From: Vignesh Viswanathan Date: Fri, 14 Jul 2023 05:58:45 +0000 (+0530) Subject: net: qrtr: ns: Change nodes radix tree to xarray X-Git-Tag: v6.6.7~2079^2~391^2~1 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=f26b32ef2fe6f7ae0ba56854e666339e105610ad;p=platform%2Fkernel%2Flinux-starfive.git net: qrtr: ns: Change nodes radix tree to xarray There is a use after free scenario while iterating through the nodes radix tree despite the ns being a single threaded process. This can happen when the radix tree APIs are not synchronized with the rcu_read_lock() APIs. Convert the radix tree for nodes to xarray to take advantage of the built in rcu lock usage provided by xarray. Signed-off-by: Chris Lew Signed-off-by: Vignesh Viswanathan Reviewed-by: Simon Horman Signed-off-by: David S. Miller --- diff --git a/net/qrtr/ns.c b/net/qrtr/ns.c index af28d9e..b1db0b5 100644 --- a/net/qrtr/ns.c +++ b/net/qrtr/ns.c @@ -16,7 +16,7 @@ #define CREATE_TRACE_POINTS #include -static RADIX_TREE(nodes, GFP_KERNEL); +static DEFINE_XARRAY(nodes); static struct { struct socket *sock; @@ -73,7 +73,7 @@ static struct qrtr_node *node_get(unsigned int node_id) { struct qrtr_node *node; - node = radix_tree_lookup(&nodes, node_id); + node = xa_load(&nodes, node_id); if (node) return node; @@ -85,7 +85,7 @@ static struct qrtr_node *node_get(unsigned int node_id) node->id = node_id; xa_init(&node->servers); - if (radix_tree_insert(&nodes, node_id, node)) { + if (xa_store(&nodes, node_id, node, GFP_KERNEL)) { kfree(node); return NULL; }