Hi,
here are the patches which fixes different bugs backported for 2.6.35
Marek Lindner (1): Staging: batman-adv: fix rogue packets on shutdown
Sven Eckelmann (3): Staging: batman-adv: Call unregister_netdev on failures to get rtnl lock Staging: batman-adv: Don't call free_netdev twice Staging: batman-adv: Don't allocate icmp packet with GFP_KERNEL
thanks, Sven
From: Marek Lindner lindner_marek@yahoo.de
On module shutdown batman-adv would purge the internal packet queue by sending all remaining packets which could confuse other nodes. Now, the packets are silently discarded.
Signed-off-by: Marek Lindner lindner_marek@yahoo.de Signed-off-by: Sven Eckelmann sven.eckelmann@gmx.de --- drivers/staging/batman-adv/send.c | 24 +++++++++++++++--------- 1 files changed, 15 insertions(+), 9 deletions(-)
diff --git a/drivers/staging/batman-adv/send.c b/drivers/staging/batman-adv/send.c index d8536e2..ac69ed8 100644 --- a/drivers/staging/batman-adv/send.c +++ b/drivers/staging/batman-adv/send.c @@ -440,6 +440,9 @@ void send_outstanding_bcast_packet(struct work_struct *work) hlist_del(&forw_packet->list); spin_unlock_irqrestore(&forw_bcast_list_lock, flags);
+ if (atomic_read(&module_state) == MODULE_DEACTIVATING) + goto out; + /* rebroadcast packet */ rcu_read_lock(); list_for_each_entry_rcu(batman_if, &if_list, list) { @@ -453,15 +456,15 @@ void send_outstanding_bcast_packet(struct work_struct *work)
forw_packet->num_packets++;
- /* if we still have some more bcasts to send and we are not shutting - * down */ - if ((forw_packet->num_packets < 3) && - (atomic_read(&module_state) != MODULE_DEACTIVATING)) + /* if we still have some more bcasts to send */ + if (forw_packet->num_packets < 3) { _add_bcast_packet_to_list(forw_packet, ((5 * HZ) / 1000)); - else { - forw_packet_free(forw_packet); - atomic_inc(&bcast_queue_left); + return; } + +out: + forw_packet_free(forw_packet); + atomic_inc(&bcast_queue_left); }
void send_outstanding_bat_packet(struct work_struct *work) @@ -476,6 +479,9 @@ void send_outstanding_bat_packet(struct work_struct *work) hlist_del(&forw_packet->list); spin_unlock_irqrestore(&forw_bat_list_lock, flags);
+ if (atomic_read(&module_state) == MODULE_DEACTIVATING) + goto out; + send_packet(forw_packet);
/** @@ -483,10 +489,10 @@ void send_outstanding_bat_packet(struct work_struct *work) * to determine the queues wake up time unless we are * shutting down */ - if ((forw_packet->own) && - (atomic_read(&module_state) != MODULE_DEACTIVATING)) + if (forw_packet->own) schedule_own_packet(forw_packet->if_incoming);
+out: /* don't count own packet */ if (!forw_packet->own) atomic_inc(&batman_queue_left);
We must call unregister_netdev when we couldn't initialise the batman-adv module and the soft_device was registered. There are two version of the function which we can use: * unregister_netdevice - removes device * unregister_netdev - takes rtnl semaphore and remove device
We don't hold the semaphore in an error situation. So we must use unregister_netdev.
Signed-off-by: Sven Eckelmann sven.eckelmann@gmx.de --- drivers/staging/batman-adv/main.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/drivers/staging/batman-adv/main.c b/drivers/staging/batman-adv/main.c index 9d13979..50a66b4 100644 --- a/drivers/staging/batman-adv/main.c +++ b/drivers/staging/batman-adv/main.c @@ -127,7 +127,7 @@ int init_module(void) return 0;
unreg_soft_device: - unregister_netdevice(soft_device); + unregister_netdev(soft_device); free_soft_device: free_netdev(soft_device); soft_device = NULL;
Free_netdev is registered as destructor in interface_setup for every soft_device. This destructor is automatically called from unregister_netdev and we must not call it again for the freed net_device.
Signed-off-by: Sven Eckelmann sven.eckelmann@gmx.de --- drivers/staging/batman-adv/main.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/drivers/staging/batman-adv/main.c b/drivers/staging/batman-adv/main.c index 50a66b4..74c70d5 100644 --- a/drivers/staging/batman-adv/main.c +++ b/drivers/staging/batman-adv/main.c @@ -128,6 +128,9 @@ int init_module(void)
unreg_soft_device: unregister_netdev(soft_device); + soft_device = NULL; + return -ENOMEM; + free_soft_device: free_netdev(soft_device); soft_device = NULL;
A new buffer for a packet is created when a icmp packet is received. This happens in a context with disabled irq. Thus we are not allowed to sleep or call function which might sleep. kmalloc must be called with GFP_ATOMIC instead of GFP_KERNEL to ensure that it does not sleep.
Signed-off-by: Sven Eckelmann sven.eckelmann@gmx.de --- drivers/staging/batman-adv/device.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-)
diff --git a/drivers/staging/batman-adv/device.c b/drivers/staging/batman-adv/device.c index ad82ec4..7eb6559 100644 --- a/drivers/staging/batman-adv/device.c +++ b/drivers/staging/batman-adv/device.c @@ -309,7 +309,7 @@ void bat_device_add_packet(struct device_client *device_client, struct device_packet *device_packet; unsigned long flags;
- device_packet = kmalloc(sizeof(struct device_packet), GFP_KERNEL); + device_packet = kmalloc(sizeof(struct device_packet), GFP_ATOMIC);
if (!device_packet) return;
b.a.t.m.a.n@lists.open-mesh.org
-
Sven Eckelmann