From patchwork Thu Sep 6 12:35:24 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sven Eckelmann X-Patchwork-Id: 17467 X-Patchwork-Delegate: sw@simonwunderlich.de Return-Path: X-Original-To: patchwork@open-mesh.org Delivered-To: patchwork@open-mesh.org Received: from open-mesh.org (localhost [IPv6:::1]) by open-mesh.org (Postfix) with ESMTP id 6FF4D82F21; Thu, 6 Sep 2018 14:35:37 +0200 (CEST) Authentication-Results: open-mesh.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=narfation.org header.i=@narfation.org header.b="VOwm/+4O"; dkim-atps=neutral Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2001:4d88:2000:7::2; helo=v3-1039.vlinux.de; envelope-from=sven@narfation.org; receiver= Received: from v3-1039.vlinux.de (narfation.org [IPv6:2001:4d88:2000:7::2]) by open-mesh.org (Postfix) with ESMTPS id 557A782F16 for ; Thu, 6 Sep 2018 14:35:35 +0200 (CEST) Received: from sven-desktop.home.narfation.org (p200300C593D79FFA9732AEE00057D068.dip0.t-ipconnect.de [IPv6:2003:c5:93d7:9ffa:9732:aee0:57:d068]) by v3-1039.vlinux.de (Postfix) with ESMTPSA id A69051100E1; Thu, 6 Sep 2018 14:35:34 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=narfation.org; s=20121; t=1536237334; bh=QDF4JNLAuDP7K2U9clvCmM6NtGenHF6tG0LnPWVOD24=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=VOwm/+4OoqD1ShWlK3MDaOa8/FiNe8qYnGrv9xOHVJJEF1GMyOTadh1QCmChOMuHT p7t3vOVJtHztnf5/48hf54CaUGxeHbJiZ2zdaxDPLCtj75Woobrsew0GKyEIrA0fKG jo2WAPh26u+UQTd+ad9dEj7ZDAt0nBePAn3I9Rdg= From: Sven Eckelmann To: b.a.t.m.a.n@lists.open-mesh.org Date: Thu, 6 Sep 2018 14:35:24 +0200 Message-Id: <20180906123528.30490-2-sven@narfation.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180906123528.30490-1-sven@narfation.org> References: <20180906123528.30490-1-sven@narfation.org> Subject: [B.A.T.M.A.N.] [PATCH v2 1/5] batman-adv: Prevent duplicated gateway_node entry X-BeenThere: b.a.t.m.a.n@lists.open-mesh.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: The list for a Better Approach To Mobile Ad-hoc Networking List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: The list for a Better Approach To Mobile Ad-hoc Networking Errors-To: b.a.t.m.a.n-bounces@lists.open-mesh.org Sender: "B.A.T.M.A.N" The function batadv_gw_node_add is responsible for adding new gw_node to the gateway_list. It is expecting that the caller already checked that there is not already an entry with the same key or not. But the lock for the list is only held when the list is really modified. This could lead to duplicated entries because another context could create an entry with the same key between the check and the list manipulation. The check and the manipulation of the list must therefore be in the same locked code section. Fixes: bc3538cabac5 ("batman-adv: adding gateway functionality") Signed-off-by: Sven Eckelmann Acked-by: Marek Lindner --- v2: * added kerneldoc about the locking requirements net/batman-adv/gateway_client.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/net/batman-adv/gateway_client.c b/net/batman-adv/gateway_client.c index 8b198ee7..140c61a3 100644 --- a/net/batman-adv/gateway_client.c +++ b/net/batman-adv/gateway_client.c @@ -32,6 +32,7 @@ #include #include #include +#include #include #include #include @@ -348,6 +349,9 @@ void batadv_gw_check_election(struct batadv_priv *bat_priv, * @bat_priv: the bat priv with all the soft interface information * @orig_node: originator announcing gateway capabilities * @gateway: announced bandwidth information + * + * Has to be called with the appropriate locks being acquired + * (gw.list_lock). */ static void batadv_gw_node_add(struct batadv_priv *bat_priv, struct batadv_orig_node *orig_node, @@ -355,6 +359,8 @@ static void batadv_gw_node_add(struct batadv_priv *bat_priv, { struct batadv_gw_node *gw_node; + lockdep_assert_held(&bat_priv->gw.list_lock); + if (gateway->bandwidth_down == 0) return; @@ -369,10 +375,8 @@ static void batadv_gw_node_add(struct batadv_priv *bat_priv, gw_node->bandwidth_down = ntohl(gateway->bandwidth_down); gw_node->bandwidth_up = ntohl(gateway->bandwidth_up); - spin_lock_bh(&bat_priv->gw.list_lock); kref_get(&gw_node->refcount); hlist_add_head_rcu(&gw_node->list, &bat_priv->gw.gateway_list); - spin_unlock_bh(&bat_priv->gw.list_lock); batadv_dbg(BATADV_DBG_BATMAN, bat_priv, "Found new gateway %pM -> gw bandwidth: %u.%u/%u.%u MBit\n", @@ -428,11 +432,14 @@ void batadv_gw_node_update(struct batadv_priv *bat_priv, { struct batadv_gw_node *gw_node, *curr_gw = NULL; + spin_lock_bh(&bat_priv->gw.list_lock); gw_node = batadv_gw_node_get(bat_priv, orig_node); if (!gw_node) { batadv_gw_node_add(bat_priv, orig_node, gateway); + spin_unlock_bh(&bat_priv->gw.list_lock); goto out; } + spin_unlock_bh(&bat_priv->gw.list_lock); if (gw_node->bandwidth_down == ntohl(gateway->bandwidth_down) && gw_node->bandwidth_up == ntohl(gateway->bandwidth_up)) From patchwork Thu Sep 6 12:35:25 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sven Eckelmann X-Patchwork-Id: 17468 X-Patchwork-Delegate: sw@simonwunderlich.de Return-Path: X-Original-To: patchwork@open-mesh.org Delivered-To: patchwork@open-mesh.org Received: from open-mesh.org (localhost [IPv6:::1]) by open-mesh.org (Postfix) with ESMTP id 6764A82F41; Thu, 6 Sep 2018 14:35:38 +0200 (CEST) Authentication-Results: open-mesh.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=narfation.org header.i=@narfation.org header.b="mw8WYURe"; dkim-atps=neutral Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=79.140.41.39; helo=v3-1039.vlinux.de; envelope-from=sven@narfation.org; receiver= Received: from v3-1039.vlinux.de (narfation.org [79.140.41.39]) by open-mesh.org (Postfix) with ESMTPS id 479F982F1B for ; Thu, 6 Sep 2018 14:35:37 +0200 (CEST) Received: from sven-desktop.home.narfation.org (p200300C593D79FFA9732AEE00057D068.dip0.t-ipconnect.de [IPv6:2003:c5:93d7:9ffa:9732:aee0:57:d068]) by v3-1039.vlinux.de (Postfix) with ESMTPSA id D5AEF1100E1; Thu, 6 Sep 2018 14:35:36 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=narfation.org; s=20121; t=1536237337; bh=1PQHNrLVsVdNTcfu0J8Vz2MgSZAgZIdGTHaTahHo7dU=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=mw8WYURe+6i3f0Toi/25HkBf67Nr56tPnXWwVYJvA53gqdMd4xLJYR6AqF3s7gxcy 4CaANOjr7+YpAxewrofDPQss9IejAGrHcdYhpc0w4Lrlk2oZMnupJqFrpFKe8kbRLs nAMTBDdbpnAd9ttdd7Co+XS4GL0lDGa4+5smiEtc= From: Sven Eckelmann To: b.a.t.m.a.n@lists.open-mesh.org Date: Thu, 6 Sep 2018 14:35:25 +0200 Message-Id: <20180906123528.30490-3-sven@narfation.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180906123528.30490-1-sven@narfation.org> References: <20180906123528.30490-1-sven@narfation.org> Subject: [B.A.T.M.A.N.] [PATCH v2 2/5] batman-adv: Prevent duplicated nc_node entry X-BeenThere: b.a.t.m.a.n@lists.open-mesh.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: The list for a Better Approach To Mobile Ad-hoc Networking List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: The list for a Better Approach To Mobile Ad-hoc Networking Errors-To: b.a.t.m.a.n-bounces@lists.open-mesh.org Sender: "B.A.T.M.A.N" The function batadv_nc_get_nc_node is responsible for adding new nc_nodes to the in_coding_list and out_coding_list. It first checks whether the entry already is in the list or not. If it is, then the creation of a new entry is aborted. But the lock for the list is only held when the list is really modified. This could lead to duplicated entries because another context could create an entry with the same key between the check and the list manipulation. The check and the manipulation of the list must therefore be in the same locked code section. Fixes: 3ed7ada3f0bb ("batman-adv: network coding - detect coding nodes and remove these after timeout") Signed-off-by: Sven Eckelmann Acked-by: Marek Lindner --- net/batman-adv/network-coding.c | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/net/batman-adv/network-coding.c b/net/batman-adv/network-coding.c index c3578444..34caf129 100644 --- a/net/batman-adv/network-coding.c +++ b/net/batman-adv/network-coding.c @@ -854,16 +854,27 @@ batadv_nc_get_nc_node(struct batadv_priv *bat_priv, spinlock_t *lock; /* Used to lock list selected by "int in_coding" */ struct list_head *list; + /* Select ingoing or outgoing coding node */ + if (in_coding) { + lock = &orig_neigh_node->in_coding_list_lock; + list = &orig_neigh_node->in_coding_list; + } else { + lock = &orig_neigh_node->out_coding_list_lock; + list = &orig_neigh_node->out_coding_list; + } + + spin_lock_bh(lock); + /* Check if nc_node is already added */ nc_node = batadv_nc_find_nc_node(orig_node, orig_neigh_node, in_coding); /* Node found */ if (nc_node) - return nc_node; + goto unlock; nc_node = kzalloc(sizeof(*nc_node), GFP_ATOMIC); if (!nc_node) - return NULL; + goto unlock; /* Initialize nc_node */ INIT_LIST_HEAD(&nc_node->list); @@ -872,22 +883,14 @@ batadv_nc_get_nc_node(struct batadv_priv *bat_priv, kref_get(&orig_neigh_node->refcount); nc_node->orig_node = orig_neigh_node; - /* Select ingoing or outgoing coding node */ - if (in_coding) { - lock = &orig_neigh_node->in_coding_list_lock; - list = &orig_neigh_node->in_coding_list; - } else { - lock = &orig_neigh_node->out_coding_list_lock; - list = &orig_neigh_node->out_coding_list; - } - batadv_dbg(BATADV_DBG_NC, bat_priv, "Adding nc_node %pM -> %pM\n", nc_node->addr, nc_node->orig_node->orig); /* Add nc_node to orig_node */ - spin_lock_bh(lock); kref_get(&nc_node->refcount); list_add_tail_rcu(&nc_node->list, list); + +unlock: spin_unlock_bh(lock); return nc_node; From patchwork Thu Sep 6 12:35:26 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sven Eckelmann X-Patchwork-Id: 17469 X-Patchwork-Delegate: sw@simonwunderlich.de Return-Path: X-Original-To: patchwork@open-mesh.org Delivered-To: patchwork@open-mesh.org Received: from open-mesh.org (localhost [IPv6:::1]) by open-mesh.org (Postfix) with ESMTP id C057382F45; Thu, 6 Sep 2018 14:35:42 +0200 (CEST) Authentication-Results: open-mesh.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=narfation.org header.i=@narfation.org header.b="zCIVRRj3"; dkim-atps=neutral Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2001:4d88:2000:7::2; helo=v3-1039.vlinux.de; envelope-from=sven@narfation.org; receiver= Received: from v3-1039.vlinux.de (narfation.org [IPv6:2001:4d88:2000:7::2]) by open-mesh.org (Postfix) with ESMTPS id A532882F43 for ; Thu, 6 Sep 2018 14:35:39 +0200 (CEST) Received: from sven-desktop.home.narfation.org (p200300C593D79FFA9732AEE00057D068.dip0.t-ipconnect.de [IPv6:2003:c5:93d7:9ffa:9732:aee0:57:d068]) by v3-1039.vlinux.de (Postfix) with ESMTPSA id 1BC681100E1; Thu, 6 Sep 2018 14:35:39 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=narfation.org; s=20121; t=1536237339; bh=jth3JGQSwEeN0o3l2tOPLbhKIcwYnKTEfDiYF9FmoXs=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=zCIVRRj3Q6n3PNHIkOZ3FMWWiKZHB0+xgDL5L6BvsKvYhy4fl3e7GhjSQNZ7nwUlN eMRv0K0gWks5QesAOPiDQyhNgjmT7E2Ww8HwbP3nOEXEC0odiwttMhT0WL2wUWxMxB guK9CPiu2G3mMoetZgrxPk3ChMDy7ZgMGc0Ybacs= From: Sven Eckelmann To: b.a.t.m.a.n@lists.open-mesh.org Date: Thu, 6 Sep 2018 14:35:26 +0200 Message-Id: <20180906123528.30490-4-sven@narfation.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180906123528.30490-1-sven@narfation.org> References: <20180906123528.30490-1-sven@narfation.org> Subject: [B.A.T.M.A.N.] [PATCH v2 3/5] batman-adv: Prevent duplicated softif_vlan entry X-BeenThere: b.a.t.m.a.n@lists.open-mesh.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: The list for a Better Approach To Mobile Ad-hoc Networking List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: The list for a Better Approach To Mobile Ad-hoc Networking Errors-To: b.a.t.m.a.n-bounces@lists.open-mesh.org Sender: "B.A.T.M.A.N" The function batadv_softif_vlan_get is responsible for adding new softif_vlan to the softif_vlan_list. It first checks whether the entry already is in the list or not. If it is, then the creation of a new entry is aborted. But the lock for the list is only held when the list is really modified. This could lead to duplicated entries because another context could create an entry with the same key between the check and the list manipulation. The check and the manipulation of the list must therefore be in the same locked code section. Fixes: 952cebb57518 ("batman-adv: add per VLAN interface attribute framework") Signed-off-by: Sven Eckelmann --- v2: * changed batadv_softif_create_vlan to handle problems in batadv_sysfs_add_vlan as fatal error net/batman-adv/soft-interface.c | 25 ++++++++++++++++++------- 1 file changed, 18 insertions(+), 7 deletions(-) diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c index 1485263a..626ddca3 100644 --- a/net/batman-adv/soft-interface.c +++ b/net/batman-adv/soft-interface.c @@ -574,15 +574,20 @@ int batadv_softif_create_vlan(struct batadv_priv *bat_priv, unsigned short vid) struct batadv_softif_vlan *vlan; int err; + spin_lock_bh(&bat_priv->softif_vlan_list_lock); + vlan = batadv_softif_vlan_get(bat_priv, vid); if (vlan) { batadv_softif_vlan_put(vlan); + spin_unlock_bh(&bat_priv->softif_vlan_list_lock); return -EEXIST; } vlan = kzalloc(sizeof(*vlan), GFP_ATOMIC); - if (!vlan) + if (!vlan) { + spin_unlock_bh(&bat_priv->softif_vlan_list_lock); return -ENOMEM; + } vlan->bat_priv = bat_priv; vlan->vid = vid; @@ -590,17 +595,23 @@ int batadv_softif_create_vlan(struct batadv_priv *bat_priv, unsigned short vid) atomic_set(&vlan->ap_isolation, 0); + kref_get(&vlan->refcount); + hlist_add_head_rcu(&vlan->list, &bat_priv->softif_vlan_list); + spin_unlock_bh(&bat_priv->softif_vlan_list_lock); + + /* batadv_sysfs_add_vlan cannot be in the spinlock section due to the + * sleeping behavior of the sysfs functions and the fs_reclaim lock + */ err = batadv_sysfs_add_vlan(bat_priv->soft_iface, vlan); if (err) { - kfree(vlan); + /* ref for the function */ + batadv_softif_vlan_put(vlan); + + /* ref for the list */ + batadv_softif_vlan_put(vlan); return err; } - spin_lock_bh(&bat_priv->softif_vlan_list_lock); - kref_get(&vlan->refcount); - hlist_add_head_rcu(&vlan->list, &bat_priv->softif_vlan_list); - spin_unlock_bh(&bat_priv->softif_vlan_list_lock); - /* add a new TT local entry. This one will be marked with the NOPURGE * flag */ From patchwork Thu Sep 6 12:35:27 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sven Eckelmann X-Patchwork-Id: 17470 X-Patchwork-Delegate: sw@simonwunderlich.de Return-Path: X-Original-To: patchwork@open-mesh.org Delivered-To: patchwork@open-mesh.org Received: from open-mesh.org (localhost [IPv6:::1]) by open-mesh.org (Postfix) with ESMTP id A987482F48; Thu, 6 Sep 2018 14:35:43 +0200 (CEST) Authentication-Results: open-mesh.