From: Sven Eckelmann <sven@narfation.org>
To: davem@davemloft.net
Cc: netdev@vger.kernel.org, b.a.t.m.a.n@lists.open-mesh.org,
"Linus Lüssing" <linus.luessing@ascom.ch>,
"Marek Lindner" <lindner_marek@yahoo.de>
Subject: [PATCH 17/28] batman-adv: Make bat_priv->curr_gw an rcu protected pointer
Date: Sat, 5 Mar 2011 13:28:31 +0100 [thread overview]
Message-ID: <1299328122-21468-18-git-send-email-sven@narfation.org> (raw)
In-Reply-To: <1299328122-21468-1-git-send-email-sven@narfation.org>
From: Linus Lüssing <linus.luessing@ascom.ch>
The rcu protected macros rcu_dereference() and rcu_assign_pointer()
for the bat_priv->curr_gw need to be used, as well as spin/rcu locking.
Otherwise we might end up using a curr_gw pointer pointing to already
freed memory.
Reported-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Linus Lüssing <linus.luessing@ascom.ch>
Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
---
net/batman-adv/gateway_client.c | 100 +++++++++++++++++++++++++++------------
net/batman-adv/types.h | 4 +-
2 files changed, 72 insertions(+), 32 deletions(-)
diff --git a/net/batman-adv/gateway_client.c b/net/batman-adv/gateway_client.c
index 517e001..a3e842f 100644
--- a/net/batman-adv/gateway_client.c
+++ b/net/batman-adv/gateway_client.c
@@ -44,19 +44,29 @@ static void gw_node_free_ref(struct gw_node *gw_node)
void *gw_get_selected(struct bat_priv *bat_priv)
{
- struct gw_node *curr_gateway_tmp = bat_priv->curr_gw;
+ struct gw_node *curr_gateway_tmp;
+ struct orig_node *orig_node = NULL;
+ rcu_read_lock();
+ curr_gateway_tmp = rcu_dereference(bat_priv->curr_gw);
if (!curr_gateway_tmp)
- return NULL;
+ goto out;
+
+ orig_node = curr_gateway_tmp->orig_node;
- return curr_gateway_tmp->orig_node;
+out:
+ rcu_read_unlock();
+ return orig_node;
}
void gw_deselect(struct bat_priv *bat_priv)
{
- struct gw_node *gw_node = bat_priv->curr_gw;
+ struct gw_node *gw_node;
- bat_priv->curr_gw = NULL;
+ spin_lock_bh(&bat_priv->gw_list_lock);
+ gw_node = rcu_dereference(bat_priv->curr_gw);
+ rcu_assign_pointer(bat_priv->curr_gw, NULL);
+ spin_unlock_bh(&bat_priv->gw_list_lock);
if (gw_node)
gw_node_free_ref(gw_node);
@@ -64,12 +74,15 @@ void gw_deselect(struct bat_priv *bat_priv)
static void gw_select(struct bat_priv *bat_priv, struct gw_node *new_gw_node)
{
- struct gw_node *curr_gw_node = bat_priv->curr_gw;
+ struct gw_node *curr_gw_node;
if (new_gw_node && !atomic_inc_not_zero(&new_gw_node->refcount))
new_gw_node = NULL;
- bat_priv->curr_gw = new_gw_node;
+ spin_lock_bh(&bat_priv->gw_list_lock);
+ curr_gw_node = rcu_dereference(bat_priv->curr_gw);
+ rcu_assign_pointer(bat_priv->curr_gw, new_gw_node);
+ spin_unlock_bh(&bat_priv->gw_list_lock);
if (curr_gw_node)
gw_node_free_ref(curr_gw_node);
@@ -78,7 +91,7 @@ static void gw_select(struct bat_priv *bat_priv, struct gw_node *new_gw_node)
void gw_election(struct bat_priv *bat_priv)
{
struct hlist_node *node;
- struct gw_node *gw_node, *curr_gw_tmp = NULL;
+ struct gw_node *gw_node, *curr_gw, *curr_gw_tmp = NULL;
uint8_t max_tq = 0;
