23 Oct, 2015
8 commits
-
commit 53cf037bf846417fd92dc92ddf97267f69b110f4 upstream.
The two commits noted below added calls to ip_hdr() and ipv6_hdr(). They
need a correctly set skb network header.Unfortunately we cannot rely on the device drivers to set it for us.
Therefore setting it in the beginning of the according ndo_start_xmit
handler.Fixes: 1d8ab8d3c176 ("batman-adv: Modified forwarding behaviour for multicast packets")
Fixes: ab49886e3da7 ("batman-adv: Add IPv4 link-local/IPv6-ll-all-nodes multicast support")
Signed-off-by: Linus Lüssing
Signed-off-by: Marek Lindner
Signed-off-by: Antonio Quartulli
Signed-off-by: Greg Kroah-Hartman -
commit 8a4023c5b5e30b11f1f383186f4a7222b3b823cf upstream.
So far the mcast tvlv handler did not anticipate the processing of
multiple incoming OGMs from the same originator at the same time. This
can lead to various issues:* Broken refcounting: For instance two mcast handlers might both assume
that an originator just got multicast capabilities and will together
wrongly decrease mcast.num_disabled by two, potentially leading to
an integer underflow.* Potential kernel panic on hlist_del_rcu(): Two mcast handlers might
one after another try to do an
hlist_del_rcu(&orig->mcast_want_all_*_node). The second one will
cause memory corruption / crashes.
(Reported by: Sven Eckelmann )Right in the beginning the code path makes assumptions about the current
multicast related state of an originator and bases all updates on that. The
easiest and least error prune way to fix the issues in this case is to
serialize multiple mcast handler invocations with a spinlock.Fixes: 60432d756cf0 ("batman-adv: Announce new capability via multicast TVLV")
Signed-off-by: Linus Lüssing
Signed-off-by: Marek Lindner
Signed-off-by: Antonio Quartulli
Signed-off-by: Greg Kroah-Hartman -
commit 9c936e3f4c4fad07abb6c082a89508b8f724c88f upstream.
Bitwise OR/AND assignments in C aren't guaranteed to be atomic. One
OGM handler might undo the set/clear of a specific bit from another
handler run in between.Fix this by using the atomic set_bit()/clear_bit()/test_bit() functions.
Fixes: 60432d756cf0 ("batman-adv: Announce new capability via multicast TVLV")
Signed-off-by: Linus Lüssing
Signed-off-by: Marek Lindner
Signed-off-by: Antonio Quartulli
Signed-off-by: Greg Kroah-Hartman -
commit ac4eebd48461ec993e7cb614d5afe7df8c72e6b7 upstream.
Bitwise OR/AND assignments in C aren't guaranteed to be atomic. One
OGM handler might undo the set/clear of a specific bit from another
handler run in between.Fix this by using the atomic set_bit()/clear_bit()/test_bit() functions.
Fixes: e17931d1a61d ("batman-adv: introduce capability initialization bitfield")
Signed-off-by: Linus Lüssing
Signed-off-by: Marek Lindner
Signed-off-by: Antonio Quartulli
Signed-off-by: Greg Kroah-Hartman -
commit 4635469f5c617282f18c69643af36cd8c0acf707 upstream.
Bitwise OR/AND assignments in C aren't guaranteed to be atomic. One
OGM handler might undo the set/clear of a specific bit from another
handler run in between.Fix this by using the atomic set_bit()/clear_bit()/test_bit() functions.
Fixes: 3f4841ffb336 ("batman-adv: tvlv - add network coding container")
Signed-off-by: Linus Lüssing
Signed-off-by: Marek Lindner
Signed-off-by: Antonio Quartulli
Signed-off-by: Greg Kroah-Hartman -
commit 65d7d46050704bcdb8121ddbf4110bfbf2b38baa upstream.
