[PATCH 6/6] batman-adv: fix potential TT client + orig-node memory leak

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Antonio Quartulli <antonio@meshcoding.com>
To: davem@davemloft.net
Cc: netdev@vger.kernel.org, b.a.t.m.a.n@lists.open-mesh.org,
	"Linus Lüssing" <linus.luessing@c0d3.blue>,
	"Marek Lindner" <mareklindner@neomailbox.ch>,
	"Antonio Quartulli" <antonio@meshcoding.com>
Subject: [PATCH 6/6] batman-adv: fix potential TT client + orig-node memory leak
Date: Tue,  6 Jan 2015 12:10:05 +0100	[thread overview]
Message-ID: <1420542605-28865-7-git-send-email-antonio@meshcoding.com> (raw)
In-Reply-To: <1420542605-28865-1-git-send-email-antonio@meshcoding.com>

From: Linus Lüssing <linus.luessing@c0d3.blue>

This patch fixes a potential memory leak which can occur once an
originator times out. On timeout the according global translation table
entry might not get purged correctly. Furthermore, the non purged TT
entry will cause its orig-node to leak, too. Which additionally can lead
to the new multicast optimization feature not kicking in because of a
therefore bogus counter.

In detail: The batadv_tt_global_entry->orig_list holds the reference to
the orig-node. Usually this reference is released after
BATADV_PURGE_TIMEOUT through: _batadv_purge_orig()->
batadv_purge_orig_node()->batadv_update_route()->_batadv_update_route()->
batadv_tt_global_del_orig() which purges this global tt entry and
releases the reference to the orig-node.

However, if between two batadv_purge_orig_node() calls the orig-node
timeout grew to 2*BATADV_PURGE_TIMEOUT then this call path isn't
reached. Instead the according orig-node is removed from the
originator hash in _batadv_purge_orig(), the batadv_update_route()
part is skipped and won't be reached anymore.

Fixing the issue by moving batadv_tt_global_del_orig() out of the rcu
callback.

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
Acked-by: Antonio Quartulli <antonio@meshcoding.com>
Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
Signed-off-by: Antonio Quartulli <antonio@meshcoding.com>
---
 net/batman-adv/originator.c | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/net/batman-adv/originator.c b/net/batman-adv/originator.c
index 648bdba..bea8198 100644
--- a/net/batman-adv/originator.c
+++ b/net/batman-adv/originator.c
@@ -570,9 +570,6 @@ static void batadv_orig_node_free_rcu(struct rcu_head *rcu)

 	batadv_frag_purge_orig(orig_node, NULL);

-	batadv_tt_global_del_orig(orig_node->bat_priv, orig_node, -1,
-				  "originator timed out");
-
 	if (orig_node->bat_priv->bat_algo_ops->bat_orig_free)
 		orig_node->bat_priv->bat_algo_ops->bat_orig_free(orig_node);

@@ -978,6 +975,9 @@ static void _batadv_purge_orig(struct batadv_priv *bat_priv)
 			if (batadv_purge_orig_node(bat_priv, orig_node)) {
 				batadv_gw_node_delete(bat_priv, orig_node);
 				hlist_del_rcu(&orig_node->hash_entry);
+				batadv_tt_global_del_orig(orig_node->bat_priv,
+							  orig_node, -1,
+							  "originator timed out");
 				batadv_orig_node_free_ref(orig_node);
 				continue;
 			}
-- 
2.2.1

next prev parent reply	other threads:[~2015-01-06 11:10 UTC|newest]

Thread overview: 8+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2015-01-06 11:09 pull request [net]: batman-adv 20150106 Antonio Quartulli
2015-01-06 11:10 ` [PATCH 1/6] batman-adv: fix and simplify condition when bonding should be used Antonio Quartulli
2015-01-06 11:10 ` [PATCH 2/6] batman-adv: fix delayed foreign originator recognition Antonio Quartulli
2015-01-06 11:10 ` [PATCH 3/6] batman-adv: fix lock class for decoding hash in network-coding.c Antonio Quartulli
2015-01-06 11:10 ` [PATCH 4/6] batman-adv: fix counter for multicast supporting nodes Antonio Quartulli
2015-01-06 11:10 ` [PATCH 5/6] batman-adv: fix multicast counter when purging originators Antonio Quartulli
2015-01-06 11:10 ` Antonio Quartulli [this message]
2015-01-06 19:25 ` pull request [net]: batman-adv 20150106 David Miller

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:648bdba dfblob:bea8198 )
 OR (
bs:"[PATCH 6/6] batman-adv: fix potential TT client + orig-node memory leak" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1420542605-28865-7-git-send-email-antonio@meshcoding.com \
    --to=antonio@meshcoding.com \
    --cc=b.a.t.m.a.n@lists.open-mesh.org \
    --cc=davem@davemloft.net \
    --cc=linus.luessing@c0d3.blue \
    --cc=mareklindner@neomailbox.ch \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).