This patch fixes a potential memory leak which can occur once an originator times out. On timeout the according global translation table entry might not get purged correctly. Furthermore, the non purged TT entry will cause its orig-node to leak, too. Which additionally can lead to the new multicast optimization feature not kicking in because of a therefore bogus counter.
In the wild with larger mesh networks we saw this leak quite regularly, resulting in routers to reboot or killed processes. This was because of a combination of two bugs: The bug fixed by commit "batman-adv: fix delayed foreign originator recognition" (8a2ad5204674) amplified this memory leak heavily. Since that commit I'd expect it to happen rarely, probably only in paused and resumed VMs and devices previously in stand-by.
The issue this patch fixes is caused by batadv_orig_node_free_rcu() never being called because of not yet released references to the orig-node. References which were supposed to be released through batadv_orig_node_free_rcu()->batadv_tt_global_del_orig().
Fixing the issue by moving batadv_tt_global_del_orig() out of the rcu callback.
Signed-off-by: Linus Lüssing linus.luessing@c0d3.blue --- originator.c | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/originator.c b/originator.c index 648bdba..bea8198 100644 --- a/originator.c +++ b/originator.c @@ -570,9 +570,6 @@ static void batadv_orig_node_free_rcu(struct rcu_head *rcu)
batadv_frag_purge_orig(orig_node, NULL);
- batadv_tt_global_del_orig(orig_node->bat_priv, orig_node, -1, - "originator timed out"); - if (orig_node->bat_priv->bat_algo_ops->bat_orig_free) orig_node->bat_priv->bat_algo_ops->bat_orig_free(orig_node);
@@ -978,6 +975,9 @@ static void _batadv_purge_orig(struct batadv_priv *bat_priv) if (batadv_purge_orig_node(bat_priv, orig_node)) { batadv_gw_node_delete(bat_priv, orig_node); hlist_del_rcu(&orig_node->hash_entry); + batadv_tt_global_del_orig(orig_node->bat_priv, + orig_node, -1, + "originator timed out"); batadv_orig_node_free_ref(orig_node); continue; }