commits September 2010

commits@lists.open-mesh.org

2 participants
78 discussions

batman-adv; branch, next, updated. v2010.1.0-39-g078eb6a

by postmaster＠open-mesh.org

The following commit has been merged in the next branch: commit b52cc619bc0056c06b3ad93b1e4efbc35729120e Author: Sven Eckelmann <sven.eckelmann(a)gmx.de> Date: Sat Sep 18 15:35:42 2010 +0000 batman-adv: Use refcnt to track usage count of batman_if get_batman_if_by_netdev and get_active_batman_if may leak data from the rcu protected list of interfaces. The rcu protected list of all gateway nodes leaks the actual data outside the read-side critical area. This is not valid as we may free the data using a call_rcu created callback after we unlock using rcu_read_unlock. A workaround is to provide a reference count to be sure that the memory isn't freed to early. It is currently only to implement the already existing functionality and doesn't provide the full tracking of all usage cases. Additionally, we must hardif_hold inside the rcu_read_lock()..rcu_read_unlock() before we attach to the structure which "leaks" it. When another function now removed it from its usage context (primary_if, usage on stack, ...) then we must hardif_put it. If it is decremented to zero then we can issue the call_rcu to the freeing function. So "put" is not allowed inside an rcu_read_lock. Signed-off-by: Sven Eckelmann <sven.eckelmann(a)gmx.de> diff --git a/hard-interface.c b/hard-interface.c index 0b3ee6b..445498c 100644 --- a/hard-interface.c +++ b/hard-interface.c @@ -403,6 +403,8 @@ static struct batman_if *hardif_add_interface(struct net_device *net_dev) batman_if->soft_iface = NULL; batman_if->if_status = IF_NOT_IN_USE; INIT_LIST_HEAD(&batman_if->list); + atomic_set(&batman_if->refcnt, 0); + hardif_hold(batman_if); check_known_mac_addr(batman_if->net_dev->dev_addr); @@ -435,8 +437,7 @@ static void hardif_remove_interface(struct batman_if *batman_if) list_del_rcu(&batman_if->list); synchronize_rcu(); sysfs_del_hardif(&batman_if->hardif_obj); - dev_put(batman_if->net_dev); - kfree(batman_if); + hardif_put(batman_if); } void hardif_remove_interfaces(void) diff --git a/hard-interface.h b/hard-interface.h index 4b49527..d550889 100644 --- a/hard-interface.h +++ b/hard-interface.h @@ -42,4 +42,17 @@ int batman_skb_recv(struct sk_buff *skb, int hardif_min_mtu(struct net_device *soft_iface); void update_min_mtu(struct net_device *soft_iface); +static inline void hardif_hold(struct batman_if *batman_if) +{ + atomic_inc(&batman_if->refcnt); +} + +static inline void hardif_put(struct batman_if *batman_if) +{ + if (atomic_dec_and_test(&batman_if->refcnt)) { + dev_put(batman_if->net_dev); + kfree(batman_if); + } +} + #endif /* _NET_BATMAN_ADV_HARD_INTERFACE_H_ */ diff --git a/types.h b/types.h index b162644..bb5827f 100644 --- a/types.h +++ b/types.h @@ -44,6 +44,7 @@ struct batman_if { unsigned char *packet_buff; int packet_len; struct kobject *hardif_obj; + atomic_t refcnt; struct packet_type batman_adv_ptype; struct net_device *soft_iface; }; -- batman-adv

12 years, 6 months

batman-adv; branch, next, updated. v2010.1.0-39-g078eb6a

by postmaster＠open-mesh.org

The following commit has been merged in the next branch: commit 4dd9bc01f2cf13135cf15d41dbf6479446fe4a06 Author: Sven Eckelmann <sven.eckelmann(a)gmx.de> Date: Sat Sep 18 15:35:31 2010 +0000 batman-adv: Introduce if_list_lock to protect if_list The update critical sections of if_list must be protected by a locking primitive other than RCU. The iterator must also be protected by the chosen locking mechanism. The rtnl_lock in hardif_remove_interfaces must also be moved outside the iterator primitive to ensure that we don't deadlock the kernel due to differently nested locks in hardif_remove_interfaces and hard_if_event. Signed-off-by: Sven Eckelmann <sven.eckelmann(a)gmx.de> diff --git a/hard-interface.c b/hard-interface.c index edbfddf..3cd7cb1 100644 --- a/hard-interface.c +++ b/hard-interface.c @@ -35,6 +35,9 @@ #define MIN(x, y) ((x) < (y) ? (x) : (y)) +/* protect update critical side of if_list - but not the content */ +static DEFINE_SPINLOCK(if_list_lock); + struct batman_if *get_batman_if_by_netdev(struct net_device *net_dev) { struct batman_if *batman_if; @@ -402,7 +405,11 @@ static struct batman_if *hardif_add_interface(struct net_device *net_dev) INIT_LIST_HEAD(&batman_if->list); check_known_mac_addr(batman_if->net_dev->dev_addr); + + spin_lock(&if_list_lock); list_add_tail_rcu(&batman_if->list, &if_list); + spin_unlock(&if_list_lock); + return batman_if; free_if: @@ -430,6 +437,8 @@ static void hardif_remove_interface(struct batman_if *batman_if) return; batman_if->if_status = IF_TO_BE_REMOVED; + + /* caller must take if_list_lock */ list_del_rcu(&batman_if->list); sysfs_del_hardif(&batman_if->hardif_obj); dev_put(batman_if->net_dev); @@ -440,11 +449,13 @@ void hardif_remove_interfaces(void) { struct batman_if *batman_if, *batman_if_tmp; + rtnl_lock(); + spin_lock(&if_list_lock); list_for_each_entry_safe(batman_if, batman_if_tmp, &if_list, list) { - rtnl_lock(); hardif_remove_interface(batman_if); - rtnl_unlock(); } + spin_unlock(&if_list_lock); + rtnl_unlock(); } static int hard_if_event(struct notifier_block *this, @@ -469,7 +480,9 @@ static int hard_if_event(struct notifier_block *this, hardif_deactivate_interface(batman_if); break; case NETDEV_UNREGISTER: + spin_lock(&if_list_lock); hardif_remove_interface(batman_if); + spin_unlock(&if_list_lock); break; case NETDEV_CHANGEMTU: if (batman_if->soft_iface) -- batman-adv

12 years, 6 months

batman-adv; branch, next, updated. v2010.1.0-39-g078eb6a

by postmaster＠open-mesh.org

The following commit has been merged in the next branch: commit 265d3feae9803b10fc7137f7f40b643c82557940 Author: Sven Eckelmann <sven.eckelmann(a)gmx.de> Date: Sat Sep 18 15:35:35 2010 +0000 batman-adv: Always protect list_for_each_entry_rcu with RCU receive_bat_packet is not called with rcu_read_lock so we must ensure by ourself that we protect list_for_each_entry_rcu using the correct RCU locks. Signed-off-by: Sven Eckelmann <sven.eckelmann(a)gmx.de> diff --git a/routing.c b/routing.c index a07e0e0..5dbff51 100644 --- a/routing.c +++ b/routing.c @@ -564,6 +564,7 @@ void receive_bat_packet(struct ethhdr *ethhdr, batman_packet->tq, batman_packet->ttl, batman_packet->version, has_directlink_flag); + rcu_read_lock(); list_for_each_entry_rcu(batman_if, &if_list, list) { if (batman_if->if_status != IF_ACTIVE) continue; @@ -586,6 +587,7 @@ void receive_bat_packet(struct ethhdr *ethhdr, if (compare_orig(ethhdr->h_source, broadcast_addr)) is_broadcast = 1; } + rcu_read_unlock(); if (batman_packet->version != COMPAT_VERSION) { bat_dbg(DBG_BATMAN, bat_priv, -- batman-adv

