From c00eb4f16abdfcac6976e3f42b89833d64e0f46f Mon Sep 17 00:00:00 2001 From: Marek Lindner Date: Tue, 13 May 2014 05:29:35 +0800 Subject: [PATCH] batman-adv: upgrade package to latest release 2014.1.0 Signed-off-by: Marek Lindner --- ...atman-adv-fix-neigh_ifinfo-imbalance.patch | 4 +- ...an-adv-fix-neigh-reference-imbalance.patch | 4 +- ...-adv-always-run-purge_orig_neighbors.patch | 4 +- ...batman-adv-fix-removing-neigh_ifinfo.patch | 4 +- ...ocal-TT-check-for-outgoing-arp-reque.patch | 4 +- ...e-the-MAC-of-each-VLAN-upon-ndo_set_.patch | 4 +- ...indirect-hard_iface-NULL-dereference.patch | 35 ++++++++++ ...eference-counting-imbalance-while-se.patch | 65 +++++++++++++++++++ ...ase-orig-refcount-when-storing-ref-i.patch | 56 ++++++++++++++++ 9 files changed, 168 insertions(+), 12 deletions(-) create mode 100644 batman-adv/patches/0007-batman-adv-fix-indirect-hard_iface-NULL-dereference.patch create mode 100644 batman-adv/patches/0008-batman-adv-fix-reference-counting-imbalance-while-se.patch create mode 100644 batman-adv/patches/0009-batman-adv-increase-orig-refcount-when-storing-ref-i.patch diff --git a/batman-adv/patches/0001-batman-adv-fix-neigh_ifinfo-imbalance.patch b/batman-adv/patches/0001-batman-adv-fix-neigh_ifinfo-imbalance.patch index eec3497..528845b 100644 --- a/batman-adv/patches/0001-batman-adv-fix-neigh_ifinfo-imbalance.patch +++ b/batman-adv/patches/0001-batman-adv-fix-neigh_ifinfo-imbalance.patch @@ -1,7 +1,7 @@ From a424cd5a2c956ef1f0353d7e5f2b7fbc4af7d2d8 Mon Sep 17 00:00:00 2001 From: Simon Wunderlich Date: Wed, 26 Mar 2014 15:46:21 +0100 -Subject: [PATCH 1/6] batman-adv: fix neigh_ifinfo imbalance +Subject: [PATCH 1/9] batman-adv: fix neigh_ifinfo imbalance The neigh_ifinfo object must be freed if it has been used in batadv_iv_ogm_process_per_outif(). @@ -31,5 +31,5 @@ index 8323bce..d074d06 100644 batadv_neigh_node_free_ref(router); if (router_router) -- -1.9.0 +2.0.0.rc2 diff --git a/batman-adv/patches/0002-batman-adv-fix-neigh-reference-imbalance.patch b/batman-adv/patches/0002-batman-adv-fix-neigh-reference-imbalance.patch index edb90ab..9df9855 100644 --- a/batman-adv/patches/0002-batman-adv-fix-neigh-reference-imbalance.patch +++ b/batman-adv/patches/0002-batman-adv-fix-neigh-reference-imbalance.patch @@ -1,7 +1,7 @@ From cdd09f69871ce8c98b8ae9fa0583f73938768943 Mon Sep 17 00:00:00 2001 From: Simon Wunderlich Date: Wed, 26 Mar 2014 15:46:22 +0100 -Subject: [PATCH 2/6] batman-adv: fix neigh reference imbalance +Subject: [PATCH 2/9] batman-adv: fix neigh reference imbalance When an interface is removed from batman-adv, the orig_ifinfo of a orig_node may be removed without releasing the router first. @@ -43,5 +43,5 @@ index 8539416..25df60d 100644 } -- -1.9.0 +2.0.0.rc2 diff --git a/batman-adv/patches/0003-batman-adv-always-run-purge_orig_neighbors.patch b/batman-adv/patches/0003-batman-adv-always-run-purge_orig_neighbors.patch index 5add063..78e381b 100644 --- a/batman-adv/patches/0003-batman-adv-always-run-purge_orig_neighbors.patch +++ b/batman-adv/patches/0003-batman-adv-always-run-purge_orig_neighbors.patch @@ -1,7 +1,7 @@ From 72125152cc46e55793329984428032769648904e Mon Sep 17 00:00:00 2001 From: Simon Wunderlich Date: Wed, 26 Mar 2014 15:46:23 +0100 -Subject: [PATCH 3/6] batman-adv: always run purge_orig_neighbors +Subject: [PATCH 3/9] batman-adv: always run purge_orig_neighbors The current code will not execute batadv_purge_orig_neighbors() when an orig_ifinfo has already been purged. However we need to run it in any @@ -45,5 +45,5 @@ index 25df60d..47b0886 100644 /* first for NULL ... */ -- -1.9.0 +2.0.0.rc2 diff --git a/batman-adv/patches/0004-batman-adv-fix-removing-neigh_ifinfo.patch b/batman-adv/patches/0004-batman-adv-fix-removing-neigh_ifinfo.patch index 70deebb..495dae5 100644 --- a/batman-adv/patches/0004-batman-adv-fix-removing-neigh_ifinfo.patch +++ b/batman-adv/patches/0004-batman-adv-fix-removing-neigh_ifinfo.patch @@ -1,7 +1,7 @@ From 9b9cdbe28e2b9c8bdf9c761f22ba9655963d13d4 Mon Sep 17 00:00:00 2001 From: Simon Wunderlich Date: Wed, 26 Mar 2014 15:46:24 +0100 -Subject: [PATCH 4/6] batman-adv: fix removing neigh_ifinfo +Subject: [PATCH 4/9] batman-adv: fix removing neigh_ifinfo When an interface is removed separately, all neighbors need to be checked if they have a neigh_ifinfo structure for that particular @@ -84,5 +84,5 @@ index 47b0886..aa2468b 100644 } -- -1.9.0 +2.0.0.rc2 diff --git a/batman-adv/patches/0005-batman-adv-fix-local-TT-check-for-outgoing-arp-reque.patch b/batman-adv/patches/0005-batman-adv-fix-local-TT-check-for-outgoing-arp-reque.patch index dfaffde..85ce69a 100644 --- a/batman-adv/patches/0005-batman-adv-fix-local-TT-check-for-outgoing-arp-reque.patch +++ b/batman-adv/patches/0005-batman-adv-fix-local-TT-check-for-outgoing-arp-reque.patch @@ -1,7 +1,7 @@ From 1c2e700fa93e6de3a2ae3725cf437504683b894a Mon Sep 17 00:00:00 2001 From: Antonio Quartulli Date: Sat, 29 Mar 2014 17:27:38 +0100 -Subject: [PATCH 5/6] batman-adv: fix local TT check for outgoing arp requests +Subject: [PATCH 5/9] batman-adv: fix local TT check for outgoing arp requests in DAT Change introduced by d6bd8b36fa1f3d72a6fd5942a6e9bde6ddafcd0d @@ -40,5 +40,5 @@ index 5bb37a8..a5d75be 100644 goto out; } -- -1.9.0 +2.0.0.rc2 diff --git a/batman-adv/patches/0006-batman-adv-change-the-MAC-of-each-VLAN-upon-ndo_set_.patch b/batman-adv/patches/0006-batman-adv-change-the-MAC-of-each-VLAN-upon-ndo_set_.patch index 216f212..239b5d9 100644 --- a/batman-adv/patches/0006-batman-adv-change-the-MAC-of-each-VLAN-upon-ndo_set_.patch +++ b/batman-adv/patches/0006-batman-adv-change-the-MAC-of-each-VLAN-upon-ndo_set_.patch @@ -1,7 +1,7 @@ From 31f391475cc08724e96ab060ef4aa6503d11da8e Mon Sep 17 00:00:00 2001 From: Antonio Quartulli Date: Mon, 31 Mar 2014 13:48:10 +0200 -Subject: [PATCH 6/6] batman-adv: change the MAC of each VLAN upon +Subject: [PATCH 6/9] batman-adv: change the MAC of each VLAN upon ndo_set_mac_address The MAC address of the soft-interface is used to initialise @@ -50,5 +50,5 @@ index f82c267..d962363 100644 return 0; } -- -1.9.0 +2.0.0.rc2 diff --git a/batman-adv/patches/0007-batman-adv-fix-indirect-hard_iface-NULL-dereference.patch b/batman-adv/patches/0007-batman-adv-fix-indirect-hard_iface-NULL-dereference.patch new file mode 100644 index 0000000..aa29c5d --- /dev/null +++ b/batman-adv/patches/0007-batman-adv-fix-indirect-hard_iface-NULL-dereference.patch @@ -0,0 +1,35 @@ +From 2ac2c94590d49e69ad8400a9df959533195143ed Mon Sep 17 00:00:00 2001 +From: Marek Lindner +Date: Thu, 24 Apr 2014 03:44:25 +0800 +Subject: [PATCH 7/9] batman-adv: fix indirect hard_iface NULL dereference + +If hard_iface is NULL and goto out is made batadv_hardif_free_ref() +doesn't check for NULL before dereferencing it to get to refcount. + +Introduced in f13f960797fd1969b3c0470cc97435ddfb6aecb4 +("batman-adv: add debugfs support to view multiif tables"). + +Reported-by: Sven Eckelmann +Signed-off-by: Marek Lindner +Acked-by: Antonio Quartulli +--- + originator.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/originator.c b/originator.c +index aa2468b..35b42f8 100644 +--- a/originator.c ++++ b/originator.c +@@ -1074,7 +1074,8 @@ int batadv_orig_hardif_seq_print_text(struct seq_file *seq, void *offset) + bat_priv->bat_algo_ops->bat_orig_print(bat_priv, seq, hard_iface); + + out: +- batadv_hardif_free_ref(hard_iface); ++ if (hard_iface) ++ batadv_hardif_free_ref(hard_iface); + return 0; + } + +-- +2.0.0.rc2 + diff --git a/batman-adv/patches/0008-batman-adv-fix-reference-counting-imbalance-while-se.patch b/batman-adv/patches/0008-batman-adv-fix-reference-counting-imbalance-while-se.patch new file mode 100644 index 0000000..ab5a4b7 --- /dev/null +++ b/batman-adv/patches/0008-batman-adv-fix-reference-counting-imbalance-while-se.patch @@ -0,0 +1,65 @@ +From 