All of lore.kernel.org
 help / color / mirror / Atom feed
* [B.A.T.M.A.N.] [PATCH v2 1/2] batman-adv: Avoid nullptr derefence in batadv_v_neigh_is_sob
@ 2016-05-06  9:43 Sven Eckelmann
  2016-05-06  9:43 ` [B.A.T.M.A.N.] [PATCH v2 2/2] batman-adv: Fix refcnt leak in batadv_v_* Sven Eckelmann
  2016-05-06 11:17 ` [B.A.T.M.A.N.] [PATCH v2 1/2] batman-adv: Avoid nullptr derefence in batadv_v_neigh_is_sob Marek Lindner
  0 siblings, 2 replies; 5+ messages in thread
From: Sven Eckelmann @ 2016-05-06  9:43 UTC (permalink / raw)
  To: b.a.t.m.a.n

batadv_neigh_ifinfo_get can return NULL when it cannot find (even when only
temporarily) anymore the neigh_ifinfo in the list neigh->ifinfo_list. This
has to be checked to avoid kernel Oopses when the ifinfo is dereferenced.

This a situation which isn't expected but is already handled by functions
like batadv_v_neigh_cmp. The same kind of warning is therefore used before
the function returns without dereferencing the pointers.

Fixes: b05bbab5e1fc ("batman-adv: B.A.T.M.A.N. V - implement neighbor comparison API calls")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
---
v2: Add patch to reduce the reference counter of these functions

 net/batman-adv/bat_v.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/net/batman-adv/bat_v.c b/net/batman-adv/bat_v.c
index 927d405..f271ae8 100644
--- a/net/batman-adv/bat_v.c
+++ b/net/batman-adv/bat_v.c
@@ -286,6 +286,9 @@ static bool batadv_v_neigh_is_sob(struct batadv_neigh_node *neigh1,
 	ifinfo1 = batadv_neigh_ifinfo_get(neigh1, if_outgoing1);
 	ifinfo2 = batadv_neigh_ifinfo_get(neigh2, if_outgoing2);
 
+	if (WARN_ON(!ifinfo1 || !ifinfo2))
+		return false;
+
 	threshold = ifinfo1->bat_v.throughput / 4;
 	threshold = ifinfo1->bat_v.throughput - threshold;
 
-- 
2.8.1


^ permalink raw reply related	[flat|nested] 5+ messages in thread
* [B.A.T.M.A.N.] [PATCH v2 2/2] batman-adv: Fix refcnt leak in batadv_v_*
  2016-05-06  9:43 [B.A.T.M.A.N.] [PATCH v2 1/2] batman-adv: Avoid nullptr derefence in batadv_v_neigh_is_sob Sven Eckelmann
@ 2016-05-06  9:43 ` Sven Eckelmann
  2016-05-06 10:07   ` Sven Eckelmann
  2016-05-06 11:20   ` Marek Lindner
  2016-05-06 11:17 ` [B.A.T.M.A.N.] [PATCH v2 1/2] batman-adv: Avoid nullptr derefence in batadv_v_neigh_is_sob Marek Lindner
  1 sibling, 2 replies; 5+ messages in thread
From: Sven Eckelmann @ 2016-05-06  9:43 UTC (permalink / raw)
  To: b.a.t.m.a.n

The functions batadv_neigh_ifinfo_get increase the reference counter of the
batadv_neigh_ifinfo. These have to be reduced again when the reference is
not used anymore to correctly free the objects.

