B.A.T.M.A.N January 2022

b.a.t.m.a.n@lists.open-mesh.org

10 participants
17 discussions

[PATCH 1/2] alfred: Avoid large send buffer for fixed size IPC commands

by Sven Eckelmann

For data related IPC commands, a buffer of 65527 bytes is necessary to send or receive a complete command. But for non-data related IPC commands usually have a fixed size. It is therefore enough to allocate exactly the minimum required amount of bytes on the stack for non-data related IPC commands. Signed-off-by: Sven Eckelmann <sven(a)narfation.org> --- client.c | 83 ++++++++++++++++++++++++++------------------------------ 1 file changed, 38 insertions(+), 45 deletions(-) diff --git a/client.c b/client.c index e1107bf..b5faf3b 100644 --- a/client.c +++ b/client.c @@ -23,7 +23,7 @@ int alfred_client_request_data(struct globals *globals) { unsigned char buf[MAX_PAYLOAD], *pos; - struct alfred_request_v0 *request; + struct alfred_request_v0 request; struct alfred_push_data_v0 *push; struct alfred_status_v0 *status; struct alfred_tlv *tlv; @@ -34,17 +34,16 @@ int alfred_client_request_data(struct globals *globals) if (unix_sock_open_client(globals)) return -1; - request = (struct alfred_request_v0 *)buf; - len = sizeof(*request); + len = sizeof(request); - request->header.type = ALFRED_REQUEST; - request->header.version = ALFRED_VERSION; - request->header.length = sizeof(*request) - sizeof(request->header); - request->header.length = htons(request->header.length); - request->requested_type = globals->clientmode_arg; - request->tx_id = get_random_id(); + request.header.type = ALFRED_REQUEST; + request.header.version = ALFRED_VERSION; + request.header.length = sizeof(request) - sizeof(request.header); + request.header.length = htons(request.header.length); + request.requested_type = globals->clientmode_arg; + request.tx_id = get_random_id(); - ret = write(globals->unix_sock, buf, len); + ret = write(globals->unix_sock, &request, len); if (ret != len) fprintf(stderr, "%s: only wrote %d of %d bytes: %s\n", __func__, ret, len, strerror(errno)); @@ -179,26 +178,24 @@ int alfred_client_set_data(struct globals *globals) int alfred_client_modeswitch(struct globals *globals) { - unsigned char buf[MAX_PAYLOAD]; - struct alfred_modeswitch_v0 *modeswitch; + struct alfred_modeswitch_v0 modeswitch; int ret, len; if (unix_sock_open_client(globals)) return -1; - modeswitch = (struct alfred_modeswitch_v0 *)buf; - len = sizeof(*modeswitch); + len = sizeof(modeswitch); - modeswitch->header.type = ALFRED_MODESWITCH; - modeswitch->header.version = ALFRED_VERSION; - modeswitch->header.length = htons(len - sizeof(modeswitch->header)); + modeswitch.header.type = ALFRED_MODESWITCH; + modeswitch.header.version = ALFRED_VERSION; + modeswitch.header.length = htons(len - sizeof(modeswitch.header)); switch (globals->opmode) { case OPMODE_SECONDARY: - modeswitch->mode = ALFRED_MODESWITCH_SECONDARY; + modeswitch.mode = ALFRED_MODESWITCH_SECONDARY; break; case OPMODE_PRIMARY: - modeswitch->mode = ALFRED_MODESWITCH_PRIMARY; + modeswitch.mode = ALFRED_MODESWITCH_PRIMARY; break; default: fprintf(stderr, "%s: unknown opmode %u in modeswitch\n", @@ -206,7 +203,7 @@ int alfred_client_modeswitch(struct globals *globals) return -1; } - ret = write(globals->unix_sock, buf, len); + ret = write(globals->unix_sock, &modeswitch, len); if (ret != len) fprintf(stderr, "%s: only wrote %d of %d bytes: %s\n", __func__, ret, len, strerror(errno)); @@ -248,8 +245,7 @@ static int check_interface(const char *iface) int alfred_client_change_interface(struct globals *globals) { - unsigned char buf[MAX_PAYLOAD]; - struct alfred_change_interface_v0 *change_interface; + struct