• Sven Eckelmann's avatar
    batman-adv: Fix reference counting of vlan object for tt_local_entry · a33d970d
    Sven Eckelmann authored
    The batadv_tt_local_entry was specific to a batadv_softif_vlan and held an
    implicit reference to it. But this reference was never stored in form of a
    pointer in the tt_local_entry itself. Instead batadv_tt_local_remove,
    batadv_tt_local_table_free and batadv_tt_local_purge_pending_clients depend
    on a consistent state of bat_priv->softif_vlan_list and that
    batadv_softif_vlan_get always returns the batadv_softif_vlan object which
    it has a reference for. But batadv_softif_vlan_get cannot guarantee that
    because it is working only with rcu_read_lock on this list. It can
    therefore happen that an vid is in this list twice or that
    batadv_softif_vlan_get cannot find the batadv_softif_vlan for an vid due to
    some other list operations taking place at the same time.
    
    Instead add a batadv_softif_vlan pointer directly in batadv_tt_local_entry
    which will be used for the reference counter decremented on release of
    batadv_tt_local_entry.
    
    Fixes: 35df3b29 ("batman-adv: fix TT VLAN inconsistency on VLAN re-add")
    Signed-off-by: default avatarSven Eckelmann <sven@narfation.org>
    Acked-by: default avatarAntonio Quartulli <a@unstable.cc>
    Signed-off-by: default avatarMarek Lindner <mareklindner@neomailbox.ch>
    Signed-off-by: default avatarAntonio Quartulli <a@unstable.cc>
    a33d970d
types.h 50.7 KB