[v2,7/7] batman-adv: Increase orig_node refcount before releasing rcu read lock
Commit Message
When unicast_send_skb() is increasing the orig_node's refcount another
thread might have been freeing this orig_node already. We need to
increase the refcount in the rcu read lock protected area to avoid that.
The same is true for get_orig_node().
Signed-off-by: Linus Lüssing <linus.luessing@ascom.ch>
---
gateway_client.c | 3 +++
originator.c | 4 ++--
unicast.c | 1 -
3 files changed, 5 insertions(+), 3 deletions(-)
@@ -55,6 +55,9 @@ void *gw_get_selected(struct bat_priv *bat_priv)
}
orig_node = curr_gateway_tmp->orig_node;
+ if (orig_node)
+ kref_get(&orig_node->refcount);
+
rcu_read_unlock();
return orig_node;
@@ -193,12 +193,12 @@ struct orig_node *get_orig_node(struct bat_priv *bat_priv, uint8_t *addr)
orig_node = ((struct orig_node *)hash_find(bat_priv->orig_hash,
compare_orig, choose_orig,
addr));
- rcu_read_unlock();
-
if (orig_node) {
kref_get(&orig_node->refcount);
+ rcu_read_unlock();
return orig_node;
}
+ rcu_read_unlock();
bat_dbg(DBG_BATMAN, bat_priv,
"Creating new originator: %pM\n", addr);
@@ -298,7 +298,6 @@ int unicast_send_skb(struct sk_buff *skb, struct bat_priv *bat_priv)
if (!orig_node)
goto trans_search;
- kref_get(&orig_node->refcount);
goto find_router;
} else {
rcu_read_lock();