B.A.T.M.A.N May 2016

b.a.t.m.a.n@lists.open-mesh.org

29 participants
110 discussions

[B.A.T.M.A.N.] [PATCH] batman-adv: Remove unused primary_if variable

by Linus Lüssing

Acked-by: Simon Wunderlich <sw(a)simonwunderlich.de> Fixes: 29b9256e6631 ("batman-adv: consider outgoing interface in OGM sending") Signed-off-by: Linus Lüssing <linus.luessing(a)c0d3.blue> --- net/batman-adv/bat_iv_ogm.c | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/net/batman-adv/bat_iv_ogm.c b/net/batman-adv/bat_iv_ogm.c index 5a7923c..2076048 100644 --- a/net/batman-adv/bat_iv_ogm.c +++ b/net/batman-adv/bat_iv_ogm.c @@ -529,35 +529,26 @@ static void batadv_iv_ogm_emit(struct batadv_forw_packet *forw_packet) { struct net_device *soft_iface; struct batadv_priv *bat_priv; - struct batadv_hard_iface *primary_if = NULL; if (!forw_packet->if_incoming) { pr_err("Error - can't forward packet: incoming iface not specified\n"); - goto out; + return; } soft_iface = forw_packet->if_incoming->soft_iface; bat_priv = netdev_priv(soft_iface); if (WARN_ON(!forw_packet->if_outgoing)) - goto out; + return; if (WARN_ON(forw_packet->if_outgoing->soft_iface != soft_iface)) - goto out; + return; if (forw_packet->if_incoming->if_status != BATADV_IF_ACTIVE) - goto out; - - primary_if = batadv_primary_if_get_selected(bat_priv); - if (!primary_if) - goto out; + return; /* only for one specific outgoing interface */ batadv_iv_ogm_send_to_if(forw_packet, forw_packet->if_outgoing); - -out: - if (primary_if) - batadv_hardif_put(primary_if); } /** -- 1.7.10.4

6 years, 10 months

[B.A.T.M.A.N.] [PATCH v2] batman-adv: Fix use-after-free/double-free of tt_req_node

by Sven Eckelmann

The tt_req_node is added and removed from a list inside a spinlock. But the locking is sometimes removed even when the object is still referenced and will be used later via this reference. For example batadv_send_tt_request can create a new tt_req_node (including add to a list) and later re-acquires the lock to remove it from the list and to free it. But at this time another context could have already removed this tt_req_node from the list and freed it. CPU#0 batadv_batman_skb_recv from net_device 0 -> batadv_iv_ogm_receive -> batadv_iv_ogm_process -> batadv_iv_ogm_process_per_outif -> batadv_tvlv_ogm_receive -> batadv_tvlv_ogm_receive -> batadv_tvlv_containers_process -> batadv_tvlv_call_handler -> batadv_tt_tvlv_ogm_handler_v1 -> batadv_tt_update_orig -> batadv_send_tt_request -> batadv_tt_req_node_new spin_lock(...) allocates new tt_req_node and adds it to list spin_unlock(...) return tt_req_node CPU#1 batadv_batman_skb_recv from net_device 1 -> batadv_recv_unicast_tvlv -> batadv_tvlv_containers_process -> batadv_tvlv_call_handler -> batadv_tt_tvlv_unicast_handler_v1 -> batadv_handle_tt_response spin_lock(...) tt_req_node gets removed from list and is freed spin_unlock(...) CPU#0 <- returned to batadv_send_tt_request spin_lock(...) tt_req_node gets removed from list and is freed MEMORY CORRUPTION/SEGFAULT/... spin_unlock(...) This can only be solved via reference counting to allow multiple contexts to handle the list manipulation while making sure that only the last context holding a reference will free the object. Fixes: cea194d90b11 ("batman-adv: improved client announcement mechanism") Signed-off-by: Sven Eckelmann <sven(a)narfation.org> --- v2: - fixed list->object in commit message - add example what could have gone wrong in commit message --- net/batman-adv/translation-table.c | 27 +++++++++++++++++++++++---- net/batman-adv/types.h | 2 ++ 2 files changed, 25 insertions(+), 4 deletions(-) diff --git a/net/batman-adv/translation-table.c b/net/batman-adv/translation-table.c index 48adb91..46f90c5 100644 --- a/net/batman-adv/translation-table.c +++ b/net/batman-adv/translation-table.c @@ -2272,6 +2272,19 @@ static u32 batadv_tt_local_crc(struct batadv_priv *bat_priv, return crc; } +/** + * batadv_tt_req_node_release - free tt_req node entry + * @ref: kref pointer of the tt req_node entry + */ +static void batadv_tt_req_node_release(struct kref *ref) +{ + struct batadv_tt_req_node *node; + + node = container_of(ref, struct batadv_tt_req_node, refcount); + + kfree(node); +} + static void batadv_tt_req_list_free(struct batadv_priv *bat_priv) { struct batadv_tt_req_node *node; @@ -2281,7 +2294,7 @@ static void batadv_tt_req_list_free(struct batadv_priv *bat_priv) hlist_for_each_entry_safe(node, safe, &bat_priv->tt.req_list, list) { hlist_del_init(&node->list); - kfree(node); + kref_put(&node->refcount, batadv_tt_req_node_release); } spin_unlock_bh(&bat_priv->tt.req_list_lock); @@ -2318,7 +2331,7 @@ static void batadv_tt_req_purge(struct batadv_priv *bat_priv) if (batadv_has_timed_out(node->issued_at, BATADV_TT_REQUEST_TIMEOUT)) { hlist_del_init(&node->list); - kfree(node); + kref_put(&node->refcount, batadv_tt_req_node_release); } } spin_unlock_bh(&bat_priv->tt.req_list_lock); @@ -2350,9 +2363,11 @@ batadv_tt_req_node_new(struct batadv_priv *bat_priv, if (!tt_req_node) goto unlock; + kref_init(&tt_req_node->refcount); ether_addr_copy(tt_req_node->addr, orig_node->orig); tt_req_node->issued_at = jiffies; + kref_get(&tt_req_node->refcount); hlist_add_head(&tt_req_node->list, &bat_priv->tt.req_list); unlock: spin_unlock_bh(&bat_priv->tt.req_list_lock); @@ -2619,9 +2634,13 @@ out: spin_lock_bh(&bat_priv->tt.req_list_lock); /* hlist_del_init() verifies tt_req_node still is in the list */ hlist_del_init(&tt_req_node->list); + kref_put(&tt_req_node->refcount, batadv_tt_req_node_release); spin_unlock_bh(&bat_priv->tt.req_list_lock); - kfree(tt_req_node); } + + if (tt_req_node) + kref_put(&tt_req_node->refcount, batadv_tt_req_node_release); + kfree(tvlv_tt_data); return ret; } @@ -3057,7 +3076,7 @@ static void batadv_handle_tt_response(struct batadv_priv *bat_priv, if (!batadv_compare_eth(node->addr, resp_src)) continue; hlist_del_init(&node->list); - kfree(node); + kref_put(&node->refcount, batadv_tt_req_node_release); } spin_unlock_bh(&bat_priv->tt.req_list_lock); diff --git a/net/batman-adv/types.h b/net/batman-adv/types.h index 1e47fbe..d75beef 100644 --- a/net/batman-adv/types.h +++ b/net/batman-adv/types.h @@ -1129,11 +1129,13 @@ struct batadv_tt_change_node { * struct batadv_tt_req_node - data to keep track of the tt requests in flight * @addr: mac address address of the originator this request was sent to * @issued_at: timestamp used for purging stale tt requests + * @refcount: number of contexts the object is used by * @list: list node for batadv_priv_tt::req_list */ struct batadv_tt_req_node { u8 addr[ETH_ALEN]; unsigned long issued_at; + struct kref refcount; struct hlist_node list; }; -- 2.8.1

6 years, 10 months

Re: [B.A.T.M.A.N.] How to read batadv-vis jsondoc correctly

by Simon Wunderlich

Hi Patrick, sorry for the late reply. On Tuesday 17 May 2016 10:09:27 Patrick Bosch via B.A.T.M.A.N wrote: > Hi all > > As the title suggest, I'm wondering how to read the jsondoc output > correctly. It seems that every possible link is included in that > output, but which one is the one that is used? If there is one link, > it should be the one with the lowest metric, but what if a node has > more than one link? > > For example the following setup: > > Node 1 > | > | > Node 2 ------- Node 3 > > Here, node two would have two links. Now, if there would be some more > nodes that are in the jsondoc output, how can I find out which are the > links that are in use? The nodes which appear in the jsondoc are only originators which batman-adv decided to reach directly (with one hop) - so these are direct neighbors. Basically, all of these links would be in use from one node to its neighbor, so all of them are "in use". But you can't find out how much a link is actually used (i.e. how many packets/bytes are transmitted), or which neighbor is used to reach a distant neighbor. Cheers, Simon

6 years, 10 months

[B.A.T.M.A.N.] [PATCH maint] batman-adv: Fix use-after-free of tt_req_node

by Sven Eckelmann

The tt_req_node is added and removed from a list inside a spinlock. But the locking is sometimes removed even when the object is still referenced and will be used later via this reference. For example batadv_send_tt_request can create a new tt_req_node (including add to a list) and later re-acquires the lock to remove it from the list and to free it. But at this time another context could have already removed this tt_req_node from the list and freed it. This can only be solved via reference counting to allow multiple contexts to handle the list manipulation while making sure that only the last context frees the list. Fixes: cea194d90b11 ("batman-adv: improved client announcement mechanism") Signed-off-by: Sven Eckelmann <sven(a)narfation.org> --- Cc: Matthias Schiffer <mschiffer(a)universe-factory.net>: this can also be interesting for batman-adv-legacy installations on servers with more than one core net/batman-adv/translation-table.c | 27 +++++++++++++++++++++++---- net/batman-adv/types.h | 2 ++ 2 files changed, 25 insertions(+), 4 deletions(-) diff --git a/net/batman-adv/translation-table.c b/net/batman-adv/translation-table.c index 48adb91..46f90c5 100644 --- a/net/batman-adv/translation-table.c +++ b/net/batman-adv/translation-table.c @@ -2272,6 +2272,19 @@ static u32 batadv_tt_local_crc(struct batadv_priv *bat_priv, return crc; } +/** + * batadv_tt_req_node_release - free tt_req node entry + * @ref: kref pointer of the tt req_node entry + */ +static void batadv_tt_req_node_release(struct kref *ref) +{ + struct batadv_tt_req_node *node; + + node = container_of(ref, struct batadv_tt_req_node, refcount); + + kfree(node); +} + static void batadv_tt_req_list_free(struct batadv_priv *bat_priv) { struct batadv_tt_req_node *node; @@ -2281,7 +2294,7 @@ static void batadv_tt_req_list_free(struct batadv_priv *bat_priv) hlist_for_each_entry_safe(node, safe, &bat_priv->tt.req_list, list) { hlist_del_init(&node->list); - kfree(node); + kref_put(&node->refcount, batadv_tt_req_node_release); } spin_unlock_bh(&bat_priv->tt.req_list_lock); @@ -2318,7 +2331,7 @@ static void batadv_tt_req_purge(struct batadv_priv *bat_priv) if (batadv_has_timed_out(node->issued_at, BATADV_TT_REQUEST_TIMEOUT)) { hlist_del_init(&node->list); - kfree(node); + kref_put(&node->refcount, batadv_tt_req_node_release); } } spin_unlock_bh(&bat_priv->tt.req_list_lock); @@ -2350,9 +2363,11 @@ batadv_tt_req_node_new(struct batadv_priv *bat_priv, if (!tt_req_node) goto unlock; + kref_init(&tt_req_node->refcount); ether_addr_copy(tt_req_node->addr, orig_node->orig); tt_req_node->issued_at = jiffies; + kref_get(&tt_req_node->refcount); hlist_add_head(&tt_req_node->list, &bat_priv->tt.req_list); unlock: spin_unlock_bh(&bat_priv->tt.req_list_lock); @@ -2619,9 +2634,13 @@ out: spin_lock_bh(&bat_priv->tt.req_list_lock); /* hlist_del_init() verifies tt_req_node still is in the list */ hlist_del_init(&tt_req_node->list); + kref_put(&tt_req_node->refcount, batadv_tt_req_node_release); spin_unlock_bh(&bat_priv->tt.req_list_lock); - kfree(tt_req_node); } + + if (tt_req_node) + kref_put(&tt_req_node->refcount, batadv_tt_req_node_release); + kfree(tvlv_tt_data); return ret; } @@ -3057,7 +3076,7 @@ static void batadv_handle_tt_response(struct batadv_priv *bat_priv, if (!batadv_compare_eth(node->addr, resp_src)) continue; hlist_del_init(&node->list); - kfree(node); + kref_put(&node->refcount, batadv_tt_req_node_release); } spin_unlock_bh(&bat_priv->tt.req_list_lock); diff --git a/net/batman-adv/types.h b/net/batman-adv/types.h index 1e47fbe..d75beef 100644 --- a/net/batman-adv/types.h +++ b/net/batman-adv/types.h @@ -1129,11 +1129,13 @@ struct batadv_tt_change_node { * struct batadv_tt_req_node - data to keep track of the tt requests in flight * @addr: mac address address of the originator this request was sent to * @issued_at: timestamp used for purging stale tt requests + * @refcount: number of contexts the object is used by * @list: list node for batadv_priv_tt::req_list */ struct batadv_tt_req_node { u8 addr[ETH_ALEN]; unsigned long issued_at; + struct kref refcount; struct hlist_node list; }; -- 2.8.1

6 years, 10 months

[B.A.T.M.A.N.] [PATCH v2 0/2] netns support for alfred

by Andrew Lunn

Dropped patch #1, since it has been merged Fixed the socket leak Removed redundant calls to mount debugfs Andrew Lunn (2): alfred: Add support for network namespaces alfred: Mount debugfs before reducing capabilities batadv_query.c | 19 +------------------ debugfs.c | 49 ++++++++++++++++++++++++++++++++++++++++++++++++- main.c | 4 ++++ vis/vis.h | 2 +- 4 files changed, 54 insertions(+), 20 deletions(-) -- 2.7.0.rc3

6 years, 10 months

[B.A.T.M.A.N.] [PATCH v8 00/14] netns and netlink support

by Simon Wunderlich

This patchset completes netns support, by disabling debugfs entries when not in the default name space, and correctly handling interface stack loops when the parent is in a different name space. It additionally adds netlink support for most of the information found in debugfs, and is netns aware. This patchset is based on Andrews v7 series as of May 7th, with the following changes of Sven and myself: * rebase on current master * fix VID output in TT+claim table * fix kerneldoc for batadv_bla_claim_dump* functions * fix -ENODEV return in batadv_bla_claim_dump * added support for bla backbone table * add own TTVN to mesh_info (required for global translation table) * add own group id to mesh_info (required for bla claim/backbone table) * fix soft_iface reference leak when dumping the claim table * fix function parameter alignments * fix includes it applies on master plus the following two patches applied: * batman-adv: fix returned error in batadv_netlink_tp_meter_cancel * batman-adv: remove unused vid local variable in tt seq print We have tested the setup in our VMs and verified functionality of the provided tables, including big TT tables and bridge loop avoidance. Corresponding batctl patches will be sent separately. Cheers, Simon Andrew Lunn (5): batman-adv: Handle parent interfaces in a different netns batman-adv: Suppress debugfs entries for netns's batman-adv: add B.A.T.M.A.N. Dump gateways via netlink batman-adv: add B.A.T.M.A.N. Dump BLA claims via netlink batman-adv: Indicate netlink socket can be used with netns. Matthias Schiffer (6): batman-adv: netlink: add routing_algo query batman-adv: netlink: hardif query batman-adv: netlink: add translation table query batman-adv: netlink: add originator and neighbor table queries batman-adv: add B.A.T.M.A.N. IV bat_{orig, neigh}_dump implementations batman-adv: add B.A.T.M.A.N. V bat_{orig, neigh}_dump implementations Simon Wunderlich (1): batman-adv: add backbone table netlink support Sven Eckelmann (2): batman-adv: Provide TTVN in the mesh_info netlink msg batman-adv: Provide bla group in the mesh_info netlink msg compat-include/linux/netlink.h | 18 ++ compat.h | 7 + include/uapi/linux/batman_adv.h | 94 ++++++++ net/batman-adv/bat_algo.c | 68 ++++++ net/batman-adv/bat_algo.h | 3 + net/batman-adv/bat_iv_ogm.c | 362 +++++++++++++++++++++++++++++++ net/batman-adv/bat_v.c | 337 +++++++++++++++++++++++++++++ net/batman-adv/bridge_loop_avoidance.c | 333 +++++++++++++++++++++++++++++ net/batman-adv/bridge_loop_avoidance.h | 17 +- net/batman-adv/debugfs.c | 18 ++ net/batman-adv/gateway_client.c | 148 +++++++++++++ net/batman-adv/gateway_client.h | 2 + net/batman-adv/hard-interface.c | 50 ++++- net/batman-adv/netlink.c | 217 ++++++++++++++++++- net/batman-adv/netlink.h | 6 + net/batman-adv/originator.c | 160 ++++++++++++++ net/batman-adv/originator.h | 4 + net/batman-adv/packet.h | 36 ---- net/batman-adv/translation-table.c | 377 +++++++++++++++++++++++++++++++++ net/batman-adv/translation-table.h | 4 + net/batman-adv/types.h | 9 + 21 files changed, 2222 insertions(+), 48 deletions(-) -- 2.8.1

