[B.A.T.M.A.N.] [PATCH 2/5] batman-adv: Prevent duplicated nc_node entry

public inbox for b.a.t.m.a.n@lists.open-mesh.org
 help / color / mirror / Atom feed

From: Sven Eckelmann <sven@narfation.org>
To: b.a.t.m.a.n@lists.open-mesh.org
Subject: [B.A.T.M.A.N.] [PATCH 2/5] batman-adv: Prevent duplicated nc_node entry
Date: Sun, 12 Aug 2018 21:04:42 +0200	[thread overview]
Message-ID: <20180812190445.28013-3-sven@narfation.org> (raw)
In-Reply-To: <20180812190445.28013-1-sven@narfation.org>

The function batadv_nc_get_nc_node is responsible for adding new nc_nodes
to the in_coding_list and out_coding_list. It first checks whether the
entry already is in the list or not. If it is, then the creation of a new
entry is aborted.

But the lock for the list is only held when the list is really modified.
This could lead to duplicated entries because another context could create
an entry with the same key between the check and the list manipulation.

The check and the manipulation of the list must therefore be in the same
locked code section.

Fixes: 3ed7ada3f0bb ("batman-adv: network coding - detect coding nodes and remove these after timeout")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
---
 net/batman-adv/network-coding.c | 27 +++++++++++++++------------
 1 file changed, 15 insertions(+), 12 deletions(-)

diff --git a/net/batman-adv/network-coding.c b/net/batman-adv/network-coding.c
index c3578444..34caf129 100644
--- a/net/batman-adv/network-coding.c
+++ b/net/batman-adv/network-coding.c
@@ -854,16 +854,27 @@ batadv_nc_get_nc_node(struct batadv_priv *bat_priv,
 	spinlock_t *lock; /* Used to lock list selected by "int in_coding" */
 	struct list_head *list;
 
+	/* Select ingoing or outgoing coding node */
+	if (in_coding) {
+		lock = &orig_neigh_node->in_coding_list_lock;
+		list = &orig_neigh_node->in_coding_list;
+	} else {
+		lock = &orig_neigh_node->out_coding_list_lock;
+		list = &orig_neigh_node->out_coding_list;
+	}
+
+	spin_lock_bh(lock);
+
 	/* Check if nc_node is already added */
 	nc_node = batadv_nc_find_nc_node(orig_node, orig_neigh_node, in_coding);
 
 	/* Node found */
 	if (nc_node)
-		return nc_node;
+		goto unlock;
 
 	nc_node = kzalloc(sizeof(*nc_node), GFP_ATOMIC);
 	if (!nc_node)
-		return NULL;
+		goto unlock;
 
 	/* Initialize nc_node */
 	INIT_LIST_HEAD(&nc_node->list);
@@ -872,22 +883,14 @@ batadv_nc_get_nc_node(struct batadv_priv *bat_priv,
 	kref_get(&orig_neigh_node->refcount);
 	nc_node->orig_node = orig_neigh_node;
 
-	/* Select ingoing or outgoing coding node */
-	if (in_coding) {
-		lock = &orig_neigh_node->in_coding_list_lock;
-		list = &orig_neigh_node->in_coding_list;
-	} else {
-		lock = &orig_neigh_node->out_coding_list_lock;
-		list = &orig_neigh_node->out_coding_list;
-	}
-
 	batadv_dbg(BATADV_DBG_NC, bat_priv, "Adding nc_node %pM -> %pM\n",
 		   nc_node->addr, nc_node->orig_node->orig);
 
 	/* Add nc_node to orig_node */
-	spin_lock_bh(lock);
 	kref_get(&nc_node->refcount);
 	list_add_tail_rcu(&nc_node->list, list);
+
+unlock:
 	spin_unlock_bh(lock);
 
 	return nc_node;
-- 
2.18.0

next prev parent reply	other threads:[~2018-08-12 19:04 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-08-12 19:04 [B.A.T.M.A.N.] [PATCH 0/5] batman-adv: Missing list checks for *list_add* Sven Eckelmann
2018-08-12 19:04 ` [B.A.T.M.A.N.] [PATCH 1/5] batman-adv: Prevent duplicated gateway_node entry Sven Eckelmann
2018-09-06 11:41   ` Marek Lindner
2018-08-12 19:04 ` Sven Eckelmann [this message]
2018-09-06 11:45   ` [B.A.T.M.A.N.] [PATCH 2/5] batman-adv: Prevent duplicated nc_node entry Marek Lindner
2018-08-12 19:04 ` [B.A.T.M.A.N.] [PATCH 3/5] batman-adv: Prevent duplicated softif_vlan entry Sven Eckelmann
2018-09-06 12:00   ` Marek Lindner
2018-08-12 19:04 ` [B.A.T.M.A.N.] [PATCH 4/5] batman-adv: Prevent duplicated global TT entry Sven Eckelmann
2018-09-06 12:03   ` Marek Lindner
2018-08-12 19:04 ` [B.A.T.M.A.N.] [PATCH 5/5] batman-adv: Prevent duplicated tvlv handler Sven Eckelmann
2018-09-06 12:05   ` Marek Lindner

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:c357844 dfblob:34caf12 )
 OR (
bs:"[B.A.T.M.A.N.] [PATCH 2/5] batman-adv: Prevent duplicated nc_node entry" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180812190445.28013-3-sven@narfation.org \
    --to=sven@narfation.org \
    --cc=b.a.t.m.a.n@lists.open-mesh.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox