Commit de8a6b15 authored by Jeremy Kerr's avatar Jeremy Kerr Committed by David S. Miller
Browse files

net: mctp: add an explicit reference from a mctp_sk_key to sock 



Currently, we correlate the mctp_sk_key lifetime to the sock lifetime
through the sock hash/unhash operations, but this is pretty tenuous, and
there are cases where we may have a temporary reference to an unhashed
sk.

This change makes the reference more explicit, by adding a hold on the
sock when it's associated with a mctp_sk_key, released on final key
unref.

Fixes: 73c61845 ("mctp: locking, lifetime and validity changes for sk_keys")
Signed-off-by: default avatarJeremy Kerr <jk@codeconstruct.com.au>
Signed-off-by: default avatarDavid S. Miller <davem@davemloft.net>
parent a9e9b78d

net/mctp/route.c

+8 −6
Original line number Diff line number Diff line
@@ -147,6 +147,7 @@ static struct mctp_sk_key *mctp_key_alloc(struct mctp_sock *msk, 
	key->valid = true;

	spin_lock_init(&key->lock);

	refcount_set(&key->refs, 1);

	sock_hold(key->sk);



	return key;

}
@@ -165,6 +166,7 @@ void mctp_key_unref(struct mctp_sk_key *key) 
	mctp_dev_release_key(key->dev, key);

	spin_unlock_irqrestore(&key->lock, flags);



	sock_put(key->sk);

	kfree(key);

}
@@ -419,14 +421,14 @@ static int mctp_route_input(struct mctp_route *route, struct sk_buff *skb) 
			 * this function.

			 */

			rc = mctp_key_add(key, msk);

			if (rc) {

				kfree(key);

			} else {

			if (!rc)

				trace_mctp_key_acquire(key);



				/* we don't need to release key->lock on exit */

			/* we don't need to release key->lock on exit, so

			 * clean up here and suppress the unlock via

			 * setting to NULL

			 */

			mctp_key_unref(key);

			}

			key = NULL;



		} else {