uint32_t max_gw_factor = 0, tmp_gw_factor = 0;
int down, up;
@@ -92,19 +105,23 @@ void gw_election(struct bat_priv *bat_priv)
if (atomic_read(&bat_priv->gw_mode) != GW_MODE_CLIENT)
return;
- if (bat_priv->curr_gw)
+ rcu_read_lock();
+ curr_gw = rcu_dereference(bat_priv->curr_gw);
+ if (curr_gw) {
+ rcu_read_unlock();
return;
+ }
- rcu_read_lock();
if (hlist_empty(&bat_priv->gw_list)) {
- rcu_read_unlock();
- if (bat_priv->curr_gw) {
+ if (curr_gw) {
+ rcu_read_unlock();
bat_dbg(DBG_BATMAN, bat_priv,
"Removing selected gateway - "
"no gateway in range\n");
gw_deselect(bat_priv);
- }
+ } else
+ rcu_read_unlock();
return;
}
@@ -153,12 +170,12 @@ void gw_election(struct bat_priv *bat_priv)
max_gw_factor = tmp_gw_factor;
}
- if (bat_priv->curr_gw != curr_gw_tmp) {
- if ((bat_priv->curr_gw) && (!curr_gw_tmp))
+ if (curr_gw != curr_gw_tmp) {
+ if ((curr_gw) && (!curr_gw_tmp))
bat_dbg(DBG_BATMAN, bat_priv,
"Removing selected gateway - "
"no gateway in range\n");
- else if ((!bat_priv->curr_gw) && (curr_gw_tmp))
+ else if ((!curr_gw) && (curr_gw_tmp))
bat_dbg(DBG_BATMAN, bat_priv,
"Adding route to gateway %pM "
"(gw_flags: %i, tq: %i)\n",
@@ -181,31 +198,35 @@ void gw_election(struct bat_priv *bat_priv)
void gw_check_election(struct bat_priv *bat_priv, struct orig_node *orig_node)
{
- struct gw_node *curr_gateway_tmp = bat_priv->curr_gw;
+ struct gw_node *curr_gateway_tmp;
uint8_t gw_tq_avg, orig_tq_avg;
+ rcu_read_lock();
+ curr_gateway_tmp = rcu_dereference(bat_priv->curr_gw);
if (!curr_gateway_tmp)
- return;
+ goto out_rcu;
if (!curr_gateway_tmp->orig_node)
- goto deselect;
+ goto deselect_rcu;
if (!curr_gateway_tmp->orig_node->router)
- goto deselect;
+ goto deselect_rcu;
/* this node already is the gateway */
if (curr_gateway_tmp->orig_node == orig_node)
- return;
+ goto out_rcu;
if (!orig_node->router)
- return;
+ goto out_rcu;
gw_tq_avg = curr_gateway_tmp->orig_node->router->tq_avg;
+ rcu_read_unlock();
+
orig_tq_avg = orig_node->router->tq_avg;
/* the TQ value has to be better */
if (orig_tq_avg < gw_tq_avg)
- return;
+ goto out;
/**
* if the routing class is greater than 3 the value tells us how much
@@ -213,15 +234,23 @@ void gw_check_election(struct bat_priv *bat_priv, struct orig_node *orig_node)
**/
if ((atomic_read(&bat_priv->gw_sel_class) > 3) &&
(orig_tq_avg - gw_tq_avg < atomic_read(&bat_priv->gw_sel_class)))
- return;
+ goto out;
bat_dbg(DBG_BATMAN, bat_priv,
"Restarting gateway selection: better gateway found (tq curr: "
"%i, tq new: %i)\n",
gw_tq_avg, orig_tq_avg);
+ goto deselect;
+out_rcu:
+ rcu_read_unlock();
+ goto out;
+deselect_rcu:
+ rcu_read_unlock();
deselect:
gw_deselect(bat_priv);
+out:
+ return;
}
static void gw_node_add(struct bat_priv *bat_priv,
@@ -278,7 +307,7 @@ void gw_node_update(struct bat_priv *bat_priv,
"Gateway %pM removed from gateway list\n",
orig_node->orig);
- if (gw_node == bat_priv->curr_gw) {
+ if (gw_node == rcu_dereference(bat_priv->curr_gw)) {
rcu_read_unlock();
gw_deselect(bat_priv);
return;
@@ -316,7 +345,7 @@ void gw_node_purge(struct bat_priv *bat_priv)