Fixes: b05bbab5e1fc ("batman-adv: B.A.T.M.A.N. V - implement neighbor comparison API calls")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
---
v2: Add patch to reduce the reference counter of these functions

 net/batman-adv/bat_v.c | 32 +++++++++++++++++++++++++-------
 1 file changed, 25 insertions(+), 7 deletions(-)

diff --git a/net/batman-adv/bat_v.c b/net/batman-adv/bat_v.c
index f271ae8..b52d684 100644
--- a/net/batman-adv/bat_v.c
+++ b/net/batman-adv/bat_v.c
@@ -265,14 +265,23 @@ static int batadv_v_neigh_cmp(struct batadv_neigh_node *neigh1,
 			      struct batadv_hard_iface *if_outgoing2)
 {
 	struct batadv_neigh_ifinfo *ifinfo1, *ifinfo2;
+	int ret = 0;
 
 	ifinfo1 = batadv_neigh_ifinfo_get(neigh1, if_outgoing1);
+	if (WARN_ON(!ifinfo1))
+		goto err_ifinfo1;
+
 	ifinfo2 = batadv_neigh_ifinfo_get(neigh2, if_outgoing2);
+	if (WARN_ON(!ifinfo2))
+		goto err_ifinfo2;
 
-	if (WARN_ON(!ifinfo1 || !ifinfo2))
-		return 0;
+	ret = ifinfo1->bat_v.throughput - ifinfo2->bat_v.throughput;
 
-	return ifinfo1->bat_v.throughput - ifinfo2->bat_v.throughput;
+	batadv_neigh_ifinfo_put(ifinfo2);
+err_ifinfo2:
+	batadv_neigh_ifinfo_put(ifinfo1);
+err_ifinfo1:
+	return ret;
 }
 
 static bool batadv_v_neigh_is_sob(struct batadv_neigh_node *neigh1,
@@ -282,17 +291,26 @@ static bool batadv_v_neigh_is_sob(struct batadv_neigh_node *neigh1,
 {
 	struct batadv_neigh_ifinfo *ifinfo1, *ifinfo2;
 	u32 threshold;
+	bool ret = false;
 
 	ifinfo1 = batadv_neigh_ifinfo_get(neigh1, if_outgoing1);
-	ifinfo2 = batadv_neigh_ifinfo_get(neigh2, if_outgoing2);
+	if (WARN_ON(!ifinfo1))
+		goto err_ifinfo1;
 
-	if (WARN_ON(!ifinfo1 || !ifinfo2))
-		return false;
+	ifinfo2 = batadv_neigh_ifinfo_get(neigh2, if_outgoing2);
+	if (WARN_ON(!ifinfo2))
+		goto err_ifinfo2;
 
 	threshold = ifinfo1->bat_v.throughput / 4;
 	threshold = ifinfo1->bat_v.throughput - threshold;
 
-	return ifinfo2->bat_v.throughput > threshold;
+	ret = ifinfo2->bat_v.throughput > threshold;
+
+	batadv_neigh_ifinfo_put(ifinfo2);
+err_ifinfo2:
+	batadv_neigh_ifinfo_put(ifinfo1);
+err_ifinfo1:
+	return ret;
 }
 
 static struct batadv_algo_ops batadv_batman_v __read_mostly = {
-- 
2.8.1


^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [B.A.T.M.A.N.] [PATCH v2 2/2] batman-adv: Fix refcnt leak in batadv_v_*
  2016-05-06  9:43 ` [B.A.T.M.A.N.] [PATCH v2 2/2] batman-adv: Fix refcnt leak in batadv_v_* Sven Eckelmann
@ 2016-05-06 10:07   ` Sven Eckelmann
  2016-05-06 11:20   ` Marek Lindner
  1 sibling, 0 replies; 5+ messages in thread
From: Sven Eckelmann @ 2016-05-06 10:07 UTC (permalink / raw)
  To: b.a.t.m.a.n

[-- Attachment #1: Type: text/plain, Size: 211 bytes --]

Maybe it is better to rename the patch slightly.

    batman-adv: Fix refcnt leak in batadv_v_neigh_*

But I will not resent the patch for only this change when not explicitly asked 
for it.

