Commit affc8230 authored Sep 13, 2019 by Chris Lew

net: qrtr: Prevent node assign for released nodes



When flushing the rx thread in __qrtr_node_release, there is a chance
one of the packets in the rx queue will trigger a node assign that
re-inserts the node into the radix tree.

At this time, it is possible for node lookup to find the released node
in the radix tree. This will lead to clients attempting to acquire
the node after it has been released.

Change the node assign function to only insert nodes if it exists in
the qrtr_all_epts list. This prevent re-inserting the node into the
radix tree.

Change-Id: Ia4ead5c095ca253a9096f0db529fcd2b40e0c86a
Signed-off-by: Chris Lew <clew@codeaurora.org>

parent c555fe48

net/qrtr/qrtr.c

+11 −4

Original line number	Diff line number	Diff line
		@@ -609,11 +609,18 @@ static void qrtr_node_assign(struct qrtr_node *node, unsigned int nid)
		if (tnode)
		return;

		/* If the node is not in qrtr_all_epts, it is being released and should
		* not be inserted into the lookup table.
		*/
		down_write(&qrtr_node_lock);
		list_for_each_entry(tnode, &qrtr_all_epts, item) {
		if (tnode == node) {
		radix_tree_insert(&qrtr_nodes, nid, node);

		if (node->nid == QRTR_EP_NID_AUTO)
		node->nid = nid;
		break;
		}
		}
		up_write(&qrtr_node_lock);

		snprintf(name, sizeof(name), "qrtr_%d", nid);