llc: fix sk_buff leak in llc_conn_service()

/* Access to a connection */

int llc_conn_state_process(struct sock *sk, struct sk_buff *skb);

int llc_conn_send_pdu(struct sock *sk, struct sk_buff *skb);

void llc_conn_send_pdu(struct sock *sk, struct sk_buff *skb);

void llc_conn_rtn_pdu(struct sock *sk, struct sk_buff *skb);

void llc_conn_resend_i_pdu_as_cmd(struct sock *sk, u8 nr, u8 first_p_bit);

void llc_conn_resend_i_pdu_as_rsp(struct sock *sk, u8 nr, u8 first_f_bit);

	llc_pdu_init_as_i_cmd(skb, 1, llc->vS, llc->vR);

	rc = llc_mac_hdr_init(skb, llc->dev->dev_addr, llc->daddr.mac);

	if (likely(!rc)) {

		skb_get(skb);

		llc_conn_send_pdu(sk, skb);

		llc_conn_ac_inc_vs_by_1(sk, skb);

	}

	llc_pdu_init_as_i_cmd(skb, 0, llc->vS, llc->vR);

	rc = llc_mac_hdr_init(skb, llc->dev->dev_addr, llc->daddr.mac);

	if (likely(!rc)) {

		rc = llc_conn_send_pdu(sk, skb);

		skb_get(skb);

		llc_conn_send_pdu(sk, skb);

		llc_conn_ac_inc_vs_by_1(sk, skb);

	}

	return rc;

	llc_pdu_init_as_i_cmd(skb, 0, llc->vS, llc->vR);

	rc = llc_mac_hdr_init(skb, llc->dev->dev_addr, llc->daddr.mac);

	if (likely(!rc)) {

		skb_get(skb);

		llc_conn_send_pdu(sk, skb);

		llc_conn_ac_inc_vs_by_1(sk, skb);

	}

	llc_pdu_init_as_i_cmd(skb, llc->ack_pf, llc->vS, llc->vR);

	rc = llc_mac_hdr_init(skb, llc->dev->dev_addr, llc->daddr.mac);

	if (likely(!rc)) {

		rc = llc_conn_send_pdu(sk, skb);

		skb_get(skb);

		llc_conn_send_pdu(sk, skb);

		llc_conn_ac_inc_vs_by_1(sk, skb);

	}

	return rc;

#endif

static int llc_find_offset(int state, int ev_type);

static int llc_conn_send_pdus(struct sock *sk, struct sk_buff *skb);

static void llc_conn_send_pdus(struct sock *sk);

static int llc_conn_service(struct sock *sk, struct sk_buff *skb);

static int llc_exec_conn_trans_actions(struct sock *sk,

				       struct llc_conn_state_trans *trans,

	return rc;

}

int llc_conn_send_pdu(struct sock *sk, struct sk_buff *skb)

void llc_conn_send_pdu(struct sock *sk, struct sk_buff *skb)

{

	/* queue PDU to send to MAC layer */

	skb_queue_tail(&sk->sk_write_queue, skb);

	return llc_conn_send_pdus(sk, skb);

	llc_conn_send_pdus(sk);

}

/**

	if (howmany_resend > 0)

		llc->vS = (llc->vS + 1) % LLC_2_SEQ_NBR_MODULO;

	/* any PDUs to re-send are queued up; start sending to MAC */

	llc_conn_send_pdus(sk, NULL);

	llc_conn_send_pdus(sk);

out:;

}

	if (howmany_resend > 0)

		llc->vS = (llc->vS + 1) % LLC_2_SEQ_NBR_MODULO;

	/* any PDUs to re-send are queued up; start sending to MAC */

	llc_conn_send_pdus(sk, NULL);

	llc_conn_send_pdus(sk);

out:;

}

/**

 *	llc_conn_send_pdus - Sends queued PDUs

 *	@sk: active connection

 *	@hold_skb: the skb held by caller, or NULL if does not care

 *

 *	Sends queued pdus to MAC layer for transmission. When @hold_skb is

 *	NULL, always return 0. Otherwise, return 0 if @hold_skb is sent

 *	successfully, or 1 for failure.

 *	Sends queued pdus to MAC layer for transmission.

 */

static int llc_conn_send_pdus(struct sock *sk, struct sk_buff *hold_skb)

static void llc_conn_send_pdus(struct sock *sk)

{

	struct sk_buff *skb;

	int ret = 0;

	while ((skb = skb_dequeue(&sk->sk_write_queue)) != NULL) {

		struct llc_pdu_sn *pdu = llc_pdu_sn_hdr(skb);

			skb_queue_tail(&llc_sk(sk)->pdu_unack_q, skb);

			if (!skb2)

				break;

			dev_queue_xmit(skb2);

		} else {

			bool is_target = skb == hold_skb;

			int rc;

			if (is_target)

				skb_get(skb);

			rc = dev_queue_xmit(skb);

			if (is_target)

				ret = rc;

			skb = skb2;

		}

		dev_queue_xmit(skb);

	}

	return ret;

}

/**