Re: [PATCH] tipc: call tipc_rcv() only if bearer is up in tipc_udp_recv()

From: David Miller
Date: Tue Nov 28 2017 - 09:58:45 EST

Next message: Chao Yu: "Re: [PATCH v2] quota: propagate error from __dquot_initialize"
Previous message: Tony Lindgren: "Re: [PATCH v2 2/4] DTS: GTA04: fix panel compatibility string"
In reply to: Jon Maloy: "RE: [PATCH] tipc: call tipc_rcv() only if bearer is up in tipc_udp_recv()"
Next in thread: Tommi Rantala: "Re: [PATCH] tipc: call tipc_rcv() only if bearer is up in tipc_udp_recv()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Tommi Rantala <tommi.t.rantala@xxxxxxxxx>
Date: Tue, 28 Nov 2017 14:53:15 +0200

> Call tipc_rcv() only if bearer is up in tipc_udp_recv().
> Fixes a rare TIPC div-by-zero crash in tipc_node_calculate_timer():
>
> We're enabling a bearer, but it's not yet up and fully initialized.
> At the same time we receive a discovery packet, and in tipc_udp_recv()
> we end up calling tipc_rcv() with the not-yet-initialized bearer,
> causing later a div-by-zero crash in tipc_node_calculate_timer().

You're also now ignoring any error being returned by tipc_udp_rcast_disc().

> -
> - if (unlikely(msg_user(hdr) == LINK_CONFIG)) {
> - err = tipc_udp_rcast_disc(b, skb);
> - if (err)
> - goto rcu_out;
> + } else {
> + if (unlikely(b && msg_user(hdr) == LINK_CONFIG))
> + tipc_udp_rcast_disc(b, skb);
> + kfree_skb(skb);
> }

Either put the 'err' propagation back or clearly explain in your
commit log message why this part of the change if absolutely essential
for this bug fix.

Thank you.

Next message: Chao Yu: "Re: [PATCH v2] quota: propagate error from __dquot_initialize"
Previous message: Tony Lindgren: "Re: [PATCH v2 2/4] DTS: GTA04: fix panel compatibility string"
In reply to: Jon Maloy: "RE: [PATCH] tipc: call tipc_rcv() only if bearer is up in tipc_udp_recv()"
Next in thread: Tommi Rantala: "Re: [PATCH] tipc: call tipc_rcv() only if bearer is up in tipc_udp_recv()"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]