813fb06fe6
[ Upstream commit 0dcb82254d65f72333aa50ad626d1e9665ad093b ] llc_sap_put() decreases the refcnt before deleting sap from the global list. Therefore, there is a chance llc_sap_find() could find a sap with zero refcnt in this global list. Close this race condition by checking if refcnt is zero or not in llc_sap_find(), if it is zero then it is being removed so we can just treat it as gone. Reported-by: <syzbot+278893f3f7803871f7ce@syzkaller.appspotmail.com> Signed-off-by: Cong Wang <xiyou.wangcong@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
||
|---|---|---|
| .. | ||
| af_llc.c | ||
| Kconfig | ||
| llc_c_ac.c | ||
| llc_c_ev.c | ||
| llc_c_st.c | ||
| llc_conn.c | ||
| llc_core.c | ||
| llc_if.c | ||
| llc_input.c | ||
| llc_output.c | ||
| llc_pdu.c | ||
| llc_proc.c | ||
| llc_s_ac.c | ||
| llc_s_ev.c | ||
| llc_s_st.c | ||
| llc_sap.c | ||
| llc_station.c | ||
| Makefile | ||
| sysctl_net_llc.c | ||