From patchwork Mon Apr 27 15:00:36 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Wunderlich X-Patchwork-Id: 18097 X-Patchwork-Delegate: sw@simonwunderlich.de Return-Path: X-Original-To: patchwork@open-mesh.org Delivered-To: patchwork@open-mesh.org Received: from diktynna.open-mesh.org (localhost [IPv6:::1]) by diktynna.open-mesh.org (Postfix) with ESMTP id 428AD80F12; Mon, 27 Apr 2020 17:10:53 +0200 (CEST) ARC-Seal: i=2; cv=fail; a=rsa-sha256; d=open-mesh.org; s=20121; t=1588000251; b=OHYNvnBXtZYNXjjqU/nAZsLrETlplagI6xzdQ1/8oIswozO+NUZKQJi+ctHnFaTu/x0X/ NHcj8TCcQKBlS3Exr8uIBzDrIFSVjqFImUFz34QiilnO69YGJpIlwwGGPQh+L+YEtgG8sVJ yohV4gpziZXQAGV3v3HkzUAPBZLi2dU= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=open-mesh.org; s=20121; t=1588000251; h=from : sender : reply-to : subject : date : message-id : to : cc : mime-version : content-type : content-transfer-encoding : content-id : content-description : resent-date : resent-from : resent-sender : resent-to : resent-cc : resent-message-id : in-reply-to : references : list-id : list-help : list-unsubscribe : list-subscribe : list-post : list-owner : list-archive; bh=ah8UMQ61/QmEF1sTwGYvqsZP4O1T95owIWim8DvhBAE=; b=XFi00giMKM/WC+ps04tflgCxmEZS3585obaBuIcFMLA4XaiRhPI5lsTHjYNp92mA0u1zk 6ecmvzKx8bIykVMSuz5l1rf1XySA3SpT24E7N1BASoAIFcK+zZKNZ7OJwL32AZwumHaC4Um ojOBYNT2ec5I/vBNs2c1Tygltfr6NBI= ARC-Authentication-Results: i=2; open-mesh.org; dkim=fail; arc=fail; dmarc=fail header.from=simonwunderlich.de Authentication-Results: open-mesh.org; dkim=fail; arc=fail; dmarc=fail header.from=simonwunderlich.de Received: from simonwunderlich.de (simonwunderlich.de [79.140.42.25]) by diktynna.open-mesh.org (Postfix) with ESMTPS id 7075680DFF for ; Mon, 27 Apr 2020 17:10:49 +0200 (CEST) Received: from kero.packetmixer.de (p4FD5799A.dip0.t-ipconnect.de [79.213.121.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by simonwunderlich.de (Postfix) with ESMTPSA id DD3416205B; Mon, 27 Apr 2020 17:00:42 +0200 (CEST) From: Simon Wunderlich To: davem@davemloft.net Subject: [PATCH 1/4] batman-adv: fix batadv_nc_random_weight_tq Date: Mon, 27 Apr 2020 17:00:36 +0200 Message-Id: <20200427150039.28730-2-sw@simonwunderlich.de> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200427150039.28730-1-sw@simonwunderlich.de> References: <20200427150039.28730-1-sw@simonwunderlich.de> MIME-Version: 1.0 ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=open-mesh.org; s=20121; t=1588000249; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=s55pedBSWVaozmgAGDj0zP1QQXjM8mgWhRkg0KPGK8s=; b=CSgjTqLnRyowiW4w7M9udc+RWdIEZxT41m4cOo6kq0KtpI+jW84VyTFsWNgZ0gQpNqe7EE 6TsoDSXhJZidfAMgrajXSS0da08/n0vKcKfsLnQp+vd1l9tRNqD78D/R6Oo0H4cLxERV0s Ls185nVrcPq5RZt29WQFb63TSvwCjAw= ARC-Seal: i=1; s=20121; d=open-mesh.org; t=1588000249; a=rsa-sha256; cv=none; b=XHkiPuioK1USPp3YzzIVo+mJ2OMcst2NH2LKhIsZgV2Eu1aSQdfjS9h3ATfgDxKxV/6vms rhYk80EbBGFjJKd3vdta6rWu0ZeSvuN5RwssWcOFlHt/AGjSz8sQFM6y4I/9l2LspuDFa3 wCXfYAfUwMSKhEmQhbzgPQt53OkZuME= ARC-Authentication-Results: i=1; diktynna.open-mesh.org; dkim=none; spf=pass (diktynna.open-mesh.org: domain of sw@simonwunderlich.de designates 79.140.42.25 as permitted sender) smtp.mailfrom=sw@simonwunderlich.de Message-ID-Hash: FZIUJY67YQOEHDPNTLO4AJUPK3CDIBIE X-Message-ID-Hash: FZIUJY67YQOEHDPNTLO4AJUPK3CDIBIE X-MailFrom: sw@simonwunderlich.de X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-b.a.t.m.a.n.lists.open-mesh.org-0; header-match-b.a.t.m.a.n.lists.open-mesh.org-1; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: netdev@vger.kernel.org, b.a.t.m.a.n@lists.open-mesh.org, George Spelvin X-Mailman-Version: 3.2.1 Precedence: list Reply-To: The list for a Better Approach To Mobile Ad-hoc Networking List-Id: The list for a Better Approach To Mobile Ad-hoc Networking Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: From: George Spelvin and change to pseudorandom numbers, as this is a traffic dithering operation that doesn't need crypto-grade. The previous code operated in 4 steps: 1. Generate a random byte 0 <= rand_tq <= 255 2. Multiply it by BATADV_TQ_MAX_VALUE - tq 3. Divide by 255 (= BATADV_TQ_MAX_VALUE) 4. Return BATADV_TQ_MAX_VALUE - rand_tq This would apperar to scale (BATADV_TQ_MAX_VALUE - tq) by a random value between 0/255 and 255/255. But! The intermediate value between steps 3 and 4 is stored in a u8 variable. So it's truncated, and most of the time, is less than 255, after which the division produces 0. Specifically, if tq is odd, the product is always even, and can never be 255. If tq is even, there's exactly one random byte value that will produce a product byte of 255. Thus, the return value is 255 (511/512 of the time) or 254 (1/512 of the time). If we assume that the truncation is a bug, and the code is meant to scale the input, a simpler way of looking at it is that it's returning a random value between tq and BATADV_TQ_MAX_VALUE, inclusive. Well, we have an optimized function for doing just that. Fixes: 3c12de9a5c75 ("batman-adv: network coding - code and transmit packets if possible") Signed-off-by: George Spelvin Signed-off-by: Sven Eckelmann Signed-off-by: Simon Wunderlich --- net/batman-adv/network-coding.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/net/batman-adv/network-coding.c b/net/batman-adv/network-coding.c index 8f0717c3f7b5..b0469d15da0e 100644 --- a/net/batman-adv/network-coding.c +++ b/net/batman-adv/network-coding.c @@ -1009,15 +1009,8 @@ static struct batadv_nc_path *batadv_nc_get_path(struct batadv_priv *bat_priv, */ static u8 batadv_nc_random_weight_tq(u8 tq) { - u8 rand_val, rand_tq; - - get_random_bytes(&rand_val, sizeof(rand_val)); - /* randomize the estimated packet loss (max TQ - estimated TQ) */ - rand_tq = rand_val * (BATADV_TQ_MAX_VALUE - tq); - - /* normalize the randomized packet loss */ - rand_tq /= BATADV_TQ_MAX_VALUE; + u8 rand_tq = prandom_u32_max(BATADV_TQ_MAX_VALUE + 1 - tq); /* convert to (randomized) estimated tq again */ return BATADV_TQ_MAX_VALUE - rand_tq; From patchwork Mon Apr 27 15:00:37 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Wunderlich X-Patchwork-Id: 18099 X-Patchwork-Delegate: sw@simonwunderlich.de Return-Path: X-Original-To: patchwork@open-mesh.org Delivered-To: patchwork@open-mesh.org Received: from diktynna.open-mesh.org (localhost [IPv6:::1]) by diktynna.open-mesh.org (Postfix) with ESMTP id 474C081080; Mon, 27 Apr 2020 17:10:59 +0200 (CEST) ARC-Seal: i=2; cv=fail; a=rsa-sha256; d=open-mesh.org; s=20121; t=1588000252; b=Tfu3PaavY0Q8UTDurVKmFies4BKXP/dodxAAPuku+Ta7+lgEAmlv3TBIlFUcAc1BwNqfA 2mnUlvy72tjDsfnQwUDAo0vOghI+r5SkzqxBkd2Qhb3ZJz9sMasOCQIFH/HTqXFVJGKv9OS b5cO4OgDOGHbC19mdF3OXBwuElj0qCE= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=open-mesh.org; s=20121; t=1588000252; h=from : sender : reply-to : subject : date : message-id : to : cc : mime-version : content-type : content-transfer-encoding : content-id : content-description : resent-date : resent-from : resent-sender : resent-to : resent-cc : resent-message-id : in-reply-to : references : list-id : list-help : list-unsubscribe : list-subscribe : list-post : list-owner : list-archive; bh=XFQJM52hcgv7CgC7BOMGBCAtM3MoMC537/Rlgcbt3oI=; b=x0Sizs5bq3wq1eWL/k++ZXVSCpmM+MKDCJPvunwLk/ZF7tBkUBr+2RJP3LpCIzlhQgqtE UeaeSSBPmneqAEJIz5MBo1fafBA/Ah2aG6+mVyqa4zBQXTsdcGaCjW1tmhC1FhWRloD89aZ 83l/4ogsd8aMZfSJdtlY1cCETvT7D+I= ARC-Authentication-Results: i=2; open-mesh.org; dkim=fail; arc=fail; dmarc=fail header.from=simonwunderlich.de Authentication-Results: open-mesh.org; dkim=fail; arc=fail; dmarc=fail header.from=simonwunderlich.de Received: from simonwunderlich.de (packetmixer.de [IPv6:2001:4d88:2000:24::c0de]) by diktynna.open-mesh.org (Postfix) with ESMTPS id 6E86680B97 for ; Mon, 27 Apr 2020 17:10:49 +0200 (CEST) Received: from kero.packetmixer.de (p4FD5799A.dip0.t-ipconnect.de [79.213.121.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by simonwunderlich.de (Postfix) with ESMTPSA id 69F1B6205D; Mon, 27 Apr 2020 17:00:43 +0200 (CEST) From: Simon Wunderlich To: davem@davemloft.net Subject: [PATCH 2/4] batman-adv: Fix refcnt leak in batadv_show_throughput_override Date: Mon, 27 Apr 2020 17:00:37 +0200 Message-Id: <20200427150039.28730-3-sw@simonwunderlich.de> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200427150039.28730-1-sw@simonwunderlich.de> References: <20200427150039.28730-1-sw@simonwunderlich.de> MIME-Version: 1.0 ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=open-mesh.org; s=20121; t=1588000249; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=foc0++gtkv0VNDpizzJPQrCPvEXpFCpIKZaxdMXtsks=; b=pD/V4U2pG/PVyJYPXipVusOn3/k2hglWq4ffFFJbCRoJPZlOHqLKSUdl8K0KPQCkIgzHgS u+1hVuLn8B4xNKHZyMMm/DQveILEVpzE6mpkr3Ju537dO3XnUubGkTCFOwJoTXo0LAj93e w4XdD4BzKbo00i1b2ywwvW1Ej3ze664= ARC-Seal: i=1; s=20121; d=open-mesh.org; t=1588000249; a=rsa-sha256; cv=none; b=K7lwMuhYYWqHrvMTq3f5AKslwBSQzAcN2AgJTev7zFX3+p9Dkyum2V1KB8Q8xEfWwiSaDN iJx9SPm6PqqWwrPA2lXbx+ZISMQZAw+LvtbnEes76VF9q5iEV30xp4PALLn70IRntAa9EJ aIOMiF8Jp00OqPTZ1LsK4AteJtv0wZU= ARC-Authentication-Results: i=1; diktynna.open-mesh.org; dkim=none; spf=pass (diktynna.open-mesh.org: domain of sw@simonwunderlich.de designates 2001:4d88:2000:24::c0de as permitted sender) smtp.mailfrom=sw@simonwunderlich.de Message-ID-Hash: EX2OLIWADGD5RO5CLER7OTFIPMUGWP5H X-Message-ID-Hash: EX2OLIWADGD5RO5CLER7OTFIPMUGWP5H X-MailFrom: sw@simonwunderlich.de X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-b.a.t.m.a.n.lists.open-mesh.org-0; header-match-b.a.t.m.a.n.lists.open-mesh.org-1; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: netdev@vger.kernel.org, b.a.t.m.a.n@lists.open-mesh.org, Xiyu Yang , Xin Tan X-Mailman-Version: 3.2.1 Precedence: list Reply-To: The list for a Better Approach To Mobile Ad-hoc Networking List-Id: The list for a Better Approach To Mobile Ad-hoc Networking Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: From: Xiyu Yang batadv_show_throughput_override() invokes batadv_hardif_get_by_netdev(), which gets a batadv_hard_iface object from net_dev with increased refcnt and its reference is assigned to a local pointer 'hard_iface'. When batadv_show_throughput_override() returns, "hard_iface" becomes invalid, so the refcount should be decreased to keep refcount balanced. The issue happens in the normal path of batadv_show_throughput_override(), which forgets to decrease the refcnt increased by batadv_hardif_get_by_netdev() before the function returns, causing a refcnt leak. Fix this issue by calling batadv_hardif_put() before the batadv_show_throughput_override() returns in the normal path. Fixes: 0b5ecc6811bd ("batman-adv: add throughput override attribute to hard_ifaces") Signed-off-by: Xiyu Yang Signed-off-by: Xin Tan Signed-off-by: Sven Eckelmann Signed-off-by: Simon Wunderlich --- net/batman-adv/sysfs.c | 1 + 1 file changed, 1 insertion(+) diff --git a/net/batman-adv/sysfs.c b/net/batman-adv/sysfs.c index c45962d8527b..c0b00268aac4 100644 --- a/net/batman-adv/sysfs.c +++ b/net/batman-adv/sysfs.c @@ -1190,6 +1190,7 @@ static ssize_t batadv_show_throughput_override(struct kobject *kobj, tp_override = atomic_read(&hard_iface->bat_v.throughput_override); + batadv_hardif_put(hard_iface); return sprintf(buff, "%u.%u MBit\n", tp_override / 10, tp_override % 10); } From patchwork Mon Apr 27 15:00:38 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Wunderlich X-Patchwork-Id: 18098 X-Patchwork-Delegate: sw@simonwunderlich.de Return-Path: X-Original-To: patchwork@open-mesh.org Delivered-To: patchwork@open-mesh.org Received: from diktynna.open-mesh.org (localhost [IPv6:::1]) by diktynna.open-mesh.org (Postfix) with ESMTP id C1D768106A; Mon, 27 Apr 2020 17:10:58 +0200 (CEST) ARC-Seal: i=2; cv=fail; a=rsa-sha256; d=open-mesh.org; s=20121; t=1588000251; b=XG2xINcel3UMLKN43JaFVL5E3R1Yv3sp1MlXAzJofLbr9di6dPNIBhODx3egmXesKpAII jK7AMhrkctRSIHi2OR1b1CFnG+bnV32q6az5tKIPlUCW6eU9BXqNnn6bBd8stnn5WNfG0qO L5DBrs4VK7qA8Dirhd5M0lI6oLetloM= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=open-mesh.org; s=20121; t=1588000251; h=from : sender : reply-to : subject : date : message-id : to : cc : mime-version : content-type : content-transfer-encoding : content-id : content-description : resent-date : resent-from : resent-sender : resent-to : resent-cc : resent-message-id : in-reply-to : references : list-id : list-help : list-unsubscribe : list-subscribe : list-post : list-owner : list-archive; bh=pY2YTOliTxJwz0BspQl8Hvd0sYH+tUCZQosINcNm6fA=; b=rBcmYkp8j0TT9FFbakAdDAbMssTpyPLpe5Sk7s2XiH5zwhwke9lVsgmIaSHTE0vyou56H