12 years, 6 months

batman-adv; branch, next, updated. v2010.1.0-39-g078eb6a

by postmaster＠open-mesh.org

The following commit has been merged in the next branch: commit 7905069edf9d126949e2d24a31aa98ac7be7f5a9 Author: Sven Eckelmann <sven.eckelmann(a)gmx.de> Date: Sat Sep 18 15:35:35 2010 +0000 batman-adv: Remove unneeded rcu_read_lock Regions which do not use rcu functions don't need to protected by rcu_read_lock. If we want to protect data from being freed than it must be covered by the same read-side critical section or otherwise the grace period may already ended and freed the memory before we called rcu_read_lock again. Signed-off-by: Sven Eckelmann <sven.eckelmann(a)gmx.de> diff --git a/originator.c b/originator.c index 41e4818..471fd90 100644 --- a/originator.c +++ b/originator.c @@ -330,7 +330,6 @@ int orig_seq_print_text(struct seq_file *seq, void *offset) net_dev->name); } - rcu_read_lock(); seq_printf(seq, "[B.A.T.M.A.N. adv %s%s, MainIF/MAC: %s/%s (%s)]\n", SOURCE_VERSION, REVISION_VERSION_STR, bat_priv->primary_if->net_dev->name, @@ -338,7 +337,6 @@ int orig_seq_print_text(struct seq_file *seq, void *offset) seq_printf(seq, " %-15s %s (%s/%i) %17s [%10s]: %20s ...\n", "Originator", "last-seen", "#", TQ_MAX_VALUE, "Nexthop", "outgoingIF", "Potential nexthops"); - rcu_read_unlock(); spin_lock_irqsave(&bat_priv->orig_hash_lock, flags); -- batman-adv

12 years, 6 months

batman-adv; branch, master, updated. v2010.1.0-174-g16506a6

by postmaster＠open-mesh.org

The following commit has been merged in the master branch: commit beb5157f3eb704480451bdd2e5d65ad1f71e987a Author: Sven Eckelmann <sven.eckelmann(a)gmx.de> Date: Sat Sep 18 15:35:45 2010 +0000 batman-adv: Track references of batman_if in set_primary_if set_primary_if exchanges the current primary interfaces with a new one. This is a new reference and thus we have to count it and decrease the count of the old primary interface. Signed-off-by: Sven Eckelmann <sven.eckelmann(a)gmx.de> diff --git a/hard-interface.c b/hard-interface.c index f519b4b..942a44a 100644 --- a/hard-interface.c +++ b/hard-interface.c @@ -113,9 +113,17 @@ static void set_primary_if(struct bat_priv *bat_priv, { struct batman_packet *batman_packet; struct vis_packet *vis_packet; + struct batman_if *old_if; + if (batman_if) + hardif_hold(batman_if); + + old_if = bat_priv->primary_if; bat_priv->primary_if = batman_if; + if (old_if) + hardif_put(old_if); + if (!bat_priv->primary_if) return; -- batman-adv

