| Message ID | 1457391064-6660-226-git-send-email-kamal@canonical.com |
|---|---|
| State | New |
| Headers | show |
On Mon, 2016-03-07 at 14:50 -0800, Kamal Mostafa wrote: > 4.2.8-ckt5 -stable review patch. If anyone has any objections, > please let me know. This patch will be deferred to the next 4.2-stable release (4.2.8-ckt6) so that it lands along with 4de13d7e tipc: fix nullptr crash during subscription cancel ... which has not yet appeared in a mainline -rc. -Kamal > ---8<------------------------------------------------------------ > > From: Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan@ericsson.com > > > > [ Upstream commit 4d5cfcba2f6ec494d8810b9e3c0a7b06255c8067 ] > > In 'commit 7fe8097cef5f ("tipc: fix nullpointer bug when subscribing > to events")', we terminate the connection if the subscription > creation fails. > In the same commit, the subscription creation result was based on > the value of the subscription pointer (set in the function) instead > of the return code. > > Unfortunately, the same function tipc_subscrp_create() handles > subscription cancel request. For a subscription cancellation request, > the subscription pointer cannot be set. Thus if a subscriber has > several subscriptions and cancels any of them, the connection is > terminated. > > In this commit, we terminate the connection based on the return value > of tipc_subscrp_create(). > Fixes: commit 7fe8097cef5f ("tipc: fix nullpointer bug when > subscribing to events") > > Reviewed-by: Jon Maloy <jon.maloy@ericsson.com> > Signed-off-by: Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan@eri > csson.com> > Signed-off-by: David S. Miller <davem@davemloft.net> > Signed-off-by: Kamal Mostafa <kamal@canonical.com> > --- > net/tipc/subscr.c | 11 +++++------ > 1 file changed, 5 insertions(+), 6 deletions(-) > > diff --git a/net/tipc/subscr.c b/net/tipc/subscr.c > index 350cca3..69ee2ee 100644 > --- a/net/tipc/subscr.c > +++ b/net/tipc/subscr.c > @@ -289,15 +289,14 @@ static void tipc_subscrb_rcv_cb(struct net > *net, int conid, > struct sockaddr_tipc *addr, void > *usr_data, > void *buf, size_t len) > { > - struct tipc_subscriber *subscriber = usr_data; > + struct tipc_subscriber *subscrb = usr_data; > struct tipc_subscription *sub = NULL; > struct tipc_net *tn = net_generic(net, tipc_net_id); > > - tipc_subscrp_create(net, (struct tipc_subscr *)buf, > subscriber, &sub); > - if (sub) > - tipc_nametbl_subscribe(sub); > - else > - tipc_conn_terminate(tn->topsrv, subscriber->conid); > + if (tipc_subscrp_create(net, (struct tipc_subscr *)buf, > subscrb, &sub)) > + return tipc_conn_terminate(tn->topsrv, subscrb- > >conid); > + > + tipc_nametbl_subscribe(sub); > } > > /* Handle one request to establish a new subscriber */
diff --git a/net/tipc/subscr.c b/net/tipc/subscr.c index 350cca3..69ee2ee 100644 --- a/net/tipc/subscr.c +++ b/net/tipc/subscr.c @@ -289,15 +289,14 @@ static void tipc_subscrb_rcv_cb(struct net *net, int conid, struct sockaddr_tipc *addr, void *usr_data, void *buf, size_t len) { - struct tipc_subscriber *subscriber = usr_data; + struct tipc_subscriber *subscrb = usr_data; struct tipc_subscription *sub = NULL; struct tipc_net *tn = net_generic(net, tipc_net_id); - tipc_subscrp_create(net, (struct tipc_subscr *)buf, subscriber, &sub); - if (sub) - tipc_nametbl_subscribe(sub); - else - tipc_conn_terminate(tn->topsrv, subscriber->conid); + if (tipc_subscrp_create(net, (struct tipc_subscr *)buf, subscrb, &sub)) + return tipc_conn_terminate(tn->topsrv, subscrb->conid); + + tipc_nametbl_subscribe(sub); } /* Handle one request to establish a new subscriber */