From: Marek Lindner lindner_marek@yahoo.de
Make sure that batman-adv does not process packets before its initialization is complete. Some sanity checks added to the receiver function.
Signed-off-by: Marek Lindner lindner_marek@yahoo.de Signed-off-by: Simon Wunderlich siwu@hrz.tu-chemnitz.de Signed-off-by: Andrew Lunn andrew@lunn.ch --- drivers/staging/batman-adv/hard-interface.c | 7 +++++++ drivers/staging/batman-adv/proc.c | 17 ++++++----------- 2 files changed, 13 insertions(+), 11 deletions(-)
diff --git a/drivers/staging/batman-adv/hard-interface.c b/drivers/staging/batman-adv/hard-interface.c index 0f94158..befd488 100644 --- a/drivers/staging/batman-adv/hard-interface.c +++ b/drivers/staging/batman-adv/hard-interface.c @@ -432,6 +432,9 @@ int batman_skb_recv(struct sk_buff *skb, struct net_device *dev, if (!skb) goto err_out;
+ if (atomic_read(&module_state) != MODULE_ACTIVE) + goto err_free; + /* packet should hold at least type and version */ if (unlikely(skb_headlen(skb) < 2)) goto err_free; @@ -445,6 +448,10 @@ int batman_skb_recv(struct sk_buff *skb, struct net_device *dev, if (!batman_if) goto err_free;
+ /* discard frames on not active interfaces */ + if (batman_if->if_active != IF_ACTIVE) + goto err_free; + stats = (struct net_device_stats *)dev_get_stats(skb->dev); if (stats) { stats->rx_packets++; diff --git a/drivers/staging/batman-adv/proc.c b/drivers/staging/batman-adv/proc.c index 0eadc6b..7de60e8 100644 --- a/drivers/staging/batman-adv/proc.c +++ b/drivers/staging/batman-adv/proc.c @@ -63,7 +63,7 @@ static ssize_t proc_interfaces_write(struct file *instance, size_t count, loff_t *data) { char *if_string, *colon_ptr = NULL, *cr_ptr = NULL; - int not_copied = 0, if_num = 0; + int not_copied = 0, if_num = 0, add_success; struct batman_if *batman_if = NULL;
if_string = kmalloc(count, GFP_KERNEL); @@ -109,22 +109,17 @@ static ssize_t proc_interfaces_write(struct file *instance, } rcu_read_unlock();
- hardif_add_interface(if_string, if_num); + add_success = hardif_add_interface(if_string, if_num); + if (add_success < 0) + goto end; + + num_ifs = if_num + 1;
if ((atomic_read(&module_state) == MODULE_INACTIVE) && (hardif_get_active_if_num() > 0)) activate_module();
- rcu_read_lock(); - if (list_empty(&if_list)) { - rcu_read_unlock(); - goto end; - } - rcu_read_unlock(); - - num_ifs = if_num + 1; return count; - end: kfree(if_string); return count;