12 years, 6 months

batman-adv; branch, master, updated. v2010.1.0-174-g16506a6

by postmaster＠open-mesh.org

The following commit has been merged in the master branch: commit 16506a6d432984da48d69175687b28bdfb4ce542 Author: Marek Lindner <lindner_marek(a)yahoo.de> Date: Sat Sep 18 15:35:46 2010 +0000 Introduce update_primary_addr to update mac address set_primary_if is currently misused to update the mac address in vis packets. This unneeded and introduces overhead due to other operations which must be done when updating the primary interface. Signed-off-by: Marek Lindner <lindner_marek(a)yahoo.de> Signed-off-by: Sven Eckelmann <sven.eckelmann(a)gmx.de> diff --git a/hard-interface.c b/hard-interface.c index 942a44a..def74cf 100644 --- a/hard-interface.c +++ b/hard-interface.c @@ -108,11 +108,22 @@ out: return batman_if; } +static void update_primary_addr(struct bat_priv *bat_priv) +{ + struct vis_packet *vis_packet; + + vis_packet = (struct vis_packet *) + bat_priv->my_vis_info->skb_packet->data; + memcpy(vis_packet->vis_orig, + bat_priv->primary_if->net_dev->dev_addr, ETH_ALEN); + memcpy(vis_packet->sender_orig, + bat_priv->primary_if->net_dev->dev_addr, ETH_ALEN); +} + static void set_primary_if(struct bat_priv *bat_priv, struct batman_if *batman_if) { struct batman_packet *batman_packet; - struct vis_packet *vis_packet; struct batman_if *old_if; if (batman_if) @@ -131,12 +142,7 @@ static void set_primary_if(struct bat_priv *bat_priv, batman_packet->flags = PRIMARIES_FIRST_HOP; batman_packet->ttl = TTL; - vis_packet = (struct vis_packet *) - bat_priv->my_vis_info->skb_packet->data; - memcpy(vis_packet->vis_orig, - bat_priv->primary_if->net_dev->dev_addr, ETH_ALEN); - memcpy(vis_packet->sender_orig, - bat_priv->primary_if->net_dev->dev_addr, ETH_ALEN); + update_primary_addr(bat_priv); /*** * hacky trick to make sure that we send the HNA information via @@ -518,7 +524,7 @@ static int hard_if_event(struct notifier_block *this, bat_priv = netdev_priv(batman_if->soft_iface); if (batman_if == bat_priv->primary_if) - set_primary_if(bat_priv, batman_if); + update_primary_addr(bat_priv); break; default: break; -- batman-adv

12 years, 6 months

batman-adv; branch, master, updated. v2010.1.0-174-g16506a6

by postmaster＠open-mesh.org

The following commit has been merged in the master branch: commit 5d1d5b413ead68d71687c1baaff93e2a130d03ed Author: Sven Eckelmann <sven.eckelmann(a)gmx.de> Date: Sat Sep 18 15:35:42 2010 +0000 batman-adv: Use refcnt to track usage count of batman_if get_batman_if_by_netdev and get_active_batman_if may leak data from the rcu protected list of interfaces. The rcu protected list of all gateway nodes leaks the actual data outside the read-side critical area. This is not valid as we may free the data using a call_rcu created callback after we unlock using rcu_read_unlock. A workaround is to provide a reference count to be sure that the memory isn't freed to early. It is currently only to implement the already existing functionality and doesn't provide the full tracking of all usage cases. Additionally, we must hardif_hold inside the rcu_read_lock()..rcu_read_unlock() before we attach to the structure which "leaks" it. When another function now removed it from its usage context (primary_if, usage on stack, ...) then we must hardif_put it. If it is decremented to zero then we can issue the call_rcu to the freeing function. So "put" is not allowed inside an rcu_read_lock. Signed-off-by: Sven Eckelmann <sven.eckelmann(a)gmx.de> diff --git a/hard-interface.c b/hard-interface.c index 0b3ee6b..445498c 100644 --- a/hard-interface.c +++ b/hard-interface.c @@ -403,6 +403,8 @@ static struct batman_if *hardif_add_interface(struct net_device *net_dev) batman_if->soft_iface = NULL; batman_if->if_status = IF_NOT_IN_USE; INIT_LIST_HEAD(&batman_if->list); + atomic_set(&batman_if->refcnt, 0); + hardif_hold(batman_if); check_known_mac_addr(batman_if->net_dev->dev_addr); @@ -435,8 +437,7 @@ static void hardif_remove_interface(struct batman_if *batman_if) list_del_rcu(&batman_if->list); synchronize_rcu(); sysfs_del_hardif(&batman_if->hardif_obj); - dev_put(batman_if->net_dev); - kfree(batman_if); + hardif_put(batman_if); } void hardif_remove_interfaces(void) diff --git a/hard-interface.h b/hard-interface.h index 4b49527..d550889 100644 --- a/hard-interface.h +++ b/hard-interface.h @@ -42,4 +42,17 @@ int batman_skb_recv(struct sk_buff *skb, int hardif_min_mtu(struct net_device *soft_iface); void update_min_mtu(struct net_device *soft_iface); +static inline void hardif_hold(struct batman_if *batman_if) +{ + atomic_inc(&batman_if->refcnt); +} + +static inline void hardif_put(struct batman_if *batman_if) +{ + if (atomic_dec_and_test(&batman_if->refcnt)) { + dev_put(batman_if->net_dev); + kfree(batman_if); + } +} + #endif /* _NET_BATMAN_ADV_HARD_INTERFACE_H_ */ diff --git a/types.h b/types.h index ecc4365..a609100 100644 --- a/types.h +++ b/types.h @@ -44,6 +44,7 @@ struct batman_if { unsigned char *packet_buff; int packet_len; struct kobject *hardif_obj; + atomic_t refcnt; struct packet_type batman_adv_ptype; struct net_device *soft_iface; }; -- batman-adv