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=narfation.org header.i=@narfation.org header.b="YQBxw9zY"; dkim-atps=neutral Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2001:4d88:2000:7::2; helo=v3-1039.vlinux.de; envelope-from=sven@narfation.org; receiver= Received: from v3-1039.vlinux.de (narfation.org [IPv6:2001:4d88:2000:7::2]) by open-mesh.org (Postfix) with ESMTPS id 7068582F43 for ; Thu, 6 Sep 2018 14:35:42 +0200 (CEST) Received: from sven-desktop.home.narfation.org (p200300C593D79FFA9732AEE00057D068.dip0.t-ipconnect.de [IPv6:2003:c5:93d7:9ffa:9732:aee0:57:d068]) by v3-1039.vlinux.de (Postfix) with ESMTPSA id AA0B71100E1; Thu, 6 Sep 2018 14:35:41 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=narfation.org; s=20121; t=1536237341; bh=T1PuuOnG1ySckXeIJAXbKGeHVYa2joSy0/u+WrZjjBo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=YQBxw9zY18vxtZtg/i/fdhlFUxmw8Af43fX0L+TYIuZTpv04OoKFaDUjvgMH0C4g9 qY1/Bhjra5bwIcFTdY1m4C4GVbrxoHh9G7PXs0cvG659woGWLwX7eja8eO+BZAXyyR hskTpi0tKdfeVY7LAO2015AXB2m+NONNt2bdMcxM= From: Sven Eckelmann To: b.a.t.m.a.n@lists.open-mesh.org Date: Thu, 6 Sep 2018 14:35:27 +0200 Message-Id: <20180906123528.30490-5-sven@narfation.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180906123528.30490-1-sven@narfation.org> References: <20180906123528.30490-1-sven@narfation.org> Subject: [B.A.T.M.A.N.] [PATCH v2 4/5] batman-adv: Prevent duplicated global TT entry X-BeenThere: b.a.t.m.a.n@lists.open-mesh.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: The list for a Better Approach To Mobile Ad-hoc Networking List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: The list for a Better Approach To Mobile Ad-hoc Networking Errors-To: b.a.t.m.a.n-bounces@lists.open-mesh.org Sender: "B.A.T.M.A.N" The function batadv_tt_global_orig_entry_add is responsible for adding new tt_orig_list_entry to the orig_list. It first checks whether the entry already is in the list or not. If it is, then the creation of a new entry is aborted. But the lock for the list is only held when the list is really modified. This could lead to duplicated entries because another context could create an entry with the same key between the check and the list manipulation. The check and the manipulation of the list must therefore be in the same locked code section. Fixes: c5eb5bb30321 ("batman-adv: add reference counting for type batadv_tt_orig_list_entry") Signed-off-by: Sven Eckelmann Acked-by: Marek Lindner --- net/batman-adv/translation-table.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/net/batman-adv/translation-table.c b/net/batman-adv/translation-table.c index 12a2b7d2..d21624c4 100644 --- a/net/batman-adv/translation-table.c +++ b/net/batman-adv/translation-table.c @@ -1613,6 +1613,8 @@ batadv_tt_global_orig_entry_add(struct batadv_tt_global_entry *tt_global, { struct batadv_tt_orig_list_entry *orig_entry; + spin_lock_bh(&tt_global->list_lock); + orig_entry = batadv_tt_global_orig_entry_find(tt_global, orig_node); if (orig_entry) { /* refresh the ttvn: the current value could be a bogus one that @@ -1635,11 +1637,9 @@ batadv_tt_global_orig_entry_add(struct batadv_tt_global_entry *tt_global, orig_entry->flags = flags; kref_init(&orig_entry->refcount); - spin_lock_bh(&tt_global->list_lock); kref_get(&orig_entry->refcount); hlist_add_head_rcu(&orig_entry->list, &tt_global->orig_list); - spin_unlock_bh(&tt_global->list_lock); atomic_inc(&tt_global->orig_list_count); sync_flags: @@ -1647,6 +1647,8 @@ batadv_tt_global_orig_entry_add(struct batadv_tt_global_entry *tt_global, out: if (orig_entry) batadv_tt_orig_list_entry_put(orig_entry); + + spin_unlock_bh(&tt_global->list_lock); } /** From patchwork Thu Sep 6 12:35:28 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Sven Eckelmann X-Patchwork-Id: 17471 X-Patchwork-Delegate: sw@simonwunderlich.de Return-Path: X-Original-To: patchwork@open-mesh.org Delivered-To: patchwork@open-mesh.org Received: from open-mesh.org (localhost [IPv6:::1]) by open-mesh.org (Postfix) with ESMTP id E92B982F5C; Thu, 6 Sep 2018 14:35:46 +0200 (CEST) Authentication-Results: open-mesh.