B.A.T.M.A.N April 2020

b.a.t.m.a.n@lists.open-mesh.org

17 participants
20 discussions

INFO: rcu detected stall in netlink_sendmsg (4)
by syzbot 24 Jul '20

24 Jul '20

Hello, syzbot found the following crash on: HEAD commit: ae661dec Merge branch 'ifla_xdp_expected_fd' git tree: bpf-next console output: https://syzkaller.appspot.com/x/log.txt?x=12245647e00000 kernel config: https://syzkaller.appspot.com/x/.config?x=b5acf5ac38a50651 dashboard link: https://syzkaller.appspot.com/bug?extid=0fb70e87d8e0ac278fe9 compiler: gcc (GCC) 9.0.0 20181231 (experimental) Unfortunately, I don't have any reproducer for this crash yet. IMPORTANT: if you fix the bug, please add the following tag to the commit: Reported-by: syzbot+0fb70e87d8e0ac278fe9(a)syzkaller.appspotmail.com rcu: INFO: rcu_preempt self-detected stall on CPU rcu: 0-....: (1 GPs behind) idle=5c2/1/0x4000000000000002 softirq=376075/376076 fqs=5176 (t=10500 jiffies g=506061 q=176208) NMI backtrace for cpu 0 CPU: 0 PID: 17281 Comm: syz-executor.5 Not tainted 5.6.0-rc5-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Call Trace: <IRQ> __dump_stack lib/dump_stack.c:77 [inline] dump_stack+0x188/0x20d lib/dump_stack.c:118 nmi_cpu_backtrace.cold+0x70/0xb1 lib/nmi_backtrace.c:101 nmi_trigger_cpumask_backtrace+0x231/0x27e lib/nmi_backtrace.c:62 trigger_single_cpu_backtrace include/linux/nmi.h:164 [inline] rcu_dump_cpu_stacks+0x169/0x1b3 kernel/rcu/tree_stall.h:254 print_cpu_stall kernel/rcu/tree_stall.h:475 [inline] check_cpu_stall kernel/rcu/tree_stall.h:549 [inline] rcu_pending kernel/rcu/tree.c:3030 [inline] rcu_sched_clock_irq.cold+0x518/0xc55 kernel/rcu/tree.c:2276 update_process_times+0x25/0x60 kernel/time/timer.c:1726 tick_sched_handle+0x9b/0x180 kernel/time/tick-sched.c:171 tick_sched_timer+0x4e/0x140 kernel/time/tick-sched.c:1314 __run_hrtimer kernel/time/hrtimer.c:1517 [inline] __hrtimer_run_queues+0x32c/0xdd0 kernel/time/hrtimer.c:1579 hrtimer_interrupt+0x312/0x770 kernel/time/hrtimer.c:1641 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1119 [inline] smp_apic_timer_interrupt+0x15b/0x600 arch/x86/kernel/apic/apic.c:1144 apic_timer_interrupt+0xf/0x20 arch/x86/entry/entry_64.S:829 </IRQ> RIP: 0010:arch_local_irq_restore arch/x86/include/asm/paravirt.h:759 [inline] RIP: 0010:lock_release+0x45f/0x7c0 kernel/locking/lockdep.c:4505 Code: 94 08 00 00 00 00 00 00 48 c1 e8 03 80 3c 10 00 0f 85 d0 02 00 00 48 83 3d 6d 1d 1b 08 00 0f 84 71 01 00 00 48 8b 3c 24 57 9d <0f> 1f 44 00 00 48 b8 00 00 00 00 00 fc ff df 48 01 c3 48 c7 03 00 RSP: 0018:ffffc90003d9ec30 EFLAGS: 00000282 ORIG_RAX: ffffffffffffff13 RAX: 1ffffffff12e7698 RBX: 1ffff920007b3d89 RCX: 1ffff110098769b9 RDX: dffffc0000000000 RSI: 1ffff110098769c5 RDI: 0000000000000282 RBP: ffff88804c3b4540 R08: 0000000000000004 R09: fffffbfff14cc269 R10: fffffbfff14cc268 R11: ffffffff8a661347 R12: bc95c6993a9665e0 R13: ffffffff87a36fb1 R14: ffff88804c3b4dd0 R15: 0000000000000003 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:174 [inline] _raw_spin_unlock_bh+0x12/0x30 kernel/locking/spinlock.c:207 spin_unlock_bh include/linux/spinlock.h:383 [inline] batadv_tt_local_purge_pending_clients+0x2a1/0x3b0 net/batman-adv/translation-table.c:3914 batadv_tt_local_resize_to_mtu+0x96/0x130 net/batman-adv/translation-table.c:4198 batadv_update_min_mtu net/batman-adv/hard-interface.c:626 [inline] batadv_hardif_activate_interface.part.0.cold+0xc6/0x294 net/batman-adv/hard-interface.c:653 batadv_hardif_activate_interface net/batman-adv/hard-interface.c:800 [inline] batadv_hardif_enable_interface+0x9f2/0xaa0 net/batman-adv/hard-interface.c:792 batadv_softif_slave_add+0x92/0x150 net/batman-adv/soft-interface.c:859 do_set_master net/core/rtnetlink.c:2470 [inline] do_set_master+0x1d7/0x230 net/core/rtnetlink.c:2443 do_setlink+0xaa2/0x3680 net/core/rtnetlink.c:2605 __rtnl_newlink+0xad5/0x1590 net/core/rtnetlink.c:3266 rtnl_newlink+0x64/0xa0 net/core/rtnetlink.c:3391 rtnetlink_rcv_msg+0x44e/0xad0 net/core/rtnetlink.c:5454 netlink_rcv_skb+0x15a/0x410 net/netlink/af_netlink.c:2478 netlink_unicast_kernel net/netlink/af_netlink.c:1303 [inline] netlink_unicast+0x537/0x740 net/netlink/af_netlink.c:1329 netlink_sendmsg+0x882/0xe10 net/netlink/af_netlink.c:1918 sock_sendmsg_nosec net/socket.c:652 [inline] sock_sendmsg+0xcf/0x120 net/socket.c:672 ____sys_sendmsg+0x6b9/0x7d0 net/socket.c:2343 ___sys_sendmsg+0x100/0x170 net/socket.c:2397 __sys_sendmsg+0xec/0x1b0 net/socket.c:2430 do_syscall_64+0xf6/0x7d0 arch/x86/entry/common.c:294 entry_SYSCALL_64_after_hwframe+0x49/0xbe RIP: 0033:0x45c849 Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 RSP: 002b:00007f043b72fc78 EFLAGS: 00000246 ORIG_RAX: 000000000000002e RAX: ffffffffffffffda RBX: 00007f043b7306d4 RCX: 000000000045c849 RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000003 RBP: 000000000076bf00 R08: 0000000000000000 R09: 0000000000000000 R10: 0000000000000000 R11: 0000000000000246 R12: 00000000ffffffff R13: 00000000000009f5 R14: 00000000004ccac9 R15: 000000000076bf0c --- This bug is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller(a)googlegroups.com. syzbot will keep track of this bug report. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot.

