[lustre-devel] [PATCH 06/10] lnet: socklnd: fix infinite loop in ksocknal_push()
James Simmons
jsimmons at infradead.org
Sun Jul 21 19:12:18 PDT 2019
From: NeilBrown <neilb at suse.com>
If the list_for_each_entry() loop in ksocknal_push()
ever finds a match, then it will increment 'i', and the outer
loop will continue.
Once peer_off becomes larger than the number of matches
in a given chain, 'peer_ni' will be an invalid pointer, and
ksocknal_push_peer() will probably crash when called on it.
To abort the outer loop properly, we need to test if
"i <= peer_off", which indicates that all patching peers
have been found.
This bug can easily be reproduced by running
lctl --net tcp push
Signed-off-by: NeilBrown <neilb at suse.com>
WC-bug-id: https://jira.whamcloud.com/browse/LU-12101
Reviewed-on: https://review.whamcloud.com/34499
Reviewed-by: James Simmons <jsimmons at infradead.org>
Reviewed-by: Sonia Sharma <sharmaso at whamcloud.com>
Reviewed-by: Oleg Drokin <green at whamcloud.com>
Signed-off-by: James Simmons <jsimmons at infradead.org>
---
net/lnet/klnds/socklnd/socklnd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/net/lnet/klnds/socklnd/socklnd.c b/net/lnet/klnds/socklnd/socklnd.c
index 08feaf7..a422481 100644
--- a/net/lnet/klnds/socklnd/socklnd.c
+++ b/net/lnet/klnds/socklnd/socklnd.c
@@ -1952,7 +1952,7 @@ static int ksocknal_push(struct lnet_ni *ni, struct lnet_process_id id)
}
read_unlock(&ksocknal_data.ksnd_global_lock);
- if (!i) /* no match */
+ if (i <= peer_off) /* no match */
break;
rc = 0;
--
1.8.3.1
More information about the lustre-devel
mailing list