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=narfation.org header.i=@narfation.org header.b="CDVbzBmu"; dkim-atps=neutral Received-SPF: Pass (mailfrom) identity=mailfrom; client-ip=2001:4d88:2000:7::2; helo=v3-1039.vlinux.de; envelope-from=sven@narfation.org; receiver= Received: from v3-1039.vlinux.de (narfation.org [IPv6:2001:4d88:2000:7::2]) by open-mesh.org (Postfix) with ESMTPS id 707AB82F54 for ; Thu, 6 Sep 2018 14:35:45 +0200 (CEST) Received: from sven-desktop.home.narfation.org (p200300C593D79FFA9732AEE00057D068.dip0.t-ipconnect.de [IPv6:2003:c5:93d7:9ffa:9732:aee0:57:d068]) by v3-1039.vlinux.de (Postfix) with ESMTPSA id 0D7511100E1; Thu, 6 Sep 2018 14:35:44 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=narfation.org; s=20121; t=1536237344; bh=UtV+Dftyl+3r0oiu9hdo9+0ByXtTY5x0gs/GI2Y+zNQ=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=CDVbzBmuleKEtY70198UlAV/NKLvQDGsd2XS38veRTo8FY+w1BUPRFs7fydrgiDki Iivz568FawRSQEHNn0ZGZpf0LcRvM4KXg6Slh2DIBfiRMZ1MghbJdc33l9e+lmUfVv tpqNNenwhGQlU5M0BEq8GF/azqOvdtLC4D3Q9uXM= From: Sven Eckelmann To: b.a.t.m.a.n@lists.open-mesh.org Date: Thu, 6 Sep 2018 14:35:28 +0200 Message-Id: <20180906123528.30490-6-sven@narfation.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20180906123528.30490-1-sven@narfation.org> References: <20180906123528.30490-1-sven@narfation.org> Subject: [B.A.T.M.A.N.] [PATCH v2 5/5] batman-adv: Prevent duplicated tvlv handler X-BeenThere: b.a.t.m.a.n@lists.open-mesh.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: The list for a Better Approach To Mobile Ad-hoc Networking List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: The list for a Better Approach To Mobile Ad-hoc Networking Errors-To: b.a.t.m.a.n-bounces@lists.open-mesh.org Sender: "B.A.T.M.A.N" The function batadv_tvlv_handler_register is responsible for adding new tvlv_handler to the handler_list. It first checks whether the entry already is in the list or not. If it is, then the creation of a new entry is aborted. But the lock for the list is only held when the list is really modified. This could lead to duplicated entries because another context could create an entry with the same key between the check and the list manipulation. The check and the manipulation of the list must therefore be in the same locked code section. Fixes: 0b6aa0d43767 ("batman-adv: tvlv - basic infrastructure") Signed-off-by: Sven Eckelmann Acked-by: Marek Lindner --- net/batman-adv/tvlv.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/net/batman-adv/tvlv.c b/net/batman-adv/tvlv.c index a6374582..40e69c93 100644 --- a/net/batman-adv/tvlv.c +++ b/net/batman-adv/tvlv.c @@ -529,15 +529,20 @@ void batadv_tvlv_handler_register(struct batadv_priv *bat_priv, { struct batadv_tvlv_handler *tvlv_handler; + spin_lock_bh(&bat_priv->tvlv.handler_list_lock); + tvlv_handler = batadv_tvlv_handler_get(bat_priv, type, version); if (tvlv_handler) { + spin_unlock_bh(&bat_priv->tvlv.handler_list_lock); batadv_tvlv_handler_put(tvlv_handler); return; } tvlv_handler = kzalloc(sizeof(*tvlv_handler), GFP_ATOMIC); - if (!tvlv_handler) + if (!tvlv_handler) { + spin_unlock_bh(&bat_priv->tvlv.handler_list_lock); return; + } tvlv_handler->ogm_handler = optr; tvlv_handler->unicast_handler = uptr; @@ -547,7 +552,6 @@ void batadv_tvlv_handler_register(struct batadv_priv *bat_priv, kref_init(&tvlv_handler->refcount); INIT_HLIST_NODE(&tvlv_handler->list); - spin_lock_bh(&bat_priv->tvlv.handler_list_lock); kref_get(&tvlv_handler->refcount); hlist_add_head_rcu(&tvlv_handler->list, &bat_priv->tvlv.handler_list); spin_unlock_bh(&bat_priv->tvlv.handler_list_lock);