a7y18lte-ubports/android_kernel_samsung_a7y18lte
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5da59882a8
android_kernel_samsung_a7y1.../net
History
Xin Long 5da59882a8 tipc: add NULL pointer check before calling kfree_rcu 
[ Upstream commit 42dec1dbe38239cf91cc1f4df7830c66276ced37 ]

Unlike kfree(p), kfree_rcu(p, rcu) won't do NULL pointer check. When
tipc_nametbl_remove_publ returns NULL, the panic below happens:

   BUG: unable to handle kernel NULL pointer dereference at 0000000000000068
   RIP: 0010:__call_rcu+0x1d/0x290
   Call Trace:
    <IRQ>
    tipc_publ_notify+0xa9/0x170 [tipc]
    tipc_node_write_unlock+0x8d/0x100 [tipc]
    tipc_node_link_down+0xae/0x1d0 [tipc]
    tipc_node_check_dest+0x3ea/0x8f0 [tipc]
    ? tipc_disc_rcv+0x2c7/0x430 [tipc]
    tipc_disc_rcv+0x2c7/0x430 [tipc]
    ? tipc_rcv+0x6bb/0xf20 [tipc]
    tipc_rcv+0x6bb/0xf20 [tipc]
    ? ip_route_input_slow+0x9cf/0xb10
    tipc_udp_recv+0x195/0x1e0 [tipc]
    ? tipc_udp_is_known_peer+0x80/0x80 [tipc]
    udp_queue_rcv_skb+0x180/0x460
    udp_unicast_rcv_skb.isra.56+0x75/0x90
    __udp4_lib_rcv+0x4ce/0xb90
    ip_local_deliver_finish+0x11c/0x210
    ip_local_deliver+0x6b/0xe0
    ? ip_rcv_finish+0xa9/0x410
    ip_rcv+0x273/0x362

Fixes: 97ede29e80ee ("tipc: convert name table read-write lock to RCU")
Reported-by: Li Shuang <shuali@redhat.com>
Signed-off-by: Xin Long <lucien.xin@gmail.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2020-04-06 21:35:27 +02:00
..
6lowpan
9p 9p/virtio: Add cleanup path in p9_virtio_init 2020-04-06 20:04:29 +02:00
802
8021q
appletalk
atm
ax25
batman-adv batman-adv: fix for leaked TVLV handler. 2020-04-06 19:54:11 +02:00
bluetooth Bluetooth: Add SMP workaround Microsoft Surface Precision Mouse bug 2020-04-06 20:04:59 +02:00
bridge bridge/mdb: remove wrong use of NLM_F_MULTI 2020-04-06 21:35:09 +02:00
caif
can
ceph
core net: Fix null de-reference of device refcount 2020-04-06 21:35:17 +02:00
dcb
dccp
decnet
dns_resolver
dsa
ethernet
hsr
ieee802154
ipv4 tcp: fix tcp_ecn_withdraw_cwr() to clear TCP_ECN_QUEUE_CWR 2020-04-06 21:35:25 +02:00
ipv6 ipv6: Fix the link time qualifier of 'ping_v6_proc_exit_net()' 2020-04-06 21:35:13 +02:00
ipx
irda
iucv
key xfrm: clean up xfrm protocol checks 2020-04-06 21:34:53 +02:00
l2tp compat_ioctl: pppoe: fix PPPOEIOCSFWD handling 2020-04-06 20:28:29 +02:00
l3mdev
lapb
llc
mac80211 mac80211: fix possible sta leak 2020-04-06 21:33:56 +02:00
mac802154
mpls
mptcp
ncm
netfilter netfilter: conntrack: Use consistent ct id hash calculation 2020-04-06 21:32:49 +02:00
netlabel
netlink
netrom netrom: hold sock when setting skb->destructor 2020-04-06 20:05:22 +02:00
nfc nfc: fix potential illegal memory access 2020-04-06 20:05:16 +02:00
openvswitch
packet af_packet: tone down the Tx-ring unsupported spew. 2020-04-06 21:35:03 +02:00
phonet
rds
rfkill
rose
rxrpc
sched sch_hhf: ensure quantum and hhf_non_hh_weight are non-zero 2020-04-06 21:35:19 +02:00
sctp sctp: use transport pf_retrans in sctp_do_8_2_transport_strike 2020-04-06 21:35:23 +02:00
sunrpc
switchdev
tipc tipc: add NULL pointer check before calling kfree_rcu 2020-04-06 21:35:27 +02:00
unix
vmw_vsock
wimax
wireless Revert "cfg80211: fix processing world regdomain when non modular" 2020-04-06 21:33:54 +02:00
x25
xfrm xfrm: clean up xfrm protocol checks 2020-04-06 21:34:53 +02:00
compat.c
Kconfig
Makefile
socket.c
sysctl_net.c