From: Antonio Quartulli <a@unstable.cc>
To: davem@davemloft.net
Cc: netdev@vger.kernel.org, b.a.t.m.a.n@lists.open-mesh.org,
Antonio Quartulli <a@unstable.cc>,
Marek Lindner <mareklindner@neomailbox.ch>
Subject: [B.A.T.M.A.N.] [PATCH 4/5] batman-adv: Reduce refcnt of removed router when updating route
Date: Tue, 26 Apr 2016 11:27:18 +0800 [thread overview]
Message-ID: <1461641239-7097-5-git-send-email-a@unstable.cc> (raw)
In-Reply-To: <1461641239-7097-1-git-send-email-a@unstable.cc>
From: Sven Eckelmann <sven@narfation.org>
_batadv_update_route rcu_derefences orig_ifinfo->router outside of a
spinlock protected region to print some information messages to the debug
log. But this pointer is not checked again when the new pointer is assigned
in the spinlock protected region. Thus is can happen that the value of
orig_ifinfo->router changed in the meantime and thus the reference counter
of the wrong router gets reduced after the spinlock protected region.
Just rcu_dereferencing the value of orig_ifinfo->router inside the spinlock
protected region (which also set the new pointer) is enough to get the
correct old router object.
Fixes: e1a5382f978b ("batman-adv: Make orig_node->router an rcu protected pointer")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
---
net/batman-adv/routing.c | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/net/batman-adv/routing.c b/net/batman-adv/routing.c
index 4dd646a52f1a..b781bf753250 100644
--- a/net/batman-adv/routing.c
+++ b/net/batman-adv/routing.c
@@ -105,6 +105,15 @@ static void _batadv_update_route(struct batadv_priv *bat_priv,
neigh_node = NULL;
spin_lock_bh(&orig_node->neigh_list_lock);
+ /* curr_router used earlier may not be the current orig_ifinfo->router
+ * anymore because it was dereferenced outside of the neigh_list_lock
+ * protected region. After the new best neighbor has replace the current
+ * best neighbor the reference counter needs to decrease. Consequently,
+ * the code needs to ensure the curr_router variable contains a pointer
+ * to the replaced best neighbor.
+ */
+ curr_router = rcu_dereference_protected(orig_ifinfo->router, true);
+
rcu_assign_pointer(orig_ifinfo->router, neigh_node);
spin_unlock_bh(&orig_node->neigh_list_lock);
batadv_orig_ifinfo_put(orig_ifinfo);
--
2.8.1
next prev parent reply other threads:[~2016-04-26 3:27 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-26 3:27 [B.A.T.M.A.N.] pull request [net]: batman-adv-0160426 Antonio Quartulli
2016-04-26 3:27 ` [B.A.T.M.A.N.] [PATCH 1/5] batman-adv: Check skb size before using encapsulated ETH+VLAN header Antonio Quartulli
2016-04-26 3:27 ` [B.A.T.M.A.N.] [PATCH 2/5] batman-adv: init neigh node last seen field Antonio Quartulli
2016-04-26 3:27 ` [B.A.T.M.A.N.] [PATCH 3/5] batman-adv: Deactivate TO_BE_ACTIVATED hardif on shutdown Antonio Quartulli
2016-04-26 3:27 ` Antonio Quartulli [this message]
2016-04-26 14:42 ` [B.A.T.M.A.N.] [PATCH 4/5] batman-adv: Reduce refcnt of removed router when updating route Sergei Shtylyov
2016-04-26 15:00 ` Sven Eckelmann
2016-04-26 3:27 ` [B.A.T.M.A.N.] [PATCH 5/5] batman-adv: Fix broadcast/ogm queue limit on a removed interface Antonio Quartulli
2016-04-28 20:43 ` [B.A.T.M.A.N.] pull request [net]: batman-adv-0160426 David Miller
2016-04-28 23:58 ` Antonio Quartulli
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1461641239-7097-5-git-send-email-a@unstable.cc \
--to=a@unstable.cc \
--cc=b.a.t.m.a.n@lists.open-mesh.org \
--cc=davem@davemloft.net \
--cc=mareklindner@neomailbox.ch \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).