Bitwise OR/AND assignments in C aren't guaranteed to be atomic. One
OGM handler might undo the set/clear of a specific bit from another
handler run in between.Fix this by using the atomic set_bit()/clear_bit()/test_bit() functions.
Fixes: 17cf0ea455f1 ("batman-adv: tvlv - add distributed arp table container")
Signed-off-by: Linus Lüssing
Signed-off-by: Marek Lindner
Signed-off-by: Antonio Quartulli
Signed-off-by: Greg Kroah-Hartman -
commit ef72706a0543d0c3a5ab29bd6378fdfb368118d9 upstream.
The tt_local_entry deletion performed in batadv_tt_local_remove() was neither
protecting against simultaneous deletes nor checking whether the element was
still part of the list before calling hlist_del_rcu().Replacing the hlist_del_rcu() call with batadv_hash_remove() provides adequate
protection via hash spinlocks as well as an is-element-still-in-hash check to
avoid 'blind' hash removal.Fixes: 068ee6e204e1 ("batman-adv: roaming handling mechanism redesign")
Reported-by: alfonsname@web.de
Signed-off-by: Marek Lindner
Signed-off-by: Antonio Quartulli
Signed-off-by: Greg Kroah-Hartman -
commit 354136bcc3c4f40a2813bba8f57ca5267d812d15 upstream.
batadv_softif_vlan_get() may return NULL which has to be verified
by the caller.Fixes: 35df3b298fc8 ("batman-adv: fix TT VLAN inconsistency on VLAN re-add")
Reported-by: Ryan Thompson
Signed-off-by: Marek Lindner
Signed-off-by: Antonio Quartulli
Signed-off-by: Greg Kroah-Hartman
03 Apr, 2015
1 commit
-
The goal of this patch is to prepare the removal of the iflink field. It
introduces a new ndo function, which will be implemented by virtual interfaces.There is no functional change into this patch. All readers of iflink field
now call dev_get_iflink().Signed-off-by: Nicolas Dichtel
Signed-off-by: David S. Miller
23 Feb, 2015
1 commit
-
net-next commit 6d91147d183c ("batman-adv: Remove uses of return value
of seq_printf") incorrectly changed the overflow occurred return from
-1 to 1. Change it back so that the test of batadv_write_buffer_text's
return value in batadv_gw_client_seq_print_text works properly.Signed-off-by: Joe Perches
Signed-off-by: David S. Miller
21 Feb, 2015
1 commit
-
This function is soon going to return void so remove the
return value use.Convert the return value to test seq_has_overflowed() instead.
Signed-off-by: Joe Perches
Acked-by: Antonio Quartulli
Signed-off-by: David S. Miller
08 Jan, 2015
15 commits
-
BATMAN_ADV_DEBUG is using debugfs files for the debugging log. So it
depends on DEBUG_FS which is missing as dependency in the Kconfig file.Signed-off-by: Markus Pargmann
Signed-off-by: Antonio Quartulli -
Signed-off-by: Simon Wunderlich
Signed-off-by: Antonio Quartulli -
Reported-by: checkpatch
Signed-off-by: Antonio Quartulli
Signed-off-by: Marek Lindner -
Since other network components (and some drivers) uses the control block
provided in skb's, the network coding feature might wrongly assume that
an SKB has been decoded, and thus not try to code it with another packet
again. This happens for instance when batman-adv is running on a bridge device.Fix this by clearing the control block for every received SKB.
