leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity

tipc: add NULL pointer check to prevent kernel oops

Browse Source 
Calling:
tipc_node_link_down()->
   - tipc_node_write_unlock()->tipc_mon_peer_down()
   - tipc_mon_peer_down()
  just after disabling bearer could be caused kernel oops.

Fix this by adding a sanity check to make sure valid memory
access.

Acked-by: Jon Maloy <jmaloy@redhat.com>
Signed-off-by: Hoang Le <hoang.h.le@dektech.com.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
This commit is contained in:
Hoang Le 2020-03-13 10:18:03 +07:00 committed by David S. Miller
parent e228c5c088
commit 746a1eda68
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
net/tipc/monitor.c
View File

@ -322,9 +322,13 @@ static void mon_assign_roles(struct tipc_monitor *mon, struct tipc_peer *head)
void tipc_mon_remove_peer(struct net *net, u32 addr, int bearer_id) void tipc_mon_remove_peer(struct net *net, u32 addr, int bearer_id)
{ {
struct tipc_monitor *mon = tipc_monitor(net, bearer_id); struct tipc_monitor *mon = tipc_monitor(net, bearer_id);
struct tipc_peer *self = get_self(net, bearer_id); struct tipc_peer *self;
struct tipc_peer *peer, *prev, *head; struct tipc_peer *peer, *prev, *head;
if (!mon)
return;
self = get_self(net, bearer_id);
write_lock_bh(&mon->lock); write_lock_bh(&mon->lock);
peer = get_peer(mon, addr); peer = get_peer(mon, addr);
if (!peer) if (!peer)
@ -407,11 +411,15 @@ exit:
void tipc_mon_peer_down(struct net *net, u32 addr, int bearer_id) void tipc_mon_peer_down(struct net *net, u32 addr, int bearer_id)
{ {
struct tipc_monitor *mon = tipc_monitor(net, bearer_id); struct tipc_monitor *mon = tipc_monitor(net, bearer_id);
struct tipc_peer *self = get_self(net, bearer_id); struct tipc_peer *self;
struct tipc_peer *peer, *head; struct tipc_peer *peer, *head;
struct tipc_mon_domain *dom; struct tipc_mon_domain *dom;
int applied; int applied;
if (!mon)
return;
self = get_self(net, bearer_id);
write_lock_bh(&mon->lock); write_lock_bh(&mon->lock);
peer = get_peer(mon, addr); peer = get_peer(mon, addr);
if (!peer) { if (!peer) {