* [B.A.T.M.A.N.] [PATCH v2 1/2] batman-adv: Avoid nullptr derefence in batadv_v_neigh_is_sob
@ 2016-05-06 9:43 Sven Eckelmann
2016-05-06 9:43 ` [B.A.T.M.A.N.] [PATCH v2 2/2] batman-adv: Fix refcnt leak in batadv_v_* Sven Eckelmann
2016-05-06 11:17 ` [B.A.T.M.A.N.] [PATCH v2 1/2] batman-adv: Avoid nullptr derefence in batadv_v_neigh_is_sob Marek Lindner
0 siblings, 2 replies; 5+ messages in thread
From: Sven Eckelmann @ 2016-05-06 9:43 UTC (permalink / raw)
To: b.a.t.m.a.n
batadv_neigh_ifinfo_get can return NULL when it cannot find (even when only
temporarily) anymore the neigh_ifinfo in the list neigh->ifinfo_list. This
has to be checked to avoid kernel Oopses when the ifinfo is dereferenced.
This a situation which isn't expected but is already handled by functions
like batadv_v_neigh_cmp. The same kind of warning is therefore used before
the function returns without dereferencing the pointers.
Fixes: b05bbab5e1fc ("batman-adv: B.A.T.M.A.N. V - implement neighbor comparison API calls")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
---
v2: Add patch to reduce the reference counter of these functions
net/batman-adv/bat_v.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/net/batman-adv/bat_v.c b/net/batman-adv/bat_v.c
index 927d405..f271ae8 100644
--- a/net/batman-adv/bat_v.c
+++ b/net/batman-adv/bat_v.c
@@ -286,6 +286,9 @@ static bool batadv_v_neigh_is_sob(struct batadv_neigh_node *neigh1,
ifinfo1 = batadv_neigh_ifinfo_get(neigh1, if_outgoing1);
ifinfo2 = batadv_neigh_ifinfo_get(neigh2, if_outgoing2);
+ if (WARN_ON(!ifinfo1 || !ifinfo2))
+ return false;
+
threshold = ifinfo1->bat_v.throughput / 4;
threshold = ifinfo1->bat_v.throughput - threshold;
--
2.8.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* [B.A.T.M.A.N.] [PATCH v2 2/2] batman-adv: Fix refcnt leak in batadv_v_*
2016-05-06 9:43 [B.A.T.M.A.N.] [PATCH v2 1/2] batman-adv: Avoid nullptr derefence in batadv_v_neigh_is_sob Sven Eckelmann
@ 2016-05-06 9:43 ` Sven Eckelmann
2016-05-06 10:07 ` Sven Eckelmann
2016-05-06 11:20 ` Marek Lindner
2016-05-06 11:17 ` [B.A.T.M.A.N.] [PATCH v2 1/2] batman-adv: Avoid nullptr derefence in batadv_v_neigh_is_sob Marek Lindner
1 sibling, 2 replies; 5+ messages in thread
From: Sven Eckelmann @ 2016-05-06 9:43 UTC (permalink / raw)
To: b.a.t.m.a.n
The functions batadv_neigh_ifinfo_get increase the reference counter of the
batadv_neigh_ifinfo. These have to be reduced again when the reference is
not used anymore to correctly free the objects.
Fixes: b05bbab5e1fc ("batman-adv: B.A.T.M.A.N. V - implement neighbor comparison API calls")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
---
v2: Add patch to reduce the reference counter of these functions
net/batman-adv/bat_v.c | 32 +++++++++++++++++++++++++-------
1 file changed, 25 insertions(+), 7 deletions(-)
diff --git a/net/batman-adv/bat_v.c b/net/batman-adv/bat_v.c
index f271ae8..b52d684 100644
--- a/net/batman-adv/bat_v.c
+++ b/net/batman-adv/bat_v.c
@@ -265,14 +265,23 @@ static int batadv_v_neigh_cmp(struct batadv_neigh_node *neigh1,
struct batadv_hard_iface *if_outgoing2)
{
struct batadv_neigh_ifinfo *ifinfo1, *ifinfo2;
+ int ret = 0;
ifinfo1 = batadv_neigh_ifinfo_get(neigh1, if_outgoing1);
+ if (WARN_ON(!ifinfo1))
+ goto err_ifinfo1;
+
ifinfo2 = batadv_neigh_ifinfo_get(neigh2, if_outgoing2);
+ if (WARN_ON(!ifinfo2))
+ goto err_ifinfo2;
- if (WARN_ON(!ifinfo1 || !ifinfo2))
- return 0;
+ ret = ifinfo1->bat_v.throughput - ifinfo2->bat_v.throughput;
- return ifinfo1->bat_v.throughput - ifinfo2->bat_v.throughput;
+ batadv_neigh_ifinfo_put(ifinfo2);
+err_ifinfo2:
+ batadv_neigh_ifinfo_put(ifinfo1);
+err_ifinfo1:
+ return ret;
}
static bool batadv_v_neigh_is_sob(struct batadv_neigh_node *neigh1,
@@ -282,17 +291,26 @@ static bool batadv_v_neigh_is_sob(struct batadv_neigh_node *neigh1,
{
struct batadv_neigh_ifinfo *ifinfo1, *ifinfo2;
u32 threshold;
+ bool ret = false;
ifinfo1 = batadv_neigh_ifinfo_get(neigh1, if_outgoing1);
- ifinfo2 = batadv_neigh_ifinfo_get(neigh2, if_outgoing2);
+ if (WARN_ON(!ifinfo1))
+ goto err_ifinfo1;
- if (WARN_ON(!ifinfo1 || !ifinfo2))
- return false;
+ ifinfo2 = batadv_neigh_ifinfo_get(neigh2, if_outgoing2);
+ if (WARN_ON(!ifinfo2))
+ goto err_ifinfo2;
threshold = ifinfo1->bat_v.throughput / 4;
threshold = ifinfo1->bat_v.throughput - threshold;
- return ifinfo2->bat_v.throughput > threshold;
+ ret = ifinfo2->bat_v.throughput > threshold;
+
+ batadv_neigh_ifinfo_put(ifinfo2);
+err_ifinfo2:
+ batadv_neigh_ifinfo_put(ifinfo1);
+err_ifinfo1:
+ return ret;
}
static struct batadv_algo_ops batadv_batman_v __read_mostly = {
--
2.8.1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [B.A.T.M.A.N.] [PATCH v2 2/2] batman-adv: Fix refcnt leak in batadv_v_*
2016-05-06 9:43 ` [B.A.T.M.A.N.] [PATCH v2 2/2] batman-adv: Fix refcnt leak in batadv_v_* Sven Eckelmann
@ 2016-05-06 10:07 ` Sven Eckelmann
2016-05-06 11:20 ` Marek Lindner
1 sibling, 0 replies; 5+ messages in thread
From: Sven Eckelmann @ 2016-05-06 10:07 UTC (permalink / raw)
To: b.a.t.m.a.n
[-- Attachment #1: Type: text/plain, Size: 211 bytes --]
Maybe it is better to rename the patch slightly.