1 2

[PATCH] batctl: fix endianness when reading radiotap header
by Marek Lindner 29 Apr '20

29 Apr '20

All radiotap header fields are specified in little endian byte-order. Header length conversion is necessary on some platforms. Signed-off-by: Marek Lindner <mareklindner(a)neomailbox.ch> --- tcpdump.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tcpdump.c b/tcpdump.c index 4b9e4f6..1beace1 100644 --- a/tcpdump.c +++ b/tcpdump.c @@ -1144,10 +1144,10 @@ static int monitor_header_length(unsigned char *packet_buff, ssize_t buff_len, i return -1; radiotap_hdr = (struct radiotap_header*)packet_buff; - if (buff_len <= radiotap_hdr->it_len) + if (buff_len <= le16toh(radiotap_hdr->it_len)) return -1; else - return radiotap_hdr->it_len; + return le16toh(radiotap_hdr->it_len); } return -1; -- 2.25.1

1 0

b.a.t.m.a.n. specification
by Fernando Gont 28 Apr '20

28 Apr '20

Hello, folks, While looking at batman, I came across your IETF Internet-Draft https://tools.ietf.org/id/draft-openmesh-b-a-t-m-a-n-00.txt. Questions: 1) Is this the closest there is to an specification of batman? 2) Does it described the current protocol, or have there been changes since then that have not been reflected into the internet-draft? 3) Any reason why the draft wasn't published as an IETF RFC? Thanks! Cheers, -- Fernando Gont SI6 Networks e-mail: fgont(a)si6networks.com PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492

