Re: [B.A.T.M.A.N.] Invalid memory access during if add/del with multiple interfaces

On Sunday 29 November 2015 01:37:21 Sven Eckelmann wrote:

[...]

==================================================================
BUG: KASAN: slab-out-of-bounds in

batadv_iv_ogm_slide_own_bcast_window+0x298/0x376 [batman_adv] at addr fff

Write of size 1 by task kworker/u4:2/67

The reads seem to be solved by the patch [1] which I've sent to the mailing list. But this write looks more interesting. The problem seems to be the missing locking for if_num + bat_iv.bcast_own/bat_iv.bcast_own_sum (with bat_iv.ogm_cnt_lock ?) in (or around) batadv_orig_hash_add_if/batadv_orig_hash_del_if.

And I don't know right now what causes the GPF but it can be reproduced (just takes some time until it happens).

Kind regards, Sven

[1] https://lists.open-mesh.org/pipermail/b.a.t.m.a.n/2015-November/013836.html