diff mbox

batman-adv: make broadcast seqno operations atomic

Message ID 1295878321-17159-1-git-send-email-lindner_marek@yahoo.de (mailing list archive)
State Accepted, archived
Headers

Commit Message

Marek Lindner Jan. 24, 2011, 2:12 p.m. UTC 
  Batman-adv could receive several payload broadcasts at the same time
that would trigger access to the broadcast seqno sliding window to
determine whether this is a new broadcast or not. If these incoming
broadcasts are accessing the sliding window simultaneously it could
be left in an inconsistent state. Therefore it is necessary to make
sure this access is atomic.

Reported-by: Linus Lüssing <linus.luessing@web.de>
Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
---
 batman-adv/originator.c |    1 +
 batman-adv/routing.c    |   15 +++++++++++----
 batman-adv/types.h      |    2 ++
 3 files changed, 14 insertions(+), 4 deletions(-)

Comments

Marek Lindner Jan. 25, 2011, 9:54 p.m. UTC | #1 
On Monday 24 January 2011 15:12:01 Marek Lindner wrote:
> Batman-adv could receive several payload broadcasts at the same time
> that would trigger access to the broadcast seqno sliding window to
> determine whether this is a new broadcast or not. If these incoming
> broadcasts are accessing the sliding window simultaneously it could
> be left in an inconsistent state. Therefore it is necessary to make
> sure this access is atomic.

Applied in revision 1913.

Regards,
Marek
diff mbox

Patch

diff --git a/batman-adv/originator.c b/batman-adv/originator.c
index cf2ec37..b1a3d92 100644
--- a/batman-adv/originator.c
+++ b/batman-adv/originator.c
@@ -220,6 +220,7 @@  struct orig_node *get_orig_node(struct bat_priv *bat_priv, uint8_t *addr)
 	INIT_HLIST_HEAD(&orig_node->neigh_list);
 	INIT_LIST_HEAD(&orig_node->bond_list);
 	spin_lock_init(&orig_node->ogm_cnt_lock);
+	spin_lock_init(&orig_node->bcast_seqno_lock);
 	spin_lock_init(&orig_node->neigh_list_lock);
 	kref_init(&orig_node->refcount);
 
diff --git a/batman-adv/routing.c b/batman-adv/routing.c
index 06201dc..2cf595d 100644
--- a/batman-adv/routing.c
+++ b/batman-adv/routing.c
@@ -1427,28 +1427,32 @@  int recv_bcast_packet(struct sk_buff *skb, struct batman_if *recv_if)
 			       bcast_packet->orig));
 
 	if (!orig_node)
-		goto unlock;
+		goto rcu_unlock;
 
 	kref_get(&orig_node->refcount);
 	rcu_read_unlock();
 
+	spin_lock_bh(&orig_node->bcast_seqno_lock);
+
 	/* check whether the packet is a duplicate */
 	if (get_bit_status(orig_node->bcast_bits, orig_node->last_bcast_seqno,
 			   ntohl(bcast_packet->seqno)))
-		goto out;
+		goto spin_unlock;
 
 	seq_diff = ntohl(bcast_packet->seqno) - orig_node->last_bcast_seqno;
 
 	/* check whether the packet is old and the host just restarted. */
 	if (window_protected(bat_priv, seq_diff,
 			     &orig_node->bcast_seqno_reset))
-		goto out;
+		goto spin_unlock;
 
 	/* mark broadcast in flood history, update window position
 	 * if required. */
 	if (bit_get_packet(bat_priv, orig_node->bcast_bits, seq_diff, 1))
 		orig_node->last_bcast_seqno = ntohl(bcast_packet->seqno);
 
+	spin_unlock_bh(&orig_node->bcast_seqno_lock);
+
 	/* rebroadcast packet */
 	add_bcast_packet_to_list(bat_priv, skb);
 
@@ -1457,8 +1461,11 @@  int recv_bcast_packet(struct sk_buff *skb, struct batman_if *recv_if)
 	ret = NET_RX_SUCCESS;
 	goto out;
 
-unlock:
+rcu_unlock:
 	rcu_read_unlock();
+	goto out;
+spin_unlock:
+	spin_unlock_bh(&orig_node->bcast_seqno_lock);
 out:
 	if (orig_node)
 		kref_put(&orig_node->refcount, orig_node_free_ref);
diff --git a/batman-adv/types.h b/batman-adv/types.h
index 56309bf..b7b9561 100644
--- a/batman-adv/types.h
+++ b/batman-adv/types.h
@@ -90,6 +90,8 @@  struct orig_node {
 	spinlock_t ogm_cnt_lock; /* protects: bcast_own, bcast_own_sum,
 				  * neigh_node->real_bits,
 				  * neigh_node->real_packet_count */
+	spinlock_t bcast_seqno_lock; /* protects bcast_bits,
+				      *	 last_bcast_seqno */
 	atomic_t bond_candidates;
 	struct list_head bond_list;
 };