From: Cong Wang
Date: Mon, 4 Dec 2017 10:31:43 -0800
> In tipc_topsrv_kern_subscr() when s->tipc_conn_new() fails
> we call tipc_close_conn() to clean up, but in this case
> calling conn_put() is just enough.
>
> This fixes the folllowing crash:
...
> Fixes: 14c04493cb77 ("tipc: add ability to
> -Original Message-
> From: Cong Wang [mailto:xiyou.wangc...@gmail.com]
> Sent: Monday, December 04, 2017 17:34
> To: Jon Maloy
> Cc: David Miller ; Linux Kernel Network Developers
> ; tipc-discuss...@lists.sourceforge.net; Ying Xue
>
> Subject: Re: [Patch
On Mon, Dec 4, 2017 at 12:32 PM, Jon Maloy wrote:
>
>> You are right. The right solution is to just call conn_put() twice here.
>> I already have a patch ready for this, but it is part of a series that needs
>> more
>> review.
>> I should probably post it separately...
>
> Well, calling conn_put(
ourceforge.net; Ying Xue
> Subject: RE: [Patch net v2] tipc: fix a null pointer deref on error path
>
>
>
> > -Original Message-
> > From: Cong Wang [mailto:xiyou.wangc...@gmail.com]
> > Sent: Monday, December 04, 2017 14:41
> > To: David Miller
> -Original Message-
> From: Cong Wang [mailto:xiyou.wangc...@gmail.com]
> Sent: Monday, December 04, 2017 14:41
> To: David Miller
> Cc: Linux Kernel Network Developers ; tipc-
> discuss...@lists.sourceforge.net; Jon Maloy ;
> Ying Xue
> Subject: Re: [Patch
From: Cong Wang
Date: Mon, 4 Dec 2017 11:23:13 -0800
> On Mon, Dec 4, 2017 at 10:57 AM, David Miller wrote:
>> From: Cong Wang
>> Date: Mon, 4 Dec 2017 10:31:43 -0800
>>
>>> In tipc_topsrv_kern_subscr() when s->tipc_conn_new() fails
>>> we call tipc_close_conn() to clean up, but in this case
>
> Maloy ; Ying Xue
> Subject: Re: [Patch net v2] tipc: fix a null pointer deref on error path
>
> From: Cong Wang
> Date: Mon, 4 Dec 2017 10:31:43 -0800
>
> > In tipc_topsrv_kern_subscr() when s->tipc_conn_new() fails we call
> > tipc_close_conn() to clean
On Mon, Dec 4, 2017 at 11:23 AM, Cong Wang wrote:
> On Mon, Dec 4, 2017 at 10:57 AM, David Miller wrote:
>>
>> It looks like tipc_accept_from_sock() has a similar problem? The
>> tipc_close_conn() will get invoked indirectly from the sock_release()
>> path right?
>
> Not sure, the sock_release()
On Mon, Dec 4, 2017 at 10:57 AM, David Miller wrote:
> From: Cong Wang
> Date: Mon, 4 Dec 2017 10:31:43 -0800
>
>> In tipc_topsrv_kern_subscr() when s->tipc_conn_new() fails
>> we call tipc_close_conn() to clean up, but in this case
>> calling conn_put() is just enough.
>>
>> This fixes the foll
From: Cong Wang
Date: Mon, 4 Dec 2017 10:31:43 -0800
> In tipc_topsrv_kern_subscr() when s->tipc_conn_new() fails
> we call tipc_close_conn() to clean up, but in this case
> calling conn_put() is just enough.
>
> This fixes the folllowing crash:
...
> Fixes: 14c04493cb77 ("tipc: add ability to
In tipc_topsrv_kern_subscr() when s->tipc_conn_new() fails
we call tipc_close_conn() to clean up, but in this case
calling conn_put() is just enough.
This fixes the folllowing crash:
kasan: GPF could be caused by NULL-ptr deref or user memory access
general protection fault: [#1] SMP KASAN
11 matches
Mail list logo
