From: Paul Gortmaker <paul.gortmaker@windriver.com>
To: davem@davemloft.net
Cc: netdev@vger.kernel.org, Allan.Stephens@windriver.com,
Paul Gortmaker <paul.gortmaker@windriver.com>
Subject: [PATCH net-next 04/26] tipc: Prevent null pointer error when removing a node subscription
Date: Sun, 13 Mar 2011 17:33:52 -0400 [thread overview]
Message-ID: <1300052054-7531-5-git-send-email-paul.gortmaker@windriver.com> (raw)
In-Reply-To: <1300052054-7531-1-git-send-email-paul.gortmaker@windriver.com>
From: Allan Stephens <Allan.Stephens@windriver.com>
Prevents a null pointer dereference from occurring if a node subscription
is triggered at the same time that the subscribing port or publication is
terminating the subscription. The problem arises if the triggering routine
asynchronously activates and deregisters the node subscription while
deregistration is already underway -- the deregistration routine may find
that the pointer it has just verified to be non-NULL is now NULL.
To avoid this race condition the triggering routine now simply marks the
node subscription as defunct (to prevent it from re-activating)
instead of deregistering it. The subscription is now both deregistered
and destroyed only when the subscribing port or publication code terminates
the node subscription.
Signed-off-by: Allan Stephens <Allan.Stephens@windriver.com>
Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com>
---
net/tipc/name_distr.c | 5 +++--
net/tipc/node.c | 13 +++++++------
2 files changed, 10 insertions(+), 8 deletions(-)
diff --git a/net/tipc/name_distr.c b/net/tipc/name_distr.c
index 483c226..1d4a18a 100644
--- a/net/tipc/name_distr.c
+++ b/net/tipc/name_distr.c
@@ -2,7 +2,7 @@
* net/tipc/name_distr.c: TIPC name distribution code
*
* Copyright (c) 2000-2006, Ericsson AB
- * Copyright (c) 2005, Wind River Systems
+ * Copyright (c) 2005, 2010-2011, Wind River Systems
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -221,7 +221,6 @@ exit:
* In rare cases the link may have come back up again when this
* function is called, and we have two items representing the same
* publication. Nudge this item's key to distinguish it from the other.
- * (Note: Publication's node subscription is already unsubscribed.)
*/
static void node_is_down(struct publication *publ)
@@ -232,6 +231,8 @@ static void node_is_down(struct publication *publ)
publ->key += 1222345;
p = tipc_nametbl_remove_publ(publ->type, publ->lower,
publ->node, publ->ref, publ->key);
+ if (p)
+ tipc_nodesub_unsubscribe(&p->subscr);
write_unlock_bh(&tipc_nametbl_lock);
if (p != publ) {
diff --git a/net/tipc/node.c b/net/tipc/node.c
index 14f98c8..8926caa 100644
--- a/net/tipc/node.c
+++ b/net/tipc/node.c
@@ -327,7 +327,7 @@ static void node_cleanup_finished(unsigned long node_addr)
static void node_lost_contact(struct tipc_node *n_ptr)
{
- struct tipc_node_subscr *ns, *tns;
+ struct tipc_node_subscr *ns;
char addr_string[16];
u32 i;
@@ -365,11 +365,12 @@ static void node_lost_contact(struct tipc_node *n_ptr)
}
/* Notify subscribers */
- list_for_each_entry_safe(ns, tns, &n_ptr->nsub, nodesub_list) {
- ns->node = NULL;
- list_del_init(&ns->nodesub_list);
- tipc_k_signal((Handler)ns->handle_node_down,
- (unsigned long)ns->usr_handle);
+ list_for_each_entry(ns, &n_ptr->nsub, nodesub_list) {
+ if (ns->handle_node_down) {
+ tipc_k_signal((Handler)ns->handle_node_down,
+ (unsigned long)ns->usr_handle);
+ ns->handle_node_down = NULL;
+ }
}
/* Prevent re-contact with node until all cleanup is done */
--
1.7.3.3
