From: Jon Maloy <jon.ma...@ericsson.com>
Date: Thu, 11 May 2017 20:28:15 +0200
> The macro tipc_wait_for_cond() is embedding the macro sk_wait_event()
> to fulfil its task. The latter, in turn, is evaluating the stated
> condition outside the socket lock context. This is problematic if
> the condition is accessing non-trivial data structures which may be
> altered by incoming interrupts, as is the case with the cong_links()
> linked list, used by socket to keep track of the current set of
> congested links. We sometimes see crashes when this list is accessed
> by a condition function at the same time as a SOCK_WAKEUP interrupt
> is removing an element from the list.
>
> We fix this by expanding selected parts of sk_wait_event() into the
> outer macro, while ensuring that all evaluations of a given condition
> are performed under socket lock protection.
>
> Fixes: commit 365ad353c256 ("tipc: reduce risk of user starvation
> during link congestion")
>
> Reviewed-by: Parthasarathy Bhuvaragan <parthasarathy.bhuvara...@ericsson.com>
> Signed-off-by: Jon Maloy <jon.ma...@ericsson.com>
Applied and queued up for -stable, thanks Jon.
