mirrors/linux
2
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git synced 2026-05-16 18:22:00 -04:00
Code Issues Packages Projects Releases Wiki Activity
Files
d666540d217e8d420544ebdfbadeedd623562733
linux/net
History
Anderson Nascimento d666540d21 rxrpc: Fix key reference count leak from call->key 
When creating a client call in rxrpc_alloc_client_call(), the code obtains
a reference to the key.  This is never cleaned up and gets leaked when the
call is destroyed.

Fix this by freeing call->key in rxrpc_destroy_call().

Before the patch, it shows the key reference counter elevated:

$ cat /proc/keys | grep afs@54321
1bffe9cd I--Q--i 8053480 4169w 3b010000  1000  1000 rxrpc     afs@54321: ka
$

After the patch, the invalidated key is removed when the code exits:

$ cat /proc/keys | grep afs@54321
$

Fixes: f3441d4125 ("rxrpc: Copy client call parameters into rxrpc_call earlier")
Signed-off-by: Anderson Nascimento <anderson@allelesecurity.com>
Co-developed-by: David Howells <dhowells@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
Reviewed-by: Jeffrey Altman <jaltman@auristor.com>
cc: Marc Dionne <marc.dionne@auristor.com>
cc: Simon Horman <horms@kernel.org>
cc: linux-afs@lists.infradead.org
cc: stable@kernel.org
Link: https://patch.msgid.link/20260408121252.2249051-9-dhowells@redhat.com
Signed-off-by: Jakub Kicinski <kuba@kernel.org>
2026-04-08 18:44:32 -07:00
..
6lowpan
net: replace ND_PRINTK with dynamic debug
2025-07-10 15:27:32 -07:00
9p
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
802
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
8021q
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
appletalk
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
atm
atm: lec: fix use-after-free in sock_def_readable()
2026-03-14 08:05:47 -07:00
ax25
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
batman-adv
Merge tag 'batadv-net-pullrequest-20260317' of https://git.open-mesh.org/linux-merge
2026-03-18 17:41:00 -07:00
bluetooth
Bluetooth: hci_sync: fix stack buffer overflow in hci_le_big_create_sync
2026-04-01 16:48:28 -04:00
bpf
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
bridge
bridge: guard local VLAN-0 FDB helpers against NULL vlan group
2026-04-03 14:45:51 -07:00
caif
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
can
can: isotp: fix tx.buf use-after-free in isotp_sendmsg()
2026-03-19 17:16:02 +01:00
ceph
libceph: Fix potential out-of-bounds access in ceph_handle_auth_reply()
2026-03-11 10:18:56 +01:00
core
net: avoid nul-deref trying to bind mp to incapable device
2026-04-07 18:57:56 -07:00
dcb
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
devlink
Convert 'alloc_flex' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
dns_resolver
net/dns_resolver: use credential guards in dns_query()
2025-11-04 12:36:51 +01:00
dsa
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
ethernet
bonding: prevent potential infinite loop in bond_header_parse()
2026-03-16 19:29:45 -07:00
ethtool
Convert more 'alloc_obj' cases to default GFP_KERNEL arguments
2026-02-21 20:03:00 -08:00
handshake
treewide: Replace kmalloc with kmalloc_obj for non-scalar types
2026-02-21 01:02:28 -08:00
hsr
net: hsr: fix VLAN add unwind on slave errors
2026-04-02 08:23:49 -07:00
ieee802154
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
ife
ipv4
ipv4: icmp: fix null-ptr-deref in icmp_build_probe()
2026-04-03 15:46:17 -07:00
ipv6
seg6: separate dst_cache for input and output paths in seg6 lwtunnel
2026-04-07 20:20:56 -07:00
iucv
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
kcm
kcm: fix zero-frag skb in frag_list on partial sendmsg error
2026-02-23 17:26:55 -08:00
key
Merge tag 'ipsec-2026-03-23' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec
2026-03-24 15:16:28 +01:00
l2tp
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
l3mdev
net: fib_rules: Fix iif / oif matching on L3 master device
2025-04-15 17:54:56 -07:00
lapb
treewide: Replace kmalloc with kmalloc_obj for non-scalar types
2026-02-21 01:02:28 -08:00
llc
treewide: Replace kmalloc with kmalloc_obj for non-scalar types
2026-02-21 01:02:28 -08:00
mac80211
wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure
2026-03-18 09:09:58 +01:00
mac802154
bonding: prevent potential infinite loop in bond_header_parse()
2026-03-16 19:29:45 -07:00
mctp
mctp: route: hold key->lock in mctp_flow_prepare_output()
2026-03-10 11:38:36 +01:00
mpls
mpls: add seqcount to protect the platform_label{,s} pair
2026-03-26 18:32:14 -07:00
mptcp
mptcp: fix soft lockup in mptcp_recvmsg()
2026-03-31 18:58:37 -07:00
ncsi
net: ncsi: fix skb leak in error paths
2026-03-06 17:34:48 -08:00
netfilter
netfilter: nf_tables: reject immediate NF_QUEUE verdict
2026-04-01 11:55:30 +02:00
netlabel
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
netlink
Convert more 'alloc_obj' cases to default GFP_KERNEL arguments
2026-02-21 20:03:00 -08:00
netrom
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
nfc
nfc: nci: fix circular locking dependency in nci_close_device
2026-03-19 16:56:18 -07:00
nsh
openvswitch
openvswitch: validate MPLS set/set_masked payload length
2026-03-20 18:37:31 -07:00
packet
net: fix fanout UAF in packet_release() via NETDEV_UP race
2026-03-23 17:07:19 -07:00
phonet
bonding: prevent potential infinite loop in bond_header_parse()
2026-03-16 19:29:45 -07:00
psample
treewide: Replace kmalloc with kmalloc_obj for non-scalar types
2026-02-21 01:02:28 -08:00
psp
Merge tag 'net-7.0-rc2' of git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2026-02-26 08:00:13 -08:00
qrtr
net: qrtr: replace qrtr_tx_flow radix_tree with xarray to fix memory leak
2026-03-26 20:22:38 -07:00
rds
rds: ib: reject FRMR registration before IB connection is established
2026-04-01 17:52:40 -07:00
rfkill
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
rose
net/rose: fix NULL pointer dereference in rose_transmit_link on reconnect
2026-03-12 19:23:59 -07:00
rxrpc
rxrpc: Fix key reference count leak from call->key
2026-04-08 18:44:32 -07:00
sched
net: sched: act_csum: validate nested VLAN headers
2026-04-03 14:34:56 -07:00
sctp
Convert 'alloc_obj' family to use the new default GFP_KERNEL argument
2026-02-21 17:09:51 -08:00
shaper
net: shaper: protect from late creation of hierarchy
2026-03-19 13:47:15 +01:00
smc
net/smc: fix double-free of smc_spd_priv when tee() duplicates splice pipe buffer
2026-03-20 18:59:30 -07:00
strparser
Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net
2025-11-13 12:35:38 -08:00
sunrpc
Merge tag 'nfsd-7.0-2' of git://git.kernel.org/pub/scm/linux/kernel/git/cel/linux
2026-03-18 14:27:11 -07:00
switchdev
treewide: Replace kmalloc with kmalloc_obj for non-scalar types
2026-02-21 01:02:28 -08:00
tipc
tipc: fix bc_ackers underflow on duplicate GRP_ACK_MSG
2026-04-03 15:31:17 -07:00
tls
net/tls: fix use-after-free in -EBUSY error path of tls_do_encryption
2026-04-07 14:53:42 +02:00
unix
af_unix: Give up GC if MSG_PEEK intervened.
2026-03-12 13:37:18 -07:00
vmw_vsock
vsock: initialize child_ns_mode_locked in vsock_net_init()
2026-04-02 08:18:56 -07:00
wireless
wifi: cfg80211: cancel pmsr_free_wk in cfg80211_pmsr_wdev_down
2026-03-06 12:41:59 +01:00
x25
net/x25: Fix overflow when accumulating packets
2026-04-02 13:36:08 +02:00
xdp
xsk: validate MTU against usable frame size on bind
2026-04-06 18:43:51 -07:00
xfrm
Merge tag 'ipsec-2026-03-23' of git://git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec
2026-03-24 15:16:28 +01:00
compat.c
socket: Unify getsockname and getpeername implementation
2025-11-26 13:45:23 -07:00
devres.c
Kconfig
net: Kconfig: discourage drop_monitor enablement
2025-10-17 16:29:26 -07:00
Kconfig.debug
rtnetlink: Add per-netns RTNL.
2024-10-08 15:16:59 +02:00
Makefile
psp: base PSP device support
2025-09-18 12:32:06 +02:00
socket.c
net: Drop the lock in skb_may_tx_timestamp()
2026-02-24 11:27:29 +01:00
sysctl_net.c
sysctl: Remove check for sentinel element in ctl_table arrays
2024-06-13 10:50:52 +02:00