batman-adv: make broadcast seqno operations atomic
Commit Message
Batman-adv could receive several payload broadcasts at the same time
that would trigger access to the broadcast seqno sliding window to
determine whether this is a new broadcast or not. If these incoming
broadcasts are accessing the sliding window simultaneously it could
be left in an inconsistent state. Therefore it is necessary to make
sure this access is atomic.
Reported-by: Linus Lüssing <linus.luessing@web.de>
Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
---
batman-adv/originator.c | 1 +
batman-adv/routing.c | 15 +++++++++++----
batman-adv/types.h | 2 ++
3 files changed, 14 insertions(+), 4 deletions(-)
Comments
On Monday 24 January 2011 15:12:01 Marek Lindner wrote:
> Batman-adv could receive several payload broadcasts at the same time
> that would trigger access to the broadcast seqno sliding window to
> determine whether this is a new broadcast or not. If these incoming
> broadcasts are accessing the sliding window simultaneously it could
> be left in an inconsistent state. Therefore it is necessary to make
> sure this access is atomic.
Applied in revision 1913.
Regards,
Marek
@@ -220,6 +220,7 @@ struct orig_node *get_orig_node(struct bat_priv *bat_priv, uint8_t *addr)
INIT_HLIST_HEAD(&orig_node->neigh_list);
INIT_LIST_HEAD(&orig_node->bond_list);
spin_lock_init(&orig_node->ogm_cnt_lock);
+ spin_lock_init(&orig_node->bcast_seqno_lock);
spin_lock_init(&orig_node->neigh_list_lock);
kref_init(&orig_node->refcount);
@@ -1427,28 +1427,32 @@ int recv_bcast_packet(struct sk_buff *skb, struct batman_if *recv_if)
bcast_packet->orig));
if (!orig_node)
- goto unlock;
+ goto rcu_unlock;
kref_get(&orig_node->refcount);
rcu_read_unlock();
+ spin_lock_bh(&orig_node->bcast_seqno_lock);
+
/* check whether the packet is a duplicate */
if (get_bit_status(orig_node->bcast_bits, orig_node->last_bcast_seqno,
ntohl(bcast_packet->seqno)))
- goto out;
+ goto spin_unlock;
seq_diff = ntohl(bcast_packet->seqno) - orig_node->last_bcast_seqno;
/* check whether the packet is old and the host just restarted. */
if (window_protected(bat_priv, seq_diff,
&orig_node->bcast_seqno_reset))
- goto out;
+ goto spin_unlock;
/* mark broadcast in flood history, update window position
* if required. */
if (bit_get_packet(bat_priv, orig_node->bcast_bits, seq_diff, 1))
orig_node->last_bcast_seqno = ntohl(bcast_packet->seqno);
+ spin_unlock_bh(&orig_node->bcast_seqno_lock);
+
/* rebroadcast packet */
add_bcast_packet_to_list(bat_priv, skb);
@@ -1457,8 +1461,11 @@ int recv_bcast_packet(struct sk_buff *skb, struct batman_if *recv_if)
ret = NET_RX_SUCCESS;
goto out;
-unlock:
+rcu_unlock:
rcu_read_unlock();
+ goto out;
+spin_unlock:
+ spin_unlock_bh(&orig_node->bcast_seqno_lock);
out:
if (orig_node)
kref_put(&orig_node->refcount, orig_node_free_ref);
@@ -90,6 +90,8 @@ struct orig_node {
spinlock_t ogm_cnt_lock; /* protects: bcast_own, bcast_own_sum,
* neigh_node->real_bits,
* neigh_node->real_packet_count */
+ spinlock_t bcast_seqno_lock; /* protects bcast_bits,
+ * last_bcast_seqno */
atomic_t bond_candidates;
struct list_head bond_list;
};