Kind regards,
	Sven

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 819 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [B.A.T.M.A.N.] [PATCH v2 1/2] batman-adv: Avoid nullptr derefence in batadv_v_neigh_is_sob
  2016-05-06  9:43 [B.A.T.M.A.N.] [PATCH v2 1/2] batman-adv: Avoid nullptr derefence in batadv_v_neigh_is_sob Sven Eckelmann
  2016-05-06  9:43 ` [B.A.T.M.A.N.] [PATCH v2 2/2] batman-adv: Fix refcnt leak in batadv_v_* Sven Eckelmann
@ 2016-05-06 11:17 ` Marek Lindner
  1 sibling, 0 replies; 5+ messages in thread
From: Marek Lindner @ 2016-05-06 11:17 UTC (permalink / raw)
  To: b.a.t.m.a.n

[-- Attachment #1: Type: text/plain, Size: 842 bytes --]

On Friday, May 06, 2016 11:43:38 Sven Eckelmann wrote:
> batadv_neigh_ifinfo_get can return NULL when it cannot find (even when only
> temporarily) anymore the neigh_ifinfo in the list neigh->ifinfo_list. This
> has to be checked to avoid kernel Oopses when the ifinfo is dereferenced.
> 
> This a situation which isn't expected but is already handled by functions
> like batadv_v_neigh_cmp. The same kind of warning is therefore used before
> the function returns without dereferencing the pointers.
> 
> Fixes: b05bbab5e1fc ("batman-adv: B.A.T.M.A.N. V - implement neighbor
> comparison API calls") Signed-off-by: Sven Eckelmann <sven@narfation.org>
> ---
> v2: Add patch to reduce the reference counter of these functions
> 
>  net/batman-adv/bat_v.c | 3 +++
>  1 file changed, 3 insertions(+)

Applied in revision 036aa7b.

Thanks,
Marek

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 473 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [B.A.T.M.A.N.] [PATCH v2 2/2] batman-adv: Fix refcnt leak in batadv_v_*
  2016-05-06  9:43 ` [B.A.T.M.A.N.] [PATCH v2 2/2] batman-adv: Fix refcnt leak in batadv_v_* Sven Eckelmann
  2016-05-06 10:07   ` Sven Eckelmann
@ 2016-05-06 11:20   ` Marek Lindner
  1 sibling, 0 replies; 5+ messages in thread
From: Marek Lindner @ 2016-05-06 11:20 UTC (permalink / raw)
  To: b.a.t.m.a.n

[-- Attachment #1: Type: text/plain, Size: 647 bytes --]

On Friday, May 06, 2016 11:43:39 Sven Eckelmann wrote:
> The functions batadv_neigh_ifinfo_get increase the reference counter of the
> batadv_neigh_ifinfo. These have to be reduced again when the reference is
> not used anymore to correctly free the objects.
> 
> Fixes: b05bbab5e1fc ("batman-adv: B.A.T.M.A.N. V - implement neighbor
> comparison API calls") Signed-off-by: Sven Eckelmann <sven@narfation.org>
> ---
> v2: Add patch to reduce the reference counter of these functions
> 
>  net/batman-adv/bat_v.c | 32 +++++++++++++++++++++++++-------
>  1 file changed, 25 insertions(+), 7 deletions(-)

Applied in revision 650d41d.

Thanks,
Marek

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 473 bytes --]

^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2016-05-06 11:20 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-05-06  9:43 [B.A.T.M.A.N.] [PATCH v2 1/2] batman-adv: Avoid nullptr derefence in batadv_v_neigh_is_sob Sven Eckelmann
2016-05-06  9:43 ` [B.A.T.M.A.N.] [PATCH v2 2/2] batman-adv: Fix refcnt leak in batadv_v_* Sven Eckelmann
2016-05-06 10:07   ` Sven Eckelmann
2016-05-06 11:20   ` Marek Lindner
2016-05-06 11:17 ` [B.A.T.M.A.N.] [PATCH v2 1/2] batman-adv: Avoid nullptr derefence in batadv_v_neigh_is_sob Marek Lindner

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.