From: Javier Cardona <javier@cozybit.com>
To: "John W. Linville" <linville@tuxdriver.com>
Cc: Javier Cardona <javier@cozybit.com>,
Thomas Pedersen <thomas@cozybit.com>,
devel@lists.open80211s.org,
Johannes Berg <johannes@sipsolutions.net>,
linux-wireless@vger.kernel.org, jlopex@gmail.com
Subject: [PATCH 09/13] Check size of a new mesh path table for changes since allocation.
Date: Tue, 3 May 2011 16:57:15 -0700 [thread overview]
Message-ID: <1304467039-7730-10-git-send-email-javier@cozybit.com> (raw)
In-Reply-To: <1304467039-7730-1-git-send-email-javier@cozybit.com>
Not sure if I'm chasing a ghost here, seems like the
mesh_path->size_order needs to be inside an RCU-read section to prevent
that value from changing between table allocation and copying. We have
observed crashes that might be caused by this.
Signed-off-by: Javier Cardona <javier@cozybit.com>
---
net/mac80211/mesh_pathtbl.c | 9 ++++++---
1 files changed, 6 insertions(+), 3 deletions(-)
diff --git a/net/mac80211/mesh_pathtbl.c b/net/mac80211/mesh_pathtbl.c
index 35c715a..d4e86fd 100644
--- a/net/mac80211/mesh_pathtbl.c
+++ b/net/mac80211/mesh_pathtbl.c
@@ -76,7 +76,6 @@ static int mesh_table_grow(struct mesh_table *oldtbl,
< oldtbl->mean_chain_len * (oldtbl->hash_mask + 1))
return -EAGAIN;
-
newtbl->free_node = oldtbl->free_node;
newtbl->mean_chain_len = oldtbl->mean_chain_len;
newtbl->copy_node = oldtbl->copy_node;
@@ -329,7 +328,8 @@ void mesh_mpath_table_grow(void)
{
struct mesh_table *oldtbl, *newtbl;
- newtbl = mesh_table_alloc(mesh_paths->size_order + 1);
+ rcu_read_lock();
+ newtbl = mesh_table_alloc(rcu_dereference(mesh_paths)->size_order + 1);
if (!newtbl)
return;
write_lock(&pathtbl_resize_lock);
@@ -339,6 +339,7 @@ void mesh_mpath_table_grow(void)
write_unlock(&pathtbl_resize_lock);
return;
}
+ rcu_read_unlock();
rcu_assign_pointer(mesh_paths, newtbl);
write_unlock(&pathtbl_resize_lock);
@@ -350,7 +351,8 @@ void mesh_mpp_table_grow(void)
{
struct mesh_table *oldtbl, *newtbl;
- newtbl = mesh_table_alloc(mpp_paths->size_order + 1);
+ rcu_read_lock();
+ newtbl = mesh_table_alloc(rcu_dereference(mpp_paths)->size_order + 1);
if (!newtbl)
return;
write_lock(&pathtbl_resize_lock);
@@ -360,6 +362,7 @@ void mesh_mpp_table_grow(void)
write_unlock(&pathtbl_resize_lock);
return;
}
+ rcu_read_unlock();
rcu_assign_pointer(mpp_paths, newtbl);
write_unlock(&pathtbl_resize_lock);
--
1.7.1
next prev parent reply other threads:[~2011-05-03 23:57 UTC|newest]
Thread overview: 32+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-05-03 23:57 Support for secure mesh in userspace and other mesh fixes Javier Cardona
2011-05-03 23:57 ` [PATCH 01/13] nl80211: Introduce NL80211_MESH_SETUP_USERSPACE_AMPE Javier Cardona
2011-05-04 12:27 ` Johannes Berg
2011-05-04 16:32 ` Javier Cardona
2011-05-04 16:34 ` Johannes Berg
2011-05-03 23:57 ` [PATCH 02/13] mac80211: Let userspace send action frames over mesh interfaces Javier Cardona
2011-05-03 23:57 ` [PATCH 03/13] mac80211: Drop MESH_PLINK category and use new ANA-approved MESH_ACTION Javier Cardona
2011-05-03 23:57 ` [PATCH 04/13] open80211s: Stop using zero for address 3 in mesh plink mgmt frames Javier Cardona
2011-05-04 12:57 ` Johannes Berg
2011-05-04 16:28 ` Javier Cardona
2011-05-04 17:24 ` [PATCH] cfg80211: Use capability info to detect mesh beacons Javier Cardona
2011-05-09 8:25 ` Johannes Berg
2011-05-30 10:51 ` Vivek Natarajan
2011-05-31 17:26 ` Javier Cardona
2011-05-31 18:10 ` Eliad Peller
2011-05-31 18:38 ` Javier Cardona
2011-06-01 7:01 ` Eliad Peller
2011-05-03 23:57 ` [PATCH 05/13] nl80211: Let userspace drive the peer link management states Javier Cardona
2011-05-04 12:28 ` Johannes Berg
2011-05-03 23:57 ` [PATCH 06/13] nl80211: allow installing keys for a meshif Javier Cardona
2011-05-03 23:57 ` [PATCH 07/13] nl80211: allow setting MFP flag " Javier Cardona
2011-05-03 23:57 ` [PATCH 08/13] mac80211: Self-protected management frames are not robust Javier Cardona
2011-05-03 23:57 ` Javier Cardona [this message]
2011-05-03 23:57 ` [PATCH 10/13] mac80211: Fix locking bug on mesh path table access Javier Cardona
2011-05-03 23:57 ` [PATCH 11/13] mac80211: Move call to mpp_path_lookup inside RCU-read section Javier Cardona
2011-05-03 23:57 ` [PATCH 12/13] mac80211: allow setting supported rates on mesh peers Javier Cardona
2011-05-03 23:57 ` [PATCH 13/13] ath9k: fix beaconing for mesh interfaces Javier Cardona
2011-05-04 14:42 ` Felix Fietkau
2011-05-04 16:16 ` Steve Brown
2011-05-04 17:13 ` Javier Cardona
2011-05-04 17:25 ` Johannes Berg
2011-05-04 17:31 ` Javier Cardona
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1304467039-7730-10-git-send-email-javier@cozybit.com \
--to=javier@cozybit.com \
--cc=devel@lists.open80211s.org \
--cc=jlopex@gmail.com \
--cc=johannes@sipsolutions.net \
--cc=linux-wireless@vger.kernel.org \
--cc=linville@tuxdriver.com \
--cc=thomas@cozybit.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).