batman-adv: Fix refcnt leak in batadv_v_neigh_*
But I will not resent the patch for only this change when not explicitly asked
for it.
Kind regards,
Sven
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [B.A.T.M.A.N.] [PATCH v2 1/2] batman-adv: Avoid nullptr derefence in batadv_v_neigh_is_sob
2016-05-06 9:43 [B.A.T.M.A.N.] [PATCH v2 1/2] batman-adv: Avoid nullptr derefence in batadv_v_neigh_is_sob Sven Eckelmann
2016-05-06 9:43 ` [B.A.T.M.A.N.] [PATCH v2 2/2] batman-adv: Fix refcnt leak in batadv_v_* Sven Eckelmann
@ 2016-05-06 11:17 ` Marek Lindner
1 sibling, 0 replies; 5+ messages in thread
From: Marek Lindner @ 2016-05-06 11:17 UTC (permalink / raw)
To: b.a.t.m.a.n
[-- Attachment #1: Type: text/plain, Size: 842 bytes --]
On Friday, May 06, 2016 11:43:38 Sven Eckelmann wrote:
> batadv_neigh_ifinfo_get can return NULL when it cannot find (even when only
> temporarily) anymore the neigh_ifinfo in the list neigh->ifinfo_list. This
> has to be checked to avoid kernel Oopses when the ifinfo is dereferenced.
>
> This a situation which isn't expected but is already handled by functions
> like batadv_v_neigh_cmp. The same kind of warning is therefore used before
> the function returns without dereferencing the pointers.
>
> Fixes: b05bbab5e1fc ("batman-adv: B.A.T.M.A.N. V - implement neighbor
> comparison API calls") Signed-off-by: Sven Eckelmann <sven@narfation.org>
> ---
> v2: Add patch to reduce the reference counter of these functions
>
> net/batman-adv/bat_v.c | 3 +++
> 1 file changed, 3 insertions(+)
Applied in revision 036aa7b.
Thanks,
Marek
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 473 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [B.A.T.M.A.N.] [PATCH v2 2/2] batman-adv: Fix refcnt leak in batadv_v_*
2016-05-06 9:43 ` [B.A.T.M.A.N.] [PATCH v2 2/2] batman-adv: Fix refcnt leak in batadv_v_* Sven Eckelmann
2016-05-06 10:07 ` Sven Eckelmann
@ 2016-05-06 11:20 ` Marek Lindner
1 sibling, 0 replies; 5+ messages in thread
From: Marek Lindner @ 2016-05-06 11:20 UTC (permalink / raw)
To: b.a.t.m.a.n
[-- Attachment #1: Type: text/plain, Size: 647 bytes --]
On Friday, May 06, 2016 11:43:39 Sven Eckelmann wrote:
> The functions batadv_neigh_ifinfo_get increase the reference counter of the
> batadv_neigh_ifinfo. These have to be reduced again when the reference is
> not used anymore to correctly free the objects.
>
> Fixes: b05bbab5e1fc ("batman-adv: B.A.T.M.A.N. V - implement neighbor
> comparison API calls") Signed-off-by: Sven Eckelmann <sven@narfation.org>
> ---
> v2: Add patch to reduce the reference counter of these functions
>
> net/batman-adv/bat_v.c | 32 +++++++++++++++++++++++++-------
> 1 file changed, 25 insertions(+), 7 deletions(-)
Applied in revision 650d41d.
Thanks,
Marek
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 473 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2016-05-06 11:20 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-05-06 9:43 [B.A.T.M.A.N.] [PATCH v2 1/2] batman-adv: Avoid nullptr derefence in batadv_v_neigh_is_sob Sven Eckelmann
2016-05-06 9:43 ` [B.A.T.M.A.N.] [PATCH v2 2/2] batman-adv: Fix refcnt leak in batadv_v_* Sven Eckelmann
2016-05-06 10:07 ` Sven Eckelmann
2016-05-06 11:20 ` Marek Lindner
2016-05-06 11:17 ` [B.A.T.M.A.N.] [PATCH v2 1/2] batman-adv: Avoid nullptr derefence in batadv_v_neigh_is_sob Marek Lindner
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.