From: Jon M. <jm...@re...> - 2020-03-12 13:32:57
|
On 3/12/20 2:38 AM, hoa...@de... wrote: > From: Hoang Le <hoa...@de...> > > Calling: > tipc_node_link_down()-> > - tipc_node_write_unlock()->tipc_mon_peer_down() > - tipc_mon_peer_down() > just after disabling bearer could be caused kernel oops. > > Fix this by adding a sanity check to make sure valid memory > access. > > Signed-off-by: Hoang Le <hoa...@de...> > --- > net/tipc/monitor.c | 12 ++++++++++-- > 1 file changed, 10 insertions(+), 2 deletions(-) > > diff --git a/net/tipc/monitor.c b/net/tipc/monitor.c > index 58708b4c7719..6dce2abf436e 100644 > --- a/net/tipc/monitor.c > +++ b/net/tipc/monitor.c > @@ -322,9 +322,13 @@ static void mon_assign_roles(struct tipc_monitor *mon, struct tipc_peer *head) > void tipc_mon_remove_peer(struct net *net, u32 addr, int bearer_id) > { > struct tipc_monitor *mon = tipc_monitor(net, bearer_id); > - struct tipc_peer *self = get_self(net, bearer_id); > + struct tipc_peer *self; > struct tipc_peer *peer, *prev, *head; > > + if (!mon) > + return; > + > + self = get_self(net, bearer_id); > write_lock_bh(&mon->lock); > peer = get_peer(mon, addr); > if (!peer) > @@ -407,11 +411,15 @@ void tipc_mon_peer_up(struct net *net, u32 addr, int bearer_id) > void tipc_mon_peer_down(struct net *net, u32 addr, int bearer_id) > { > struct tipc_monitor *mon = tipc_monitor(net, bearer_id); > - struct tipc_peer *self = get_self(net, bearer_id); > + struct tipc_peer *self; > struct tipc_peer *peer, *head; > struct tipc_mon_domain *dom; > int applied; > > + if (!mon) > + return; > + > + self = get_self(net, bearer_id); > write_lock_bh(&mon->lock); > peer = get_peer(mon, addr); > if (!peer) { Acked-by: Jon Maloy <jm...@re...> -- |