6 years, 10 months

[B.A.T.M.A.N.] Unable to ping interface in ap mode / client mode with IP4 addr

by Hannes Harms

Hi, I want to set up bat0 on top of a wifi interface in ap mode and another machine with bat0 on top of a wifi interface in client mode. Via iw dev wlan0 station dump I can seen that both are connected. Via batctl o I see the connected node. Via batct ping mac addr I can ping each other. But I can not ping with an IP4 addr. bat0 was added to a bridge interface with a static IP on both machines. No DHCP server is running, because only static IPS are needed. Did I miss something? Regrads Hannes

6 years, 10 months

[B.A.T.M.A.N.] [PATCH] RFC: batman-adv: Remove unused primary_if variable

by Linus Lüssing

Fixes: 29b9256e6631 ("batman-adv: consider outgoing interface in OGM sending") Signed-off-by: Linus Lüssing <linus.luessing(a)c0d3.blue> --- Note sure whether the "forw_packet->if_incoming != primary_if" check vanished on purpose or by accident in the mentioned commit. Or whether it got substituted by some other check. Therefore sending the patch as RFC. net/batman-adv/bat_iv_ogm.c | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) diff --git a/net/batman-adv/bat_iv_ogm.c b/net/batman-adv/bat_iv_ogm.c index 5a7923c..2076048 100644 --- a/net/batman-adv/bat_iv_ogm.c +++ b/net/batman-adv/bat_iv_ogm.c @@ -529,35 +529,26 @@ static void batadv_iv_ogm_emit(struct batadv_forw_packet *forw_packet) { struct net_device *soft_iface; struct batadv_priv *bat_priv; - struct batadv_hard_iface *primary_if = NULL; if (!forw_packet->if_incoming) { pr_err("Error - can't forward packet: incoming iface not specified\n"); - goto out; + return; } soft_iface = forw_packet->if_incoming->soft_iface; bat_priv = netdev_priv(soft_iface); if (WARN_ON(!forw_packet->if_outgoing)) - goto out; + return; if (WARN_ON(forw_packet->if_outgoing->soft_iface != soft_iface)) - goto out; + return; if (forw_packet->if_incoming->if_status != BATADV_IF_ACTIVE) - goto out; - - primary_if = batadv_primary_if_get_selected(bat_priv); - if (!primary_if) - goto out; + return; /* only for one specific outgoing interface */ batadv_iv_ogm_send_to_if(forw_packet, forw_packet->if_outgoing); - -out: - if (primary_if) - batadv_hardif_put(primary_if); } /** -- 1.7.10.4

6 years, 10 months

[B.A.T.M.A.N.] kmalloc() vs. kmem_cache_alloc() for global TT?

