diff options
| author | Cong Wang <xiyou.wangcong@gmail.com> | 2018-12-11 21:43:51 -0800 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2019-01-09 17:38:33 +0100 |
| commit | dc6c13d5d5b47c8a1c0570176a3ad5887dc63b00 (patch) | |
| tree | e3c480a83db9fa422a26376f95a6136137b8bd03 /include/asm-generic/kdebug.h | |
| parent | e5217034871545298c4d38651ec1bcda67f74b28 (diff) | |
tipc: check tsk->group in tipc_wait_for_cond()
[ Upstream commit 143ece654f9f5b37bedea252a990be37e48ae3a5 ]
tipc_wait_for_cond() drops socket lock before going to sleep,
but tsk->group could be freed right after that release_sock().
So we have to re-check and reload tsk->group after it wakes up.
After this patch, tipc_wait_for_cond() returns -ERESTARTSYS when
tsk->group is NULL, instead of continuing with the assumption of
a non-NULL tsk->group.
(It looks like 'dsts' should be re-checked and reloaded too, but
it is a different bug.)
Similar for tipc_send_group_unicast() and tipc_send_group_anycast().
Reported-by: syzbot+10a9db47c3a0e13eb31c@syzkaller.appspotmail.com
Fixes: b7d42635517f ("tipc: introduce flow control for group broadcast messages")
Fixes: ee106d7f942d ("tipc: introduce group anycast messaging")
Fixes: 27bd9ec027f3 ("tipc: introduce group unicast messaging")
Cc: Ying Xue <ying.xue@windriver.com>
Cc: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com>
Acked-by: Ying Xue <ying.xue@windriver.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'include/asm-generic/kdebug.h')
0 files changed, 0 insertions, 0 deletions