0dcb82254d
llc_sap_put() decreases the refcnt before deleting sap from the global list. Therefore, there is a chance llc_sap_find() could find a sap with zero refcnt in this global list. Close this race condition by checking if refcnt is zero or not in llc_sap_find(), if it is zero then it is being removed so we can just treat it as gone. Reported-by: <syzbot+278893f3f7803871f7ce@syzkaller.appspotmail.com> Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> |
||
---|---|---|
.. | ||
Kconfig | ||
Makefile | ||
af_llc.c | ||
llc_c_ac.c | ||
llc_c_ev.c | ||
llc_c_st.c | ||
llc_conn.c | ||
llc_core.c | ||
llc_if.c | ||
llc_input.c | ||
llc_output.c | ||
llc_pdu.c | ||
llc_proc.c | ||
llc_s_ac.c | ||
llc_s_ev.c | ||
llc_s_st.c | ||
llc_sap.c | ||
llc_station.c | ||
sysctl_net_llc.c |