by Linus Lüssing

Hi, Is anyone familiar with the implications of using kmalloc() vs. kmem_cache_alloc()? Not just allocation speed, but also RAM fragmentation is something I'm currently wondering about. We have had issues with the large, bulk allocations from the debugfs tables before, where if I remember correctly the experssion "RAM fragmentation" has been mentioned before. With the fallback from kmalloc() to vmalloc() in the debugfs internals on more recent kernels, at least that problem has gone for now. Still, I'm wondering whether a couple of thousand global TT entry allocations (Freifunk Hamburg currently has more than three thousand) could lead to a badly fragmented RAM. Too much for a cute wifi router with just 32MB of RAM, maybe. I then noticed that the bridge is using kmem_cache_alloc() instead of kmalloc() for its fdb (forwarding database). Would it make sense to do the same for global TT entries (and maybe originator structs, too?)? If so, I'd be happy to look into providing a patch. Regards, Linus PS: Why this thought came up: https://github.com/freifunk-gluon/gluon/issues/753 Could be a memory leak or something else too though. Investigation still in progress.

6 years, 10 months

[B.A.T.M.A.N.] [PATCHv2] batman-adv: Refactor forward packet creation/destruction

by Linus Lüssing

This patch abstracts the forward packet creation and destruction via the new functions batadv_forw_packet_alloc() and batadv_forw_packet_free(). This should simplify the freeing of a forward packet as for instance queue counting is now done internally. Signed-off-by: Linus Lüssing <linus.luessing(a)c0d3.blue> --- Changelog v2: * Rebase to current master * Fixed typo: "ressources" vs. "resources" * Moved forw_packet->num_packets initialization into forw_packet_alloc(), too * Adjusted commit message Zombie patch - rotten & dead since 2013, but w{al,or}ks again! net/batman-adv/bat_iv_ogm.c | 34 ++++---------- net/batman-adv/send.c | 103 +++++++++++++++++++++++++++++++------------ net/batman-adv/send.h | 6 +++ net/batman-adv/types.h | 2 + 4 files changed, 92 insertions(+), 53 deletions(-) diff --git a/net/batman-adv/bat_iv_ogm.c b/net/batman-adv/bat_iv_ogm.c index e2d8848..5a7923c 100644 --- a/net/batman-adv/bat_iv_ogm.c +++ b/net/batman-adv/bat_iv_ogm.c @@ -685,19 +685,12 @@ static void batadv_iv_ogm_aggregate_new(const unsigned char *packet_buff, struct batadv_forw_packet *forw_packet_aggr; unsigned char *skb_buff; unsigned int skb_size; + atomic_t *queue_left = own_packet ? NULL : &bat_priv->batman_queue_left; - /* own packet should always be scheduled */ - if (!own_packet) { - if (!batadv_atomic_dec_not_zero(&bat_priv->batman_queue_left)) { - batadv_dbg(BATADV_DBG_BATMAN, bat_priv, - "batman packet queue full\n"); - return; - } - } - - forw_packet_aggr = kmalloc(sizeof(*forw_packet_aggr), GFP_ATOMIC); + forw_packet_aggr = batadv_forw_packet_alloc(if_incoming, if_outgoing, + queue_left, bat_priv); if (!forw_packet_aggr) - goto out_nomem; + return; if (atomic_read(&bat_priv->aggregated_ogms) && packet_len < BATADV_MAX_AGGREGATION_BYTES) @@ -709,7 +702,8 @@ static void batadv_iv_ogm_aggregate_new(const unsigned char *packet_buff, forw_packet_aggr->skb = netdev_alloc_skb_ip_align(NULL, skb_size); if (!forw_packet_aggr->skb) - goto out_free_forw_packet; + goto packet_free; + forw_packet_aggr->skb->priority = TC_PRIO_CONTROL; skb_reserve(forw_packet_aggr->skb, ETH_HLEN); @@ -717,12 +711,7 @@ static void batadv_iv_ogm_aggregate_new(const unsigned char *packet_buff, forw_packet_aggr->packet_len = packet_len; memcpy(skb_buff, packet_buff, packet_len); - kref_get(&if_incoming->refcount); - kref_get(&if_outgoing->refcount); forw_packet_aggr->own = own_packet; - forw_packet_aggr->if_incoming = if_incoming; - forw_packet_aggr->if_outgoing = if_outgoing; - forw_packet_aggr->num_packets = 0; forw_packet_aggr->direct_link_flags = BATADV_NO_FLAGS; forw_packet_aggr->send_time = send_time; @@ -743,11 +732,8 @@ static void batadv_iv_ogm_aggregate_new(const unsigned char *packet_buff, send_time - jiffies); return; -out_free_forw_packet: - kfree(forw_packet_aggr); -out_nomem: - if (!own_packet) - atomic_inc(&bat_priv->batman_queue_left); +packet_free: + batadv_forw_packet_free(forw_packet_aggr); } /* aggregate a new packet into the existing ogm packet */ @@ -1830,10 +1816,6 @@ static void batadv_iv_send_outstanding_bat_ogm_packet(struct work_struct *work) batadv_iv_ogm_schedule(forw_packet->if_incoming); out: - /* don't count own packet */ - if (!forw_packet->own) - atomic_inc(&bat_priv->batman_queue_left); - batadv_forw_packet_free(forw_packet); } diff --git a/net/batman-adv/send.c b/net/batman-adv/send.c index 49836da..711f8a8 100644 --- a/net/batman-adv/send.c +++ b/net/batman-adv/send.c @@ -430,6 +430,13 @@ int batadv_send_skb_via_gw(struct batadv_priv *bat_priv, struct sk_buff *skb, orig_node, vid); } +/** + * batadv_forw_packet_free - free a forwarding packet + * @forw_packet: The packet to free + * + * This frees a forwarding packet and releases any resources it might + * have claimed. + */ void batadv_forw_packet_free(struct batadv_forw_packet *forw_packet) { kfree_skb(forw_packet->skb); @@ -437,9 +444,71 @@ void batadv_forw_packet_free(struct batadv_forw_packet *forw_packet) batadv_hardif_put(forw_packet->if_incoming); if (forw_packet->if_outgoing) batadv_hardif_put(forw_packet->if_outgoing); + if (forw_packet->queue_left) + atomic_inc(forw_packet->queue_left); kfree(forw_packet); } +/** + * batadv_forw_packet_alloc - Allocates a forwarding packet + * @if_incoming: The (optional) if_incoming to be grabbed + * @if_outgoing: The (optional) if_outgoing to be grabbed + * @queue_left: The (optional) queue counter to decrease + * @bat_priv: The bat_priv for the mesh of this forw_packet + * + * Allocates a forwarding packet and tries to get a reference to the + * (optional) if_incoming and queue_left. If queue_left is NULL then + * bat_priv is optional, too. + * + * On success, returns the allocated forwarding packet. Otherwise returns + * NULL. + */ +struct batadv_forw_packet * +batadv_forw_packet_alloc(struct batadv_hard_iface *if_incoming, + struct batadv_hard_iface *if_outgoing, + atomic_t *queue_left, + struct batadv_priv *bat_priv) +{ + struct batadv_forw_packet *forw_packet = NULL; + + if (queue_left && !batadv_atomic_dec_not_zero(queue_left)) { + if (queue_left == &bat_priv->bcast_queue_left) + batadv_dbg(BATADV_DBG_BATMAN, bat_priv, + "bcast queue full\n"); + else if (queue_left == &bat_priv->batman_queue_left) + batadv_dbg(BATADV_DBG_BATMAN, bat_priv, + "batman queue full\n"); + else + batadv_dbg(BATADV_DBG_BATMAN, bat_priv, + "a mysterious queue is full\n"); + goto out; + } + + forw_packet = kmalloc(sizeof(*forw_packet), GFP_ATOMIC); + if (!forw_packet) + goto err; + + if (if_incoming) + kref_get(&if_incoming->refcount); + + if (if_outgoing) + kref_get(&if_outgoing->refcount); + + forw_packet->skb = NULL; + forw_packet->queue_left = queue_left; + forw_packet->if_incoming = if_incoming; + forw_packet->if_outgoing = if_outgoing; + forw_packet->num_packets = 0; + + goto out; + +err: + if (queue_left) + atomic_inc(queue_left); +out: + return forw_packet; +} + static void _batadv_add_bcast_packet_to_list(struct batadv_priv *bat_priv, struct batadv_forw_packet *forw_packet, @@ -478,20 +547,16 @@ int batadv_add_bcast_packet_to_list(struct batadv_priv *bat_priv, struct batadv_bcast_packet *bcast_packet; struct sk_buff *newskb; - if (!batadv_atomic_dec_not_zero(&bat_priv->bcast_queue_left)) { - batadv_dbg(BATADV_DBG_BATMAN, bat_priv, - "bcast packet queue full\n"); - goto out; - } - primary_if = batadv_primary_if_get_selected(bat_priv); if (!primary_if) - goto out_and_inc; - - forw_packet = kmalloc(sizeof(*forw_packet), GFP_ATOMIC); + goto out; + forw_packet = batadv_forw_packet_alloc(primary_if, NULL, + &bat_priv->bcast_queue_left, + bat_priv); + batadv_hardif_put(primary_if); if (!forw_packet) - goto out_and_inc; + goto out; newskb = skb_copy(skb, GFP_ATOMIC); if (!newskb) @@ -504,11 +569,6 @@ int batadv_add_bcast_packet_to_list(struct batadv_priv *bat_priv, skb_reset_mac_header(newskb); forw_packet->skb = newskb; - forw_packet->if_incoming = primary_if; - forw_packet->if_outgoing = NULL; - - /* how often did we send the bcast packet ? */ - forw_packet->num_packets = 0; INIT_DELAYED_WORK(&forw_packet->delayed_work, batadv_send_outstanding_bcast_packet); @@ -517,12 +577,8 @@ int batadv_add_bcast_packet_to_list(struct batadv_priv *bat_priv, return NETDEV_TX_OK; packet_free: - kfree(forw_packet); -out_and_inc: - atomic_inc(&bat_priv->bcast_queue_left); + batadv_forw_packet_free(forw_packet); out: - if (primary_if) - batadv_hardif_put(primary_if); return NETDEV_TX_BUSY; } @@ -583,7 +639,6 @@ static void batadv_send_outstanding_bcast_packet(struct work_struct *work) out: batadv_forw_packet_free(forw_packet); - atomic_inc(&bat_priv->bcast_queue_left); } void @@ -624,9 +679,6 @@ batadv_purge_outstanding_packets(struct batadv_priv *bat_priv, if (pending) { hlist_del(&forw_packet->list); - if (!forw_packet->own) - atomic_inc(&bat_priv->bcast_queue_left); - batadv_forw_packet_free(forw_packet); } } @@ -654,9 +706,6 @@ batadv_purge_outstanding_packets(struct batadv_priv *bat_priv, if (pending) { hlist_del(&forw_packet->list); - if (!forw_packet->own) - atomic_inc(&bat_priv->batman_queue_left); - batadv_forw_packet_free(forw_packet); } } diff --git a/net/batman-adv/send.h b/net/batman-adv/send.h index 7cecb75..999f786 100644 --- a/net/batman-adv/send.h +++ b/net/batman-adv/send.h @@ -28,6 +28,12 @@ struct sk_buff; void batadv_forw_packet_free(struct batadv_forw_packet *forw_packet); +struct batadv_forw_packet * +batadv_forw_packet_alloc(struct batadv_hard_iface *if_incoming, + struct batadv_hard_iface *if_outgoing, + atomic_t *queue_left, + struct batadv_priv *bat_priv); + int batadv_send_skb_to_orig(struct sk_buff *skb, struct batadv_orig_node *orig_node, struct batadv_hard_iface *recv_if); diff --git a/net/batman-adv/types.h b/net/batman-adv/types.h index a331e3a..b1b82a2 100644 --- a/net/batman-adv/types.h +++ b/net/batman-adv/types.h @@ -1373,6 +1373,7 @@ struct batadv_skb_cb { * locally generated packet * @if_outgoing: packet where the packet should be sent to, or NULL if * unspecified + * @queue_left: The queue (counter) this packet was applied to */ struct batadv_forw_packet { struct hlist_node list; @@ -1385,6 +1386,7 @@ struct batadv_forw_packet { struct delayed_work delayed_work; struct batadv_hard_iface *if_incoming; struct batadv_hard_iface *if_outgoing; + atomic_t *queue_left; }; /** -- 1.7.10.4

6 years, 10 months

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

B.A.T.M.A.N May 2016