atomic_read(&bat_priv->mesh_state) == MESH_ACTIVE)
continue;
- if (bat_priv->curr_gw == gw_node)
+ if (rcu_dereference(bat_priv->curr_gw) == gw_node)
gw_deselect(bat_priv);
hlist_del_rcu(&gw_node->list);
@@ -330,12 +359,16 @@ void gw_node_purge(struct bat_priv *bat_priv)
static int _write_buffer_text(struct bat_priv *bat_priv,
struct seq_file *seq, struct gw_node *gw_node)
{
- int down, up;
+ struct gw_node *curr_gw;
+ int down, up, ret;
gw_bandwidth_to_kbit(gw_node->orig_node->gw_flags, &down, &up);
- return seq_printf(seq, "%s %pM (%3i) %pM [%10s]: %3i - %i%s/%i%s\n",
- (bat_priv->curr_gw == gw_node ? "=>" : " "),
+ rcu_read_lock();
+ curr_gw = rcu_dereference(bat_priv->curr_gw);
+
+ ret = seq_printf(seq, "%s %pM (%3i) %pM [%10s]: %3i - %i%s/%i%s\n",
+ (curr_gw == gw_node ? "=>" : " "),
gw_node->orig_node->orig,
gw_node->orig_node->router->tq_avg,
gw_node->orig_node->router->addr,
@@ -345,6 +378,9 @@ static int _write_buffer_text(struct bat_priv *bat_priv,
(down > 2048 ? "MBit" : "KBit"),
(up > 2048 ? up / 1024 : up),
(up > 2048 ? "MBit" : "KBit"));
+
+ rcu_read_unlock();
+ return ret;
}
int gw_client_seq_print_text(struct seq_file *seq, void *offset)
@@ -465,8 +501,12 @@ int gw_is_target(struct bat_priv *bat_priv, struct sk_buff *skb)
if (atomic_read(&bat_priv->gw_mode) == GW_MODE_SERVER)
return -1;
- if (!bat_priv->curr_gw)
+ rcu_read_lock();
+ if (!rcu_dereference(bat_priv->curr_gw)) {
+ rcu_read_unlock();
return 0;
+ }
+ rcu_read_unlock();
return 1;
}
diff --git a/net/batman-adv/types.h b/net/batman-adv/types.h
index e1f3e5e..3dd5e77 100644
--- a/net/batman-adv/types.h
+++ b/net/batman-adv/types.h
@@ -162,7 +162,7 @@ struct bat_priv {
spinlock_t forw_bcast_list_lock; /* protects */
spinlock_t hna_lhash_lock; /* protects hna_local_hash */
spinlock_t hna_ghash_lock; /* protects hna_global_hash */
- spinlock_t gw_list_lock; /* protects gw_list */
+ spinlock_t gw_list_lock; /* protects gw_list and curr_gw */
spinlock_t vis_hash_lock; /* protects vis_hash */
spinlock_t vis_list_lock; /* protects vis_info::recv_list */
spinlock_t softif_neigh_lock; /* protects soft-interface neigh list */
@@ -171,7 +171,7 @@ struct bat_priv {
struct delayed_work hna_work;
struct delayed_work orig_work;
struct delayed_work vis_work;
- struct gw_node *curr_gw;
+ struct gw_node __rcu *curr_gw; /* rcu protected pointer */
struct vis_info *my_vis_info;
};
--
1.7.2.3
next prev parent reply other threads:[~2011-03-05 12:30 UTC|newest]
Thread overview: 33+ messages / expand[flat|nested] mbox.gz Atom feed top
2011-03-05 12:28 pull request: batman-adv 2011-03-05 Sven Eckelmann
[not found] ` <1299328122-21468-1-git-send-email-sven-KaDOiPu9UxWEi8DpZVb4nw@public.gmane.org>
2011-03-05 12:28 ` [PATCH 01/28] batman-adv: Remove two duplicate includes Sven Eckelmann
2011-03-05 12:28 ` [PATCH 02/28] batman-adv: protect neighbor nodes with reference counters Sven Eckelmann
2011-03-05 12:28 ` [PATCH 03/28] batman-adv: convert neighbor list to hlist Sven Eckelmann