next prev parent reply other threads:[~2011-03-13 21:34 UTC|newest]
Thread overview: 28+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-03-13 21:33 [PATCH net-next 00/26] tipc: Yet another mixed bag of updates Paul Gortmaker
2011-03-13 21:33 ` [PATCH net-next 01/26] tipc: Allow receiving into iovec containing multiple entries Paul Gortmaker
2011-03-13 21:33 ` [PATCH net-next 02/26] tipc: Correct broadcast link peer info when displaying links Paul Gortmaker
2011-03-13 21:33 ` [PATCH net-next 03/26] tipc: Add network address mask helper routines Paul Gortmaker
2011-03-13 21:33 ` Paul Gortmaker [this message]
2011-03-13 21:33 ` [PATCH net-next 05/26] tipc: Cosmetic changes to node subscription code Paul Gortmaker
2011-03-13 21:33 ` [PATCH net-next 06/26] tipc: Add support for SO_RCVTIMEO socket option Paul Gortmaker
2011-03-13 21:33 ` [PATCH net-next 07/26] tipc: Fix problem with missing link in "tipc-config -l" output Paul Gortmaker
2011-03-13 21:33 ` [PATCH net-next 08/26] tipc: Split up unified structure of network-related variables Paul Gortmaker
2011-03-13 21:33 ` [PATCH net-next 09/26] tipc: Eliminate configuration for maximum number of cluster nodes Paul Gortmaker
2011-03-13 21:33 ` [PATCH net-next 10/26] tipc: Convert node object array to a hash table Paul Gortmaker
2011-03-13 21:33 ` [PATCH net-next 11/26] tipc: manually inline net_start/stop, make assoc. vars static Paul Gortmaker
2011-03-13 21:34 ` [PATCH net-next 12/26] tipc: Eliminate timestamp from link protocol messages Paul Gortmaker
2011-03-13 21:34 ` [PATCH net-next 13/26] tipc: cosmetic - function names are not to be full sentences Paul Gortmaker
2011-03-13 21:34 ` [PATCH net-next 14/26] tipc: make msg_set_redundant_link() consistent with other set ops Paul Gortmaker
2011-03-13 21:34 ` [PATCH net-next 15/26] tipc: Fix redundant link field handling in link protocol message Paul Gortmaker
2011-03-13 21:34 ` [PATCH net-next 16/26] tipc: Cosmetic changes to neighbor discovery logic Paul Gortmaker
2011-03-13 21:34 ` [PATCH net-next 17/26] tipc: Give Tx of discovery responses priority over link messages Paul Gortmaker
2011-03-13 21:34 ` [PATCH net-next 18/26] tipc: Optimizations to link creation code Paul Gortmaker
2011-03-13 21:34 ` [PATCH net-next 19/26] tipc: Correct misnamed references to neighbor discovery domain Paul Gortmaker
2011-03-13 21:34 ` [PATCH net-next 20/26] tipc: Remove unused field in bearer structure Paul Gortmaker
2011-03-13 21:34 ` [PATCH net-next 21/26] tipc: Eliminate unnecessary constant for neighbor discovery msg size Paul Gortmaker
2011-03-13 21:34 ` [PATCH net-next 22/26] tipc: Don't respond to neighbor discovery request on blocked bearer Paul Gortmaker
2011-03-13 21:34 ` [PATCH net-next 23/26] tipc: Remove bearer flag indicating existence of broadcast address Paul Gortmaker
2011-03-13 21:34 ` [PATCH net-next 24/26] tipc: Eliminate remaining support for routing table messages Paul Gortmaker
2011-03-13 21:34 ` [PATCH net-next 25/26] tipc: Eliminate obsolete routine for handling routed messages Paul Gortmaker
2011-03-13 21:34 ` [PATCH net-next 26/26] tipc: Update maintenance information Paul Gortmaker
2011-03-14 1:53 ` [PATCH net-next 00/26] tipc: Yet another mixed bag of updates David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1300052054-7531-5-git-send-email-paul.gortmaker@windriver.com \
--to=paul.gortmaker@windriver.com \
--cc=Allan.Stephens@windriver.com \
--cc=davem@davemloft.net \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).