r1519 - trunk/batman-adv-kernelland - commits - lists.open-mesh.org

30 Dec 2009

Author: simon
Date: 2009-12-30 01:33:46 +0000 (Wed, 30 Dec 2009)
New Revision: 1519
Modified:
   trunk/batman-adv-kernelland/originator.c
   trunk/batman-adv-kernelland/routing.c
   trunk/batman-adv-kernelland/translation-table.c
Log:
batman-adv: check all kmalloc()s
there are some kmallocs left which are not checked whether they succeeds or
not, which might lead to corrupted data structures if the system memory is 
full. This patch should clean up the remaining unchecked kmalloc()s.
Signed-off-by: Simon Wunderlich siwu@hrz.tu-chemnitz.de
Modified: trunk/batman-adv-kernelland/originator.c
===================================================================

--- trunk/batman-adv-kernelland/originator.c	2009-12-30 00:28:34 UTC (rev 1518)
+++ trunk/batman-adv-kernelland/originator.c	2009-12-30 01:33:46 UTC (rev 1519)
@@ -80,6 +80,9 @@
    bat_dbg(DBG_BATMAN, "Creating new last-hop neighbor of originator\n");
neigh_node = kmalloc(sizeof(struct neigh_node), GFP_ATOMIC);
+	if (!neigh_node)
+		return NULL;
+
    memset(neigh_node, 0, sizeof(struct neigh_node));
    INIT_LIST_HEAD(&neigh_node->list);
@@ -130,6 +133,9 @@
    bat_dbg(DBG_BATMAN, "Creating new originator: %s \n", orig_str);
orig_node = kmalloc(sizeof(struct orig_node), GFP_ATOMIC);
+	if (!orig_node)
+		return NULL;
+
    memset(orig_node, 0, sizeof(struct orig_node));
    INIT_LIST_HEAD(&orig_node->neigh_list);
@@ -141,13 +147,20 @@
    size = num_ifs * sizeof(TYPE_OF_WORD) * NUM_WORDS;
orig_node->bcast_own = kmalloc(size, GFP_ATOMIC);
+	if (!orig_node->bcast_own)
+		goto free_orig_node;
+
    memset(orig_node->bcast_own, 0, size);
size = num_ifs * sizeof(uint8_t);
    orig_node->bcast_own_sum = kmalloc(size, GFP_ATOMIC);
+	if (!orig_node->bcast_own_sum)
+		goto free_bcast_own;
+
    memset(orig_node->bcast_own_sum, 0, size);
-	hash_add(orig_hash, orig_node);
+	if (hash_add(orig_hash, orig_node) < 0)
+		goto free_bcast_own_sum;
if (orig_hash->elements * 4 > orig_hash->size) {
    	swaphash = hash_resize(orig_hash, orig_hash->size * 2);
@@ -160,6 +173,13 @@
    }
return orig_node;
+free_bcast_own_sum:
+	kfree(orig_node->bcast_own_sum);
+free_bcast_own:
+	kfree(orig_node->bcast_own);
+free_orig_node:
+	kfree(orig_node);
+	return NULL;
 }
static bool purge_orig_neighbors(struct orig_node *orig_node,
Modified: trunk/batman-adv-kernelland/routing.c
===================================================================
--- trunk/batman-adv-kernelland/routing.c	2009-12-30 00:28:34 UTC (rev 1518)
+++ trunk/batman-adv-kernelland/routing.c	2009-12-30 01:33:46 UTC (rev 1519)
@@ -155,11 +155,14 @@
    			neigh_node = tmp_neigh_node;
    	}
-		if (neigh_node == NULL)
+		if (neigh_node)
    		neigh_node = create_neighbor(orig_node,
    					     orig_neigh_node,
    					     orig_neigh_node->orig,
    					     if_incoming);
+		/* create_neighbor failed, return 0 */
+		if (!neigh_node)
+			return 0;
neigh_node->last_valid = jiffies;
    } else {
@@ -173,11 +176,14 @@
    			neigh_node = tmp_neigh_node;
    	}
-		if (neigh_node == NULL)
+		if (!neigh_node)
    		neigh_node = create_neighbor(orig_neigh_node,
    					     orig_neigh_node,
    					     orig_neigh_node->orig,
    					     if_incoming);
+		/* create_neighbor failed, return 0 */
+		if (!neigh_node)
+			return 0;
    }
orig_node->last_valid = jiffies;
@@ -261,11 +267,19 @@
    		ring_buffer_avg(tmp_neigh_node->tq_recv);
    }
-	if (neigh_node == NULL)
+	if (neigh_node == NULL) {
+		struct orig_node *orig_tmp;
+
+		orig_tmp = get_orig_node(ethhdr->h_source);
+		if (!orig_tmp)
+			return;
+
    	neigh_node = create_neighbor(orig_node,
-					     get_orig_node(ethhdr->h_source),
+					     orig_tmp,
    				     ethhdr->h_source, if_incoming);
-	else
+		if (!neigh_node)
+			return;
+	} else
    	bat_dbg(DBG_BATMAN,
    		"Updating existing last-hop neighbor of originator\n");
@@ -444,6 +458,9 @@
orig_neigh_node = get_orig_node(ethhdr->h_source);
+		if (!orig_neigh_node)
+			return;
+
    	/* neighbor has to indicate direct link and it has to
    	 * come via the corresponding interface */
    	/* if received seqno equals last send seqno save new
Modified: trunk/batman-adv-kernelland/translation-table.c
===================================================================
--- trunk/batman-adv-kernelland/translation-table.c	2009-12-30 00:28:34 UTC (rev 1518)
+++ trunk/batman-adv-kernelland/translation-table.c	2009-12-30 01:33:46 UTC (rev 1519)
@@ -332,14 +332,19 @@
    	hna_buff_count++;
    }
-	orig_node->hna_buff_len = hna_buff_len;
+	/* initialize, and overwrite if malloc succeeds */
+	orig_node->hna_buff = NULL;
+	orig_node->hna_buff_len = 0;
-	if (orig_node->hna_buff_len > 0) {
-		orig_node->hna_buff = kmalloc(orig_node->hna_buff_len,
-					      GFP_ATOMIC);
-		memcpy(orig_node->hna_buff, hna_buff, orig_node->hna_buff_len);
-	} else {
-		orig_node->hna_buff = NULL;
+	if (hna_buff_len > 0) {
+		unsigned char *hna_buff;
+		hna_buff = kmalloc(orig_node->hna_buff_len, GFP_ATOMIC);
+		if (hna_buff) {
+			orig_node->hna_buff = hna_buff;
+			memcpy(orig_node->hna_buff, hna_buff,
+					orig_node->hna_buff_len);
+			orig_node->hna_buff_len = hna_buff_len;
+		}
    }
spin_lock_irqsave(&hna_global_hash_lock, flags);

    