AcoSail/kernel_optimize_test
8
0
Fork 0
forked from luck/tmp_suning_uos_patched
Code Pull Requests Activity
3a101b8de0
kernel_optimize_test/net/tipc
History
Ying Xue a8b9b96e95 tipc: fix race in disc create/delete 
Commit a21a584d67 (tipc: fix neighbor
detection problem after hw address change) introduces a race condition
involving tipc_disc_delete() and tipc_disc_add/remove_dest that can
cause TIPC to dereference the pointer to the bearer discovery request
structure after it has been freed since a stray pointer is left in the
bearer structure.

In order to fix the issue, the process of resetting the discovery
request handler is optimized: the discovery request handler and request
buffer are just reset instead of being freed, allocated and initialized.
As the request point is always valid and the request's lock is taken
while the request handler is reset, the race doesn't happen any more.

Reported-by: Erik Hugne <erik.hugne@ericsson.com>
Signed-off-by: Ying Xue <ying.xue@windriver.com>
Reviewed-by: Erik Hugne <erik.hugne@ericsson.com>
Tested-by: Erik Hugne <erik.hugne@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
2014-04-22 21:17:53 -04:00
..
addr.c
addr.h tipc: explicitly include core.h in addr.h 2014-02-13 17:49:13 -05:00
bcast.c tipc: use bc_lock to protect node map in bearer structure 2014-04-22 21:17:53 -04:00
bcast.h tipc: use bc_lock to protect node map in bearer structure 2014-04-22 21:17:53 -04:00
bearer.c tipc: fix race in disc create/delete 2014-04-22 21:17:53 -04:00
bearer.h tipc: use RCU to protect media_ptr pointer 2014-04-22 21:17:53 -04:00
config.c tipc: replace config_mutex lock with RTNL lock 2014-04-22 21:17:52 -04:00
config.h tipc: obsolete the remote management feature 2014-03-27 13:08:36 -04:00
core.c tipc: obsolete the remote management feature 2014-03-27 13:08:36 -04:00
core.h tipc: replace config_mutex lock with RTNL lock 2014-04-22 21:17:52 -04:00
discover.c tipc: fix race in disc create/delete 2014-04-22 21:17:53 -04:00
discover.h tipc: fix race in disc create/delete 2014-04-22 21:17:53 -04:00
eth_media.c
handler.c tipc: don't log disabled tasklet handler errors 2014-03-06 14:46:24 -05:00
ib_media.c
Kconfig
link.c tipc: purge tipc_net_lock lock 2014-04-22 21:17:53 -04:00
link.h tipc: decouple the relationship between bearer and link 2014-04-22 21:17:53 -04:00
log.c
Makefile
msg.c
msg.h
name_distr.c tipc: purge tipc_net_lock lock 2014-04-22 21:17:53 -04:00
name_distr.h tipc: align tipc function names with common naming practice in the network 2014-02-18 17:31:59 -05:00
name_table.c tipc: fix memory leak during module removal 2014-03-06 14:46:24 -05:00
name_table.h
net.c tipc: purge tipc_net_lock lock 2014-04-22 21:17:53 -04:00
net.h tipc: purge tipc_net_lock lock 2014-04-22 21:17:53 -04:00
netlink.c tipc: remove all enabled flags from all tipc components 2014-02-22 00:00:15 -05:00
node_subscr.c
node_subscr.h
node.c tipc: purge tipc_net_lock lock 2014-04-22 21:17:53 -04:00
node.h tipc: tipc: convert node list and node hlist to RCU lists 2014-03-27 13:08:37 -04:00
port.c tipc: eliminate redundant lookups in registry 2014-03-12 15:53:49 -04:00
port.h tipc: eliminate redundant lookups in registry 2014-03-12 15:53:49 -04:00
ref.c tipc: eliminate redundant lookups in registry 2014-03-12 15:53:49 -04:00
ref.h tipc: eliminate redundant lookups in registry 2014-03-12 15:53:49 -04:00
server.c net: Fix use after free by removing length arg from sk_data_ready callbacks. 2014-04-11 16:15:36 -04:00
server.h tipc: remove all enabled flags from all tipc components 2014-02-22 00:00:15 -05:00
socket.c net: Fix use after free by removing length arg from sk_data_ready callbacks. 2014-04-11 16:15:36 -04:00
socket.h tipc: align usage of variable names and macros in socket 2014-03-12 15:53:49 -04:00
subscr.c tipc: fix spinlock recursion bug for failed subscriptions 2014-03-24 15:36:56 -04:00
subscr.h
sysctl.c