libteam/SOURCES/libteam-teamd-lacp-fix-segfault-due-to-NULL-pointer-derefere.patch

From 4990a8cea7e9111cffe3842058942099a009ed62 Mon Sep 17 00:00:00 2001
Message-Id: <4990a8cea7e9111cffe3842058942099a009ed62.1588051704.git.lucien.xin@gmail.com>
In-Reply-To: <f32310b9a5cc0322d8f5c85d94e3866326bc68ce.1588051704.git.lucien.xin@gmail.com>
References: <f32310b9a5cc0322d8f5c85d94e3866326bc68ce.1588051704.git.lucien.xin@gmail.com>
From: Hangbin Liu <liuhangbin@gmail.com>
Date: Fri, 13 Dec 2019 22:17:14 +0800
Subject: [PATCH 4/4] teamd/lacp: fix segfault due to NULL pointer dereference

If we set a team0 link down with lacp mode, we will call like

  - lacp_port_agg_unselect()
    - lacp_switch_agg_lead()
      - teamd_log_dbg()

while the new_agg_lead in lacp_switch_agg_lead() may be NULL, then we
will got NULL pointer dereference as we called new_agg_lead->ctx in
new teamd_log_dbg().

Fix it by using agg_lead->ctx, which is safe as we referenced it in function
lacp_switch_agg_lead().

Fixes: f32310b9a5cc ("libteam: wapper teamd_log_dbg with teamd_log_dbgx")
Signed-off-by: Hangbin Liu <liuhangbin@gmail.com>
Signed-off-by: Jiri Pirko <jiri@mellanox.com>
---
 teamd/teamd_runner_lacp.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/teamd/teamd_runner_lacp.c b/teamd/teamd_runner_lacp.c
index 7d940b3..ec01237 100644
--- a/teamd/teamd_runner_lacp.c
+++ b/teamd/teamd_runner_lacp.c
@@ -634,7 +634,7 @@ static void lacp_switch_agg_lead(struct lacp_port *agg_lead,
 	struct teamd_port *tdport;
 	struct lacp_port *lacp_port;
 
-	teamd_log_dbg(new_agg_lead->ctx, "Renaming aggregator %u to %u",
+	teamd_log_dbg(agg_lead->ctx, "Renaming aggregator %u to %u",
 		      lacp_agg_id(agg_lead), lacp_agg_id(new_agg_lead));
 	if (lacp->selected_agg_lead == agg_lead)
 		lacp->selected_agg_lead = new_agg_lead;
-- 
2.1.0