[B.A.T.M.A.N.] [PATCH 2/4] batman-adv: fix neigh reference imbalance

Antonio Quartulli antonio at meshcoding.com
Sat May 10 17:35:08 CEST 2014

From: Simon Wunderlich <simon at open-mesh.com>

When an interface is removed from batman-adv, the orig_ifinfo of a
orig_node may be removed without releasing the router first.
This will prevent the reference for the neighbor pointed at by the
orig_ifinfo->router to be released, and this leak may result in
reference leaks for the interface used by this neighbor. Fix that.

This is a regression introduced by
("batman-adv: split out router from orig_node").

Reported-by: Antonio Quartulli <antonio at open-mesh.com>
Signed-off-by: Simon Wunderlich <simon at open-mesh.com>
Signed-off-by: Marek Lindner <mareklindner at neomailbox.ch>
Signed-off-by: Antonio Quartulli <antonio at meshcoding.com>
 net/batman-adv/originator.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/net/batman-adv/originator.c b/net/batman-adv/originator.c
index ffd9dfb..a43da69 100644
--- a/net/batman-adv/originator.c
+++ b/net/batman-adv/originator.c
@@ -501,12 +501,17 @@ batadv_neigh_node_get(const struct batadv_orig_node *orig_node,
 static void batadv_orig_ifinfo_free_rcu(struct rcu_head *rcu)
 	struct batadv_orig_ifinfo *orig_ifinfo;
+	struct batadv_neigh_node *router;
 	orig_ifinfo = container_of(rcu, struct batadv_orig_ifinfo, rcu);
 	if (orig_ifinfo->if_outgoing != BATADV_IF_DEFAULT)
+	/* this is the last reference to this object */
+	router = rcu_dereference_protected(orig_ifinfo->router, true);
+	if (router)
+		batadv_neigh_node_free_ref_now(router);

More information about the B.A.T.M.A.N mailing list