On Thursday, June 30, 2016 20:11:34 Sven Eckelmann wrote:
The replacement of last_bonding_candidate in batadv_orig_node has to be an atomic operation. Otherwise it is possible that the reference counter of a batadv_orig_ifinfo is reduced which was no longer the last_bonding_candidate when the new candidate is added. This can either lead to an invalid memory access or to reference leaks which make it impossible to an interface which was added to batman-adv.
Fixes: 797edd9e87ac ("batman-adv: add bonding again") Signed-off-by: Sven Eckelmann sven@narfation.org
v2:
- get refcnt for new selected router before assigning it to returned variable
- move refcnt cleanup of all remembered candidates/routers to central place
net/batman-adv/routing.c | 52 ++++++++++++++++++++++++++++++++++++------------ net/batman-adv/types.h | 4 +++- 2 files changed, 42 insertions(+), 14 deletions(-)
Applied in revision 6ecc711.
Thanks, Marek