2 1

configuration issue
by Oguzhan Kayhan 28 Apr '20

28 Apr '20

Hello I am running batman over a openwrt 18.06 default batman config over this firmware is batman-adv 2017.4 I have two systems present.. One board is with 802.11n radio. other is 802.11ac radio This is the only difference..same image compiled running on both devices.. On 802.11n radio set.. config is as: batman-adv: config 'mesh' 'bat0' option 'aggregated_ogms' option 'ap_isolation' option 'bonding' option 'fragmentation' option 'gw_bandwidth' option 'gw_mode' option 'gw_sel_class' option 'log_level' option 'orig_interval' option 'vis_mode' option 'bridge_loop_avoidance' option 'distributed_arp_table' option 'multicast_mode' option 'network_coding' option 'hop_penalty' option 'isolation_mark' wireless : config wifi-iface option device 'radio0' option ifname 'mesh0' option network 'mesh' option mode 'adhoc' option ssid 'mesh' option bssid '02:CA:FE:CA:CA:40' option mcast_rate '18000' network: config interface 'lan' option type 'bridge' option ifname 'eth0 bat0' option proto 'static' .... config interface 'mesh' option mtu '1532' option proto 'batadv' option mesh 'bat0' config interface 'bat' option ifname 'bat0' option proto 'static' option mtu '1500' option ipaddr '172.0.0.10' option netmask '255.255.255.0' This configuration works fine.. But if I run same config on the second node with 802.11ac radio.. it fails.. So I dig around and changed the config as follows.. And it started to work.. batman-adv is same..no difference wireless: config wifi-iface 'wmesh' option device 'radio0' option ifname 'adhoc0' option network 'bat0_hardif_wlan' option mode 'adhoc' option ssid 'mesh' option mcast_rate '18000' option bssid '02:CA:FE:CA:CA:40' network: config interface 'bat0_hardif_wlan' option mtu '1532' option proto 'batadv' option mesh 'bat0' config interface 'bat0_hardif_eth0' option mtu '1532' option proto 'batadv' option mesh 'bat0' option ifname 'eth0' I have two questions so far.. Why the first config does not work over second system..(Wifi works fine but. for mesh. i needed to change the config like this) Second question.. I can live with different config.. Ok.. But I want to use eth0 and eth2 and mesh network as a bridge... But whenever i add any of this interfaces on bridge.. batman-adv fails.. What am I missing???

2 6

[PATCH 0/5] pull request for net-next: batman-adv 2020-04-27
by Simon Wunderlich 27 Apr '20

27 Apr '20

Hi David, here is a small cleanup pull request of batman-adv to go into net-next. Please pull or let me know of any problem! Thank you, Simon The following changes since commit 8f3d9f354286745c751374f5f1fcafee6b3f3136: Linux 5.7-rc1 (2020-04-12 12:35:55 -0700) are available in the Git repository at: git://git.open-mesh.org/linux-merge.git tags/batadv-next-for-davem-20200427 for you to fetch changes up to e73f94d1b6f05f6f22434c63de255a9dec6fd23d: batman-adv: remove unused inline function batadv_arp_change_timeout (2020-04-24 15:22:41 +0200) ---------------------------------------------------------------- This cleanup patchset includes the following patches: - bump version strings, by Simon Wunderlich - fix spelling error, by Sven Eckelmann - drop unneeded types.h include, by Sven Eckelmann - change random number generation to prandom_u32_max(), by Sven Eckelmann - remove unused function batadv_arp_change_timeout(), by Yue Haibing ---------------------------------------------------------------- Simon Wunderlich (1): batman-adv: Start new development cycle Sven Eckelmann (3): batman-adv: Fix spelling error in term buffer batman-adv: trace: Drop unneeded types.h include batman-adv: Utilize prandom_u32_max for random [0, max) values YueHaibing (1): batman-adv: remove unused inline function batadv_arp_change_timeout net/batman-adv/bat_iv_ogm.c | 4 ++-- net/batman-adv/bat_v_elp.c | 2 +- net/batman-adv/bat_v_ogm.c | 4 ++-- net/batman-adv/distributed-arp-table.h | 5 ----- net/batman-adv/main.h | 2 +- net/batman-adv/trace.h | 1 - net/batman-adv/types.h | 2 +- 7 files changed, 7 insertions(+), 13 deletions(-)

2 6

[PATCH 0/4] pull request for net: batman-adv 2020-04-27
by Simon Wunderlich 27 Apr '20

27 Apr '20

Hi David, here are some bugfixes which we would like to have integrated into net. Please pull or let me know of any problem! Thank you, Simon The following changes since commit 8f3d9f354286745c751374f5f1fcafee6b3f3136: Linux 5.7-rc1 (2020-04-12 12:35:55 -0700) are available in the Git repository at: git://git.open-mesh.org/linux-merge.git tags/batadv-net-for-davem-20200427 for you to fetch changes up to 6f91a3f7af4186099dd10fa530dd7e0d9c29747d: batman-adv: Fix refcnt leak in batadv_v_ogm_process (2020-04-21 10:08:05 +0200) ---------------------------------------------------------------- Here are some batman-adv bugfixes: - fix random number generation in network coding, by George Spelvin - fix reference counter leaks, by Xiyu Yang (3 patches) ---------------------------------------------------------------- George Spelvin (1): batman-adv: fix batadv_nc_random_weight_tq Xiyu Yang (3): batman-adv: Fix refcnt leak in batadv_show_throughput_override batman-adv: Fix refcnt leak in batadv_store_throughput_override batman-adv: Fix refcnt leak in batadv_v_ogm_process net/batman-adv/bat_v_ogm.c | 2 +- net/batman-adv/network-coding.c | 9 +-------- net/batman-adv/sysfs.c | 3 ++- 3 files changed, 4 insertions(+), 10 deletions(-)

