From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from smtp.kernel.org (aws-us-west-2-korg-mail-1.web.codeaurora.org [10.30.226.201])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by smtp.subspace.kernel.org (Postfix) with ESMTPS id 90F263C871B
	for <stable@vger.kernel.org>; Mon, 13 Apr 2026 12:50:59 +0000 (UTC)
Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=10.30.226.201
ARC-Seal:i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116;
	t=1776084659; cv=none; b=e6GDeNsbfszGm4Qg5/6kmlPjwqMm0c+N5lIsXxekPV+Mkuo6NNuIRaHEVFaI3mgf+KmG+KThcXYHNeQJIKzWspt9UAuUl+XJlbYm6LY6oOBgNBnSVyJezPGjq/rTLW61IhzNoMRTYz1fGIlAygA+DYC3p/SgfyUjkVUq0IXOq4g=
ARC-Message-Signature:i=1; a=rsa-sha256; d=subspace.kernel.org;
	s=arc-20240116; t=1776084659; c=relaxed/simple;
	bh=gqJJLCT2tTTlSQtO0ipu1I2L9+6W8QdwO4DYJvQm57s=;
	h=Subject:To:Cc:From:Date:Message-ID:MIME-Version:Content-Type; b=u+AUKbf0clIHXIU8dZ9X+TBxQpsKSg/4dwLJFZw1JzvM14oKjDGIMc1bYFHNLAJbe4agPPI89gLWZ9bEbbZxF83Mx1whQYQ7wKoaFhvFk3gTWDWvkgft71k3WZubiHTy2qMsSG5ReZetnobX6CwaU3gWQWYX5kgHZMRSa5u6fv8=
ARC-Authentication-Results:i=1; smtp.subspace.kernel.org; dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b=C4E/iWXt; arc=none smtp.client-ip=10.30.226.201
Authentication-Results: smtp.subspace.kernel.org;
	dkim=pass (1024-bit key) header.d=linuxfoundation.org header.i=@linuxfoundation.org header.b="C4E/iWXt"
Received: by smtp.kernel.org (Postfix) with ESMTPSA id DF407C2BCAF;
	Mon, 13 Apr 2026 12:50:58 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=linuxfoundation.org;
	s=korg; t=1776084659;
	bh=gqJJLCT2tTTlSQtO0ipu1I2L9+6W8QdwO4DYJvQm57s=;
	h=Subject:To:Cc:From:Date:From;
	b=C4E/iWXtdIkm74f2k9BNv3wvpiLrtsVCRb9PVizrxqAwZFPhx44mFMfNBeqLTZrmd
	 zRc9J9KSO1t0cO9/V0YHMUh2euXmHgGnwE1lgDmFttfUozzOl4zhFU0m3cyQw5SKox
	 mNxlYuf1bxwuZGaxz5cAy+y7hFaqNjylVsnV7CyU=
Subject: FAILED: patch "[PATCH] rxrpc: fix reference count leak in rxrpc_server_keyring()" failed to apply to 5.10-stable tree
To: rakukuip@gmail.com,bird@lzu.edu.cn,dhowells@redhat.com,enjou1224z@gmail.com,horms@kernel.org,kuba@kernel.org,marc.dionne@auristor.com,n05ec@lzu.edu.cn,tomapufckgml@gmail.com,yifanwucs@gmail.com,yuantan098@gmail.com
Cc: <stable@vger.kernel.org>
From: <gregkh@linuxfoundation.org>
Date: Mon, 13 Apr 2026 14:34:55 +0200
Message-ID: <2026041355-flap-narrow-9fea@gregkh>
Precedence: bulk
X-Mailing-List: stable@vger.kernel.org
List-Id: <stable.vger.kernel.org>
List-Subscribe: <mailto:stable+subscribe@vger.kernel.org>
List-Unsubscribe: <mailto:stable+unsubscribe@vger.kernel.org>
MIME-Version: 1.0
Content-Type: text/plain; charset=ANSI_X3.4-1968
Content-Transfer-Encoding: 8bit


The patch below does not apply to the 5.10-stable tree.
If someone wants it applied there, or to any other stable or longterm
tree, then please email the backport, including the original git commit
id to <stable@vger.kernel.org>.

To reproduce the conflict and resubmit, you may use the following commands:

git fetch https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/ linux-5.10.y
git checkout FETCH_HEAD
git cherry-pick -x f125846ee79fcae537a964ce66494e96fa54a6de
# <resolve conflicts, build, test, etc.>
git commit -s
git send-email --to '<stable@vger.kernel.org>' --in-reply-to '2026041355-flap-narrow-9fea@gregkh' --subject-prefix 'PATCH 5.10.y' HEAD^..

Possible dependencies:



thanks,

greg k-h

------------------ original commit in Linus's tree ------------------

>From f125846ee79fcae537a964ce66494e96fa54a6de Mon Sep 17 00:00:00 2001
From: Luxiao Xu <rakukuip@gmail.com>
Date: Wed, 8 Apr 2026 13:12:42 +0100
Subject: [PATCH] rxrpc: fix reference count leak in rxrpc_server_keyring()

This patch fixes a reference count leak in rxrpc_server_keyring()
by checking if rx->securities is already set.

Fixes: 17926a79320a ("[AF_RXRPC]: Provide secure RxRPC sockets for use by userspace and kernel both")
Reported-by: Yifan Wu <yifanwucs@gmail.com>
Reported-by: Juefei Pu <tomapufckgml@gmail.com>
Co-developed-by: Yuan Tan <yuantan098@gmail.com>
Signed-off-by: Yuan Tan <yuantan098@gmail.com>
Suggested-by: Xin Liu <bird@lzu.edu.cn>
Tested-by: Ren Wei <enjou1224z@gmail.com>
Signed-off-by: Luxiao Xu <rakukuip@gmail.com>
Signed-off-by: Ren Wei <n05ec@lzu.edu.cn>
Signed-off-by: David Howells <dhowells@redhat.com>
cc: Marc Dionne <marc.dionne@auristor.com>
cc: Simon Horman <horms@kernel.org>
cc: linux-afs@lists.infradead.org
cc: stable@kernel.org
Link: https://patch.msgid.link/20260408121252.2249051-15-dhowells@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>

diff --git a/net/rxrpc/server_key.c b/net/rxrpc/server_key.c
index 36b05fd842a7..27491f1e1273 100644
--- a/net/rxrpc/server_key.c
+++ b/net/rxrpc/server_key.c
@@ -125,6 +125,9 @@ int rxrpc_server_keyring(struct rxrpc_sock *rx, sockptr_t optval, int optlen)
 
 	_enter("");
 
+	if (rx->securities)
+		return -EINVAL;
+
 	if (optlen <= 0 || optlen > PAGE_SIZE - 1)
 		return -EINVAL;