Menu
▾
▴
Re: [tipc-discussion] [net-next] tipc: add NULL pointer check to prevent kernel oops
|
From: Jon M. <jm...@re...> - 2020-03-12 13:32:57
|
On 3/12/20 2:38 AM, hoa...@de... wrote:
> From: Hoang Le <hoa...@de...>
>
> Calling:
> tipc_node_link_down()->
> - tipc_node_write_unlock()->tipc_mon_peer_down()
> - tipc_mon_peer_down()
> just after disabling bearer could be caused kernel oops.
>
> Fix this by adding a sanity check to make sure valid memory
> access.
>
> Signed-off-by: Hoang Le <hoa...@de...>
> ---
> net/tipc/monitor.c | 12 ++++++++++--
> 1 file changed, 10 insertions(+), 2 deletions(-)
>
> diff --git a/net/tipc/monitor.c b/net/tipc/monitor.c
> index 58708b4c7719..6dce2abf436e 100644
> --- a/net/tipc/monitor.c
> +++ b/net/tipc/monitor.c
> @@ -322,9 +322,13 @@ static void mon_assign_roles(struct tipc_monitor *mon, struct tipc_peer *head)
> void tipc_mon_remove_peer(struct net *net, u32 addr, int bearer_id)
> {
> struct tipc_monitor *mon = tipc_monitor(net, bearer_id);
> - struct tipc_peer *self = get_self(net, bearer_id);
> + struct tipc_peer *self;
> struct tipc_peer *peer, *prev, *head;
>
> + if (!mon)
> + return;
> +
> + self = get_self(net, bearer_id);
> write_lock_bh(&mon->lock);
> peer = get_peer(mon, addr);
> if (!peer)
> @@ -407,11 +411,15 @@ void tipc_mon_peer_up(struct net *net, u32 addr, int bearer_id)
> void tipc_mon_peer_down(struct net *net, u32 addr, int bearer_id)
> {
> struct tipc_monitor *mon = tipc_monitor(net, bearer_id);
> - struct tipc_peer *self = get_self(net, bearer_id);
> + struct tipc_peer *self;
> struct tipc_peer *peer, *head;
> struct tipc_mon_domain *dom;
> int applied;
>
> + if (!mon)
> + return;
> +
> + self = get_self(net, bearer_id);
> write_lock_bh(&mon->lock);
> peer = get_peer(mon, addr);
> if (!peer) {
Acked-by: Jon Maloy <jm...@re...>
--
|
