From patchwork Wed Feb 27 09:58:16 2013 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Linus_L=C3=BCssing?= X-Patchwork-Id: 2765 Return-Path: Received: from mout.web.de (mout.web.de [212.227.17.12]) by open-mesh.org (Postfix) with ESMTP id C5B20601D23 for ; Wed, 27 Feb 2013 10:58:31 +0100 (CET) Received: from localhost ([93.182.186.99]) by smtp.web.de (mrweb103) with ESMTPSA (Nemesis) id 0MLgQp-1UAv1o0mkV-000fcI; Wed, 27 Feb 2013 10:58:31 +0100 From: =?UTF-8?q?Linus=20L=C3=BCssing?= To: b.a.t.m.a.n@lists.open-mesh.net Date: Wed, 27 Feb 2013 10:58:16 +0100 Message-Id: <1361959096-30522-2-git-send-email-linus.luessing@web.de> X-Mailer: git-send-email 1.7.10.4 In-Reply-To: <1361959096-30522-1-git-send-email-linus.luessing@web.de> References: <1361959096-30522-1-git-send-email-linus.luessing@web.de> MIME-Version: 1.0 X-Provags-ID: V02:K0:nfIF8H6LTiYaHnqa5RotX48N1P+oyimsXd2Bu9OAeY6 YPO5npNyd/sPSxJEyfdSed/Gl1DBCT3xL+d1m9V5dTQF3ku411 pdrURT34xxjbmzz8o1LDRW3fRmiQ8gQlamf3seQOqHxFqD9tCA 71yyQwl5McFM7TSZOUEVkiGIsyHQxKBrcgpf1DgTcmqUOLQi7q 5nUtVPrEEMYu9F8lRx85Q== Subject: [B.A.T.M.A.N.] [PATCH 2/2] batman-adv: Fix another, potential broadcast+ogm purging race condition X-BeenThere: b.a.t.m.a.n@lists.open-mesh.org X-Mailman-Version: 2.1.15 Precedence: list Reply-To: The list for a Better Approach To Mobile Ad-hoc Networking List-Id: The list for a Better Approach To Mobile Ad-hoc Networking List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 27 Feb 2013 09:58:32 -0000 We need to perform the addition of to be forwarded packets into our ogm and broadcast queues and starting of the forward packet timer in one atomic step. Otherwise we might potentially get a segmentation fault when trying to start the timer of a forw_packet because the queue purging routines might have freed the forw_packet already within the short opportunity between the queue list addition and the queue_delayed_work() call. Signed-off-by: Linus Lüssing --- bat_iv_ogm.c | 12 ++++++------ send.c | 8 ++------ 2 files changed, 8 insertions(+), 12 deletions(-) diff --git a/bat_iv_ogm.c b/bat_iv_ogm.c index 7654b76..ee0b11f 100644 --- a/bat_iv_ogm.c +++ b/bat_iv_ogm.c @@ -440,17 +440,17 @@ static void batadv_iv_ogm_aggregate_new(const unsigned char *packet_buff, if (direct_link) forw_packet_aggr->direct_link_flags |= 1; - /* add new packet to packet list */ - spin_lock_bh(&bat_priv->forw_bat_list_lock); - hlist_add_head(&forw_packet_aggr->list, &bat_priv->forw_bat_list); - spin_unlock_bh(&bat_priv->forw_bat_list_lock); - - /* start timer for this packet */ + /* initialize job for this packet */ INIT_DELAYED_WORK(&forw_packet_aggr->delayed_work, batadv_send_outstanding_bat_ogm_packet); + + /* add new packet to packet list and start its timer */ + spin_lock_bh(&bat_priv->forw_bat_list_lock); + hlist_add_head(&forw_packet_aggr->list, &bat_priv->forw_bat_list); queue_delayed_work(batadv_event_workqueue, &forw_packet_aggr->delayed_work, send_time - jiffies); + spin_unlock_bh(&bat_priv->forw_bat_list_lock); return; out: diff --git a/send.c b/send.c index f93476b..4bd0c00 100644 --- a/send.c +++ b/send.c @@ -152,16 +152,12 @@ _batadv_add_bcast_packet_to_list(struct batadv_priv *bat_priv, struct batadv_forw_packet *forw_packet, unsigned long send_time) { - INIT_HLIST_NODE(&forw_packet->list); - - /* add new packet to packet list */ + /* add new packet to packet list and start its timer */ spin_lock_bh(&bat_priv->forw_bcast_list_lock); hlist_add_head(&forw_packet->list, &bat_priv->forw_bcast_list); - spin_unlock_bh(&bat_priv->forw_bcast_list_lock); - - /* start timer for this packet */ queue_delayed_work(batadv_event_workqueue, &forw_packet->delayed_work, send_time); + spin_unlock_bh(&bat_priv->forw_bcast_list_lock); } /* add a broadcast packet to the queue and setup timers. broadcast packets