git://git.whamcloud.com - fs/lustre-release.git/commit

author	NeilBrown <neilb@suse.com>
	Thu, 27 Jun 2019 15:18:36 +0000 (11:18 -0400)
committer	Oleg Drokin <green@whamcloud.com>
	Fri, 12 Jul 2019 05:21:43 +0000 (05:21 +0000)
commit	2bf657c025a593270e0ccbe5e8e2299355f8cf92
tree	765151f77b291780dfc6c87a0dd4f7817028dceb	tree \| snapshot
parent	76ca884398cae59e455caf3ae2ab1609c5fb1eea	commit \| diff

LU-12101 socklnd: fix infinite loop in ksocknal_push()

If the list_for_each_entry() loop in ksocknal_push()
ever finds a match, then it will increment 'i', and the outer
loop will continue.

Once peer_off becomes larger than the number of matches
in a given chain, 'peer_ni' will be an invalid pointer, and
ksocknal_push_peer() will probably crash when called on it.

To abort the outer loop properly, we need to test if
"i <= peer_off", which indicates that all patching peers
have been found.

This bug can easily be reproduced by running
lctl --net tcp push

Signed-off-by: Mr NeilBrown <neilb@suse.com>
Change-Id: I9468214c7e1a0154213586cac0deb61afaa1d53d
Reviewed-on: https://review.whamcloud.com/34499
Tested-by: jenkins <devops@whamcloud.com>
Tested-by: Maloo <maloo@whamcloud.com>
Reviewed-by: James Simmons <jsimmons@infradead.org>
Reviewed-by: Sonia Sharma <sharmaso@whamcloud.com>
Reviewed-by: Oleg Drokin <green@whamcloud.com>