[PATCH 2/2] rxrpc: Fix key reference count leak in rxrpc_alloc_client_call()

[Anderson Nascimento]

When creating a client call in rxrpc_alloc_client_call(), the code obtains a
reference to the key. If rxrpc_init_client_call_security() fails (e.g., due
to key invalidation), the function returns an error and destroys the call,
but fails to release the reference to the key.

This leads to a reference count leak, preventing the key from being
garbage collected.

Before the patch

It shows the key reference counter elevated. 

$ cat /proc/keys | grep afs at 54321
1bffe9cd I--Q--i 8053480 4169w 3b010000  1000  1000 rxrpc     afs at 54321: ka
$

After the patch

The invalidated key is removed when the code exits

$ cat /proc/keys | grep afs at 54321
$

Fixes: f3441d4 ("rxrpc: Copy client call parameters into rxrpc_call earlier")
Signed-off-by: Anderson Nascimento <anderson at allelesecurity.com>
---
 net/rxrpc/call_object.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/net/rxrpc/call_object.c b/net/rxrpc/call_object.c
index 918f41d97a2f..fbfcc611a2c4 100644
--- a/net/rxrpc/call_object.c
+++ b/net/rxrpc/call_object.c
@@ -227,6 +227,7 @@ static struct rxrpc_call *rxrpc_alloc_client_call(struct rxrpc_sock *rx,
 
 	ret = rxrpc_init_client_call_security(call);
 	if (ret < 0) {
+		key_put(call->key);
 		rxrpc_prefail_call(call, RXRPC_CALL_LOCAL_ERROR, ret);
 		rxrpc_put_call(call, rxrpc_call_put_discard_error);
 		return ERR_PTR(ret);
-- 
2.53.0