4.9-stable review patch. If anyone has any objections, please let me know.
------------------
From: Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan@xxxxxxxxxxxx>
[ Upstream commit 4c887aa65d38633885010277f3482400681be719 ]
In tipc_conn_sendmsg(), we first queue the request to the outqueue
followed by the connection state check. If the connection is not
connected, we should not queue this message.
In this commit, we reject the messages if the connection state is
not CF_CONNECTED.
Acked-by: Ying Xue <ying.xue@xxxxxxxxxxxxx>
Acked-by: Jon Maloy <jon.maloy@xxxxxxxxxxxx>
Tested-by: John Thompson <thompa.atl@xxxxxxxxx>
Signed-off-by: Parthasarathy Bhuvaragan <parthasarathy.bhuvaragan@xxxxxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Sasha Levin <alexander.levin@xxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
net/tipc/server.c | 13 +++++++------
1 file changed, 7 insertions(+), 6 deletions(-)
--- a/net/tipc/server.c
+++ b/net/tipc/server.c
@@ -458,6 +458,11 @@ int tipc_conn_sendmsg(struct tipc_server
if (!con)
return -EINVAL;
+ if (!test_bit(CF_CONNECTED, &con->flags)) {
+ conn_put(con);
+ return 0;
+ }
+
e = tipc_alloc_entry(data, len);
if (!e) {
conn_put(con);
@@ -471,12 +476,8 @@ int tipc_conn_sendmsg(struct tipc_server
list_add_tail(&e->list, &con->outqueue);
spin_unlock_bh(&con->outqueue_lock);
- if (test_bit(CF_CONNECTED, &con->flags)) {
- if (!queue_work(s->send_wq, &con->swork))
- conn_put(con);
- } else {
+ if (!queue_work(s->send_wq, &con->swork))
conn_put(con);
- }
return 0;
}
@@ -500,7 +501,7 @@ static void tipc_send_to_sock(struct tip
int ret;
spin_lock_bh(&con->outqueue_lock);
- while (1) {
+ while (test_bit(CF_CONNECTED, &con->flags)) {
e = list_entry(con->outqueue.next, struct outqueue_entry,
list);
if ((struct list_head *) e == &con->outqueue)