alfred_change_interface_v0 change_interface; int ret, len; char *input, *token, *saveptr; size_t interface_len; @@ -258,24 +254,23 @@ int alfred_client_change_interface(struct globals *globals) return -1; interface_len = strlen(globals->change_interface); - if (interface_len > sizeof(change_interface->ifaces)) { + if (interface_len > sizeof(change_interface.ifaces)) { fprintf(stderr, "%s: interface name list too long, not changing\n", __func__); return 0; } - change_interface = (struct alfred_change_interface_v0 *)buf; - len = sizeof(*change_interface); + len = sizeof(change_interface); - change_interface->header.type = ALFRED_CHANGE_INTERFACE; - change_interface->header.version = ALFRED_VERSION; - change_interface->header.length = htons(len - sizeof(change_interface->header)); - strncpy(change_interface->ifaces, globals->change_interface, - sizeof(change_interface->ifaces)); - change_interface->ifaces[sizeof(change_interface->ifaces) - 1] = '\0'; + change_interface.header.type = ALFRED_CHANGE_INTERFACE; + change_interface.header.version = ALFRED_VERSION; + change_interface.header.length = htons(len - sizeof(change_interface.header)); + strncpy(change_interface.ifaces, globals->change_interface, + sizeof(change_interface.ifaces)); + change_interface.ifaces[sizeof(change_interface.ifaces) - 1] = '\0'; /* test it before sending - * globals->change_interface is now saved in change_interface->ifaces + * globals->change_interface is now saved in change_interface.ifaces * and can be modified by strtok_r */ input = globals->change_interface; @@ -287,7 +282,7 @@ int alfred_client_change_interface(struct globals *globals) return 0; } - ret = write(globals->unix_sock, buf, len); + ret = write(globals->unix_sock, &change_interface, len); if (ret != len) fprintf(stderr, "%s: only wrote %d of %d bytes: %s\n", __func__, ret, len, strerror(errno)); @@ -299,8 +294,7 @@ int alfred_client_change_interface(struct globals *globals) int alfred_client_change_bat_iface(struct globals *globals) { - unsigned char buf[MAX_PAYLOAD]; - struct alfred_change_bat_iface_v0 *change_bat_iface; + struct alfred_change_bat_iface_v0 change_bat_iface; int ret, len; size_t interface_len; @@ -308,23 +302,22 @@ int alfred_client_change_bat_iface(struct globals *globals) return -1; interface_len = strlen(globals->mesh_iface); - if (interface_len > sizeof(change_bat_iface->bat_iface)) { + if (interface_len > sizeof(change_bat_iface.bat_iface)) { fprintf(stderr, "%s: batman-adv interface name list too long, not changing\n", __func__); return 0; } - change_bat_iface = (struct alfred_change_bat_iface_v0 *)buf; - len = sizeof(*change_bat_iface); + len = sizeof(change_bat_iface); - change_bat_iface->header.type = ALFRED_CHANGE_BAT_IFACE; - change_bat_iface->header.version = ALFRED_VERSION; - change_bat_iface->header.length = htons(len - sizeof(change_bat_iface->header)); - strncpy(change_bat_iface->bat_iface, globals->mesh_iface, - sizeof(change_bat_iface->bat_iface)); - change_bat_iface->bat_iface[sizeof(change_bat_iface->bat_iface) - 1] = '\0'; + change_bat_iface.header.type = ALFRED_CHANGE_BAT_IFACE; + change_bat_iface.header.version = ALFRED_VERSION; + change_bat_iface.header.length = htons(len - sizeof(change_bat_iface.header)); + strncpy(change_bat_iface.bat_iface, globals->mesh_iface, + sizeof(change_bat_iface.bat_iface)); + change_bat_iface.bat_iface[sizeof(change_bat_iface.bat_iface) - 1] = '\0'; - ret = write(globals->unix_sock, buf, len); + ret = write(globals->unix_sock, &change_bat_iface, len); if (ret != len) fprintf(stderr, "%s: only wrote %d of %d bytes: %s\n", __func__, ret, len, strerror(errno)); -- 2.30.2

