asgardius/android_kernel_motorola_sm6225
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
android_kernel_motorola_sm6225/net/tipc
History
Lv Yunlong b89b5b030c net:tipc: Fix a double free in tipc_sk_mcast_rcv 
[ Upstream commit 6bf24dc0cc0cc43b29ba344b66d78590e687e046 ]

In the if(skb_peek(arrvq) == skb) branch, it calls __skb_dequeue(arrvq) to get
the skb by skb = skb_peek(arrvq). Then __skb_dequeue() unlinks the skb from arrvq
and returns the skb which equals to skb_peek(arrvq). After __skb_dequeue(arrvq)
finished, the skb is freed by kfree_skb(__skb_dequeue(arrvq)) in the first time.

Unfortunately, the same skb is freed in the second time by kfree_skb(skb) after
the branch completed.

My patch removes kfree_skb() in the if(skb_peek(arrvq) == skb) branch, because
this skb will be freed by kfree_skb(skb) finally.

Fixes: cb1b728096 ("tipc: eliminate race condition at multicast reception")
Signed-off-by: Lv Yunlong <lyl2019@mail.ustc.edu.cn>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2021-04-14 08:22:35 +02:00
..
addr.c tipc: initialise addr_trail_end when setting node addresses 2019-08-25 10:48:05 +02:00
addr.h
bcast.c tipc: clean up skb list lock handling on send path 2020-07-29 10:16:47 +02:00
bcast.h
bearer.c tipc: fix a double free in tipc_enable_bearer() 2019-01-09 17:38:34 +01:00
bearer.h tipc: implement configuration of UDP media MTU 2018-04-20 11:04:05 -04:00
core.c tipc: fix use-after-free in tipc_bcast_get_mode 2020-11-10 12:35:53 +01:00
core.h
diag.c tipc: switch to rhashtable iterator 2018-08-29 18:04:54 -07:00
discover.c tipc: fix lockdep warning when reinitilaizing sockets 2018-11-23 08:17:03 +01:00
discover.h
eth_media.c
group.c tipc: Fix memory leak in tipc_group_create_member() 2020-09-26 18:01:30 +02:00
group.h tipc: extend sock diag for group communication 2018-06-30 21:05:42 +09:00
ib_media.c
Kconfig
link.c tipc: fix NULL deref in tipc_link_xmit() 2021-01-23 15:49:56 +01:00
link.h tipc: fix failover problem 2018-09-29 11:45:14 -07:00
Makefile
monitor.c tipc: update mon's self addr when node addr generated 2020-01-27 14:49:52 +01:00
monitor.h tipc: update mon's self addr when node addr generated 2020-01-27 14:49:52 +01:00
msg.c tipc: fix memory leak caused by tipc_buf_append() 2020-11-05 11:08:33 +01:00
msg.h
name_distr.c tipc: eliminate message disordering during binding table update 2020-01-27 14:50:00 +01:00
name_distr.h
name_table.c tipc: eliminate message disordering during binding table update 2020-01-27 14:50:00 +01:00
name_table.h tipc: eliminate message disordering during binding table update 2020-01-27 14:50:00 +01:00
net.c tipc: update mon's self addr when node addr generated 2020-01-27 14:49:52 +01:00
net.h tipc: fix lockdep warning when reinitilaizing sockets 2018-11-23 08:17:03 +01:00
netlink.c tipc: add missing attribute validation for MTU property 2020-03-18 07:14:18 +01:00
netlink.h
netlink_compat.c tipc: fix uninit skb->data in tipc_nl_compat_dumpit() 2020-09-03 11:24:17 +02:00
node.c tipc: clean up skb list lock handling on send path 2020-07-29 10:16:47 +02:00
node.h tipc: add sequence number check for link STATE messages 2018-07-11 23:06:14 -07:00
socket.c net:tipc: Fix a double free in tipc_sk_mcast_rcv 2021-04-14 08:22:35 +02:00
socket.h tipc: call start and done ops directly in __tipc_nl_compat_dumpit() 2018-09-06 21:49:18 -07:00
subscr.c tipc: fix unbalanced reference counter 2018-04-12 21:46:10 -04:00
subscr.h tipc: fix modprobe tipc failed after switch order of device registration 2019-06-04 08:02:34 +02:00
sysctl.c tipc: set sysctl_tipc_rmem and named_timeout right range 2020-01-27 14:50:39 +01:00
topsrv.c tipc: fix memory leak in tipc_topsrv_start() 2020-11-18 19:18:51 +01:00
topsrv.h
udp_media.c net: ipv6_stub: use ip6_dst_lookup_flow instead of ip6_dst_lookup 2020-04-29 16:31:17 +02:00
udp_media.h tipc: implement configuration of UDP media MTU 2018-04-20 11:04:05 -04:00