Introduced by 3c12de9a5c756b23fe7c9ab332474ece1568914c
("batman-adv: network coding - code and transmit packets if possible")
Signed-off-by: Martin Hundebøll
Signed-off-by: Marek LindnerSigned-off-by: Antonio Quartulli
-
Signed-off-by: Antonio Quartulli
Signed-off-by: Marek Lindner -
Signed-off-by: Antonio Quartulli
Signed-off-by: Marek Lindner -
Signed-off-by: Antonio Quartulli
Signed-off-by: Marek Lindner -
Signed-off-by: Antonio Quartulli
Signed-off-by: Marek Lindner -
Signed-off-by: Antonio Quartulli
Signed-off-by: Marek Lindner -
Signed-off-by: Martin Hundebøll
Signed-off-by: Marek Lindner
Signed-off-by: Antonio Quartulli -
Signed-off-by: Martin Hundebøll
Acked-by: Antonio Quartulli
Signed-off-by: Marek Lindner
Signed-off-by: Antonio Quartulli -
Signed-off-by: Martin Hundebøll
Acked-by: Simon Wunderlich
Signed-off-by: Marek Lindner
Signed-off-by: Antonio Quartulli -
Signed-off-by: Martin Hundebøll
Signed-off-by: Marek Lindner
Signed-off-by: Antonio Quartulli -
This variable became obsolete when changing to the new bonding mechanism
based on the multi interface optimization. Since its not used anywhere,
remove it.Reported-by: Linus Lüssing
Signed-off-by: Simon Wunderlich
Signed-off-by: Marek Lindner
Signed-off-by: Antonio Quartulli -
Cc: Linus Lüssing
Signed-off-by: Antonio Quartulli
Signed-off-by: Marek Lindner
06 Jan, 2015
6 commits
-
This patch fixes a potential memory leak which can occur once an
originator times out. On timeout the according global translation table
entry might not get purged correctly. Furthermore, the non purged TT
entry will cause its orig-node to leak, too. Which additionally can lead
to the new multicast optimization feature not kicking in because of a
therefore bogus counter.In detail: The batadv_tt_global_entry->orig_list holds the reference to
the orig-node. Usually this reference is released after
BATADV_PURGE_TIMEOUT through: _batadv_purge_orig()->
batadv_purge_orig_node()->batadv_update_route()->_batadv_update_route()->
batadv_tt_global_del_orig() which purges this global tt entry and
releases the reference to the orig-node.However, if between two batadv_purge_orig_node() calls the orig-node
timeout grew to 2*BATADV_PURGE_TIMEOUT then this call path isn't
reached. Instead the according orig-node is removed from the
originator hash in _batadv_purge_orig(), the batadv_update_route()
part is skipped and won't be reached anymore.Fixing the issue by moving batadv_tt_global_del_orig() out of the rcu
callback.Signed-off-by: Linus Lüssing
Acked-by: Antonio Quartulli
Signed-off-by: Marek Lindner
Signed-off-by: Antonio Quartulli -
When purging an orig_node we should only decrease counter tracking the
number of nodes without multicast optimizations support if it was
increased through this orig_node before.A not yet quite initialized orig_node (meaning it did not have its turn
in the mcast-tvlv handler so far) which gets purged would not adhere to
this and will lead to a counter imbalance.Fixing this by adding a check whether the orig_node is mcast-initalized
before decreasing the counter in the mcast-orig_node-purging routine.Introduced by 60432d756cf06e597ef9da511402dd059b112447
("batman-adv: Announce new capability via multicast TVLV")Reported-by: Tobias Hachmer
Signed-off-by: Linus Lüssing
Signed-off-by: Marek Lindner
Signed-off-by: Antonio Quartulli -
A miscounting of nodes having multicast optimizations enabled can lead
to multicast packet loss in the following scenario:If the first OGM a node receives from another one has no multicast
optimizations support (no multicast tvlv) then we are missing to
increase the counter. This potentially leads to the wrong assumption
that we could safely use multicast optimizations.Fixings this by increasing the counter if the initial OGM has the
multicast TVLV unset, too.Introduced by 60432d756cf06e597ef9da511402dd059b112447
("batman-adv: Announce new capability via multicast TVLV")Reported-by: Tobias Hachmer
Signed-off-by: Linus Lüssing
Signed-off-by: Marek Lindner
Signed-off-by: Antonio Quartulli -
batadv_has_set_lock_class() is called with the wrong hash table as first
argument (probably due to a copy-paste error), which leads to false
positives when running with lockdep.Introduced-by: 612d2b4fe0a1ff2f8389462a6f8be34e54124c05
("batman-adv: network coding - save overheard and tx packets for decoding")Signed-off-by: Martin Hundebøll
Signed-off-by: Marek Lindner
Signed-off-by: Antonio Quartulli -
Currently it can happen that the reception of an OGM from a new
originator is not being accepted. More precisely it can happen that
an originator struct gets allocated and initialized
(batadv_orig_node_new()), even the TQ gets calculated and set correctly
(batadv_iv_ogm_calc_tq()) but still the periodic orig_node purging
thread will decide to delete it if it has a chance to jump between
these two function calls.This is because batadv_orig_node_new() initializes the last_seen value
to zero and its caller (batadv_iv_ogm_orig_get()) makes it visible to
other threads by adding it to the hash table already.
