From patchwork Sun Feb 16 12:01:02 2014
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Patchwork-Submitter: =?utf-8?q?Linus_L=C3=BCssing?= <linus.luessing@web.de>
X-Patchwork-Id: 3839
Return-Path: <linus.luessing@web.de>
Received: from mout.web.de (mout.web.de [212.227.15.14])
	by open-mesh.org (Postfix) with ESMTPS id AA26E602395
	for <b.a.t.m.a.n@lists.open-mesh.org>;
	Sun, 16 Feb 2014 13:00:28 +0100 (CET)
Received: from localhost ([89.244.71.125]) by smtp.web.de (mrweb001) with
	ESMTPSA (Nemesis) id 0MMnD5-1WNXu93aqF-008etJ for
	<b.a.t.m.a.n@lists.open-mesh.org>; Sun, 16 Feb 2014 13:00:27 +0100
From: =?UTF-8?q?Linus=20L=C3=BCssing?= <linus.luessing@web.de>
To: b.a.t.m.a.n@lists.open-mesh.org
Date: Sun, 16 Feb 2014 13:01:02 +0100
Message-Id: <1392552062-17927-1-git-send-email-linus.luessing@web.de>
X-Mailer: git-send-email 1.9.0.rc3
MIME-Version: 1.0
X-Provags-ID: V03:K0:c0ZYA9eid4rE7lDyKu3e+8aQy2VIVQpF/ff7FD1d6CM19kFKhxW
	ROv9Gu7gkt3XraMaX+MMRN1ShRWca9vvhChMERYG7pZWvihCyBB/UPfLl6T1iYGH0x0TvVE
	uYT885mFmr7WSN8kf4oNGvPk+6y4NyaVfPCtKB8q4hxm3rw5YZrM76M32Aa2U75Z5t3YM0v
	wdJzdvXa6iC5oCPyF0Gvw==
Subject: [B.A.T.M.A.N.] [PATCH] batman-adv: compat: fix null pointer
	exception for kernels < 3.9
X-BeenThere: b.a.t.m.a.n@lists.open-mesh.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: The list for a Better Approach To Mobile Ad-hoc Networking
	<b.a.t.m.a.n@lists.open-mesh.org>
List-Id: The list for a Better Approach To Mobile Ad-hoc Networking
	<b.a.t.m.a.n.lists.open-mesh.org>
List-Unsubscribe: <https://lists.open-mesh.org/mm/options/b.a.t.m.a.n>,
	<mailto:b.a.t.m.a.n-request@lists.open-mesh.org?subject=unsubscribe>
List-Archive: <http://lists.open-mesh.org/pipermail/b.a.t.m.a.n/>
List-Post: <mailto:b.a.t.m.a.n@lists.open-mesh.org>
List-Help: <mailto:b.a.t.m.a.n-request@lists.open-mesh.org?subject=help>
List-Subscribe: <https://lists.open-mesh.org/mm/listinfo/b.a.t.m.a.n>,
	<mailto:b.a.t.m.a.n-request@lists.open-mesh.org?subject=subscribe>
X-List-Received-Date: Sun, 16 Feb 2014 12:00:28 -0000

The compat code of the new multicast patchset leads to null pointer
derefernces for kernels 3.9 in netdev_master_upper_dev_get_rcu(). This
is because the initially NULL is assigned to upper, which is equal to
dev. dev is dereferenced one line later, though, leading to a crash.

Fixing this by assigning NULL only when we are sure that the according
pointer is not going to be dereferenced anymore.

Introduced by: 532cadf26cfbb1099ef31fae9ccafcbbfc37b9b5
("batman-adv: Multicast Listener Announcements via Translation Table")

Reported-by: Marek Lindner <mareklindner@neomailbox.ch>
Signed-off-by: Linus Lüssing <linus.luessing@web.de>
---
 compat.h |   10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/compat.h b/compat.h
index 7a3d235..7beba36 100644
--- a/compat.h
+++ b/compat.h
@@ -162,12 +162,13 @@ static inline int batadv_param_set_copystring(const char *val,
 #define NET_ADDR_RANDOM 0
 
 #define netdev_master_upper_dev_get_rcu(dev) \
-	NULL; \
+	upper; \
 	if (dev->br_port ? 1 : 0) { \
 		rcu_read_unlock(); \
 		dev_hold(dev); \
 		return dev; \
-	}
+	} else \
+		dev = NULL;
 
 #endif /* < KERNEL_VERSION(2, 6, 36) */
 
@@ -371,12 +372,13 @@ static int __batadv_interface_tx(struct sk_buff *skb, \
 
 #ifndef netdev_master_upper_dev_get_rcu
 #define netdev_master_upper_dev_get_rcu(dev) \
-	NULL; \
+	upper; \
 	if (dev->priv_flags & IFF_BRIDGE_PORT) { \
 		rcu_read_unlock(); \
 		dev_hold(dev); \
 		return dev; \
-	}
+	} else \
+		dev = NULL;
 
 #endif /* netdev_master_upper_dev_get_rcu */