From: Erik Hugne Date: Wed, 3 Dec 2014 15:58:40 +0000 (+0100) Subject: tipc: fix missing spinlock init and nullptr oops X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=4988bb4a3f0b3b0273c21c6c52f2730f55693b42;p=GitHub%2Fexynos8895%2Fandroid_kernel_samsung_universal8895.git tipc: fix missing spinlock init and nullptr oops commit 908344cdda80 ("tipc: fix bug in multicast congestion handling") introduced two bugs with the bclink wakeup function. This commit fixes the missing spinlock init for the waiting_sks list. We also eliminate the race condition between the waiting_sks length check/dequeue operations in tipc_bclink_wakeup_users by simply removing the redundant length check. Signed-off-by: Erik Hugne Acked-by: Tero Aho Signed-off-by: David S. Miller --- diff --git a/net/tipc/bcast.c b/net/tipc/bcast.c index f0761c771734..96ceefeb9daf 100644 --- a/net/tipc/bcast.c +++ b/net/tipc/bcast.c @@ -233,8 +233,11 @@ static void bclink_retransmit_pkt(u32 after, u32 to) */ void tipc_bclink_wakeup_users(void) { - while (skb_queue_len(&bclink->link.waiting_sks)) - tipc_sk_rcv(skb_dequeue(&bclink->link.waiting_sks)); + struct sk_buff *skb; + + while ((skb = skb_dequeue(&bclink->link.waiting_sks))) + tipc_sk_rcv(skb); + } /** @@ -950,7 +953,7 @@ int tipc_bclink_init(void) spin_lock_init(&bclink->lock); __skb_queue_head_init(&bcl->outqueue); __skb_queue_head_init(&bcl->deferred_queue); - __skb_queue_head_init(&bcl->waiting_sks); + skb_queue_head_init(&bcl->waiting_sks); bcl->next_out_no = 1; spin_lock_init(&bclink->node.lock); __skb_queue_head_init(&bclink->node.waiting_sks);