Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1753670AbbGBIa3 (ORCPT ); Thu, 2 Jul 2015 04:30:29 -0400 Received: from mail-wi0-f179.google.com ([209.85.212.179]:33458 "EHLO mail-wi0-f179.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752179AbbGBI3N (ORCPT ); Thu, 2 Jul 2015 04:29:13 -0400 From: David Herrmann To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , daniel@zonque.org, tixxdz@opendz.org, David Herrmann Subject: [PATCH 6/6] kdbus: fix NULL-deref in activator cleanup Date: Thu, 2 Jul 2015 10:28:34 +0200 Message-Id: <1435825714-3567-7-git-send-email-dh.herrmann@gmail.com> X-Mailer: git-send-email 2.4.5 In-Reply-To: <1435825714-3567-1-git-send-email-dh.herrmann@gmail.com> References: <1435825714-3567-1-git-send-email-dh.herrmann@gmail.com> Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 1141 Lines: 34 Right now, we always assume an activator has a valid name and conn->activator_of is set. However, this assumption is not true if the setup of the activator fails. In those cases, the ->flags field indicates an activator, but the name might not have been claimed, yet. Fix the destructor of connections to not assume all activators have claimed names. Signed-off-by: David Herrmann --- ipc/kdbus/names.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/ipc/kdbus/names.c b/ipc/kdbus/names.c index d77ee08..057f806 100644 --- a/ipc/kdbus/names.c +++ b/ipc/kdbus/names.c @@ -444,7 +444,7 @@ void kdbus_name_release_all(struct kdbus_name_registry *reg, down_write(®->rwlock); - if (kdbus_conn_is_activator(conn)) { + if (conn->activator_of) { activator = conn->activator_of->activator; conn->activator_of->activator = NULL; } -- 2.4.5 -- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/