12 Dec, 2011
3 commits
-
Don't write more than the requested number of bytes of an batman-adv icmp
packet to the userspace buffer. Otherwise unrelated userspace memory might get
overridden by the kernel.Signed-off-by: Sven Eckelmann
Signed-off-by: Marek Lindner -
The access_ok read check can be directly done in copy_from_user since a failure
of access_ok is handled the same way as an error in __copy_from_user.Signed-off-by: Sven Eckelmann
Signed-off-by: Marek Lindner -
Writing a icmp_packet_rr and then reading icmp_packet can lead to kernel
memory corruption, if __user *buf is just below TASK_SIZE.Signed-off-by: Paul Kot
[sven@narfation.org: made it checkpatch clean]
Signed-off-by: Sven Eckelmann
Signed-off-by: Marek Lindner
20 Nov, 2011
1 commit
-
Reported-by: Sven Eckelmann
Signed-off-by: Marek Lindner
Signed-off-by: Sven Eckelmann
30 May, 2011
1 commit
-
Documentation/CodingStyle recommends to use the form
p = kmalloc(sizeof(*p), ...);
to calculate the size of a struct and not the version where the struct
name is spelled out to prevent bugs when the type of p changes. This
also seems appropriate for manipulation of buffers when they are
directly associated with p.Signed-off-by: Sven Eckelmann
02 May, 2011
1 commit
-
The rcu protected macros rcu_dereference() and rcu_assign_pointer()
for the bat_priv->primary_if need to be used, as well as spin/rcu locking.Otherwise we might end up using a primary_if pointer pointing to already
freed memory.Signed-off-by: Marek Lindner
Signed-off-by: Sven Eckelmann
18 Apr, 2011
1 commit
-
The rcu protected macros rcu_dereference() and rcu_assign_pointer()
for the orig_node->router need to be used, as well as spin/rcu locking.
Otherwise we might end up using a router pointer pointing to already
freed memory.Therefore this commit introduces the safe getter method
orig_node_get_router().Signed-off-by: Linus Lüssing
Signed-off-by: Marek Lindner
Signed-off-by: Sven Eckelmann
05 Mar, 2011
5 commits
-
Signed-off-by: Marek Lindner
-
It might be possible that 2 threads access the same data in the same
rcu grace period. The first thread calls call_rcu() to decrement the
refcount and free the data while the second thread increases the
refcount to use the data. To avoid this race condition all refcount
operations have to be atomic.Reported-by: Sven Eckelmann
Signed-off-by: Marek Lindner -
Signed-off-by: Marek Lindner
-
It might be possible that 2 threads access the same data in the same
rcu grace period. The first thread calls call_rcu() to decrement the
refcount and free the data while the second thread increases the
refcount to use the data. To avoid this race condition all refcount
operations have to be atomic.Reported-by: Sven Eckelmann
Signed-off-by: Marek Lindner -
Signed-off-by: Marek Lindner
12 Feb, 2011
1 commit
-
types.h is included by main.h, which is included at the beginning of any
other c-file anyway. Therefore this commit removes those duplicate
inclussions.Signed-off-by: Linus Lüssing
Signed-off-by: Sven Eckelmann
31 Jan, 2011
1 commit
-
Signed-off-by: Sven Eckelmann
17 Dec, 2010
1 commit
-
B.A.T.M.A.N. (better approach to mobile ad-hoc networking) is a routing
protocol for multi-hop ad-hoc mesh networks. The networks may be wired or
wireless. See http://www.open-mesh.org/ for more information and user space
tools.Signed-off-by: Sven Eckelmann
Signed-off-by: David S. Miller