1 year, 2 months

[PATCH] batman-adv: Remove redundant 'flush_workqueue()' calls

by Christophe JAILLET

'destroy_workqueue()' already drains the queue before destroying it, so there is no need to flush it explicitly. Remove the redundant 'flush_workqueue()' calls. This was generated with coccinelle: @@ expression E; @@ - flush_workqueue(E); destroy_workqueue(E); Signed-off-by: Christophe JAILLET <christophe.jaillet(a)wanadoo.fr> --- net/batman-adv/main.c | 1 - 1 file changed, 1 deletion(-) diff --git a/net/batman-adv/main.c b/net/batman-adv/main.c index 5207cd8d6ad8..8f1b724d0412 100644 --- a/net/batman-adv/main.c +++ b/net/batman-adv/main.c @@ -132,7 +132,6 @@ static void __exit batadv_exit(void) rtnl_link_unregister(&batadv_link_ops); unregister_netdevice_notifier(&batadv_hard_if_notifier); - flush_workqueue(batadv_event_workqueue); destroy_workqueue(batadv_event_workqueue); batadv_event_workqueue = NULL; -- 2.32.0

1 year, 2 months

[syzbot] WARNING: suspicious RCU usage in __dev_queue_xmit

by syzbot

Hello, syzbot found the following issue on: HEAD commit: 4c375272fb0b Merge branch 'net-add-preliminary-netdev-refc.. git tree: net-next console output: https://syzkaller.appspot.com/x/log.txt?x=164749a9b00000 kernel config: https://syzkaller.appspot.com/x/.config?x=2b8e24e3a80e3875 dashboard link: https://syzkaller.appspot.com/bug?extid=e163f2ff7c3f7efd8203 compiler: gcc (Debian 10.2.1-6) 10.2.1 20210110, GNU ld (GNU Binutils for Debian) 2.35.2 syz repro: https://syzkaller.appspot.com/x/repro.syz?x=11493641b00000 C reproducer: https://syzkaller.appspot.com/x/repro.c?x=11ac6aceb00000 The issue was bisected to: commit 42df6e1d221dddc0f2acf2be37e68d553ad65f96 Author: Lukas Wunner <lukas(a)wunner.de> Date: Fri Oct 8 20:06:03 2021 +0000 netfilter: Introduce egress hook bisection log: https://syzkaller.appspot.com/x/bisect.txt?x=1236329db00000 final oops: https://syzkaller.appspot.com/x/report.txt?x=1136329db00000 console output: https://syzkaller.appspot.com/x/log.txt?x=1636329db00000 IMPORTANT: if you fix the issue, please add the following tag to the commit: Reported-by: syzbot+e163f2ff7c3f7efd8203(a)syzkaller.appspotmail.com Fixes: 42df6e1d221d ("netfilter: Introduce egress hook") ============================= WARNING: suspicious RCU usage 5.16.0-rc3-syzkaller #0 Not tainted ----------------------------- include/linux/netfilter_netdev.h:97 suspicious rcu_dereference_check() usage! other info that might help us debug this: rcu_scheduler_active = 2, debug_locks = 1 3 locks held by kworker/u4:2/49: #0: ffff88814b0fe938 ((wq_completion)bat_events){+.+.}-{0:0}, at: arch_atomic64_set arch/x86/include/asm/atomic64_64.h:34 [inline] #0: ffff88814b0fe938 ((wq_completion)bat_events){+.+.}-{0:0}, at: arch_atomic_long_set include/linux/atomic/atomic-long.h:41 [inline] #0: ffff88814b0fe938 ((wq_completion)bat_events){+.+.}-{0:0}, at: atomic_long_set include/linux/atomic/atomic-instrumented.h:1198 [inline] #0: ffff88814b0fe938 ((wq_completion)bat_events){+.+.}-{0:0}, at: set_work_data kernel/workqueue.c:635 [inline] #0: ffff88814b0fe938 ((wq_completion)bat_events){+.+.}-{0:0}, at: set_work_pool_and_clear_pending kernel/workqueue.c:662 [inline] #0: ffff88814b0fe938 ((wq_completion)bat_events){+.+.}-{0:0}, at: process_one_work+0x896/0x1690 kernel/workqueue.c:2269 #1: ffffc9000119fdb0 ((work_completion)(&(&forw_packet_aggr->delayed_work)->work)){+.+.}-{0:0}, at: process_one_work+0x8ca/0x1690 kernel/workqueue.c:2273 #2: ffffffff8bb83b00 (rcu_read_lock_bh){....}-{1:2}, at: __dev_queue_xmit+0x1e3/0x3640 net/core/dev.c:4036 stack backtrace: CPU: 1 PID: 49 Comm: kworker/u4:2 Not tainted 5.16.0-rc3-syzkaller #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 Workqueue: bat_events batadv_iv_send_outstanding_bat_ogm_packet Call Trace: <TASK> __dump_stack lib/dump_stack.c:88 [inline] dump_stack_lvl+0xcd/0x134 lib/dump_stack.c:106 nf_hook_egress include/linux/netfilter_netdev.h:97 [inline] __dev_queue_xmit+0x2eac/0x3640 net/core/dev.c:4053 batadv_send_skb_packet+0x4a9/0x5f0 net/batman-adv/send.c:108 batadv_iv_ogm_send_to_if net/batman-adv/bat_iv_ogm.c:393 [inline] batadv_iv_ogm_emit net/batman-adv/bat_iv_ogm.c:421 [inline] batadv_iv_send_outstanding_bat_ogm_packet+0x6d7/0x8e0 net/batman-adv/bat_iv_ogm.c:1701 process_one_work+0x9b2/0x1690 kernel/workqueue.c:2298 worker_thread+0x658/0x11f0 kernel/workqueue.c:2445 kthread+0x405/0x4f0 kernel/kthread.c:327 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 </TASK> --- This report is generated by a bot. It may contain errors. See https://goo.gl/tpsmEJ for more information about syzbot. syzbot engineers can be reached at syzkaller(a)googlegroups.com. syzbot will keep track of this issue. See: https://goo.gl/tpsmEJ#status for how to communicate with syzbot. For information about bisection process see: https://goo.gl/tpsmEJ#bisection syzbot can test patches for this issue, for details see: https://goo.gl/tpsmEJ#testing-patches

