git.proxmox.com Git - mirror_ubuntu-bionic-kernel.git/commit

author	Eric Biggers <ebiggers@google.com>
	Sun, 6 Oct 2019 21:24:27 +0000 (14:24 -0700)
committer	Khalid Elmously <khalid.elmously@canonical.com>
	Fri, 14 Feb 2020 05:29:37 +0000 (00:29 -0500)
commit	8ec0feca706d87d67d77cdd179b779d810b02192
tree	fe8629c00075765b83e04633314ed754726e61ca	tree
parent	2002f088800742aef16826061a5e8802cb7eae54	commit \| diff

llc: fix sk_buff refcounting in llc_conn_state_process()

BugLink: https://bugs.launchpad.net/bugs/1863019
[ Upstream commit 36453c852816f19947ca482a595dffdd2efa4965 ]

If llc_conn_state_process() sees that llc_conn_service() put the skb on
a list, it will drop one fewer references to it. This is wrong because
the current behavior is that llc_conn_service() never consumes a
reference to the skb.

The code also makes the number of skb references being dropped
conditional on which of ind_prim and cfm_prim are nonzero, yet neither
of these affects how many references are *acquired*. So there is extra
code that tries to fix this up by sometimes taking another reference.

Remove the unnecessary/broken refcounting logic and instead just add an
skb_get() before the only two places where an extra reference is
actually consumed.

Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2")
Signed-off-by: Eric Biggers <ebiggers@google.com>
Signed-off-by: Jakub Kicinski <jakub.kicinski@netronome.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Signed-off-by: Kamal Mostafa <kamal@canonical.com>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>