If we set a team0 link down with lacp mode, we will call like
- lacp_port_agg_unselect() - lacp_switch_agg_lead() - teamd_log_dbg()
while the new_agg_lead in lacp_switch_agg_lead() may be NULL, then we will got NULL pointer dereference as we called new_agg_lead->ctx in new teamd_log_dbg().
Fix it by using agg_lead->ctx, which is safe as we referenced it in function lacp_switch_agg_lead().
Fixes: f32310b9a5cc ("libteam: wapper teamd_log_dbg with teamd_log_dbgx") Signed-off-by: Hangbin Liu liuhangbin@gmail.com --- teamd/teamd_runner_lacp.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/teamd/teamd_runner_lacp.c b/teamd/teamd_runner_lacp.c index 7d940b3..ec01237 100644 --- a/teamd/teamd_runner_lacp.c +++ b/teamd/teamd_runner_lacp.c @@ -634,7 +634,7 @@ static void lacp_switch_agg_lead(struct lacp_port *agg_lead, struct teamd_port *tdport; struct lacp_port *lacp_port;
- teamd_log_dbg(new_agg_lead->ctx, "Renaming aggregator %u to %u", + teamd_log_dbg(agg_lead->ctx, "Renaming aggregator %u to %u", lacp_agg_id(agg_lead), lacp_agg_id(new_agg_lead)); if (lacp->selected_agg_lead == agg_lead) lacp->selected_agg_lead = new_agg_lead;
Fri, Dec 13, 2019 at 03:17:14PM CET, liuhangbin@gmail.com wrote:
If we set a team0 link down with lacp mode, we will call like
- lacp_port_agg_unselect()
- lacp_switch_agg_lead()
- teamd_log_dbg()
while the new_agg_lead in lacp_switch_agg_lead() may be NULL, then we will got NULL pointer dereference as we called new_agg_lead->ctx in new teamd_log_dbg().
Fix it by using agg_lead->ctx, which is safe as we referenced it in function lacp_switch_agg_lead().
Fixes: f32310b9a5cc ("libteam: wapper teamd_log_dbg with teamd_log_dbgx") Signed-off-by: Hangbin Liu liuhangbin@gmail.com
applied, thanks.
libteam@lists.fedorahosted.org
-
Hangbin Liu -
Jiri Pirko