1 year, 2 months

INFO: rcu detected stall in batadv_purge_orig

by kvartet

Hello, When using Syzkaller to fuzz the latest Linux kernel, the following crash was triggered. HEAD commit: a7904a538933 Linux 5.16-rc6 git tree: upstream console output: https://paste.ubuntu.com/p/V4fvMdr76R/plain/ kernel config: https://paste.ubuntu.com/p/FDDNHDxtwz/plain/ Sorry, I don't have a reproducer for this crash, hope the symbolized report can help. If you fix this issue, please add the following tag to the commit: Reported-by: Yiru Xu <xyru1999(a)gmail.com> rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: (detected by 1, t=10502 jiffies, g=150425, q=70254) rcu: All QSes seen, last rcu_preempt kthread activity 10500 (4295046532-4295036032), jiffies_till_next_fqs=1, root ->qsmask 0x0 rcu: rcu_preempt kthread timer wakeup didn't happen for 10499 jiffies! g150425 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x200 rcu: Possible timer handling issue on cpu=3 timer-softirq=70438 rcu: rcu_preempt kthread starved for 10500 jiffies! g150425 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x200 ->cpu=3 rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. rcu: RCU grace-period kthread stack dump: task:rcu_preempt state:R stack:28416 pid: 16 ppid: 2 flags:0x00004000 Call Trace: <TASK> context_switch kernel/sched/core.c:4972 [inline] __schedule+0xcd9/0x2530 kernel/sched/core.c:6253 schedule+0xd2/0x260 kernel/sched/core.c:6326 schedule_timeout+0x4ce/0x890 kernel/time/timer.c:1881 rcu_gp_fqs_loop+0x4a1/0x860 kernel/rcu/tree.c:1955 rcu_gp_kthread+0x1de/0x320 kernel/rcu/tree.c:2128 kthread+0x405/0x4f0 kernel/kthread.c:327 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 </TASK> rcu: Stack dump where RCU GP kthread last ran: Sending NMI from CPU 1 to CPUs 3: NMI backtrace for cpu 3 CPU: 3 PID: 8 Comm: kworker/u8:0 Not tainted 5.16.0-rc6 #9 Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.13.0-1ubuntu1.1 04/01/2014 Workqueue: bat_events batadv_purge_orig RIP: 0010:kvm_wait+0xb3/0x110 arch/x86/kernel/kvm.c:1001 Code: 40 38 c6 74 1b 48 83 c4 10 c3 c3 e8 f7 f4 49 00 eb 07 0f 00 2d be 8a 75 08 fb f4 48 83 c4 10 c3 eb 07 0f 00 2d ae 8a 75 08 f4 <48> 83 c4 10 c3 89 74 24 0c 48 89 3c 24 e8 1b f3 49 00 8b 74 24 0c RSP: 0018:ffffc900008a0b58 EFLAGS: 00000046 RAX: 0000000000000003 RBX: 0000000000000000 RCX: ffffffff815cf9a9 RDX: 0000000000000000 RSI: 0000000000000003 RDI: ffff888018e80338 RBP: ffff888018e80338 R08: 0000000000000004 R09: ffffed10031d0068 R10: ffff888018e80338 R11: ffffed10031d0067 R12: 0000000000000000 R13: ffffed10031d0067 R14: 0000000000000001 R15: ffff888135d3a880 FS: 0000000000000000(0000) GS:ffff888135d00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 000000c00062055c CR3: 0000000017e2c000 CR4: 0000000000350ee0 Call