• X
    tipc: add NULL pointer check before calling kfree_rcu · 42dec1db
    Xin Long 提交于
    Unlike kfree(p), kfree_rcu(p, rcu) won't do NULL pointer check. When
    tipc_nametbl_remove_publ returns NULL, the panic below happens:
    
       BUG: unable to handle kernel NULL pointer dereference at 0000000000000068
       RIP: 0010:__call_rcu+0x1d/0x290
       Call Trace:
        <IRQ>
        tipc_publ_notify+0xa9/0x170 [tipc]
        tipc_node_write_unlock+0x8d/0x100 [tipc]
        tipc_node_link_down+0xae/0x1d0 [tipc]
        tipc_node_check_dest+0x3ea/0x8f0 [tipc]
        ? tipc_disc_rcv+0x2c7/0x430 [tipc]
        tipc_disc_rcv+0x2c7/0x430 [tipc]
        ? tipc_rcv+0x6bb/0xf20 [tipc]
        tipc_rcv+0x6bb/0xf20 [tipc]
        ? ip_route_input_slow+0x9cf/0xb10
        tipc_udp_recv+0x195/0x1e0 [tipc]
        ? tipc_udp_is_known_peer+0x80/0x80 [tipc]
        udp_queue_rcv_skb+0x180/0x460
        udp_unicast_rcv_skb.isra.56+0x75/0x90
        __udp4_lib_rcv+0x4ce/0xb90
        ip_local_deliver_finish+0x11c/0x210
        ip_local_deliver+0x6b/0xe0
        ? ip_rcv_finish+0xa9/0x410
        ip_rcv+0x273/0x362
    
    Fixes: 97ede29e ("tipc: convert name table read-write lock to RCU")
    Reported-by: NLi Shuang <shuali@redhat.com>
    Signed-off-by: NXin Long <lucien.xin@gmail.com>
    Signed-off-by: NDavid S. Miller <davem@davemloft.net>
    42dec1db
name_distr.c 9.9 KB