In the function node_lost_contact(), we call __skb_queue_purge() without
grabbing the list->lock. This can cause to a race-condition why processing
the list 'namedq' in calling path tipc_named_rcv()->tipc_named_dequeue().
[] BUG: kernel NULL pointer dereference, address:
[
On Thu, 8 Oct 2020 14:31:56 +0700 Hoang Huu Le wrote:
> diff --git a/net/tipc/name_distr.c b/net/tipc/name_distr.c
> index 2f9c148f17e2..fe4edce459ad 100644
> --- a/net/tipc/name_distr.c
> +++ b/net/tipc/name_distr.c
> @@ -327,8 +327,13 @@ static struct sk_buff *tipc_named_dequeue(struct
> sk_buf
On 10/8/20 1:25 PM, Jakub Kicinski wrote:
On Thu, 8 Oct 2020 14:31:56 +0700 Hoang Huu Le wrote:
diff --git a/net/tipc/name_distr.c b/net/tipc/name_distr.c
index 2f9c148f17e2..fe4edce459ad 100644
--- a/net/tipc/name_distr.c
+++ b/net/tipc/name_distr.c
@@ -327,8 +327,13 @@ static struct sk_buf
om; ying@windriver.com;
> tipc-discuss...@lists.sourceforge.net; netdev@vger.kernel.org
> Subject: Re: [net] tipc: fix NULL pointer dereference in tipc_named_rcv
>
>
>
> On 10/8/20 1:25 PM, Jakub Kicinski wrote:
> > On Thu, 8 Oct 2020 14:31:56 +0700 Hoang Huu Le wrote:
> &g
rom: Jon Maloy
Sent: Friday, October 9, 2020 1:01 AM
To: Jakub Kicinski ; Hoang Huu Le
Cc: ma...@donjonn.com; ying@windriver.com;
tipc-discuss...@lists.sourceforge.net; netdev@vger.kernel.org
Subject: Re: [net] tipc: fix NULL pointer dereference in tipc_named_rcv
On 10/8/20 1:25 PM, Jakub
