iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e438f83914e75fd4f0dc2933e4b7f023bf55cc36
linux/net/tipc
History
Xin Long 7de5d0c7e7 tipc: add NULL pointer check before calling kfree_rcu 
[ Upstream commit 42dec1dbe3 ]

Unlike kfree(p), kfree_rcu(p, rcu) won't do NULL pointer check. When
tipc_nametbl_remove_publ returns NULL, the panic below happens:

   BUG: unable to handle kernel NULL pointer dereference at 0000000000000068
   RIP: 0010:__call_rcu+0x1d/0x290
   Call Trace:
    <IRQ>
    tipc_publ_notify+0xa9/0x170 [tipc]
    tipc_node_write_unlock+0x8d/0x100 [tipc]
    tipc_node_link_down+0xae/0x1d0 [tipc]
    tipc_node_check_dest+0x3ea/0x8f0 [tipc]
    ? tipc_disc_rcv+0x2c7/0x430 [tipc]
    tipc_disc_rcv+0x2c7/0x430 [tipc]
    ? tipc_rcv+0x6bb/0xf20 [tipc]
    tipc_rcv+0x6bb/0xf20 [tipc]
    ? ip_route_input_slow+0x9cf/0xb10
    tipc_udp_recv+0x195/0x1e0 [tipc]
    ? tipc_udp_is_known_peer+0x80/0x80 [tipc]
    udp_queue_rcv_skb+0x180/0x460
    udp_unicast_rcv_skb.isra.56+0x75/0x90
    __udp4_lib_rcv+0x4ce/0xb90
    ip_local_deliver_finish+0x11c/0x210
    ip_local_deliver+0x6b/0xe0
    ? ip_rcv_finish+0xa9/0x410
    ip_rcv+0x273/0x362

Fixes: 97ede29e80 ("tipc: convert name table read-write lock to RCU")
Reported-by: Li Shuang <shuali@redhat.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-09-19 09:08:02 +02:00
..
addr.c
addr.h
tipc: introduce constants for tipc address validation
2016-07-26 14:26:42 -07:00
bcast.c
tipc: correct initialization of skb list
2017-10-08 21:13:23 -07:00
bcast.h
tipc: make replicast a user selectable option
2017-01-20 12:10:17 -05:00
bearer.c
tipc: error path leak fixes in tipc_enable_bearer()
2018-03-03 10:24:30 +01:00
bearer.h
Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net
2017-09-01 17:42:05 -07:00
core.c
tipc: change to use register_pernet_device
2019-07-03 13:16:02 +02:00
core.h
netns: make struct pernet_operations::id unsigned int
2016-11-18 10:59:15 -05:00
discover.c
tipc: allocate user memory with GFP_KERNEL flag
2017-01-16 13:31:53 -05:00
discover.h
eth_media.c
ib_media.c
Kconfig
link.c
tipc: don't reset stale broadcast send link
2017-08-21 13:37:45 -07:00
link.h
tipc: transfer broadcast nacks in link state messages
2016-09-02 17:10:24 -07:00
Makefile
License cleanup: add SPDX GPL-2.0 license identifier to files with no license
2017-11-02 11:10:55 +01:00
monitor.c
tipc: fix infinite loop when dumping link monitor summary
2018-06-21 04:02:43 +09:00
monitor.h
tipc: dump monitor attributes
2016-07-26 14:26:42 -07:00
msg.c
tipc: Unclone message at secondary destination lookup
2017-10-08 21:13:23 -07:00
msg.h
tipc: introduce replicast as transport option for multicast
2017-01-20 12:10:17 -05:00
name_distr.c
tipc: add NULL pointer check before calling kfree_rcu
2019-09-19 09:08:02 +02:00
name_distr.h
name_table.c
tipc: adjust the policy of holding subscription kref
2017-03-28 18:03:33 -07:00
name_table.h
tipc: add functionality to lookup multicast destination nodes
2017-01-20 12:10:16 -05:00
net.c
netlink: pass extended ACK struct where available
2017-04-13 13:58:22 -04:00
net.h
tipc: add peer removal functionality
2016-08-18 23:36:07 -07:00
netlink_compat.c
tipc: compat: allow tipc commands without arguments
2019-08-09 17:53:35 +02:00
netlink.c
tipc: add policy for TIPC_NLA_NET_ADDR
2018-04-29 11:33:12 +02:00
netlink.h
tipc: make cluster size threshold for monitoring configurable
2016-07-26 14:26:42 -07:00
node.c
tipc: eliminate KMSAN uninit-value in strcmp complaint
2018-06-21 04:02:56 +09:00
node.h
tipc: make replicast a user selectable option
2017-01-20 12:10:17 -05:00
server.c
tipc: fix memory leak in tipc_accept_from_sock()
2017-12-17 15:07:56 +01:00
server.h
socket.c
tipc: fix hanging clients using poll with EPOLLOUT flag
2019-05-16 19:42:35 +02:00
socket.h
tipc: redesign connection-level flow control
2016-05-03 15:51:16 -04:00
subscr.c
tipc: fix modprobe tipc failed after switch order of device registration
2019-06-09 09:18:12 +02:00
subscr.h
tipc: fix modprobe tipc failed after switch order of device registration
2019-06-09 09:18:12 +02:00
sysctl.c
udp_media.c
tipc: pass tunnel dev as NULL to udp_tunnel(6)_xmit_skb
2019-07-03 13:16:03 +02:00
udp_media.h
tipc: add UDP remoteip dump to netlink API
2016-08-26 21:38:41 -07:00