2 5

[PATCH net-next] batman-adv: remove unsued inline function batadv_arp_change_timeout
by YueHaibing 24 Apr '20

24 Apr '20

There's no callers in-tree. Signed-off-by: YueHaibing <yuehaibing(a)huawei.com> --- net/batman-adv/distributed-arp-table.h | 5 ----- 1 file changed, 5 deletions(-) diff --git a/net/batman-adv/distributed-arp-table.h b/net/batman-adv/distributed-arp-table.h index 2bff2f4a325c..4e031661682a 100644 --- a/net/batman-adv/distributed-arp-table.h +++ b/net/batman-adv/distributed-arp-table.h @@ -163,11 +163,6 @@ static inline void batadv_dat_init_own_addr(struct batadv_priv *bat_priv, { } -static inline void batadv_arp_change_timeout(struct net_device *soft_iface, - const char *name) -{ -} - static inline int batadv_dat_init(struct batadv_priv *bat_priv) { return 0; -- 2.17.1

2 1

[PATCH] batman-adv: Fix refcnt leak in batadv_v_ogm_process
by Xiyu Yang 20 Apr '20

20 Apr '20

batadv_v_ogm_process() invokes batadv_hardif_neigh_get(), which returns a reference of the neighbor object to "hardif_neigh" with increased refcount. When batadv_v_ogm_process() returns, "hardif_neigh" becomes invalid, so the refcount should be decreased to keep refcount balanced. The reference counting issue happens in one exception handling paths of batadv_v_ogm_process(). When batadv_v_ogm_orig_get() fails to get the orig node and returns NULL, the refcnt increased by batadv_hardif_neigh_get() is not decreased, causing a refcnt leak. Fix this issue by jumping to "out" label when batadv_v_ogm_orig_get() fails to get the orig node. Fixes: 9323158ef9f4 ("batman-adv: OGMv2 - implement originators logic") Signed-off-by: Xiyu Yang <xiyuyang19(a)fudan.edu.cn> Signed-off-by: Xin Tan <tanxin.ctf(a)gmail.com> --- net/batman-adv/bat_v_ogm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/net/batman-adv/bat_v_ogm.c b/net/batman-adv/bat_v_ogm.c index 969466218999..80b87b1f4e3a 100644 --- a/net/batman-adv/bat_v_ogm.c +++ b/net/batman-adv/bat_v_ogm.c @@ -893,7 +893,7 @@ static void batadv_v_ogm_process(const struct sk_buff *skb, int ogm_offset, orig_node = batadv_v_ogm_orig_get(bat_priv, ogm_packet->orig); if (!orig_node) - return; + goto out; neigh_node = batadv_neigh_node_get_or_create(orig_node, if_incoming, ethhdr->h_source); -- 2.7.4

2 1

batman cpu usage of multiple instances
by Moritz Warning 18 Apr '20

18 Apr '20

Hi, I have many batman-adv instances (~1000) running on one computer in a Linux network namespace each. Top shows me that a single kernel worker is handling batman-adv: PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND 29251 root 20 0 0 0 0 R 99.3 0.0 18:03.27 kworker/u32:3+bat_events Is there a way to let those multiple batman-adv instances make use of the other cores? thanks, Moritz

2 2

maximum hop count
by Moritz Warning 17 Apr '20

17 Apr '20

Hi, I run a simulation of 50 batman-adv instances connected on a chain topology: [node-0] <-> [node1] <-> ... <-> [node49] Despite there being no packet loss, the nodes at both ends (nodes 0 and 49) only see 32 other nodes. The second outermost nodes see 33 other nodes and so on until the nodes that are at least 18 hops from both ends (nodes 17 and 32), which see all other 49 nodes. The OGM TTL is set to 50 [1], but from this experiment, the TTL seems to be 32. Can someone shed light on this observation? The batman-adv version used is 2019.4. Thanks, Moritz [0] https://github.com/mwarning/meshnet-lab [1] https://git.open-mesh.org/batman-adv.git/blob/refs/heads/master:/net/batman…

2 2

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

B.A.T.M.A.N April 2020