Trace: <IRQ> pv_wait arch/x86/include/asm/paravirt.h:603 [inline] pv_wait_head_or_lock kernel/locking/qspinlock_paravirt.h:470 [inline] __pv_queued_spin_lock_slowpath+0x923/0xb80 kernel/locking/qspinlock.c:508 pv_queued_spin_lock_slowpath arch/x86/include/asm/paravirt.h:591 [inline] queued_spin_lock_slowpath arch/x86/include/asm/qspinlock.h:51 [inline] queued_spin_lock include/asm-generic/qspinlock.h:85 [inline] do_raw_spin_lock+0x204/0x2d0 kernel/locking/spinlock_debug.c:115 spin_lock include/linux/spinlock.h:349 [inline] drm_handle_vblank+0x126/0xc70 drivers/gpu/drm/drm_vblank.c:1951 vkms_vblank_simulate+0xd0/0x3c0 drivers/gpu/drm/vkms/vkms_crtc.c:29 __run_hrtimer kernel/time/hrtimer.c:1685 [inline] __hrtimer_run_queues+0x1b8/0xdf0 kernel/time/hrtimer.c:1749 hrtimer_interrupt+0x31c/0x790 kernel/time/hrtimer.c:1811 local_apic_timer_interrupt arch/x86/kernel/apic/apic.c:1086 [inline] __sysvec_apic_timer_interrupt+0x146/0x540 arch/x86/kernel/apic/apic.c:1103 sysvec_apic_timer_interrupt+0x8e/0xc0 arch/x86/kernel/apic/apic.c:1097 </IRQ> <TASK> asm_sysvec_apic_timer_interrupt+0x12/0x20 arch/x86/include/asm/idtentry.h:638 RIP: 0010:__local_bh_enable_ip+0xa8/0x110 kernel/softirq.c:390 Code: 1d 2d 86 bb 7e 65 8b 05 26 86 bb 7e a9 00 ff ff 00 74 45 bf 01 00 00 00 e8 95 54 09 00 e8 e0 96 36 00 fb 65 8b 05 08 86 bb 7e <85> c0 74 4a 5b 5d c3 65 8b 05 56 8d bb 7e 85 c0 75 a2 0f 0b eb 9e RSP: 0018:ffffc900006b7c00 EFLAGS: 00000206 RAX: 0000000080000000 RBX: 00000000fffffe00 RCX: 1ffffffff1ff8f0e RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 RBP: ffffffff88e0aba3 R08: 0000000000000001 R09: fffffbfff1fee145 R10: 0000000000000001 R11: fffffbfff1fee144 R12: ffff888024e64ac8 R13: ffff8880183d4dd0 R14: 0000000000000159 R15: ffff888010c71800 spin_unlock_bh include/linux/spinlock.h:394 [inline] batadv_purge_orig_ref+0xe43/0x1500 net/batman-adv/originator.c:1259 batadv_purge_orig+0x17/0x60 net/batman-adv/originator.c:1272 process_one_work+0x9df/0x16d0 kernel/workqueue.c:2298 worker_thread+0x90/0xed0 kernel/workqueue.c:2445 kthread+0x405/0x4f0 kernel/kthread.c:327 ret_from_fork+0x1f/0x30 arch/x86/entry/entry_64.S:295 </TASK> ---------------- Code disassembly (best guess): 0: 40 38 c6 cmp %al,%sil 3: 74 1b je 0x20 5: 48 83 c4 10 add $0x10,%rsp 9: c3 retq a: c3 retq b: e8 f7 f4 49 00 callq 0x49f507 10: eb 07 jmp 0x19 12: 0f 00 2d be 8a 75 08 verw 0x8758abe(%rip) # 0x8758ad7 19: fb sti 1a: f4 hlt 1b: 48 83 c4 10 add $0x10,%rsp 1f: c3 retq 20: eb 07 jmp 0x29 22: 0f 00 2d ae 8a 75 08 verw 0x8758aae(%rip) # 0x8758ad7 29: f4 hlt * 2a: 48 83 c4 10 add $0x10,%rsp <-- trapping instruction 2e: c3 retq 2f: 89 74 24 0c mov %esi,0xc(%rsp) 33: 48 89 3c 24 mov %rdi,(%rsp) 37: e8 1b f3 49 00 callq 0x49f357 3c: 8b 74 24 0c mov 0xc(%rsp),%esi Best Regards, Yiru

