• Eric Biggers's avatar
    llc: fix sk_buff refcounting in llc_conn_state_process() · 255aba77
    Eric Biggers authored
    [ Upstream commit 36453c85 ]
    
    If llc_conn_state_process() sees that llc_conn_service() put the skb on
    a list, it will drop one fewer references to it.  This is wrong because
    the current behavior is that llc_conn_service() never consumes a
    reference to the skb.
    
    The code also makes the number of skb references being dropped
    conditional on which of ind_prim and cfm_prim are nonzero, yet neither
    of these affects how many references are *acquired*.  So there is extra
    code that tries to fix this up by sometimes taking another reference.
    
    Remove the unnecessary/broken refcounting logic and instead just add an
    skb_get() before the only two places where an extra reference is
    actually consumed.
    
    Fixes: 1da177e4 ("Linux-2.6.12-rc2")
    Signed-off-by: default avatarEric Biggers <ebiggers@google.com>
    Signed-off-by: default avatarJakub Kicinski <jakub.kicinski@netronome.com>
    Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
    255aba77
llc_conn.c 27.3 KB