12 years, 6 months

batman-adv; branch, master, updated. v2010.1.0-174-g16506a6

by postmaster＠open-mesh.org

The following commit has been merged in the master branch: commit 2342d42cfd0f96684feb05a4a2fd2798ac754642 Author: Sven Eckelmann <sven.eckelmann(a)gmx.de> Date: Sat Sep 18 15:35:43 2010 +0000 batman-adv: count election of gateway as reference We reference the gw_nodes as curr_gw for each bat_priv. They are tracked inside a rcu protected list gw_list which may free the memory after it gets removed from the list. Nevertheless it could still be referenced by curr_gw and access to it would result in a kernel oops. Signed-off-by: Sven Eckelmann <sven.eckelmann(a)gmx.de> Signed-off-by: Marek Lindner <lindner_marek(a)yahoo.de> diff --git a/gateway_client.c b/gateway_client.c index 16f0757..e1264ba 100644 --- a/gateway_client.c +++ b/gateway_client.c @@ -51,13 +51,30 @@ void *gw_get_selected(struct bat_priv *bat_priv) void gw_deselect(struct bat_priv *bat_priv) { + struct gw_node *gw_node = bat_priv->curr_gw; + bat_priv->curr_gw = NULL; + + if (gw_node) + gw_node_put(gw_node); +} + +static struct gw_node *gw_select(struct bat_priv *bat_priv, + struct gw_node *new_gw_node) +{ + struct gw_node *curr_gw_node = bat_priv->curr_gw; + + if (new_gw_node) + gw_node_hold(new_gw_node); + + bat_priv->curr_gw = new_gw_node; + return curr_gw_node; } void gw_election(struct bat_priv *bat_priv) { struct hlist_node *node; - struct gw_node *gw_node, *curr_gw_tmp = NULL; + struct gw_node *gw_node, *curr_gw_tmp = NULL, *old_gw_node = NULL; uint8_t max_tq = 0; uint32_t max_gw_factor = 0, tmp_gw_factor = 0; int down, up; @@ -131,7 +148,6 @@ void gw_election(struct bat_priv *bat_priv) if (tmp_gw_factor > max_gw_factor) max_gw_factor = tmp_gw_factor; } - rcu_read_unlock(); if (bat_priv->curr_gw != curr_gw_tmp) { if ((bat_priv->curr_gw) && (!curr_gw_tmp)) @@ -153,8 +169,14 @@ void gw_election(struct bat_priv *bat_priv) curr_gw_tmp->orig_node->gw_flags, curr_gw_tmp->orig_node->router->tq_avg); - bat_priv->curr_gw = curr_gw_tmp; + old_gw_node = gw_select(bat_priv, curr_gw_tmp); } + + rcu_read_unlock(); + + /* the kfree() has to be outside of the rcu lock */ + if (old_gw_node) + gw_node_put(old_gw_node); } void gw_check_election(struct bat_priv *bat_priv, struct orig_node *orig_node) @@ -258,8 +280,11 @@ void gw_node_update(struct bat_priv *bat_priv, "Gateway %pM removed from gateway list\n", orig_node->orig); - if (gw_node == bat_priv->curr_gw) + if (gw_node == bat_priv->curr_gw) { + rcu_read_unlock(); gw_deselect(bat_priv); + return; + } } rcu_read_unlock(); -- batman-adv

