65] futex: Allow architectures to skip futex_atomic_cmpxchg_inatomic() test Greg Kroah-Hartman
2014-04-11 16:11 ` [PATCH 3.13 64/65] m68k: Skip " Greg Kroah-Hartman
2014-04-11 16:11 ` [PATCH 3.13 65/65] crypto: ghash-clmulni-intel - use C implementation for setkey() Greg Kroah-Hartman
2014-04-11 21:45 ` [PATCH 3.13 00/65] 3.13.10-stable review Guenter Roeck
2014-04-11 23:46 ` Shuah Khan
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20140411160958.613015282@linuxfoundation.org \
--to=gregkh@linuxfoundation.org \
--cc=davem@davemloft.net \
--cc=erik.hugne@ericsson.com \
--cc=jon.maloy@ericsson.com \
--cc=linux-kernel@vger.kernel.org \
--cc=stable@vger.kernel.org \
--cc=ying.xue@windriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).