M8RP8OBWi5BJAS4jcbNATGhWVKu9LUGXmqwM8IsRFEoO5HAxnt0fXRQ+NCpc+3VbhkXlbt2 Lyp8GxfdBCBcoydlgV5z27K7E4FzxNs= ARC-Authentication-Results: i=2; open-mesh.org; dkim=fail; arc=fail; dmarc=fail header.from=simonwunderlich.de Authentication-Results: open-mesh.org; dkim=fail; arc=fail; dmarc=fail header.from=simonwunderlich.de Received: from simonwunderlich.de (packetmixer.de [IPv6:2001:4d88:2000:24::c0de]) by diktynna.open-mesh.org (Postfix) with ESMTPS id 76CFF80E07 for ; Mon, 27 Apr 2020 17:10:49 +0200 (CEST) Received: from kero.packetmixer.de (p4FD5799A.dip0.t-ipconnect.de [79.213.121.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by simonwunderlich.de (Postfix) with ESMTPSA id 0035C6205F; Mon, 27 Apr 2020 17:00:43 +0200 (CEST) From: Simon Wunderlich To: davem@davemloft.net Subject: [PATCH 3/4] batman-adv: Fix refcnt leak in batadv_store_throughput_override Date: Mon, 27 Apr 2020 17:00:38 +0200 Message-Id: <20200427150039.28730-4-sw@simonwunderlich.de> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200427150039.28730-1-sw@simonwunderlich.de> References: <20200427150039.28730-1-sw@simonwunderlich.de> MIME-Version: 1.0 ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=open-mesh.org; s=20121; t=1588000249; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Q3FmlbpBygVUbD2L30VHAdN/IikSEe6A8p9E00XQKKE=; b=uAw0d6JOUt2EinRxmLuOR8zg0W9n8DFGVvd/iquZFiWkDRuG97IQpCppB1yvuxlmKm9WXw mNC23J/YfykwYAJGahh6j1dXFlqz+2ClmnA8Vwkv5eHr/1tcfY56y1QzEtVNYBqC4MNyf/ FvWHYTXp6mAMdJxWBanqE12zpuw+ED8= ARC-Seal: i=1; s=20121; d=open-mesh.org; t=1588000249; a=rsa-sha256; cv=none; b=uIGOdUQlVB+A//iSunKx51cVekgM0Cks2MZ2bU/SvqaEvdyVumVgdjkATTcFdnCgNh7V8Q u4GKg7V0kbK61i6Ov30YF9IjQ1n91P3F+Ux9oGDUL5CQn3m6jRQItRWSnwBPgYsDkrGR0y HQ6xjDg1vqkV+CIMP6lqB5THT7bciDw= ARC-Authentication-Results: i=1; diktynna.open-mesh.org; dkim=none; spf=pass (diktynna.open-mesh.org: domain of sw@simonwunderlich.de designates 2001:4d88:2000:24::c0de as permitted sender) smtp.mailfrom=sw@simonwunderlich.de Message-ID-Hash: PL3UF7EMRK7PRCKBN4WYFKW4ZNEU6M2G X-Message-ID-Hash: PL3UF7EMRK7PRCKBN4WYFKW4ZNEU6M2G X-MailFrom: sw@simonwunderlich.de X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-b.a.t.m.a.n.lists.open-mesh.org-0; header-match-b.a.t.m.a.n.lists.open-mesh.org-1; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: netdev@vger.kernel.org, b.a.t.m.a.n@lists.open-mesh.org, Xiyu Yang , Xin Tan X-Mailman-Version: 3.2.1 Precedence: list Reply-To: The list for a Better Approach To Mobile Ad-hoc Networking List-Id: The list for a Better Approach To Mobile Ad-hoc Networking Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: From: Xiyu Yang batadv_show_throughput_override() invokes batadv_hardif_get_by_netdev(), which gets a batadv_hard_iface object from net_dev with increased refcnt and its reference is assigned to a local pointer 'hard_iface'. When batadv_store_throughput_override() returns, "hard_iface" becomes invalid, so the refcount should be decreased to keep refcount balanced. The issue happens in one error path of batadv_store_throughput_override(). When