12 years, 6 months

batman-adv; branch, master, updated. v2010.1.0-174-g16506a6

by postmaster＠open-mesh.org

The following commit has been merged in the master branch: commit 31cffc13fd68ae5e38740e35b210f2119534a35e Author: Sven Eckelmann <sven.eckelmann(a)gmx.de> Date: Sat Sep 18 15:35:44 2010 +0000 batman-adv: count batman_if list queries as reference The return of get_batman_if_by_netdev and get_active_batman_if leaks a pointer from the rcu protected list of interfaces. We must protect it to prevent a too early release of the memory. Those functions must increase the reference counter before rcu_read_unlock or it may be to late to prevent a free. hardif_add_interface must also increase the reference count for the returned batman_if to make the behaviour consistent. Reported-by: Paul E. McKenney <paulmck(a)linux.vnet.ibm.com> Signed-off-by: Sven Eckelmann <sven.eckelmann(a)gmx.de> diff --git a/bat_sysfs.c b/bat_sysfs.c index 8e180ba..9ab2bfe 100644 --- a/bat_sysfs.c +++ b/bat_sysfs.c @@ -453,13 +453,17 @@ static ssize_t show_mesh_iface(struct kobject *kobj, struct attribute *attr, struct device *dev = to_dev(kobj->parent); struct net_device *net_dev = to_net_dev(dev); struct batman_if *batman_if = get_batman_if_by_netdev(net_dev); + ssize_t length; if (!batman_if) return 0; - return sprintf(buff, "%s\n", - batman_if->if_status == IF_NOT_IN_USE ? - "none" : batman_if->soft_iface->name); + length = sprintf(buff, "%s\n", batman_if->if_status == IF_NOT_IN_USE ? + "none" : batman_if->soft_iface->name); + + hardif_put(batman_if); + + return length; } static ssize_t store_mesh_iface(struct kobject *kobj, struct attribute *attr, @@ -469,6 +473,7 @@ static ssize_t store_mesh_iface(struct kobject *kobj, struct attribute *attr, struct net_device *net_dev = to_net_dev(dev); struct batman_if *batman_if = get_batman_if_by_netdev(net_dev); int status_tmp = -1; + int ret; if (!batman_if) return count; @@ -479,6 +484,7 @@ static ssize_t store_mesh_iface(struct kobject *kobj, struct attribute *attr, if (strlen(buff) >= IFNAMSIZ) { pr_err("Invalid parameter for 'mesh_iface' setting received: " "interface name too long '%s'\n", buff); + hardif_put(batman_if); return -EINVAL; } @@ -488,13 +494,16 @@ static ssize_t store_mesh_iface(struct kobject *kobj, struct attribute *attr, status_tmp = IF_I_WANT_YOU; if ((batman_if->if_status == status_tmp) || ((batman_if->soft_iface) && - (strncmp(batman_if->soft_iface->name, buff, IFNAMSIZ) == 0))) + (strncmp(batman_if->soft_iface->name, buff, IFNAMSIZ) == 0))) { + hardif_put(batman_if); return count; + } if (status_tmp == IF_NOT_IN_USE) { rtnl_lock(); hardif_disable_interface(batman_if); rtnl_unlock(); + hardif_put(batman_if); return count; } @@ -505,7 +514,10 @@ static ssize_t store_mesh_iface(struct kobject *kobj, struct attribute *attr, rtnl_unlock(); } - return hardif_enable_interface(batman_if, buff); + ret = hardif_enable_interface(batman_if, buff); + hardif_put(batman_if); + + return ret; } static ssize_t show_iface_status(struct kobject *kobj, struct attribute *attr, @@ -514,23 +526,33 @@ static ssize_t show_iface_status(struct kobject *kobj, struct attribute *attr, struct device *dev = to_dev(kobj->parent); struct net_device *net_dev = to_net_dev(dev); struct batman_if *batman_if = get_batman_if_by_netdev(net_dev); + ssize_t length; if (!batman_if) return 0; switch (batman_if->if_status) { case IF_TO_BE_REMOVED: - return sprintf(buff, "disabling\n"); + length = sprintf(buff, "disabling\n"); + break; case IF_INACTIVE: - return sprintf(buff, "inactive\n"); + length = sprintf(buff, "inactive\n"); + break; case IF_ACTIVE: - return sprintf(buff, "active\n"); + length = sprintf(buff, "active\n"); + break; case IF_TO_BE_ACTIVATED: - return sprintf(buff, "enabling\n"); + length = sprintf(buff, "enabling\n"); + break; case IF_NOT_IN_USE: default: - return sprintf(buff, "not in use\n"); + length = sprintf(buff, "not in use\n"); + break; } + + hardif_put(batman_if); + + return length; } static BAT_ATTR(mesh_iface, S_IRUGO | S_IWUSR, diff --git a/hard-interface.c b/hard-interface.c index 445498c..f519b4b 100644 --- a/hard-interface.c +++ b/hard-interface.c @@ -51,6 +51,9 @@ struct batman_if *get_batman_if_by_netdev(struct net_device *net_dev) batman_if = NULL; out: + if (batman_if) + hardif_hold(batman_if); + rcu_read_unlock(); return batman_if; } @@ -98,6 +101,9 @@ static struct batman_if *get_active_batman_if(struct net_device *soft_iface) batman_if = NULL; out: + if (batman_if) + hardif_hold(batman_if); + rcu_read_unlock(); return batman_if; } @@ -294,6 +300,7 @@ int hardif_enable_interface(struct batman_if *batman_if, char *iface_name) batman_if->batman_adv_ptype.type = __constant_htons(ETH_P_BATMAN); batman_if->batman_adv_ptype.func = batman_skb_recv; batman_if->batman_adv_ptype.dev = batman_if->net_dev; + hardif_hold(batman_if); dev_add_pack(&batman_if->batman_adv_ptype); atomic_set(&batman_if->seqno, 1); @@ -352,13 +359,20 @@ void hardif_disable_interface(struct batman_if *batman_if) bat_info(batman_if->soft_iface, "Removing interface: %s\n", batman_if->net_dev->name); dev_remove_pack(&batman_if->batman_adv_ptype); + hardif_put(batman_if); bat_priv->num_ifaces--; orig_hash_del_if(batman_if, bat_priv->num_ifaces); - if (batman_if == bat_priv->primary_if) - set_primary_if(bat_priv, - get_active_batman_if(batman_if->soft_iface)); + if (batman_if == bat_priv->primary_if) { + struct batman_if *new_if; + + new_if = get_active_batman_if(batman_if->soft_iface); + set_primary_if(bat_priv, new_if); + + if (new_if) + hardif_put(new_if); + } kfree(batman_if->packet_buff); batman_if->packet_buff = NULL; @@ -412,6 +426,8 @@ static struct batman_if *hardif_add_interface(struct net_device *net_dev) list_add_tail_rcu(&batman_if->list, &if_list); spin_unlock(&if_list_lock); + /* extra reference for return */ + hardif_hold(batman_if); return batman_if; free_if: @@ -461,7 +477,7 @@ static int hard_if_event(struct notifier_block *this, struct bat_priv *bat_priv; if (!batman_if && event == NETDEV_REGISTER) - batman_if = hardif_add_interface(net_dev); + batman_if = hardif_add_interface(net_dev); if (!batman_if) goto out; @@ -484,8 +500,10 @@ static int hard_if_event(struct notifier_block *this, update_min_mtu(batman_if->soft_iface); break; case NETDEV_CHANGEADDR: - if (batman_if->if_status == IF_NOT_IN_USE) + if (batman_if->if_status == IF_NOT_IN_USE) { + hardif_put(batman_if); goto out; + } check_known_mac_addr(batman_if->net_dev->dev_addr); update_mac_addresses(batman_if); @@ -497,6 +515,7 @@ static int hard_if_event(struct notifier_block *this, default: break; }; + hardif_put(batman_if); out: return NOTIFY_DONE; -- batman-adv