batadv_iv_ogm_calc_tq() will set the last_seen variable to the correct,
current time a few lines later but if the purging thread jumps in between
that it will think that the orig_node timed out and will wrongly
schedule it for deletion already.If the purging interval is the same as the originator interval (which is
the default: 1 second), then this game can continue for several rounds
until the random OGM jitter added enough difference between these
two (in tests, two to about four rounds seemed common).Fixing this by initializing the last_seen variable of an orig_node
to the current time before adding it to the hash table.Signed-off-by: Linus Lüssing
Signed-off-by: Marek Lindner
Signed-off-by: Antonio Quartulli -
The current condition actually does NOT consider bonding when the
interface the packet came in from is the soft interface, which is the
opposite of what it should do (and the comment describes). Fix that and
slightly simplify the condition.Reported-by: Ray Gibson
Signed-off-by: Simon Wunderlich
Signed-off-by: Marek Lindner
Signed-off-by: Antonio Quartulli
24 Dec, 2014
3 commits
-
Gateway having bandwidth_down equal to zero are not accepted
at all and so never added to the Gateway list.
For this reason checking the bandwidth_down member in
batadv_gw_out_of_range() is useless.This is probably a copy/paste error and this check was supposed
to be "!gw_node" only. Moreover, the way the check is written
now may also lead to a NULL dereference.Fix this by rewriting the if-condition properly.
Introduced by 414254e342a0d58144de40c3da777521ebaeeb07
("batman-adv: tvlv - gateway download/upload bandwidth container")Signed-off-by: Antonio Quartulli
Reported-by: David Binderman
Signed-off-by: Marek Lindner
Signed-off-by: David S. Miller -
The fragmentation code was replaced in 610bfc6bc99bc83680d190ebc69359a05fc7f605
("batman-adv: Receive fragmented packets and merge") by an implementation which
can handle up to 16 fragments of a packet. The packet is prepared for the split
in fragments by the function batadv_frag_send_packet and the actual split is
done by batadv_frag_create.Both functions calculate the size of a fragment themself. But their calculation
differs because batadv_frag_send_packet also subtracts ETH_HLEN. Therefore,
the check in batadv_frag_send_packet "can a full fragment can be created?" may
return true even when batadv_frag_create cannot create a full fragment.The function batadv_frag_create doesn't check the size of the skb before
splitting it and therefore might try to create a larger fragment than the
remaining buffer. This creates an integer underflow and an invalid len is given
to skb_split.Signed-off-by: Sven Eckelmann
Signed-off-by: David S. Miller -
The fragmentation code was replaced in 610bfc6bc99bc83680d190ebc69359a05fc7f605
("batman-adv: Receive fragmented packets and merge"). The new code provided a
mostly unused parameter skb for the merging function. It is used inside the
function to calculate the additionally needed skb tailroom. But instead of
increasing its own tailroom, it is only increasing the tailroom of the first
queued skb. This is not correct in some situations because the first queued
entry can be a different one than the parameter.An observed problem was:
1. packet with size 104, total_size 1464, fragno 1 was received
- packet is queued
2. packet with size 1400, total_size 1464, fragno 0 was received
- packet is queued at the end of the list
