Netdev List
 help / color / mirror / Atom feed
From: Simon Wunderlich <sw-2YrNx6rUIHYiY0qSoAWiAoQuADTiUCJX@public.gmane.org>
To: davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org
Cc: netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org,
	b.a.t.m.a.n-ZwoEplunGu2X36UT3dwllkB+6BGkLq7r@public.gmane.org
Subject: [PATCH 05/11] batman-adv: Prevent duplicated nc_node entry
Date: Wed, 19 Sep 2018 14:22:07 +0200	[thread overview]
Message-ID: <20180919122213.23108-6-sw@simonwunderlich.de> (raw)
In-Reply-To: <20180919122213.23108-1-sw-2YrNx6rUIHYiY0qSoAWiAoQuADTiUCJX@public.gmane.org>

From: Sven Eckelmann <sven-KaDOiPu9UxWEi8DpZVb4nw@public.gmane.org>

The function batadv_nc_get_nc_node is responsible for adding new nc_nodes
to the in_coding_list and out_coding_list. It first checks whether the
entry already is in the list or not. If it is, then the creation of a new
entry is aborted.

But the lock for the list is only held when the list is really modified.
This could lead to duplicated entries because another context could create
an entry with the same key between the check and the list manipulation.

The check and the manipulation of the list must therefore be in the same
locked code section.

Fixes: d56b1705e28c ("batman-adv: network coding - detect coding nodes and remove these after timeout")
Signed-off-by: Sven Eckelmann <sven-KaDOiPu9UxWEi8DpZVb4nw@public.gmane.org>
Acked-by: Marek Lindner <mareklindner-rVWd3aGhH2z5bpWLKbzFeg@public.gmane.org>
Signed-off-by: Simon Wunderlich <sw-2YrNx6rUIHYiY0qSoAWiAoQuADTiUCJX@public.gmane.org>
---
 net/batman-adv/network-coding.c | 27 +++++++++++++++------------
 1 file changed, 15 insertions(+), 12 deletions(-)

diff --git a/net/batman-adv/network-coding.c b/net/batman-adv/network-coding.c
index c3578444f3cb..34caf129a9bf 100644
--- a/net/batman-adv/network-coding.c
+++ b/net/batman-adv/network-coding.c
@@ -854,16 +854,27 @@ batadv_nc_get_nc_node(struct batadv_priv *bat_priv,
 	spinlock_t *lock; /* Used to lock list selected by "int in_coding" */
 	struct list_head *list;
 
+	/* Select ingoing or outgoing coding node */
+	if (in_coding) {
+		lock = &orig_neigh_node->in_coding_list_lock;
+		list = &orig_neigh_node->in_coding_list;
+	} else {
+		lock = &orig_neigh_node->out_coding_list_lock;
+		list = &orig_neigh_node->out_coding_list;
+	}
+
+	spin_lock_bh(lock);
+
 	/* Check if nc_node is already added */
 	nc_node = batadv_nc_find_nc_node(orig_node, orig_neigh_node, in_coding);
 
 	/* Node found */
 	if (nc_node)
-		return nc_node;
+		goto unlock;
 
 	nc_node = kzalloc(sizeof(*nc_node), GFP_ATOMIC);
 	if (!nc_node)
-		return NULL;
+		goto unlock;
 
 	/* Initialize nc_node */
 	INIT_LIST_HEAD(&nc_node->list);
@@ -872,22 +883,14 @@ batadv_nc_get_nc_node(struct batadv_priv *bat_priv,
 	kref_get(&orig_neigh_node->refcount);
 	nc_node->orig_node = orig_neigh_node;
 
-	/* Select ingoing or outgoing coding node */
-	if (in_coding) {
-		lock = &orig_neigh_node->in_coding_list_lock;
-		list = &orig_neigh_node->in_coding_list;
-	} else {
-		lock = &orig_neigh_node->out_coding_list_lock;
-		list = &orig_neigh_node->out_coding_list;
-	}
-
 	batadv_dbg(BATADV_DBG_NC, bat_priv, "Adding nc_node %pM -> %pM\n",
 		   nc_node->addr, nc_node->orig_node->orig);
 
 	/* Add nc_node to orig_node */
-	spin_lock_bh(lock);
 	kref_get(&nc_node->refcount);
 	list_add_tail_rcu(&nc_node->list, list);
+
+unlock:
 	spin_unlock_bh(lock);
 
 	return nc_node;
-- 
2.11.0

  parent reply	other threads:[~2018-09-19 12:22 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2018-09-19 12:22 [PATCH 00/11] pull request for net: batman-adv 2018-09-19 Simon Wunderlich
     [not found] ` <20180919122213.23108-1-sw-2YrNx6rUIHYiY0qSoAWiAoQuADTiUCJX@public.gmane.org>
2018-09-19 12:22   ` [PATCH 01/11] batman-adv: Avoid probe ELP information leak Simon Wunderlich
2018-09-19 12:22   ` [PATCH 02/11] batman-adv: Fix segfault when writing to throughput_override Simon Wunderlich
2018-09-19 12:22   ` [PATCH 03/11] batman-adv: Fix segfault when writing to sysfs elp_interval Simon Wunderlich
2018-09-19 12:22   ` [PATCH 04/11] batman-adv: Prevent duplicated gateway_node entry Simon Wunderlich
2018-09-19 12:22   ` Simon Wunderlich [this message]
2018-09-19 12:22   ` [PATCH 06/11] batman-adv: Prevent duplicated softif_vlan entry Simon Wunderlich
2018-09-19 12:22   ` [PATCH 07/11] batman-adv: Prevent duplicated global TT entry Simon Wunderlich
2018-09-19 12:22   ` [PATCH 08/11] batman-adv: Prevent duplicated tvlv handler Simon Wunderlich
2018-09-19 12:22   ` [PATCH 09/11] batman-adv: fix backbone_gw refcount on queue_work() failure Simon Wunderlich
2018-09-19 12:22   ` [PATCH 10/11] batman-adv: fix hardif_neigh " Simon Wunderlich
2018-09-19 12:22   ` [PATCH 11/11] batman-adv: Increase version number to 2018.3 Simon Wunderlich
2018-09-20  3:34 ` [PATCH 00/11] pull request for net: batman-adv 2018-09-19 David Miller
     [not found]   ` <20180919.203434.1784595444537176012.davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org>
2018-09-20  8:09     ` Simon Wunderlich

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20180919122213.23108-6-sw@simonwunderlich.de \
    --to=sw-2yrnx6ruihyiy0qsoawiaoquadtiucjx@public.gmane.org \
    --cc=b.a.t.m.a.n-ZwoEplunGu2X36UT3dwllkB+6BGkLq7r@public.gmane.org \
    --cc=davem-fT/PcQaiUtIeIZ0/mPfg9Q@public.gmane.org \
    --cc=netdev-u79uwXL29TY76Z2rM5mHXA@public.gmane.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox