aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinus Lüssing <linus.luessing@ascom.ch>2011-02-13 16:13:02 -0500
committerMarek Lindner <lindner_marek@yahoo.de>2011-03-05 06:50:10 -0500
commit5d02b3cdfafeb23ab7cf43ef1d2118007370e8d0 (patch)
tree4bd28fe2a1bca0a14710f01f98852f43ef2e330c
parentf3e0008f01b275bd08bd416cfcaa7021dd6bc277 (diff)
batman-adv: Make bat_priv->curr_gw an rcu protected pointer
The rcu protected macros rcu_dereference() and rcu_assign_pointer() for the bat_priv->curr_gw need to be used, as well as spin/rcu locking. Otherwise we might end up using a curr_gw pointer pointing to already freed memory. Reported-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Linus Lüssing <linus.luessing@ascom.ch> Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
-rw-r--r--net/batman-adv/gateway_client.c100
-rw-r--r--net/batman-adv/types.h4
2 files changed, 72 insertions, 32 deletions
diff --git a/net/batman-adv/gateway_client.c b/net/batman-adv/gateway_client.c
index 517e001605d9..a3e842fd0f9c 100644
--- a/net/batman-adv/gateway_client.c
+++ b/net/batman-adv/gateway_client.c
@@ -44,19 +44,29 @@ static void gw_node_free_ref(struct gw_node *gw_node)
44 44
45void *gw_get_selected(struct bat_priv *bat_priv) 45void *gw_get_selected(struct bat_priv *bat_priv)
46{ 46{
47 struct gw_node *curr_gateway_tmp = bat_priv->curr_gw; 47 struct gw_node *curr_gateway_tmp;
48 struct orig_node *orig_node = NULL;
48 49
50 rcu_read_lock();
51 curr_gateway_tmp = rcu_dereference(bat_priv->curr_gw);
49 if (!curr_gateway_tmp) 52 if (!curr_gateway_tmp)
50 return NULL; 53 goto out;
54
55 orig_node = curr_gateway_tmp->orig_node;
51 56
52 return curr_gateway_tmp->orig_node; 57out:
58 rcu_read_unlock();
59 return orig_node;
53} 60}
54 61
55void gw_deselect(struct bat_priv *bat_priv) 62void gw_deselect(struct bat_priv *bat_priv)
56{ 63{
57 struct gw_node *gw_node = bat_priv->curr_gw; 64 struct gw_node *gw_node;
58 65
59 bat_priv->curr_gw = NULL; 66 spin_lock_bh(&bat_priv->gw_list_lock);
67 gw_node = rcu_dereference(bat_priv->curr_gw);
68 rcu_assign_pointer(bat_priv->curr_gw, NULL);
69 spin_unlock_bh(&bat_priv->gw_list_lock);
60 70
61 if (gw_node) 71 if (gw_node)
62 gw_node_free_ref(gw_node); 72 gw_node_free_ref(gw_node);
@@ -64,12 +74,15 @@ void gw_deselect(struct bat_priv *bat_priv)
64 74
65static void gw_select(struct bat_priv *bat_priv, struct gw_node *new_gw_node) 75static void gw_select(struct bat_priv *bat_priv, struct gw_node *new_gw_node)
66{ 76{
67 struct gw_node *curr_gw_node = bat_priv->curr_gw; 77 struct gw_node *curr_gw_node;
68 78
69 if (new_gw_node && !atomic_inc_not_zero(&new_gw_node->refcount)) 79 if (new_gw_node && !atomic_inc_not_zero(&new_gw_node->refcount))
70 new_gw_node = NULL; 80 new_gw_node = NULL;
71 81
72 bat_priv->curr_gw = new_gw_node; 82 spin_lock_bh(&bat_priv->gw_list_lock);
83 curr_gw_node = rcu_dereference(bat_priv->curr_gw);
84 rcu_assign_pointer(bat_priv->curr_gw, new_gw_node);
85 spin_unlock_bh(&bat_priv->gw_list_lock);
73 86
74 if (curr_gw_node) 87 if (curr_gw_node)
75 gw_node_free_ref(curr_gw_node); 88 gw_node_free_ref(curr_gw_node);
@@ -78,7 +91,7 @@ static void gw_select(struct bat_priv *bat_priv, struct gw_node *new_gw_node)
78void gw_election(struct bat_priv *bat_priv) 91void gw_election(struct bat_priv *bat_priv)
79{ 92{
80 struct hlist_node *node; 93 struct hlist_node *node;
81 struct gw_node *gw_node, *curr_gw_tmp = NULL; 94 struct gw_node *gw_node, *curr_gw, *curr_gw_tmp = NULL;
82 uint8_t max_tq = 0; 95 uint8_t max_tq = 0;
83 uint32_t max_gw_factor = 0, tmp_gw_factor = 0; 96 uint32_t max_gw_factor = 0, tmp_gw_factor = 0;
84 int down, up; 97 int down, up;
@@ -92,19 +105,23 @@ void gw_election(struct bat_priv *bat_priv)
92 if (atomic_read(&bat_priv->gw_mode) != GW_MODE_CLIENT) 105 if (atomic_read(&bat_priv->gw_mode) != GW_MODE_CLIENT)
93 return; 106 return;
94 107
95 if (bat_priv->curr_gw) 108 rcu_read_lock();
109 curr_gw = rcu_dereference(bat_priv->curr_gw);
110 if (curr_gw) {
111 rcu_read_unlock();
96 return; 112 return;
113 }
97 114
98 rcu_read_lock();
99 if (hlist_empty(&bat_priv->gw_list)) { 115 if (hlist_empty(&bat_priv->gw_list)) {
100 rcu_read_unlock();
101 116
102 if (bat_priv->curr_gw) { 117 if (curr_gw) {
118 rcu_read_unlock();
103 bat_dbg(DBG_BATMAN, bat_priv, 119 bat_dbg(DBG_BATMAN, bat_priv,
104 "Removing selected gateway - " 120 "Removing selected gateway - "
105 "no gateway in range\n"); 121 "no gateway in range\n");
106 gw_deselect(bat_priv); 122 gw_deselect(bat_priv);
107 } 123 } else
124 rcu_read_unlock();
108 125
109 return; 126 return;
110 } 127 }
@@ -153,12 +170,12 @@ void gw_election(struct bat_priv *bat_priv)
153 max_gw_factor = tmp_gw_factor; 170 max_gw_factor = tmp_gw_factor;
154 } 171 }
155 172
156 if (bat_priv->curr_gw != curr_gw_tmp) { 173 if (curr_gw != curr_gw_tmp) {
157 if ((bat_priv->curr_gw) && (!curr_gw_tmp)) 174 if ((curr_gw) && (!curr_gw_tmp))
158 bat_dbg(DBG_BATMAN, bat_priv, 175 bat_dbg(DBG_BATMAN, bat_priv,
159 "Removing selected gateway - " 176 "Removing selected gateway - "
160 "no gateway in range\n"); 177 "no gateway in range\n");
161 else if ((!bat_priv->curr_gw) && (curr_gw_tmp)) 178 else if ((!curr_gw) && (curr_gw_tmp))
162 bat_dbg(DBG_BATMAN, bat_priv, 179 bat_dbg(DBG_BATMAN, bat_priv,
163 "Adding route to gateway %pM " 180 "Adding route to gateway %pM "
164 "(gw_flags: %i, tq: %i)\n", 181 "(gw_flags: %i, tq: %i)\n",
@@ -181,31 +198,35 @@ void gw_election(struct bat_priv *bat_priv)
181 198
182void gw_check_election(struct bat_priv *bat_priv, struct orig_node *orig_node) 199void gw_check_election(struct bat_priv *bat_priv, struct orig_node *orig_node)
183{ 200{
184 struct gw_node *curr_gateway_tmp = bat_priv->curr_gw; 201 struct gw_node *curr_gateway_tmp;
185 uint8_t gw_tq_avg, orig_tq_avg; 202 uint8_t gw_tq_avg, orig_tq_avg;
186 203
204 rcu_read_lock();
205 curr_gateway_tmp = rcu_dereference(bat_priv->curr_gw);
187 if (!curr_gateway_tmp) 206 if (!curr_gateway_tmp)
188 return; 207 goto out_rcu;
189 208
190 if (!curr_gateway_tmp->orig_node) 209 if (!curr_gateway_tmp->orig_node)
191 goto deselect; 210 goto deselect_rcu;
192 211
193 if (!curr_gateway_tmp->orig_node->router) 212 if (!curr_gateway_tmp->orig_node->router)
194 goto deselect; 213 goto deselect_rcu;
195 214
196 /* this node already is the gateway */ 215 /* this node already is the gateway */
197 if (curr_gateway_tmp->orig_node == orig_node) 216 if (curr_gateway_tmp->orig_node == orig_node)
198 return; 217 goto out_rcu;
199 218
200 if (!orig_node->router) 219 if (!orig_node->router)
201 return; 220 goto out_rcu;
202 221
203 gw_tq_avg = curr_gateway_tmp->orig_node->router->tq_avg; 222 gw_tq_avg = curr_gateway_tmp->orig_node->router->tq_avg;
223 rcu_read_unlock();
224
204 orig_tq_avg = orig_node->router->tq_avg; 225 orig_tq_avg = orig_node->router->tq_avg;
205 226
206 /* the TQ value has to be better */ 227 /* the TQ value has to be better */
207 if (orig_tq_avg < gw_tq_avg) 228 if (orig_tq_avg < gw_tq_avg)
208 return; 229 goto out;
209 230
210 /** 231 /**
211 * if the routing class is greater than 3 the value tells us how much 232 * if the routing class is greater than 3 the value tells us how much
@@ -213,15 +234,23 @@ void gw_check_election(struct bat_priv *bat_priv, struct orig_node *orig_node)
213 **/ 234 **/
214 if ((atomic_read(&bat_priv->gw_sel_class) > 3) && 235 if ((atomic_read(&bat_priv->gw_sel_class) > 3) &&
215 (orig_tq_avg - gw_tq_avg < atomic_read(&bat_priv->gw_sel_class))) 236 (orig_tq_avg - gw_tq_avg < atomic_read(&bat_priv->gw_sel_class)))
216 return; 237 goto out;
217 238
218 bat_dbg(DBG_BATMAN, bat_priv, 239 bat_dbg(DBG_BATMAN, bat_priv,
219 "Restarting gateway selection: better gateway found (tq curr: " 240 "Restarting gateway selection: better gateway found (tq curr: "
220 "%i, tq new: %i)\n", 241 "%i, tq new: %i)\n",
221 gw_tq_avg, orig_tq_avg); 242 gw_tq_avg, orig_tq_avg);
243 goto deselect;
222 244
245out_rcu:
246 rcu_read_unlock();
247 goto out;
248deselect_rcu:
249 rcu_read_unlock();
223deselect: 250deselect:
224 gw_deselect(bat_priv); 251 gw_deselect(bat_priv);
252out:
253 return;
225} 254}
226 255
227static void gw_node_add(struct bat_priv *bat_priv, 256static void gw_node_add(struct bat_priv *bat_priv,
@@ -278,7 +307,7 @@ void gw_node_update(struct bat_priv *bat_priv,
278 "Gateway %pM removed from gateway list\n", 307 "Gateway %pM removed from gateway list\n",
279 orig_node->orig); 308 orig_node->orig);
280 309
281 if (gw_node == bat_priv->curr_gw) { 310 if (gw_node == rcu_dereference(bat_priv->curr_gw)) {
282 rcu_read_unlock(); 311 rcu_read_unlock();
283 gw_deselect(bat_priv); 312 gw_deselect(bat_priv);
284 return; 313 return;
@@ -316,7 +345,7 @@ void gw_node_purge(struct bat_priv *bat_priv)
316 atomic_read(&bat_priv->mesh_state) == MESH_ACTIVE) 345 atomic_read(&bat_priv->mesh_state) == MESH_ACTIVE)
317 continue; 346 continue;
318 347
319 if (bat_priv->curr_gw == gw_node) 348 if (rcu_dereference(bat_priv->curr_gw) == gw_node)
320 gw_deselect(bat_priv); 349 gw_deselect(bat_priv);
321 350
322 hlist_del_rcu(&gw_node->list); 351 hlist_del_rcu(&gw_node->list);
@@ -330,12 +359,16 @@ void gw_node_purge(struct bat_priv *bat_priv)
330static int _write_buffer_text(struct bat_priv *bat_priv, 359static int _write_buffer_text(struct bat_priv *bat_priv,
331 struct seq_file *seq, struct gw_node *gw_node) 360 struct seq_file *seq, struct gw_node *gw_node)
332{ 361{
333 int down, up; 362 struct gw_node *curr_gw;
363 int down, up, ret;
334 364
335 gw_bandwidth_to_kbit(gw_node->orig_node->gw_flags, &down, &up); 365 gw_bandwidth_to_kbit(gw_node->orig_node->gw_flags, &down, &up);
336 366
337 return seq_printf(seq, "%s %pM (%3i) %pM [%10s]: %3i - %i%s/%i%s\n", 367 rcu_read_lock();
338 (bat_priv->curr_gw == gw_node ? "=>" : " "), 368 curr_gw = rcu_dereference(bat_priv->curr_gw);
369
370 ret = seq_printf(seq, "%s %pM (%3i) %pM [%10s]: %3i - %i%s/%i%s\n",
371 (curr_gw == gw_node ? "=>" : " "),
339 gw_node->orig_node->orig, 372 gw_node->orig_node->orig,
340 gw_node->orig_node->router->tq_avg, 373 gw_node->orig_node->router->tq_avg,
341 gw_node->orig_node->router->addr, 374 gw_node->orig_node->router->addr,
@@ -345,6 +378,9 @@ static int _write_buffer_text(struct bat_priv *bat_priv,
345 (down > 2048 ? "MBit" : "KBit"), 378 (down > 2048 ? "MBit" : "KBit"),
346 (up > 2048 ? up / 1024 : up), 379 (up > 2048 ? up / 1024 : up),
347 (up > 2048 ? "MBit" : "KBit")); 380 (up > 2048 ? "MBit" : "KBit"));
381
382 rcu_read_unlock();
383 return ret;
348} 384}
349 385
350int gw_client_seq_print_text(struct seq_file *seq, void *offset) 386int gw_client_seq_print_text(struct seq_file *seq, void *offset)
@@ -465,8 +501,12 @@ int gw_is_target(struct bat_priv *bat_priv, struct sk_buff *skb)
465 if (atomic_read(&bat_priv->gw_mode) == GW_MODE_SERVER) 501 if (atomic_read(&bat_priv->gw_mode) == GW_MODE_SERVER)
466 return -1; 502 return -1;
467 503
468 if (!bat_priv->curr_gw) 504 rcu_read_lock();
505 if (!rcu_dereference(bat_priv->curr_gw)) {
506 rcu_read_unlock();
469 return 0; 507 return 0;
508 }
509 rcu_read_unlock();
470 510
471 return 1; 511 return 1;
472} 512}
diff --git a/net/batman-adv/types.h b/net/batman-adv/types.h
index e1f3e5e71555..3dd5e77a0aa0 100644
--- a/net/batman-adv/types.h
+++ b/net/batman-adv/types.h
@@ -162,7 +162,7 @@ struct bat_priv {
162 spinlock_t forw_bcast_list_lock; /* protects */ 162 spinlock_t forw_bcast_list_lock; /* protects */
163 spinlock_t hna_lhash_lock; /* protects hna_local_hash */ 163 spinlock_t hna_lhash_lock; /* protects hna_local_hash */
164 spinlock_t hna_ghash_lock; /* protects hna_global_hash */ 164 spinlock_t hna_ghash_lock; /* protects hna_global_hash */
165 spinlock_t gw_list_lock; /* protects gw_list */ 165 spinlock_t gw_list_lock; /* protects gw_list and curr_gw */
166 spinlock_t vis_hash_lock; /* protects vis_hash */ 166 spinlock_t vis_hash_lock; /* protects vis_hash */
167 spinlock_t vis_list_lock; /* protects vis_info::recv_list */ 167 spinlock_t vis_list_lock; /* protects vis_info::recv_list */
168 spinlock_t softif_neigh_lock; /* protects soft-interface neigh list */ 168 spinlock_t softif_neigh_lock; /* protects soft-interface neigh list */
@@ -171,7 +171,7 @@ struct bat_priv {
171 struct delayed_work hna_work; 171 struct delayed_work hna_work;
172 struct delayed_work orig_work; 172 struct delayed_work orig_work;
173 struct delayed_work vis_work; 173 struct delayed_work vis_work;
174 struct gw_node *curr_gw; 174 struct gw_node __rcu *curr_gw; /* rcu protected pointer */
175 struct vis_info *my_vis_info; 175 struct vis_info *my_vis_info;
176}; 176};
177 177