12 years, 6 months

batman-adv; branch, master, updated. v2010.1.0-169-gaecf54d

by postmaster＠open-mesh.org

The following commit has been merged in the master branch: commit abcfcf658d4317cbd42fd7b8d99295f5a35d4f05 Author: Sven Eckelmann <sven.eckelmann(a)gmx.de> Date: Sat Sep 18 15:35:40 2010 +0000 batman-adv: Use synchronize_rcu instead of call_rcu It is recommended [1] to use synchronize_rcu to simplify the code - especially when otherwise extra locking is needed to protect other code from picking stale elements. It also protects us for emitting to many callbacks which may results in OOM conditions. The only reason not to use it, would be in performance critical sections or when we are not allowed to block. [1] Documentation/RCU/checklist.txt Signed-off-by: Sven Eckelmann <sven.eckelmann(a)gmx.de> diff --git a/gateway_client.c b/gateway_client.c index bfac0ff..8bc1cb0 100644 --- a/gateway_client.c +++ b/gateway_client.c @@ -265,12 +265,6 @@ void gw_node_delete(struct bat_priv *bat_priv, struct orig_node *orig_node) return gw_node_update(bat_priv, orig_node, 0); } -static void gw_node_free(struct rcu_head *rcu) -{ - struct gw_node *gw_node = container_of(rcu, struct gw_node, rcu); - kfree(gw_node); -} - void gw_node_purge_deleted(struct bat_priv *bat_priv) { struct gw_node *gw_node; @@ -286,7 +280,8 @@ void gw_node_purge_deleted(struct bat_priv *bat_priv) (time_after(jiffies, gw_node->deleted + timeout))) { hlist_del_rcu(&gw_node->list); - call_rcu(&gw_node->rcu, gw_node_free); + synchronize_rcu(); + kfree(gw_node); } } @@ -304,7 +299,8 @@ void gw_node_list_free(struct bat_priv *bat_priv) hlist_for_each_entry_safe(gw_node, node, node_tmp, &bat_priv->gw_list, list) { hlist_del_rcu(&gw_node->list); - call_rcu(&gw_node->rcu, gw_node_free); + synchronize_rcu(); + kfree(gw_node); } gw_deselect(bat_priv); diff --git a/hard-interface.c b/hard-interface.c index 3cd7cb1..0b3ee6b 100644 --- a/hard-interface.c +++ b/hard-interface.c @@ -420,13 +420,6 @@ out: return NULL; } -static void hardif_free_interface(struct rcu_head *rcu) -{ - struct batman_if *batman_if = container_of(rcu, struct batman_if, rcu); - - kfree(batman_if); -} - static void hardif_remove_interface(struct batman_if *batman_if) { /* first deactivate interface */ @@ -440,9 +433,10 @@ static void hardif_remove_interface(struct batman_if *batman_if) /* caller must take if_list_lock */ list_del_rcu(&batman_if->list); + synchronize_rcu(); sysfs_del_hardif(&batman_if->hardif_obj); dev_put(batman_if->net_dev); - call_rcu(&batman_if->rcu, hardif_free_interface); + kfree(batman_if); } void hardif_remove_interfaces(void) diff --git a/types.h b/types.h index e7b53a4..1940404 100644 --- a/types.h +++ b/types.h @@ -44,7 +44,6 @@ struct batman_if { unsigned char *packet_buff; int packet_len; struct kobject *hardif_obj; - struct rcu_head rcu; struct packet_type batman_adv_ptype; struct net_device *soft_iface; }; @@ -96,7 +95,6 @@ struct gw_node { struct hlist_node list; struct orig_node *orig_node; unsigned long deleted; - struct rcu_head rcu; }; /** -- batman-adv

12 years, 6 months

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

commits September 2010