tjh.dev
Linux kernel mirror (for testing)
git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel
os
linux
tipc: add NULL pointer check to prevent kernel oops
Calling:
tipc_node_link_down()->
- tipc_node_write_unlock()->tipc_mon_peer_down()
- tipc_mon_peer_down()
just after disabling bearer could be caused kernel oops.
Fix this by adding a sanity check to make sure valid memory
access.
Acked-by: Jon Maloy <jmaloy@redhat.com>
Signed-off-by: Hoang Le <hoang.h.le@dektech.com.au>
Signed-off-by: David S. Miller <davem@davemloft.net>
authored by
Hoang Le
and committed by
David S. Miller
746a1eda
e228c5c0
+10
-2
+10
-2
net/tipc/monitor.c
+10
-2
net/tipc/monitor.c
···
322
322
void tipc_mon_remove_peer(struct net *net, u32 addr, int bearer_id)
323
323
{
324
324
struct tipc_monitor *mon = tipc_monitor(net, bearer_id);
325
-
struct tipc_peer *self = get_self(net, bearer_id);
325
+
struct tipc_peer *self;
326
326
struct tipc_peer *peer, *prev, *head;
327
327
328
+
if (!mon)
329
+
return;
330
+
331
+
self = get_self(net, bearer_id);
328
332
write_lock_bh(&mon->lock);
329
333
peer = get_peer(mon, addr);
330
334
if (!peer)
···
411
407
void tipc_mon_peer_down(struct net *net, u32 addr, int bearer_id)
412
408
{
413
409
struct tipc_monitor *mon = tipc_monitor(net, bearer_id);
414
-
struct tipc_peer *self = get_self(net, bearer_id);
410
+
struct tipc_peer *self;
415
411
struct tipc_peer *peer, *head;
416
412
struct tipc_mon_domain *dom;
417
413
int applied;
418
414
415
+
if (!mon)
416
+
return;
417
+
418
+
self = get_self(net, bearer_id);
419
419
write_lock_bh(&mon->lock);
420
420
peer = get_peer(mon, addr);
421
421
if (!peer) {