The following commit has been merged in the master branch: commit 0d2ad192f771c7ddf84b3d4d6b6c9472638d47ba Author: Marek Lindner lindner_marek@yahoo.de Date: Tue Jan 25 21:52:11 2011 +0000

batman-adv: make broadcast seqno operations atomic

Batman-adv could receive several payload broadcasts at the same time that would trigger access to the broadcast seqno sliding window to determine whether this is a new broadcast or not. If these incoming broadcasts are accessing the sliding window simultaneously it could be left in an inconsistent state. Therefore it is necessary to make sure this access is atomic.

Reported-by: Linus Lüssing linus.luessing@web.de Signed-off-by: Marek Lindner lindner_marek@yahoo.de

diff --git a/originator.c b/originator.c index cf2ec37..b1a3d92 100644 --- a/originator.c +++ b/originator.c @@ -220,6 +220,7 @@ struct orig_node *get_orig_node(struct bat_priv *bat_priv, uint8_t *addr) INIT_HLIST_HEAD(&orig_node->neigh_list); INIT_LIST_HEAD(&orig_node->bond_list); spin_lock_init(&orig_node->ogm_cnt_lock); + spin_lock_init(&orig_node->bcast_seqno_lock); spin_lock_init(&orig_node->neigh_list_lock); kref_init(&orig_node->refcount);

diff --git a/routing.c b/routing.c index 06201dc..2cf595d 100644 --- a/routing.c +++ b/routing.c @@ -1427,28 +1427,32 @@ int recv_bcast_packet(struct sk_buff *skb, struct batman_if *recv_if) bcast_packet->orig));

if (!orig_node) - goto unlock; + goto rcu_unlock;

kref_get(&orig_node->refcount); rcu_read_unlock();

+ spin_lock_bh(&orig_node->bcast_seqno_lock); + /* check whether the packet is a duplicate */ if (get_bit_status(orig_node->bcast_bits, orig_node->last_bcast_seqno, ntohl(bcast_packet->seqno))) - goto out; + goto spin_unlock;

seq_diff = ntohl(bcast_packet->seqno) - orig_node->last_bcast_seqno;

/* check whether the packet is old and the host just restarted. */ if (window_protected(bat_priv, seq_diff, &orig_node->bcast_seqno_reset)) - goto out; + goto spin_unlock;

/* mark broadcast in flood history, update window position * if required. */ if (bit_get_packet(bat_priv, orig_node->bcast_bits, seq_diff, 1)) orig_node->last_bcast_seqno = ntohl(bcast_packet->seqno);

+ spin_unlock_bh(&orig_node->bcast_seqno_lock); + /* rebroadcast packet */ add_bcast_packet_to_list(bat_priv, skb);

@@ -1457,8 +1461,11 @@ int recv_bcast_packet(struct sk_buff *skb, struct batman_if *recv_if) ret = NET_RX_SUCCESS; goto out;

-unlock: +rcu_unlock: rcu_read_unlock(); + goto out; +spin_unlock: + spin_unlock_bh(&orig_node->bcast_seqno_lock); out: if (orig_node) kref_put(&orig_node->refcount, orig_node_free_ref); diff --git a/types.h b/types.h index 56309bf..b7b9561 100644 --- a/types.h +++ b/types.h @@ -90,6 +90,8 @@ struct orig_node { spinlock_t ogm_cnt_lock; /* protects: bcast_own, bcast_own_sum, * neigh_node->real_bits, * neigh_node->real_packet_count */ + spinlock_t bcast_seqno_lock; /* protects bcast_bits, + * last_bcast_seqno */ atomic_t bond_candidates; struct list_head bond_list; };