Function tt_response_fill_table() actually uses a tt_local_entry pointer to iterate either over the local or the global table entries (it depends on the what hash table is passed as argument). To iterate over such entries the hlist_for_each_entry_rcu() macro has to access their "hash_entry" field which MUST be at the same position in both the tt_global/local_entry structures.
Reported-by: Simon Wunderlich siwu@hrz.tu-chemnitz.de Signed-off-by: Antonio Quartulli ordex@autistici.org --- types.h | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/types.h b/types.h index 1ae3557..ab8d0fe 100644 --- a/types.h +++ b/types.h @@ -224,22 +224,22 @@ struct socket_packet {
struct tt_local_entry { uint8_t addr[ETH_ALEN]; + struct hlist_node hash_entry; unsigned long last_seen; uint16_t flags; atomic_t refcount; struct rcu_head rcu; - struct hlist_node hash_entry; };
struct tt_global_entry { uint8_t addr[ETH_ALEN]; + struct hlist_node hash_entry; /* entry in the global table */ struct orig_node *orig_node; uint8_t ttvn; uint16_t flags; /* only TT_GLOBAL_ROAM is used */ unsigned long roam_at; /* time at which TT_GLOBAL_ROAM was set */ atomic_t refcount; struct rcu_head rcu; - struct hlist_node hash_entry; /* entry in the global table */ };
struct tt_change_node {
On Saturday, October 22, 2011 00:55:39 Antonio Quartulli wrote:
Function tt_response_fill_table() actually uses a tt_local_entry pointer to iterate either over the local or the global table entries (it depends on the what hash table is passed as argument). To iterate over such entries the hlist_for_each_entry_rcu() macro has to access their "hash_entry" field which MUST be at the same position in both the tt_global/local_entry structures.
Patch was applied in revision 474f917.
Thanks, Marek
PS: Antonio, please keep in mind that I apply this patch as a temporary measure not as the final fix.
b.a.t.m.a.n@lists.open-mesh.org