af_iucv: correct cleanup if listen backlog is full
authorUrsula Braun <ursula.braun@de.ibm.com>
Wed, 28 May 2014 08:22:29 +0000 (10:22 +0200)
committerDavid S. Miller <davem@davemloft.net>
Sat, 31 May 2014 00:35:23 +0000 (17:35 -0700)
In case of transport HIPER a sock struct is allocated for an incoming
connect request. If the backlog queue is full this socket is not
needed, but is left in the list of af_iucv sockets. Final socket
release posts console message "Attempt to release alive iucv socket".
This patch makes sure the new created socket is cleaned up correctly
if the backlog queue is full.

Signed-off-by: Ursula Braun <ursula.braun@de.ibm.com>
Signed-off-by: Frank Blaschka <blaschka@linux.vnet.ibm.com>
Reported-by: Philipp Hachtmann <phacht@linux.vnet.ibm.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
net/iucv/af_iucv.c

index 60f5c20d510ad4880e619adddf619b53fb93c918..7a95fa4a3de1e558a07485bd8f6dbb3b4dcf32b3 100644 (file)
@@ -1943,11 +1943,10 @@ static int afiucv_hs_callback_syn(struct sock *sk, struct sk_buff *skb)
            sk_acceptq_is_full(sk) ||
            !nsk) {
                /* error on server socket - connection refused */
-               if (nsk)
-                       sk_free(nsk);
                afiucv_swap_src_dest(skb);
                trans_hdr->flags = AF_IUCV_FLAG_SYN | AF_IUCV_FLAG_FIN;
                err = dev_queue_xmit(skb);
+               iucv_sock_kill(nsk);
                bh_unlock_sock(sk);
                goto out;
        }