1 year, 2 months

[PATCH 0/3] pull request for net-next: batman-adv 2022-01-03

by Simon Wunderlich

Hi Jakub, hi David, here is a little cleanup pull request of batman-adv to go into net-next. Please pull or let me know of any problem! Thank you, Simon The following changes since commit 66f4beaa6c1d28161f534471484b2daa2de1dce0: Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 (2021-11-12 12:35:46 -0800) are available in the Git repository at: git://git.open-mesh.org/linux-merge.git tags/batadv-next-pullrequest-20220103 for you to fetch changes up to cde3fac565a7df8805a4e0e28d84a0f90177099a: batman-adv: remove unneeded variable in batadv_nc_init (2021-12-10 08:52:52 +0100) ---------------------------------------------------------------- This cleanup patchset includes the following patches: - bump version strings, by Simon Wunderlich - allow netlink usage in unprivileged containers, by Linus Lüssing - remove unneeded variable, by Minghao Chi ---------------------------------------------------------------- Linus Lüssing (1): batman-adv: allow netlink usage in unprivileged containers Minghao Chi (1): batman-adv: remove unneeded variable in batadv_nc_init Simon Wunderlich (1): batman-adv: Start new development cycle net/batman-adv/main.h | 2 +- net/batman-adv/netlink.c | 30 +++++++++++++++--------------- net/batman-adv/network-coding.c | 8 ++------ 3 files changed, 18 insertions(+), 22 deletions(-)