batadv_parse_throughput() returns NULL, the refcnt increased by batadv_hardif_get_by_netdev() is not decreased, causing a refcnt leak. Fix this issue by jumping to "out" label when batadv_parse_throughput() returns NULL. Fixes: 0b5ecc6811bd ("batman-adv: add throughput override attribute to hard_ifaces") Signed-off-by: Xiyu Yang Signed-off-by: Xin Tan Signed-off-by: Sven Eckelmann Signed-off-by: Simon Wunderlich --- net/batman-adv/sysfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/batman-adv/sysfs.c b/net/batman-adv/sysfs.c index c0b00268aac4..0f962dcd239e 100644 --- a/net/batman-adv/sysfs.c +++ b/net/batman-adv/sysfs.c @@ -1150,7 +1150,7 @@ static ssize_t batadv_store_throughput_override(struct kobject *kobj, ret = batadv_parse_throughput(net_dev, buff, "throughput_override", &tp_override); if (!ret) - return count; + goto out; old_tp_override = atomic_read(&hard_iface->bat_v.throughput_override); if (old_tp_override == tp_override) From patchwork Mon Apr 27 15:00:39 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Simon Wunderlich X-Patchwork-Id: 18096 X-Patchwork-Delegate: sw@simonwunderlich.de Return-Path: X-Original-To: patchwork@open-mesh.org Delivered-To: patchwork@open-mesh.org Received: from diktynna.open-mesh.org (localhost [IPv6:::1]) by diktynna.open-mesh.org (Postfix) with ESMTP id 7B49C80691; Mon, 27 Apr 2020 17:10:52 +0200 (CEST) ARC-Seal: i=2; cv=fail; a=rsa-sha256; d=open-mesh.org; s=20121; t=1588000251; b=LjmKsta8FWBRicwH7IlHeySxZKnBNp7hOSKHoURGwWpH2OKU+2g6B3CJTadqS5F3aSXG6 Krm+vAa/8GMs4rNMbRHqmlcjDV3Ce2ykiz4eSNpY1NrVe8NLlDNn2j7w0oIw5GpA6LyGUN7 h+hHaUG8oemx+M19ZqMh6n8PFov4muE= ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=open-mesh.org; s=20121; t=1588000251; h=from : sender : reply-to : subject : date : message-id : to : cc : mime-version : content-type : content-transfer-encoding : content-id : content-description : resent-date : resent-from : resent-sender : resent-to : resent-cc : resent-message-id : in-reply-to : references : list-id : list-help : list-unsubscribe : list-subscribe : list-post : list-owner : list-archive; bh=9fyK5ulzDod0Mcd1rx7w9vnQM4JE6GiKzC4vWPOwOko=; b=kOkF3hDvf2MStpzseNGjf03SFtcR2UroqeIwXtyM9RPDvvZNdxjKMLo6sBdYx3HiJF7KT XSDOncXdzIMiuBnDrnscpb3k+3+KpF+6zRPV2DnGNz7scPR/Mp6Zom6N0dBTu+FX3nXKwYI pQszQig03+dKgUwApR4NDmsMTieLVhE= ARC-Authentication-Results: i=2; open-mesh.org; dkim=fail; arc=fail; dmarc=fail header.from=simonwunderlich.de Authentication-Results: open-mesh.org; dkim=fail; arc=fail; dmarc=fail header.from=simonwunderlich.de Received: from simonwunderlich.de (packetmixer.de [IPv6:2001:4d88:2000:24::c0de]) by diktynna.open-mesh.org (Postfix) with ESMTPS id 683D78002D for ; Mon, 27 Apr 2020 17:10:49 +0200 (CEST) Received: from kero.packetmixer.de (p4FD5799A.dip0.t-ipconnect.de [79.213.121.