teamd/lacp: fix segfault due to NULL pointer dereference

If we set a team0 link down with lacp mode, we will call like - lacp_port_agg_unselect() - lacp_switch_agg_lead() - teamd_log_dbg() while the new_agg_lead in lacp_switch_agg_lead() may be NULL, then we will got NULL pointer dereference as we called new_agg_lead->ctx in new teamd_log_dbg(). Fix it by using agg_lead->ctx, which is safe as we referenced it in function lacp_switch_agg_lead(). Fixes: f32310b ("libteam: wapper teamd_log_dbg with teamd_log_dbgx") Signed-off-by: Hangbin Liu <liuhangbin@gmail.com> Signed-off-by: Jiri Pirko <jiri@mellanox.com>
jpirko · Jan 9, 2020 · 4990a8c · 4990a8c
1 parent 575edc0
commit 4990a8c
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/teamd/teamd_runner_lacp.c b/teamd/teamd_runner_lacp.c
@@ -634,7 +634,7 @@ static void lacp_switch_agg_lead(struct lacp_port *agg_lead,
 	struct teamd_port *tdport;
 	struct lacp_port *lacp_port;
 
-	teamd_log_dbg(new_agg_lead->ctx, "Renaming aggregator %u to %u",
+	teamd_log_dbg(agg_lead->ctx, "Renaming aggregator %u to %u",
 		      lacp_agg_id(agg_lead), lacp_agg_id(new_agg_lead));
 	if (lacp->selected_agg_lead == agg_lead)
 		lacp->selected_agg_lead = new_agg_lead;