2011-03-05 12:28 ` [PATCH 04/28] batman-adv: protect neighbor list with rcu locks Sven Eckelmann
2011-03-05 12:28 ` [PATCH 05/28] batman-adv: free neighbors when an interface is deactivated Sven Eckelmann
2011-03-05 12:28 ` [PATCH 06/28] batman-adv: protect neigh_nodes used outside of rcu_locks with refcounting Sven Eckelmann
2011-03-05 12:28 ` [PATCH 11/28] batman-adv: Correct rcu refcounting for neigh_node Sven Eckelmann
2011-03-05 12:28 ` [PATCH 19/28] batman-adv: Fix possible buffer overflow in softif neigh list output Sven Eckelmann
2011-03-05 12:28 ` [PATCH 07/28] batman-adv: protect each hash row with rcu locks Sven Eckelmann
2011-03-05 12:28 ` [PATCH 08/28] batman-adv: protect originator nodes with reference counters Sven Eckelmann
2011-03-05 12:28 ` [PATCH 09/28] batman-adv: protect ogm counter arrays with spinlock Sven Eckelmann
2011-03-05 12:28 ` [PATCH 10/28] batman-adv: protect bonding with rcu locks Sven Eckelmann
2011-03-05 12:28 ` [PATCH 12/28] batman-adv: Correct rcu refcounting for gw_node Sven Eckelmann
2011-03-05 12:28 ` [PATCH 13/28] batman-adv: Correct rcu refcounting for softif_neigh Sven Eckelmann
2011-03-05 12:28 ` [PATCH 14/28] batman-adv: Correct rcu refcounting for batman_if Sven Eckelmann
2011-03-05 12:28 ` [PATCH 15/28] batman-adv: protect bit operations to count OGMs with spinlock Sven Eckelmann
2011-03-05 12:28 ` [PATCH 16/28] batman-adv: make broadcast seqno operations atomic Sven Eckelmann
2011-03-05 12:28 ` Sven Eckelmann [this message]
2011-03-05 12:28 ` [PATCH 18/28] batman-adv: Increase orig_node refcount before releasing rcu read lock Sven Eckelmann
2011-03-05 12:28 ` [PATCH 20/28] batman-adv: separate ethernet comparing calls from hash functions Sven Eckelmann
2011-03-05 12:28 ` [PATCH 21/28] batman-adv: remove extra layer between hash and hash element - hash bucket Sven Eckelmann
2011-03-05 12:28 ` [PATCH 22/28] batman-adv: Correct rcu refcounting for orig_node Sven Eckelmann
2011-03-05 12:28 ` [PATCH 23/28] batman-adv: increase refcount in create_neighbor to be consistent Sven Eckelmann
2011-03-05 12:28 ` [PATCH 24/28] batman-adv: remove orig_hash spinlock Sven Eckelmann
2011-03-05 12:28 ` [PATCH 25/28] batman-adv: rename global if_list to hardif_list Sven Eckelmann
2011-03-05 12:28 ` [PATCH 26/28] batman-adv: rename batman_if struct to hard_iface Sven Eckelmann
2011-03-05 12:28 ` [PATCH 27/28] batman-adv: Remove unused hdr_size variable in route_unicast_packet() Sven Eckelmann
2011-03-05 12:28 ` [PATCH 28/28] batman-adv: Disallow regular interface as mesh device Sven Eckelmann
2011-03-05 14:13 ` [B.A.T.M.A.N.] pull request: batman-adv 2011-03-05 Sven Eckelmann
2011-03-07 2:14 ` David Miller
2011-03-07 9:01 ` Sven Eckelmann
2011-03-07 9:19 ` David Miller
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1299328122-21468-18-git-send-email-sven@narfation.org \
--to=sven@narfation.org \
--cc=b.a.t.m.a.n@lists.open-mesh.org \
--cc=davem@davemloft.net \
--cc=lindner_marek@yahoo.de \
--cc=linus.luessing@ascom.ch \
--cc=netdev@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).