David Howells c48fc11b69 rxrpc: Fix call ref leak ... When sendmsg() finds a call to continue on with, if the call is in an inappropriate state, it doesn't release the ref it just got on that call before returning an error. This causes the following symptom to show up with kasan: BUG: KASAN: use-after-free in rxrpc_send_keepalive+0x8a2/0x940 net/rxrpc/output.c:635 Read of size 8 at addr ffff888064219698 by task kworker/0:3/11077 where line 635 is: whdr.epoch = htonl(peer->local->rxnet->epoch); The local endpoint (which cannot be pinned by the call) has been released, but not the peer (which is pinned by the call). Fix this by releasing the call in the error path. Fixes: 37411cad63 ("rxrpc: Fix potential NULL-pointer exception") Reported-by: syzbot+d850c266e3df14da1d31@syzkaller.appspotmail.com Signed-off-by: David Howells <dhowells@redhat.com>		2019-10-07 10:58:28 +01:00
..
af_rxrpc.c	rxrpc: Fix lack of conn cleanup when local endpoint is cleaned up [ver #2]	2019-08-30 15:06:52 -07:00
ar-internal.h	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2019-09-02 11:20:17 -07:00
call_accept.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152	2019-05-30 11:26:32 -07:00
call_event.c	rxrpc: Use the tx-phase skb flag to simplify tracing	2019-08-27 10:04:18 +01:00
call_object.c	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2019-09-02 11:20:17 -07:00
conn_client.c	rxrpc: Fix lack of conn cleanup when local endpoint is cleaned up [ver #2]	2019-08-30 15:06:52 -07:00
conn_event.c	rxrpc: Use the tx-phase skb flag to simplify tracing	2019-08-27 10:04:18 +01:00
conn_object.c	rxrpc: Fix lack of conn cleanup when local endpoint is cleaned up [ver #2]	2019-08-30 15:06:52 -07:00
conn_service.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36	2019-05-24 17:27:11 +02:00
input.c	rxrpc: Fix misplaced traceline	2019-09-05 00:24:58 +02:00
insecure.c	rxrpc: Fix -Wframe-larger-than= warnings from on-stack crypto	2019-07-30 10:32:35 -07:00
Kconfig	treewide: Add SPDX license identifier - Makefile/Kconfig	2019-05-21 10:50:46 +02:00
key.c	Revert "Merge tag 'keys-acl-20190703' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs"	2019-07-10 18:43:43 -07:00
local_event.c	rxrpc: Use the tx-phase skb flag to simplify tracing	2019-08-27 10:04:18 +01:00
local_object.c	rxrpc: Fix lack of conn cleanup when local endpoint is cleaned up [ver #2]	2019-08-30 15:06:52 -07:00
Makefile	License cleanup: add SPDX GPL-2.0 license identifier to files with no license	2017-11-02 11:10:55 +01:00
misc.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36	2019-05-24 17:27:11 +02:00
net_ns.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36	2019-05-24 17:27:11 +02:00
output.c	rxrpc: Use the tx-phase skb flag to simplify tracing	2019-08-27 10:04:18 +01:00
peer_event.c	rxrpc: Use the tx-phase skb flag to simplify tracing	2019-08-27 10:04:18 +01:00
peer_object.c	rxrpc: Fix potential deadlock	2019-07-30 14:42:50 +01:00
proc.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 152	2019-05-30 11:26:32 -07:00
protocol.h	rxrpc: Improve jumbo packet counting	2019-08-27 09:48:37 +01:00
recvmsg.c	rxrpc: Use the tx-phase skb flag to simplify tracing	2019-08-27 10:04:18 +01:00
rxkad.c	Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net	2019-09-02 11:20:17 -07:00
security.c	Keyrings namespacing	2019-07-08 19:36:47 -07:00
sendmsg.c	rxrpc: Fix call ref leak	2019-10-07 10:58:28 +01:00
skbuff.c	rxrpc: Use skb_unshare() rather than skb_cow_data()	2019-08-27 10:13:46 +01:00
sysctl.c	proc/sysctl: add shared variables for range check	2019-07-18 17:08:07 -07:00
utils.c	treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 36	2019-05-24 17:27:11 +02:00