* [B.A.T.M.A.N.] [PATCH] batman-adv: compat: fix null pointer exception for kernels < 3.9
@ 2014-02-16 12:01 Linus Lüssing
2014-02-16 13:39 ` Antonio Quartulli
2014-02-18 4:45 ` Marek Lindner
0 siblings, 2 replies; 4+ messages in thread
From: Linus Lüssing @ 2014-02-16 12:01 UTC (permalink / raw)
To: b.a.t.m.a.n
The compat code of the new multicast patchset leads to null pointer
derefernces for kernels 3.9 in netdev_master_upper_dev_get_rcu(). This
is because the initially NULL is assigned to upper, which is equal to
dev. dev is dereferenced one line later, though, leading to a crash.
Fixing this by assigning NULL only when we are sure that the according
pointer is not going to be dereferenced anymore.
Introduced by: 532cadf26cfbb1099ef31fae9ccafcbbfc37b9b5
("batman-adv: Multicast Listener Announcements via Translation Table")
Reported-by: Marek Lindner <mareklindner@neomailbox.ch>
Signed-off-by: Linus Lüssing <linus.luessing@web.de>
---
compat.h | 10 ++++++----
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/compat.h b/compat.h
index 7a3d235..7beba36 100644
--- a/compat.h
+++ b/compat.h
@@ -162,12 +162,13 @@ static inline int batadv_param_set_copystring(const char *val,
#define NET_ADDR_RANDOM 0
#define netdev_master_upper_dev_get_rcu(dev) \
- NULL; \
+ upper; \
if (dev->br_port ? 1 : 0) { \
rcu_read_unlock(); \
dev_hold(dev); \
return dev; \
- }
+ } else \
+ dev = NULL;
#endif /* < KERNEL_VERSION(2, 6, 36) */
@@ -371,12 +372,13 @@ static int __batadv_interface_tx(struct sk_buff *skb, \
#ifndef netdev_master_upper_dev_get_rcu
#define netdev_master_upper_dev_get_rcu(dev) \
- NULL; \
+ upper; \
if (dev->priv_flags & IFF_BRIDGE_PORT) { \
rcu_read_unlock(); \
dev_hold(dev); \
return dev; \
- }
+ } else \
+ dev = NULL;
#endif /* netdev_master_upper_dev_get_rcu */
--
1.7.10.4
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [B.A.T.M.A.N.] [PATCH] batman-adv: compat: fix null pointer exception for kernels < 3.9
2014-02-16 12:01 [B.A.T.M.A.N.] [PATCH] batman-adv: compat: fix null pointer exception for kernels < 3.9 Linus Lüssing
@ 2014-02-16 13:39 ` Antonio Quartulli
2014-02-16 18:09 ` Antonio Quartulli
2014-02-18 4:45 ` Marek Lindner
1 sibling, 1 reply; 4+ messages in thread
From: Antonio Quartulli @ 2014-02-16 13:39 UTC (permalink / raw)
To: The list for a Better Approach To Mobile Ad-hoc Networking,
Linus Lüssing
[-- Attachment #1: Type: text/plain, Size: 1146 bytes --]
On 16/02/14 13:01, Linus Lüssing wrote:
> @@ -371,12 +372,13 @@ static int __batadv_interface_tx(struct sk_buff *skb, \
>
> #ifndef netdev_master_upper_dev_get_rcu
> #define netdev_master_upper_dev_get_rcu(dev) \
> - NULL; \
> + upper; \
> if (dev->priv_flags & IFF_BRIDGE_PORT) { \
> rcu_read_unlock(); \
> dev_hold(dev); \
> return dev; \
> - }
> + } else \
> + dev = NULL;
>
Following your patch the code in multicast.c will become:
172 do {
173 upper = upper;
if (dev->priv_flags & IFF_BRIDGE_PORT) {
rcu_read_unlock();
dev_hold(dev);
return dev;
} else
dev = NULL;
174 } while (upper && !(upper->priv_flags & IFF_EBRIDGE));
am I wrong or this is going to break the while? I think there is a
missing '}'.
