From: Jon Maloy <jon.maloy@ericsson.com>
Date: Wed, 18 Jul 2018 17:50:06 +0000 (+0200)
Subject: tipc: make link capability update thread safe
X-Git-Tag: v4.19-rc1~140^2~311
X-Git-Url: http://git.osdn.net/view?a=commitdiff_plain;h=40999f11ce677ce3c5d0e8f5f76c40192a26b479;p=uclinux-h8%2Flinux.git

tipc: make link capability update thread safe

The commit referred to below introduced an update of the link
capabilities field that is not safe. Given the recently added
feature to remove idle node and link items after 5 minutes, there
is a small risk that the update will happen at the very moment the
targeted link is being removed. To avoid this we have to perform
the update inside the node item's write lock protection.

Fixes: 9012de508956 ("tipc: add sequence number check for link STATE messages")
Signed-off-by: Jon Maloy <jon.maloy@ericsson.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
---

diff --git a/net/tipc/node.c b/net/tipc/node.c
index 52fd80b0e728..3819ab14e073 100644
--- a/net/tipc/node.c
+++ b/net/tipc/node.c
@@ -370,13 +370,17 @@ static struct tipc_node *tipc_node_create(struct net *net, u32 addr,
 	spin_lock_bh(&tn->node_list_lock);
 	n = tipc_node_find(net, addr);
 	if (n) {
+		if (n->capabilities == capabilities)
+			goto exit;
 		/* Same node may come back with new capabilities */
+		write_lock_bh(&n->lock);
 		n->capabilities = capabilities;
 		for (bearer_id = 0; bearer_id < MAX_BEARERS; bearer_id++) {
 			l = n->links[bearer_id].link;
 			if (l)
 				tipc_link_update_caps(l, capabilities);
 		}
+		write_unlock_bh(&n->lock);
 		goto exit;
 	}
 	n = kzalloc(sizeof(*n), GFP_ATOMIC);