3. enough data was received and can be given to the merge function
(1464 == (1400 - 20) + (104 - 20))
- merge functions gets 1400 byte large packet as skb argument
4. merge function gets first entry in queue (104 byte)
- stored as skb_out
5. merge function calculates the required extra tail as total_size - skb->len
- pskb_expand_head tail of skb_out with 64 bytes
6. merge function tries to squeeze the extra 1380 bytes from the second queued
skb (1400 byte aka skb parameter) in the 64 extra tail bytes of skb_outInstead calculate the extra required tail bytes for skb_out also using skb_out
instead of using the parameter skb. The skb parameter is only used to get the
total_size from the last received packet. This is also the total_size used to
decide that all fragments were received.Reported-by: Philipp Psurek
Signed-off-by: Sven Eckelmann
Acked-by: Martin Hundebøll
Signed-off-by: David S. Miller
14 Oct, 2014
1 commit
-
The kernel used to contain two functions for length-delimited,
case-insensitive string comparison, strnicmp with correct semantics and
a slightly buggy strncasecmp. The latter is the POSIX name, so strnicmp
was renamed to strncasecmp, and strnicmp made into a wrapper for the new
strncasecmp to avoid breaking existing users.To allow the compat wrapper strnicmp to be removed at some point in the
future, and to avoid the extra indirection cost, do
s/strnicmp/strncasecmp/g.Signed-off-by: Rasmus Villemoes
Cc: Marek Lindner
Acked-by: Antonio Quartulli
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
17 Aug, 2014
1 commit
-
1d023284c31a4e40a94d5bbcb7dbb7a35ee0bcbc ("list: fix order of arguments for
hlist_add_after(_rcu)") was incorrectly rebased on top of
d9124268d84a836f14a6ead54ff9d8eee4c43be5 ("batman-adv: Fix out-of-order
fragmentation support"). The parameter order change of the rebased patch was
not re-applied as expected. This causes a memory leak and can cause crashes
when out-of-order packets are received. hlist_add_behind will try to access the
uninitalized list pointers of frag_entry_new to find the previous/next entry
and may modify/read random memory locations.Signed-off-by: Sven Eckelmann
Cc: Andrew Morton
Signed-off-by: David S. Miller
08 Aug, 2014
1 commit
-
The header multicast.h was included twice, so delete one of them.
Signed-off-by: Jean Sacren
Cc: Marek Lindner
Cc: Simon Wunderlich
Cc: Antonio Quartulli
Cc: b.a.t.m.a.n@lists.open-mesh.org
Signed-off-by: David S. Miller
07 Aug, 2014
1 commit
-
All other add functions for lists have the new item as first argument
and the position where it is added as second argument. This was changed
for no good reason in this function and makes using it unnecessary
confusing.The name was changed to hlist_add_behind() to cause unconverted code to
generate a compile error instead of using the wrong parameter order.[akpm@linux-foundation.org: coding-style fixes]
Signed-off-by: Ken Helias
Cc: "Paul E. McKenney"
Acked-by: Jeff Kirsher [intel driver bits]
Cc: Hugh Dickins
Cc: Christoph Hellwig
Signed-off-by: Andrew Morton
Signed-off-by: Linus Torvalds
06 Aug, 2014
1 commit
-
Conflicts:
drivers/net/Makefile
net/ipv6/sysctl_net_ipv6.cTwo ipv6_table_template[] additions overlap, so the index
of the ipv6_table[x] assignments needed to be adjusted.In the drivers/net/Makefile case, we've gotten rid of the
garbage whereby we had to list every single USB networking
driver in the top-level Makefile, there is just one
"USB_NETWORKING" that guards everything.Signed-off-by: David S. Miller
