From: Sven Eckelmann <sven@narfation.org>
To: b.a.t.m.a.n@lists.open-mesh.org
Subject: Re: [B.A.T.M.A.N.] [PATCHv14 5/6] batman-adv: Add IPv4 link-local/IPv6-ll-all-nodes multicast support
Date: Wed, 10 Jun 2015 10:52:13 +0200 [thread overview]
Message-ID: <4830012.jBltC4KZcc@bentobox> (raw)
In-Reply-To: <1392482874-9024-6-git-send-email-linus.luessing@web.de>
[-- Attachment #1: Type: text/plain, Size: 1657 bytes --]
On Saturday 15 February 2014 17:47:53 Linus Lüssing wrote:
> +static void batadv_mcast_want_unsnoop_update(struct batadv_priv *bat_priv,
> + struct batadv_orig_node *orig,
> + uint8_t mcast_flags)
> +{
> + /* switched from flag unset to set */
> + if (mcast_flags & BATADV_MCAST_WANT_ALL_UNSNOOPABLES &&
> + !(orig->mcast_flags & BATADV_MCAST_WANT_ALL_UNSNOOPABLES)) {
> + atomic_inc(&bat_priv->mcast.num_want_all_unsnoopables);
> +
> + spin_lock_bh(&bat_priv->mcast.want_lists_lock);
> + hlist_add_head_rcu(&orig->mcast_want_all_unsnoopables_node,
> + &bat_priv->mcast.want_all_unsnoopables_list);
> + spin_unlock_bh(&bat_priv->mcast.want_lists_lock);
> + /* switched from flag set to unset */
> + } else if (!(mcast_flags & BATADV_MCAST_WANT_ALL_UNSNOOPABLES) &&
> + orig->mcast_flags & BATADV_MCAST_WANT_ALL_UNSNOOPABLES) {
> + atomic_dec(&bat_priv->mcast.num_want_all_unsnoopables);
> +
> + spin_lock_bh(&bat_priv->mcast.want_lists_lock);
> + hlist_del_rcu(&orig->mcast_want_all_unsnoopables_node);
> + spin_unlock_bh(&bat_priv->mcast.want_lists_lock);
> + }
Looks unsafe. How do you make sure that it is still in the list and not
already already removed in the meantime? hlist_del_rcu does not re-initialize
the pointers (only POISON them when CONFIG_DEBUG_LIST is activated). Thus
calling hlist_del_rcu again on an object not in the list either kills other
data structures or causes an Oops.
There are more *list_del* related problems of that type in your code. This is
just one example I've picked.
See http://www.open-mesh.org/issues/217#note-5
Kind regards,
Sven
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 819 bytes --]
next prev parent reply other threads:[~2015-06-10 8:52 UTC|newest]
Thread overview: 14+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-02-15 16:47 [B.A.T.M.A.N.] [PATCHv14 0/6] Basic Multicast Optimizations Linus Lüssing
2014-02-15 16:47 ` [B.A.T.M.A.N.] [PATCHv14 1/6] batman-adv: Multicast Listener Announcements via Translation Table Linus Lüssing
2014-02-16 6:23 ` Marek Lindner
2014-02-15 16:47 ` [B.A.T.M.A.N.] [PATCHv14 2/6] batman-adv: introduce capability initialization bitfield Linus Lüssing
2014-02-16 6:24 ` Marek Lindner
2014-02-15 16:47 ` [B.A.T.M.A.N.] [PATCHv14 3/6] batman-adv: Announce new capability via multicast TVLV Linus Lüssing
2014-02-16 6:25 ` Marek Lindner
2014-02-15 16:47 ` [B.A.T.M.A.N.] [PATCHv14 4/6] batman-adv: Modified forwarding behaviour for multicast packets Linus Lüssing
2014-02-16 6:28 ` Marek Lindner
2014-02-15 16:47 ` [B.A.T.M.A.N.] [PATCHv14 5/6] batman-adv: Add IPv4 link-local/IPv6-ll-all-nodes multicast support Linus Lüssing
2014-02-16 6:30 ` Marek Lindner
2015-06-10 8:52 ` Sven Eckelmann [this message]
2014-02-15 16:47 ` [B.A.T.M.A.N.] [PATCHv14 6/6] batman-adv: Send multicast packets to nodes with a WANT_ALL flag Linus Lüssing
2014-02-16 6:32 ` Marek Lindner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4830012.jBltC4KZcc@bentobox \
--to=sven@narfation.org \
--cc=b.a.t.m.a.n@lists.open-mesh.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox