Message ID | 20201107191835.5541-1-anmol.karan123@gmail.com |
---|---|
State | Changes Requested |
Delegated to: | David Miller |
Headers | show |
Series | [Linux-kernel-mentees,v3,net] rose: Fix Null pointer dereference in rose_send_frame() | expand |
Context | Check | Description |
---|---|---|
jkicinski/cover_letter | success | Link |
jkicinski/fixes_present | success | Link |
jkicinski/patch_count | success | Link |
jkicinski/tree_selection | success | Clearly marked for net |
jkicinski/subject_prefix | success | Link |
jkicinski/source_inline | success | Was 0 now: 0 |
jkicinski/verify_signedoff | success | Link |
jkicinski/module_param | success | Was 0 now: 0 |
jkicinski/build_32bit | success | Errors and warnings before: 0 this patch: 0 |
jkicinski/kdoc | success | Errors and warnings before: 0 this patch: 0 |
jkicinski/verify_fixes | success | Link |
jkicinski/checkpatch | success | total: 0 errors, 0 warnings, 0 checks, 9 lines checked |
jkicinski/build_allmodconfig_warn | success | Errors and warnings before: 0 this patch: 0 |
jkicinski/header_inline | success | Link |
jkicinski/stable | success | Stable not CCed |
On Sun, 8 Nov 2020 00:48:35 +0530 Anmol Karn wrote: > + dev = rose_dev_get(dest); this calls dev_hold internally, you never release that reference in case ..neigh->dev is NULL > + if (rose_loopback_neigh->dev && dev) {
Hello Sir, On Tue, Nov 10, 2020 at 09:58:15AM -0800, Jakub Kicinski wrote: > On Sun, 8 Nov 2020 00:48:35 +0530 Anmol Karn wrote: > > + dev = rose_dev_get(dest); > > this calls dev_hold internally, you never release that reference in > case ..neigh->dev is NULL > > > + if (rose_loopback_neigh->dev && dev) { Ah, I missed to `dev_put()` the `dev` after checking for, if neigh->dev is NULL, I will fix it soon and send another version. Thank you for review. Anmol
diff --git a/net/rose/rose_loopback.c b/net/rose/rose_loopback.c index 7b094275ea8b..2c51756ed7bf 100644 --- a/net/rose/rose_loopback.c +++ b/net/rose/rose_loopback.c @@ -96,7 +96,8 @@ static void rose_loopback_timer(struct timer_list *unused) } if (frametype == ROSE_CALL_REQUEST) { - if ((dev = rose_dev_get(dest)) != NULL) { + dev = rose_dev_get(dest); + if (rose_loopback_neigh->dev && dev) { if (rose_rx_call_request(skb, dev, rose_loopback_neigh, lci_o) == 0) kfree_skb(skb); } else {