From: Xin Long
Date: Tue, 28 Feb 2017 12:41:29 +0800
> Commit cd2b70875058 ("sctp: check duplicate node before inserting a
> new transport") called rhltable_lookup() to check for the duplicate
> transport node in transport rhashtable.
>
> But rhltable_lookup() doesn't call rcu_read_lock inside,
On Tue, Feb 28, 2017 at 10:37:35PM +0800, Xin Long wrote:
> On Tue, Feb 28, 2017 at 10:23 PM, Neil Horman wrote:
> > On Tue, Feb 28, 2017 at 12:41:29PM +0800, Xin Long wrote:
> >> Commit cd2b70875058 ("sctp: check duplicate node before inserting a
> >> new transport") called rhltable_lookup() to c
On Tue, Feb 28, 2017 at 10:23 PM, Neil Horman wrote:
> On Tue, Feb 28, 2017 at 12:41:29PM +0800, Xin Long wrote:
>> Commit cd2b70875058 ("sctp: check duplicate node before inserting a
>> new transport") called rhltable_lookup() to check for the duplicate
>> transport node in transport rhashtable.
On Tue, Feb 28, 2017 at 12:41:29PM +0800, Xin Long wrote:
> Commit cd2b70875058 ("sctp: check duplicate node before inserting a
> new transport") called rhltable_lookup() to check for the duplicate
> transport node in transport rhashtable.
>
> But rhltable_lookup() doesn't call rcu_read_lock insid
Commit cd2b70875058 ("sctp: check duplicate node before inserting a
new transport") called rhltable_lookup() to check for the duplicate
transport node in transport rhashtable.
But rhltable_lookup() doesn't call rcu_read_lock inside, it could cause
a use-after-free issue if it tries to dereference