113f264b60bc4f50011a8f736d74f91ff7da11f1 Mon Sep 17 00:00:00 2001 +From: Antonio Quartulli +Date: Wed, 23 Apr 2014 14:05:16 +0200 +Subject: [PATCH 8/9] batman-adv: fix reference counting imbalance while + sending fragment +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +In the new fragmentation code the batadv_frag_send_packet() +function obtains a reference to the primary_if, but it does +not release it upon return. + +This reference imbalance prevents the primary_if (and then +the related netdevice) to be properly released on shut down. + +Fix this by releasing the primary_if in batadv_frag_send_packet(). + +Introduced by db56e4ecf5c2b179a0101138eacc2ec52b6ef45d +("batman-adv: Fragment and send skbs larger than mtu") + +Cc: Martin Hundebøll +Signed-off-by: Antonio Quartulli +Signed-off-by: Marek Lindner +Acked-by: Martin Hundebøll +--- + fragmentation.c | 11 ++++++++--- + 1 file changed, 8 insertions(+), 3 deletions(-) + +diff --git a/fragmentation.c b/fragmentation.c +index 88df9b1..cc1cfd6 100644 +--- a/fragmentation.c ++++ b/fragmentation.c +@@ -418,12 +418,13 @@ bool batadv_frag_send_packet(struct sk_buff *skb, + struct batadv_neigh_node *neigh_node) + { + struct batadv_priv *bat_priv; +- struct batadv_hard_iface *primary_if; ++ struct batadv_hard_iface *primary_if = NULL; + struct batadv_frag_packet frag_header; + struct sk_buff *skb_fragment; + unsigned mtu = neigh_node->if_incoming->net_dev->mtu; + unsigned header_size = sizeof(frag_header); + unsigned max_fragment_size, max_packet_size; ++ bool ret = false; + + /* To avoid merge and refragmentation at next-hops we never send + * fragments larger than BATADV_FRAG_MAX_FRAG_SIZE +@@ -483,7 +484,11 @@ bool batadv_frag_send_packet(struct sk_buff *skb, + skb->len + ETH_HLEN); + batadv_send_skb_packet(skb, neigh_node->if_incoming, neigh_node->addr); + +- return true; ++ ret = true; ++ + out_err: +- return false; ++ if (primary_if) ++ batadv_hardif_free_ref(primary_if); ++ ++ return ret; + } +-- +2.0.0.rc2 + diff --git a/batman-adv/patches/0009-batman-adv-increase-orig-refcount-when-storing-ref-i.patch b/batman-adv/patches/0009-batman-adv-increase-orig-refcount-when-storing-ref-i.patch new file mode 100644 index 0000000..d6f3dd6 --- /dev/null +++ b/batman-adv/patches/0009-batman-adv-increase-orig-refcount-when-storing-ref-i.patch @@ -0,0 +1,56 @@ +From 8dbdee55810adceecf51548d44da893076c99219 Mon Sep 17 00:00:00 2001 +From: Antonio Quartulli +Date: Fri, 2 May 2014 01:35:13 +0200 +Subject: [PATCH 9/9] batman-adv: increase orig refcount when storing ref in + gw_node + +A pointer to the orig_node representing a bat-gateway is +stored in the gw_node->orig_node member, but the refcount +for such orig_node is never increased. +This leads to memory faults when gw_node->orig_node is accessed +and the originator has already been freed. + +Fix this by increasing the refcount on gw_node creation +and decreasing it on gw_node free. + +Signed-off-by: Antonio Quartulli +Signed-off-by: Marek Lindner +--- + gateway_client.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/gateway_client.c b/gateway_client.c +index d7fafc1..d5a40ab 100644 +--- a/gateway_client.c ++++ b/gateway_client.c +@@ -42,8 +42,10 @@ + + static void batadv_gw_node_free_ref(struct batadv_gw_node *gw_node) + { +- if (atomic_dec_and_test(&gw_node->refcount)) ++ if (atomic_dec_and_test(&gw_node->refcount)) { ++ batadv_orig_node_free_ref(gw_node->orig_node); + kfree_rcu(gw_node, rcu); ++ } + } + + static struct batadv_gw_node * +@@ -406,9 +408,14 @@ static void batadv_gw_node_add(struct batadv_priv *bat_priv, + if (gateway->bandwidth_down == 0) + return; + ++ if (!atomic_inc_not_zero(&orig_node->refcount)) ++ return; ++ + gw_node = kzalloc(sizeof(*gw_node), GFP_ATOMIC); +- if (!gw_node) ++ if (!gw_node) { ++ batadv_orig_node_free_ref(orig_node); + return; ++ } + + INIT_HLIST_NODE(&gw_node->list); + gw_node->orig_node = orig_node; +-- +2.0.0.rc2 +