From: Jon Maloy <[email protected]>
Date: Wed, 10 Feb 2016 16:14:57 -0500
> In commit 5266698661401a ("tipc: let broadcast packet reception
> use new link receive function") we introduced a new per-node
> broadcast reception link instance. This link is created at the
> moment the node itself is created. Unfortunately, the allocation
> is done after the node instance has already been added to the node
> lookup hash table. This creates a potential race condition, where
> arriving broadcast packets are able to find and access the node
> before it has been fully initialized, and before the above mentioned
> link has been created. The result is occasional crashes in the function
> tipc_bcast_rcv(), which is trying to access the not-yet existing link.
>
> We fix this by deferring the addition of the node instance until after
> it has been fully initialized in the function tipc_node_create().
>
> Acked-by: Ying Xue <[email protected]>
> Signed-off-by: Jon Maloy <[email protected]>
Applied and queued up for -stable, thanks.
