iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
835c18375a16d0cb8bc56576821d23f8e66dab73
linux/net/tipc
History
Xin Long 06a80feb3f tipc: add NULL pointer check before calling kfree_rcu 
[ Upstream commit 42dec1dbe3 ]

Unlike kfree(p), kfree_rcu(p, rcu) won't do NULL pointer check. When
tipc_nametbl_remove_publ returns NULL, the panic below happens:

   BUG: unable to handle kernel NULL pointer dereference at 0000000000000068
   RIP: 0010:__call_rcu+0x1d/0x290
   Call Trace:
    <IRQ>
    tipc_publ_notify+0xa9/0x170 [tipc]
    tipc_node_write_unlock+0x8d/0x100 [tipc]
    tipc_node_link_down+0xae/0x1d0 [tipc]
    tipc_node_check_dest+0x3ea/0x8f0 [tipc]
    ? tipc_disc_rcv+0x2c7/0x430 [tipc]
    tipc_disc_rcv+0x2c7/0x430 [tipc]
    ? tipc_rcv+0x6bb/0xf20 [tipc]
    tipc_rcv+0x6bb/0xf20 [tipc]
    ? ip_route_input_slow+0x9cf/0xb10
    tipc_udp_recv+0x195/0x1e0 [tipc]
    ? tipc_udp_is_known_peer+0x80/0x80 [tipc]
    udp_queue_rcv_skb+0x180/0x460
    udp_unicast_rcv_skb.isra.56+0x75/0x90
    __udp4_lib_rcv+0x4ce/0xb90
    ip_local_deliver_finish+0x11c/0x210
    ip_local_deliver+0x6b/0xe0
    ? ip_rcv_finish+0xa9/0x410
    ip_rcv+0x273/0x362

Fixes: 97ede29e80 ("tipc: convert name table read-write lock to RCU")
Reported-by: Li Shuang <shuali@redhat.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-09-21 07:14:03 +02:00
..
addr.c
tipc: simplify include dependencies
2015-05-14 12:24:45 -04:00
addr.h
tipc: introduce constants for tipc address validation
2016-07-26 14:26:42 -07:00
bcast.c
tipc: fix broadcast link synchronization problem
2016-10-29 17:21:09 -04:00
bcast.h
tipc: fix broadcast link synchronization problem
2016-10-29 17:21:09 -04:00
bearer.c
tipc: error path leak fixes in tipc_enable_bearer()
2018-03-03 10:23:24 +01:00
bearer.h
tipc: check minimum bearer MTU
2016-12-02 14:03:20 -05:00
core.c
tipc: change to use register_pernet_device
2019-07-10 09:55:40 +02:00
core.h
tipc: add neighbor monitoring framework
2016-06-15 14:06:28 -07:00
discover.c
tipc: allocate user memory with GFP_KERNEL flag
2017-07-05 14:40:27 +02:00
discover.h
tipc: eliminate buffer leak in bearer layer
2016-04-07 17:00:13 -04:00
eth_media.c
tipc: make media address offset a common define
2015-02-27 18:18:48 -05:00
ib_media.c
tipc: rename media/msg related definitions
2015-02-27 18:18:48 -05:00
Kconfig
tipc: add ip/udp media type
2015-03-05 22:08:42 -05:00
link.c
tipc: allocate user memory with GFP_KERNEL flag
2017-07-05 14:40:27 +02:00
link.h
tipc: transfer broadcast nacks in link state messages
2016-09-02 17:10:24 -07:00
Makefile
tipc: add neighbor monitoring framework
2016-06-15 14:06:28 -07:00
monitor.c
tipc: fix tipc_mon_delete() oops in tipc_enable_bearer() error path
2018-03-03 10:23:24 +01:00
monitor.h
tipc: dump monitor attributes
2016-07-26 14:26:42 -07:00
msg.c
tipc: use only positive error codes in messages
2017-10-12 11:51:23 +02:00
msg.h
tipc: allocate user memory with GFP_KERNEL flag
2017-07-05 14:40:27 +02:00
name_distr.c
tipc: add NULL pointer check before calling kfree_rcu
2019-09-21 07:14:03 +02:00
name_distr.h
tipc: reduce code dependency between binding table and node layer
2015-11-20 14:06:10 -05:00
name_table.c
tipc: move netlink policies to netlink.c
2016-03-07 14:56:41 -05:00
name_table.h
net.c
tipc: Fix tipc_sk_reinit race conditions
2017-06-17 06:41:49 +02:00
net.h
tipc: add peer removal functionality
2016-08-18 23:36:07 -07:00
netlink_compat.c
tipc: compat: allow tipc commands without arguments
2019-08-11 12:22:17 +02:00
netlink.c
tipc: add policy for TIPC_NLA_NET_ADDR
2018-04-29 11:32:01 +02:00
netlink.h
tipc: make cluster size threshold for monitoring configurable
2016-07-26 14:26:42 -07:00
node.c
tipc: check return value of nlmsg_new
2018-03-24 11:00:14 +01:00
node.h
tipc: transfer broadcast nacks in link state messages
2016-09-02 17:10:24 -07:00
server.c
tipc: fix memory leak in tipc_accept_from_sock()
2017-12-16 16:25:45 +01:00
server.h
tipc: fix a race condition leading to subscriber refcnt bug
2016-04-14 16:46:46 -04:00
socket.c
tipc: use lock_sock() in tipc_sk_reinit()
2019-01-09 16:16:41 +01:00
socket.h
tipc: redesign connection-level flow control
2016-05-03 15:51:16 -04:00
subscr.c
tipc: fix modprobe tipc failed after switch order of device registration
2019-06-11 12:22:36 +02:00
subscr.h
tipc: fix modprobe tipc failed after switch order of device registration
2019-06-11 12:22:36 +02:00
sysctl.c
udp_media.c
tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb
2019-07-10 09:55:42 +02:00
udp_media.h
tipc: add UDP remoteip dump to netlink API
2016-08-26 21:38:41 -07:00