What about a simplified version like this:
#define netdev_master_upper_dev_get_rcu(dev) \
- NULL; \
- if (dev->priv_flags & IFF_BRIDGE_PORT) { \
+ ({if (dev->priv_flags & IFF_BRIDGE_PORT) { \
rcu_read_unlock(); \
dev_hold(dev); \
return dev; \
- }
+ }\
+ NULL;})
Cheers,
--
Antonio Quartulli
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [B.A.T.M.A.N.] [PATCH] batman-adv: compat: fix null pointer exception for kernels < 3.9
2014-02-16 13:39 ` Antonio Quartulli
@ 2014-02-16 18:09 ` Antonio Quartulli
0 siblings, 0 replies; 4+ messages in thread
From: Antonio Quartulli @ 2014-02-16 18:09 UTC (permalink / raw)
To: The list for a Better Approach To Mobile Ad-hoc Networking,
Linus Lüssing
[-- Attachment #1: Type: text/plain, Size: 1030 bytes --]
On 16/02/14 14:39, Antonio Quartulli wrote:
> On 16/02/14 13:01, Linus Lüssing wrote:
>> @@ -371,12 +372,13 @@ static int __batadv_interface_tx(struct sk_buff *skb, \
>>
>> #ifndef netdev_master_upper_dev_get_rcu
>> #define netdev_master_upper_dev_get_rcu(dev) \
>> - NULL; \
>> + upper; \
>> if (dev->priv_flags & IFF_BRIDGE_PORT) { \
>> rcu_read_unlock(); \
>> dev_hold(dev); \
>> return dev; \
>> - }
>> + } else \
>> + dev = NULL;
>>
>
> Following your patch the code in multicast.c will become:
>
> 172 do {
> 173 upper = upper;
> if (dev->priv_flags & IFF_BRIDGE_PORT) {
> rcu_read_unlock();
> dev_hold(dev);
> return dev;
> } else
> dev = NULL;
> 174 } while (upper && !(upper->priv_flags & IFF_EBRIDGE));
>
> am I wrong or this is going to break the while? I think there is a
> missing '}'.
>
I was wrong. I just dreamt of a '{' after "else".
Forget about this comment.
Cheers,
--
Antonio Quartulli
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 836 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [B.A.T.M.A.N.] [PATCH] batman-adv: compat: fix null pointer exception for kernels < 3.9
2014-02-16 12:01 [B.A.T.M.A.N.] [PATCH] batman-adv: compat: fix null pointer exception for kernels < 3.9 Linus Lüssing
2014-02-16 13:39 ` Antonio Quartulli
@ 2014-02-18 4:45 ` Marek Lindner
1 sibling, 0 replies; 4+ messages in thread
From: Marek Lindner @ 2014-02-18 4:45 UTC (permalink / raw)
To: b.a.t.m.a.n
[-- Attachment #1: Type: text/plain, Size: 874 bytes --]
On Sunday 16 February 2014 13:01:02 Linus Lüssing wrote:
> The compat code of the new multicast patchset leads to null pointer
> derefernces for kernels 3.9 in netdev_master_upper_dev_get_rcu(). This
> is because the initially NULL is assigned to upper, which is equal to
> dev. dev is dereferenced one line later, though, leading to a crash.
>
> Fixing this by assigning NULL only when we are sure that the according
> pointer is not going to be dereferenced anymore.
>
> Introduced by: 532cadf26cfbb1099ef31fae9ccafcbbfc37b9b5
> ("batman-adv: Multicast Listener Announcements via Translation Table")
>
> Reported-by: Marek Lindner <mareklindner@neomailbox.ch>
> Signed-off-by: Linus Lüssing <linus.luessing@web.de>
> ---
> compat.h | 10 ++++++----
> 1 file changed, 6 insertions(+), 4 deletions(-)
Applied in revision 65d8217.
Thanks,
Marek
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 490 bytes --]
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2014-02-18 4:45 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-02-16 12:01 [B.A.T.M.A.N.] [PATCH] batman-adv: compat: fix null pointer exception for kernels < 3.9 Linus Lüssing
2014-02-16 13:39 ` Antonio Quartulli
2014-02-16 18:09 ` Antonio Quartulli
2014-02-18 4:45 ` Marek Lindner
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).