Menu
▾
▴
Re: [tipc-discussion] [PATCH net 0/2] tipc: fix two race issues in tipc_conn_alloc
|
From: Jon M. <jm...@re...> - 2022-11-22 00:47:32
|
On 11/18/22 16:44, Xin Long wrote: > The race exists beteen tipc_topsrv_accept() and tipc_conn_close(), > one is allocating the con while the other is freeing it and there > is no proper lock protecting it. Therefore, a null-pointer-defer > and a use-after-free may be triggered, see details on each patch. > > Xin Long (2): > tipc: set con sock in tipc_conn_alloc > tipc: add an extra conn_get in tipc_conn_alloc > > net/tipc/topsrv.c | 20 +++++++++++--------- > 1 file changed, 11 insertions(+), 9 deletions(-) > Series Acked-by: Jon Maloy <jm...@re...> |