1 year, 2 months

[PATCH 0/1] pull request for net: batman-adv 2022-01-03

by Simon Wunderlich

Hi David, hi Jakub, happy new year! Here is a bugfix for batman-adv which we would like to have integrated into net. Please pull or let me know of any problem! Thank you, Simon The following changes since commit 66f4beaa6c1d28161f534471484b2daa2de1dce0: Merge branch 'linus' of git://git.kernel.org/pub/scm/linux/kernel/git/herbert/crypto-2.6 (2021-11-12 12:35:46 -0800) are available in the Git repository at: git://git.open-mesh.org/linux-merge.git tags/batadv-net-pullrequest-20220103 for you to fetch changes up to 938f2e0b57ffe8a6df71e1e177b2978b1b33fe5e: batman-adv: mcast: don't send link-local multicast to mcast routers (2022-01-02 09:31:17 +0100) ---------------------------------------------------------------- Here is a batman-adv bugfix: - avoid sending link-local multicast to multicast routers, by Linus Lüssing ---------------------------------------------------------------- Linus Lüssing (1): batman-adv: mcast: don't send link-local multicast to mcast routers net/batman-adv/multicast.c | 15 ++++++++++----- net/batman-adv/multicast.h | 10 ++++++---- net/batman-adv/soft-interface.c | 7 +++++-- 3 files changed, 21 insertions(+), 11 deletions(-)

1 year, 2 months

[PATCH maint] batman-adv: mcast: don't send link-local multicast to mcast routers

