f32ba09631
Sashiko reports: > mctp_dst_from_route() increments the device reference count by calling > mctp_dev_hold(). When a valid route is found and dst is NULL, the > structure copy is bypassed and rc is set to 0. Instead of optimistically creating a dst from the final route (then releasing it if the saddr is invalid), perform the saddr check first. This means we don't have an unuecessary hold/release on the dev, which could leak if the dst pointer is NULL. No caller passes a NULL dst at present though (so the leak is not possible), but this is an intended use of mctp_dst_from_route(). Signed-off-by: Jeremy Kerr <jk@codeconstruct.com.au> Reviewed-by: Simon Horman <horms@kernel.org> Link: https://patch.msgid.link/20260403-dev-mctp-dst-defer-v1-1-9c2c55faf9e9@codeconstruct.com.au Signed-off-by: Jakub Kicinski <kuba@kernel.org> |
||
|---|---|---|
| .. | ||
| test | ||
| Kconfig | ||
| Makefile | ||
| af_mctp.c | ||
| device.c | ||
| neigh.c | ||
| route.c | ||