summaryrefslogtreecommitdiffstats
path: root/README
diff options
context:
space:
mode:
authorCong Wang <xiyou.wangcong@gmail.com>2018-12-12 06:43:51 +0100
committerDavid S. Miller <davem@davemloft.net>2018-12-15 00:48:49 +0100
commit143ece654f9f5b37bedea252a990be37e48ae3a5 (patch)
tree3268762e6be9aa0bbb5a1a6de35e77d67e08175b /README
parentnet: Allow class-e address assignment via ifconfig ioctl (diff)
downloadlinux-143ece654f9f5b37bedea252a990be37e48ae3a5.tar.xz
linux-143ece654f9f5b37bedea252a990be37e48ae3a5.zip
tipc: check tsk->group in tipc_wait_for_cond()
tipc_wait_for_cond() drops socket lock before going to sleep, but tsk->group could be freed right after that release_sock(). So we have to re-check and reload tsk->group after it wakes up. After this patch, tipc_wait_for_cond() returns -ERESTARTSYS when tsk->group is NULL, instead of continuing with the assumption of a non-NULL tsk->group. (It looks like 'dsts' should be re-checked and reloaded too, but it is a different bug.) Similar for tipc_send_group_unicast() and tipc_send_group_anycast(). Reported-by: syzbot+10a9db47c3a0e13eb31c@syzkaller.appspotmail.com Fixes: b7d42635517f ("tipc: introduce flow control for group broadcast messages") Fixes: ee106d7f942d ("tipc: introduce group anycast messaging") Fixes: 27bd9ec027f3 ("tipc: introduce group unicast messaging") Cc: Ying Xue <ying.xue@windriver.com> Cc: Jon Maloy <jon.maloy@ericsson.com> Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com> Acked-by: Ying Xue <ying.xue@windriver.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'README')
0 files changed, 0 insertions, 0 deletions