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by simonwunderlich.de (Postfix) with ESMTPSA id 805E06206C; Mon, 27 Apr 2020 17:00:44 +0200 (CEST) From: Simon Wunderlich To: davem@davemloft.net Subject: [PATCH 4/4] batman-adv: Fix refcnt leak in batadv_v_ogm_process Date: Mon, 27 Apr 2020 17:00:39 +0200 Message-Id: <20200427150039.28730-5-sw@simonwunderlich.de> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20200427150039.28730-1-sw@simonwunderlich.de> References: <20200427150039.28730-1-sw@simonwunderlich.de> MIME-Version: 1.0 ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=open-mesh.org; s=20121; t=1588000249; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=iAthKBOrDvZCS7N6CscyqnQ85CaXvUr3rUYUdwS+jQE=; b=Fc0VuNOLaEh7jeetyVYKLTv7gYTfVeVWmkf5zSPOjnz7s0TOxS2e0gGXyf2vIJ76F2rUzi ZUQAVhcB6NL/XUSfhidgdRpsIxkW3bvB6nXbwyQFPNX1Sf5itfx9+Rx3Y9g7XC9ey/Y+N1 2Kf37nsNwqcFHplKSR/wpPa/P2C9K+8= ARC-Seal: i=1; s=20121; d=open-mesh.org; t=1588000249; a=rsa-sha256; cv=none; b=kERi4UwpXiGvbVMLppK8JayhGZPGIw03623zJBEsRYUpx1KVPEBku8ZKENl7j3zBOnHeXm QXVDuh+7bXH9dImP0LmCU2moMQY9gEZPzgGr2hvX19ZWaacMhDHLll4dvM2rgLA2Bnm5Fy w8k62N1fQTeAgIFShYzvpzETNejFdn4= ARC-Authentication-Results: i=1; diktynna.open-mesh.org; dkim=none; spf=pass (diktynna.open-mesh.org: domain of sw@simonwunderlich.de designates 2001:4d88:2000:24::c0de as permitted sender) smtp.mailfrom=sw@simonwunderlich.de Message-ID-Hash: 6Z2CK2O7EU7WNLYP5PSO3YTFID3LWUC5 X-Message-ID-Hash: 6Z2CK2O7EU7WNLYP5PSO3YTFID3LWUC5 X-MailFrom: sw@simonwunderlich.de X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-b.a.t.m.a.n.lists.open-mesh.org-0; header-match-b.a.t.m.a.n.lists.open-mesh.org-1; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header CC: netdev@vger.kernel.org, b.a.t.m.a.n@lists.open-mesh.org, Xiyu Yang , Xin Tan X-Mailman-Version: 3.2.1 Precedence: list Reply-To: The list for a Better Approach To Mobile Ad-hoc Networking List-Id: The list for a Better Approach To Mobile Ad-hoc Networking Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: From: Xiyu Yang batadv_v_ogm_process() invokes batadv_hardif_neigh_get(), which returns a reference of the neighbor object to "hardif_neigh" with increased refcount. When batadv_v_ogm_process() returns, "hardif_neigh" becomes invalid, so the refcount should be decreased to keep refcount balanced. The reference counting issue happens in one exception handling paths of batadv_v_ogm_process(). When batadv_v_ogm_orig_get() fails to get the orig node and returns NULL, the refcnt increased by batadv_hardif_neigh_get() is not decreased, causing a refcnt leak. Fix this issue by jumping to "out" label when batadv_v_ogm_orig_get() fails to get the orig node. Fixes: 9323158ef9f4 ("batman-adv: OGMv2 - implement originators logic") Signed-off-by: Xiyu Yang Signed-off-by: Xin Tan Signed-off-by: Sven Eckelmann Signed-off-by: Simon Wunderlich --- net/batman-adv/bat_v_ogm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/batman-adv/bat_v_ogm.c b/net/batman-adv/bat_v_ogm.c index 969466218999..80b87b1f4e3a 100644 --- a/net/batman-adv/bat_v_ogm.c +++ b/net/batman-adv/bat_v_ogm.c @@ -893,7 +893,7 @@ static void batadv_v_ogm_process(const struct sk_buff *skb, int ogm_offset, orig_node = batadv_v_ogm_orig_get(bat_priv, ogm_packet->orig); if (!orig_node) - return; + goto out; neigh_node = batadv_neigh_node_get_or_create(orig_node, if_incoming, ethhdr->h_source);