summaryrefslogtreecommitdiff
path: root/.mailmap
diff options
context:
space:
mode:
authorJon Paul Maloy <jon.maloy@ericsson.com>2016-02-24 11:00:19 -0500
committerDavid S. Miller <davem@davemloft.net>2016-02-25 17:04:48 -0500
commitb170997acedc6c11ed2ec07b8d415601e65bb452 (patch)
treeb0759cbe4ceec6d799d8830fd03f3fd5e357a271 /.mailmap
parent3da7611f4285e0434dff62bcabb8b5bfdae5915f (diff)
tipc: eliminate risk of finding to-be-deleted node instance
Although we have never seen it happen, we have identified the following problematic scenario when nodes are stopped and deleted: CPU0: CPU1: tipc_node_xxx() //ref == 1 tipc_node_put() //ref -> 0 tipc_node_find() // node still in table tipc_node_delete() list_del_rcu(n. list) tipc_node_get() //ref -> 1, bad kfree_rcu() tipc_node_put() //ref to 0 again. kfree_rcu() // BOOM! We fix this by introducing use of the conditional kref_get_if_not_zero() instead of kref_get() in the function tipc_node_find(). This eliminates any risk of post-mortem access. Reported-by: Zhijiang Hu <huzhijiang@gmail.com> Acked-by: Ying Xue <ying.xue@windriver.com> Signed-off-by: Jon Maloy <jon.maloy@ericsson.com> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to '.mailmap')
0 files changed, 0 insertions, 0 deletions