diff mbox

[2/2] batman-adv: Fix another, potential broadcast+ogm purging race condition

Message ID 1361959096-30522-2-git-send-email-linus.luessing@web.de (mailing list archive)
State Superseded, archived
Headers

Commit Message

Linus Lüssing Feb. 27, 2013, 9:58 a.m. UTC 
  We need to perform the addition of to be forwarded packets into our ogm
and broadcast queues and starting of the forward packet timer in one
atomic step. Otherwise we might potentially get a segmentation fault
when trying to start the timer of a forw_packet because the queue
purging routines might have freed the forw_packet already within the
short opportunity between the queue list addition and the
queue_delayed_work() call.

Signed-off-by: Linus Lüssing <linus.luessing@web.de>
---
 bat_iv_ogm.c |   12 ++++++------
 send.c       |    8 ++------
 2 files changed, 8 insertions(+), 12 deletions(-)
diff mbox

Patch

diff --git a/bat_iv_ogm.c b/bat_iv_ogm.c
index 7654b76..ee0b11f 100644
--- a/bat_iv_ogm.c
+++ b/bat_iv_ogm.c
@@ -440,17 +440,17 @@  static void batadv_iv_ogm_aggregate_new(const unsigned char *packet_buff,
 	if (direct_link)
 		forw_packet_aggr->direct_link_flags |= 1;
 
-	/* add new packet to packet list */
-	spin_lock_bh(&bat_priv->forw_bat_list_lock);
-	hlist_add_head(&forw_packet_aggr->list, &bat_priv->forw_bat_list);
-	spin_unlock_bh(&bat_priv->forw_bat_list_lock);
-
-	/* start timer for this packet */
+	/* initialize job for this packet */
 	INIT_DELAYED_WORK(&forw_packet_aggr->delayed_work,
 			  batadv_send_outstanding_bat_ogm_packet);
+
+	/* add new packet to packet list and start its timer */
+	spin_lock_bh(&bat_priv->forw_bat_list_lock);
+	hlist_add_head(&forw_packet_aggr->list, &bat_priv->forw_bat_list);
 	queue_delayed_work(batadv_event_workqueue,
 			   &forw_packet_aggr->delayed_work,
 			   send_time - jiffies);
+	spin_unlock_bh(&bat_priv->forw_bat_list_lock);
 
 	return;
 out:
diff --git a/send.c b/send.c
index f93476b..4bd0c00 100644
--- a/send.c
+++ b/send.c
@@ -152,16 +152,12 @@  _batadv_add_bcast_packet_to_list(struct batadv_priv *bat_priv,
 				 struct batadv_forw_packet *forw_packet,
 				 unsigned long send_time)
 {
-	INIT_HLIST_NODE(&forw_packet->list);
-
-	/* add new packet to packet list */
+	/* add new packet to packet list and start its timer */
 	spin_lock_bh(&bat_priv->forw_bcast_list_lock);
 	hlist_add_head(&forw_packet->list, &bat_priv->forw_bcast_list);
-	spin_unlock_bh(&bat_priv->forw_bcast_list_lock);
-
-	/* start timer for this packet */
 	queue_delayed_work(batadv_event_workqueue, &forw_packet->delayed_work,
 			   send_time);
+	spin_unlock_bh(&bat_priv->forw_bcast_list_lock);
 }
 
 /* add a broadcast packet to the queue and setup timers. broadcast packets