Vasiliy Kulikov wrote:
kmalloc() may fail, if so drop current packet.
Thanks for your patch. The indention is right, but it adds just another bug (locking related).
Signed-off-by: Vasiliy Kulikov segooon@gmail.com
Compile tested.
drivers/staging/batman-adv/routing.c | 6 ++++-- drivers/staging/batman-adv/unicast.c | 8 ++++++-- drivers/staging/batman-adv/unicast.h | 2 +- 3 files changed, 11 insertions(+), 5 deletions(-)
diff --git a/drivers/staging/batman-adv/routing.c b/drivers/staging/batman-adv/routing.c index e12fd99..e545260 100644 --- a/drivers/staging/batman-adv/routing.c +++ b/drivers/staging/batman-adv/routing.c @@ -1232,8 +1232,10 @@ int recv_ucast_frag_packet(struct sk_buff *skb, struct batman_if *recv_if)
orig_node->last_frag_packet = jiffies;
if (list_empty(&orig_node->frag_list))create_frag_buffer(&orig_node->frag_list);
if (list_empty(&orig_node->frag_list)) {if (create_frag_buffer(&orig_node->frag_list))return NET_RX_DROP;}tmp_frag_entry = search_frag_packet(&orig_node->frag_list,
You must spin_unlock_irqrestore before you return from that function.
Best regards, Sven
When we detect a failure in create_frag_buffer we must drop the packet and unlock the orig_has which was locked before. 69d187ffb8e22024a87d8457e5dcb10e297108e9 forgot that and created a potential deadlock of the complete system.
Signed-off-by: Sven Eckelmann sven.eckelmann@gmx.de --- routing.c | 8 +++++--- 1 files changed, 5 insertions(+), 3 deletions(-)
diff --git a/routing.c b/routing.c index 23a12cd..a07e0e0 100644 --- a/routing.c +++ b/routing.c @@ -1233,9 +1233,11 @@ int recv_ucast_frag_packet(struct sk_buff *skb, struct batman_if *recv_if)
orig_node->last_frag_packet = jiffies;
- if (list_empty(&orig_node->frag_list)) { - if (create_frag_buffer(&orig_node->frag_list)) - return NET_RX_DROP; + if (list_empty(&orig_node->frag_list) && + create_frag_buffer(&orig_node->frag_list)) { + spin_unlock_irqrestore(&bat_priv->orig_hash_lock, + flags); + return NET_RX_DROP; }
tmp_frag_entry =
On Sunday 12 September 2010 23:00:42 Sven Eckelmann wrote:
When we detect a failure in create_frag_buffer we must drop the packet and unlock the orig_has which was locked before. 69d187ffb8e22024a87d8457e5dcb10e297108e9 forgot that and created a potential deadlock of the complete system.
Signed-off-by: Sven Eckelmann sven.eckelmann@gmx.de
Good catch - applied in revision 1791.
Thanks, Marek
b.a.t.m.a.n@lists.open-mesh.org
-
Marek Lindner -
Sven Eckelmann