From: Marek Lindner <mareklindner@neomailbox.ch>
To: b.a.t.m.a.n@lists.open-mesh.org
Subject: Re: [B.A.T.M.A.N.] [PATCH maint 2/2] batman-adv: Fix potential synchronization issues in mcast tvlv handler
Date: Tue, 16 Jun 2015 15:07:48 +0800 [thread overview]
Message-ID: <4847167.bn6DxWQpdi@voltaire> (raw)
In-Reply-To: <1434349345-12854-3-git-send-email-linus.luessing@c0d3.blue>
[-- Attachment #1: Type: text/plain, Size: 1216 bytes --]
On Monday, June 15, 2015 08:22:25 Linus Lüssing wrote:
> So far the mcast tvlv handler did not anticipate the processing of
> multiple incoming OGMs from the same originator at the same time. This
> can lead to various issues:
>
> * Broken refcounting: For instance two mcast handlers might both assume
> that an originator just got multicast capabilities and will together
> wrongly decrease mcast.num_disabled by two, potentially leading to
> an integer underflow.
>
> * Potential kernel panic on hlist_del_rcu(): Two mcast handlers might
> one after another try to do an
> hlist_del_rcu(&orig->mcast_want_all_*_node). The second one will
> cause memory corruption / crashes.
> (Reported by: Sven Eckelmann <sven@narfation.org>)
As far as I can tell from looking at the code your patch does not address the
issue raised by Sven.
The first problem is that the mcast code calls hlist_del_rcu() without
verifying whether or not the element is still in the list. Adding a spinlock
is not going to change that. You can still have a purge event going on while
we just receive a new OGM because the purge caller does not need to hold the
newly added lock.
Cheers,
Marek
[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 473 bytes --]
prev parent reply other threads:[~2015-06-16 7:07 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2015-06-15 6:22 [B.A.T.M.A.N.] [PATCH maint 0/2] Fixes for parallel OGM processing Linus Lüssing
2015-06-15 6:22 ` [B.A.T.M.A.N.] [PATCH maint 1/2] batman-adv: Make originator capability changes atomic Linus Lüssing
2015-06-16 6:38 ` Marek Lindner
2015-06-15 6:22 ` [B.A.T.M.A.N.] [PATCH maint 2/2] batman-adv: Fix potential synchronization issues in mcast tvlv handler Linus Lüssing
2015-06-16 7:07 ` Marek Lindner [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=4847167.bn6DxWQpdi@voltaire \
--to=mareklindner@neomailbox.ch \
--cc=b.a.t.m.a.n@lists.open-mesh.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox