From: Antonio Quartulli <a@unstable.cc>
To: davem@davemloft.net
Cc: netdev@vger.kernel.org, b.a.t.m.a.n@lists.open-mesh.org,
Antonio Quartulli <a@unstable.cc>,
Marek Lindner <mareklindner@neomailbox.ch>
Subject: [B.A.T.M.A.N.] [PATCH 2/3] batman-adv: Only put orig_node_vlan list reference when removed
Date: Tue, 16 Feb 2016 23:01:27 +0800 [thread overview]
Message-ID: <1455634888-29400-3-git-send-email-a@unstable.cc> (raw)
In-Reply-To: <1455634888-29400-1-git-send-email-a@unstable.cc>
From: Sven Eckelmann <sven@narfation.org>
The batadv_orig_node_vlan reference counter in batadv_tt_global_size_mod
can only be reduced when the list entry was actually removed. Otherwise the
reference counter may reach zero when batadv_tt_global_size_mod is called
from two different contexts for the same orig_node_vlan but only one
context is actually removing the entry from the list.
The release function for this orig_node_vlan is not called inside the
vlan_list_lock spinlock protected region because the function
batadv_tt_global_size_mod still holds a orig_node_vlan reference for the
object pointer on the stack. Thus the actual release function (when
required) will be called only at the end of the function.
Fixes: 7ea7b4a14275 ("batman-adv: make the TT CRC logic VLAN specific")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
---
net/batman-adv/translation-table.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/net/batman-adv/translation-table.c b/net/batman-adv/translation-table.c
index cdfc85fa2743..0e80fd1461ab 100644
--- a/net/batman-adv/translation-table.c
+++ b/net/batman-adv/translation-table.c
@@ -303,9 +303,11 @@ static void batadv_tt_global_size_mod(struct batadv_orig_node *orig_node,
if (atomic_add_return(v, &vlan->tt.num_entries) == 0) {
spin_lock_bh(&orig_node->vlan_list_lock);
- hlist_del_init_rcu(&vlan->list);
+ if (!hlist_unhashed(&vlan->list)) {
+ hlist_del_init_rcu(&vlan->list);
+ batadv_orig_node_vlan_free_ref(vlan);
+ }
spin_unlock_bh(&orig_node->vlan_list_lock);
- batadv_orig_node_vlan_free_ref(vlan);
}
batadv_orig_node_vlan_free_ref(vlan);
--
2.7.1
next prev parent reply other threads:[~2016-02-16 15:01 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-02-16 15:01 [B.A.T.M.A.N.] pull request [net]: batman-adv 20160216 Antonio Quartulli
2016-02-16 15:01 ` [B.A.T.M.A.N.] [PATCH 1/3] batman-adv: Only put gw_node list reference when removed Antonio Quartulli
2016-02-16 15:01 ` Antonio Quartulli [this message]
2016-02-16 15:01 ` [B.A.T.M.A.N.] [PATCH 3/3] batman-adv: Avoid endless loop in bat-on-bat netdevice check Antonio Quartulli
2016-02-17 4:20 ` [B.A.T.M.A.N.] pull request [net]: batman-adv 20160216 Antonio Quartulli
2016-02-19 20:37 ` David Miller
2016-02-20 5:28 ` Antonio Quartulli
2016-02-23 5:07 ` Antonio Quartulli
2016-02-23 5:12 ` David Miller
2016-02-23 5:36 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1455634888-29400-3-git-send-email-a@unstable.cc \
--to=a@unstable.cc \
--cc=b.a.t.m.a.n@lists.open-mesh.org \
--cc=davem@davemloft.net \
--cc=mareklindner@neomailbox.ch \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox