diff mbox

[maintv3,2/4] batman-adv: fix neigh reference imbalance

Message ID	1395845184-15186-3-git-send-email-sw@simonwunderlich.de (mailing list archive)
State	Accepted, archived
Commit	cdd09f69871ce8c98b8ae9fa0583f73938768943
Headers	Received-SPF: None (no SPF record) identity=mailfrom; client-ip=79.140.42.25; helo=mail.mail.packetmixer.de; envelope-from=sw@simonwunderlich.de; receiver=b.a.t.m.a.n@lists.open-mesh.org From: Simon Wunderlich <sw@simonwunderlich.de> To: b.a.t.m.a.n@lists.open-mesh.org Date: Wed, 26 Mar 2014 15:46:22 +0100 Message-Id: <1395845184-15186-3-git-send-email-sw@simonwunderlich.de> In-Reply-To: <1395845184-15186-1-git-send-email-sw@simonwunderlich.de> References: <1395845184-15186-1-git-send-email-sw@simonwunderlich.de> Cc: Simon Wunderlich <simon@open-mesh.com> Subject: [B.A.T.M.A.N.] [PATCH-maintv3 2/4] batman-adv: fix neigh reference imbalance Precedence: list Reply-To: The list for a Better Approach To Mobile Ad-hoc Networking <b.a.t.m.a.n@lists.open-mesh.org>

Commit Message

Simon Wunderlich March 26, 2014, 2:46 p.m. UTC

  From: Simon Wunderlich <simon@open-mesh.com>

When an interface is removed from batman-adv, the orig_ifinfo of a
orig_node may be removed without releasing the router first.
This will prevent the reference for the neighbor pointed at by the
orig_ifinfo->router to be released, and this leak may result in
reference leaks for the interface used by this neighbor. Fix that.

This is a regression introduced by
de6bcc76ea84fecb136f8c8f5ba1862e4a13f06b ("batman-adv: split out router
from orig_node").

Reported-by: Antonio Quartulli <antonio@meshcoding.com>
Signed-off-by: Simon Wunderlich <simon@open-mesh.com>

Changes to PATCHv2:
 * take care of the rcu sparse warning
---
 originator.c |    5 +++++
 1 file changed, 5 insertions(+)

Comments

Marek Lindner March 31, 2014, 9:25 a.m. UTC | #1

On Wednesday 26 March 2014 15:46:22 Simon Wunderlich wrote:
> From: Simon Wunderlich <simon@open-mesh.com>
> 
> When an interface is removed from batman-adv, the orig_ifinfo of a
> orig_node may be removed without releasing the router first.
> This will prevent the reference for the neighbor pointed at by the
> orig_ifinfo->router to be released, and this leak may result in
> reference leaks for the interface used by this neighbor. Fix that.
> 
> This is a regression introduced by
> de6bcc76ea84fecb136f8c8f5ba1862e4a13f06b ("batman-adv: split out router
> from orig_node").
> 
> Reported-by: Antonio Quartulli <antonio@meshcoding.com>
> Signed-off-by: Simon Wunderlich <simon@open-mesh.com>
> 
> Changes to PATCHv2:
>  * take care of the rcu sparse warning
> ---
>  originator.c |    5 +++++
>  1 file changed, 5 insertions(+)

Applied in revision cdd09f6.

Thanks,
Marek

diff mbox

Patch

diff --git a/originator.c b/originator.c
index 8539416..25df60d 100644
--- a/originator.c
+++ b/originator.c
@@ -500,12 +500,17 @@  batadv_neigh_node_get(const struct batadv_orig_node *orig_node,
 static void batadv_orig_ifinfo_free_rcu(struct rcu_head *rcu)
 {
 	struct batadv_orig_ifinfo *orig_ifinfo;
+	struct batadv_neigh_node *router;
 
 	orig_ifinfo = container_of(rcu, struct batadv_orig_ifinfo, rcu);
 
 	if (orig_ifinfo->if_outgoing != BATADV_IF_DEFAULT)
 		batadv_hardif_free_ref_now(orig_ifinfo->if_outgoing);
 
+	/* this is the last reference to this object */
+	router = rcu_dereference_protected(orig_ifinfo->router, true);
+	if (router)
+		batadv_neigh_node_free_ref_now(router);
 	kfree(orig_ifinfo);
 }