by Linus Lüssing

The addition of routable multicast TX handling introduced a bug/regression for packets with a link-local multicast destination: These packets would be sent to all batman-adv nodes with a multicast router and to all batman-adv nodes with an old version without multicast router detection. This even disregards the batman-adv multicast fanout setting, which can potentially lead to an unwanted, high number of unicast transmissions or even congestion. Fixing this by avoiding to send link-local multicast packets to nodes in the multicast router list. Fixes: 3a8df00cd969 ("batman-adv: mcast: apply optimizations for routable packets, too") Signed-off-by: Linus Lüssing <linus.luessing(a)c0d3.blue> --- net/batman-adv/multicast.c | 15 ++++++++++----- net/batman-adv/multicast.h | 5 +++-- net/batman-adv/soft-interface.c | 7 +++++-- 3 files changed, 18 insertions(+), 9 deletions(-) diff --git a/net/batman-adv/multicast.c b/net/batman-adv/multicast.c index 433901dc..f4004cf0 100644 --- a/net/batman-adv/multicast.c +++ b/net/batman-adv/multicast.c @@ -1339,6 +1339,7 @@ batadv_mcast_forw_rtr_node_get(struct batadv_priv *bat_priv, * @bat_priv: the bat priv with all the soft interface information * @skb: The multicast packet to check * @orig: an originator to be set to forward the skb to + * @is_routable: stores whether the destination is routable * * Return: the forwarding mode as enum batadv_forw_mode and in case of * BATADV_FORW_SINGLE set the orig to the single originator the skb @@ -1346,17 +1347,16 @@ batadv_mcast_forw_rtr_node_get(struct batadv_priv *bat_priv, */ enum batadv_forw_mode batadv_mcast_forw_mode(struct batadv_priv *bat_priv, struct sk_buff *skb, - struct batadv_orig_node **orig) + struct batadv_orig_node **orig, int *is_routable) { int ret, tt_count, ip_count, unsnoop_count, total_count; bool is_unsnoopable = false; unsigned int mcast_fanout; struct ethhdr *ethhdr; - int is_routable = 0; int rtr_count = 0; ret = batadv_mcast_forw_mode_check(bat_priv, skb, &is_unsnoopable, - &is_routable); + is_routable); if (ret == -ENOMEM) return BATADV_FORW_NONE; else if (ret < 0) @@ -1369,7 +1369,7 @@ batadv_mcast_forw_mode(struct batadv_priv *bat_priv, struct sk_buff *skb, ip_count = batadv_mcast_forw_want_all_ip_count(bat_priv, ethhdr); unsnoop_count = !is_unsnoopable ? 0 : atomic_read(&bat_priv->mcast.num_want_all_unsnoopables); - rtr_count = batadv_mcast_forw_rtr_count(bat_priv, is_routable); + rtr_count = batadv_mcast_forw_rtr_count(bat_priv, *is_routable); total_count = tt_count + ip_count + unsnoop_count + rtr_count; @@ -1689,6 +1689,7 @@ batadv_mcast_forw_want_rtr(struct batadv_priv *bat_priv, * @bat_priv: the bat priv with all the soft interface information * @skb: the multicast packet to transmit * @vid: the vlan identifier + * @is_routable: stores whether the destination is routable * * Sends copies of a frame with multicast destination to any node that signaled * interest in it, that is either via the translation table or the according @@ -1701,7 +1702,7 @@ batadv_mcast_forw_want_rtr(struct batadv_priv *bat_priv, * is neither IPv4 nor IPv6. NET_XMIT_SUCCESS otherwise. */ int batadv_mcast_forw_send(struct batadv_priv *bat_priv, struct sk_buff *skb, - unsigned short vid) + unsigned short vid, int is_routable) { int ret; @@ -1717,12 +1718,16 @@ int batadv_mcast_forw_send(struct batadv_priv *bat_priv, struct sk_buff *skb, return ret; } + if (!is_routable) + goto skip_mc_router; + ret = batadv_mcast_forw_want_rtr(bat_priv, skb, vid); if (ret != NET_XMIT_SUCCESS) { kfree_skb(skb); return ret; } +skip_mc_router: consume_skb(skb); return ret; } diff --git a/net/batman-adv/multicast.h b/net/batman-adv/multicast.h index 9fee5da0..c214304d 100644 --- a/net/batman-adv/multicast.h +++ b/net/batman-adv/multicast.h @@ -43,7 +43,8 @@ enum batadv_forw_mode { enum batadv_forw_mode batadv_mcast_forw_mode(struct batadv_priv *bat_priv, struct sk_buff *skb, - struct batadv_orig_node **mcast_single_orig); + struct batadv_orig_node **mcast_single_orig, + int *is_routable); int batadv_mcast_forw_send_orig(struct batadv_priv *bat_priv, struct sk_buff *skb, @@ -51,7 +52,7 @@ int batadv_mcast_forw_send_orig(struct batadv_priv *bat_priv, struct batadv_orig_node *orig_node); int batadv_mcast_forw_send(struct batadv_priv *bat_priv, struct sk_buff *skb, - unsigned short vid); + unsigned short vid, int is_routable); void batadv_mcast_init(struct batadv_priv *bat_priv); diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c index 7ee09337..2dbbe6c1 100644 --- a/net/batman-adv/soft-interface.c +++ b/net/batman-adv/soft-interface.c @@ -198,6 +198,7 @@ static netdev_tx_t batadv_interface_tx(struct sk_buff *skb, int gw_mode; enum batadv_forw_mode forw_mode = BATADV_FORW_SINGLE; struct batadv_orig_node *mcast_single_orig = NULL; + int mcast_is_routable = 0; int network_offset = ETH_HLEN; __be16 proto; @@ -300,7 +301,8 @@ static netdev_tx_t batadv_interface_tx(struct sk_buff *skb, send: if (do_bcast && !is_broadcast_ether_addr(ethhdr->h_dest)) { forw_mode = batadv_mcast_forw_mode(bat_priv, skb, - &mcast_single_orig); + &mcast_single_orig, + &mcast_is_routable); if (forw_mode == BATADV_FORW_NONE) goto dropped; @@ -359,7 +361,8 @@ static netdev_tx_t batadv_interface_tx(struct sk_buff *skb, ret = batadv_mcast_forw_send_orig(bat_priv, skb, vid, mcast_single_orig); } else if (forw_mode == BATADV_FORW_SOME) { - ret = batadv_mcast_forw_send(bat_priv, skb, vid); + ret = batadv_mcast_forw_send(bat_priv, skb, vid, + mcast_is_routable); } else { if (batadv_dat_snoop_outgoing_arp_request(bat_priv, skb)) -- 2.34.1

1 year, 2 months

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

B.A.T.M.A.N January 2022