• Sven Eckelmann's avatar
    batman-adv: Fix reference counting of hardif_neigh_node object for neigh_node · abe59c65
    Sven Eckelmann authored
    The batadv_neigh_node was specific to a batadv_hardif_neigh_node and held
    an implicit reference to it. But this reference was never stored in form of
    a pointer in the batadv_neigh_node itself. Instead
    batadv_neigh_node_release depends on a consistent state of
    hard_iface->neigh_list and that batadv_hardif_neigh_get always returns the
    batadv_hardif_neigh_node object which it has a reference for. But
    batadv_hardif_neigh_get cannot guarantee that because it is working only
    with rcu_read_lock on this list. It can therefore happen that a neigh_addr
    is in this list twice or that batadv_hardif_neigh_get cannot find the
    batadv_hardif_neigh_node for an neigh_addr due to some other list
    operations taking place at the same time.
    
    Instead add a batadv_hardif_neigh_node pointer directly in
    batadv_neigh_node which will be used for the reference counter decremented
    on release of batadv_neigh_node.
    
    Fixes: cef63419 ("batman-adv: add list of unique single hop neighbors per hard-interface")
    Signed-off-by: default avatarSven Eckelmann <sven@narfation.org>
    Signed-off-by: default avatarMarek Lindner <mareklindner@neomailbox.ch>
    Signed-off-by: default avatarAntonio Quartulli <a@unstable.cc>
    abe59c65
types.h 50.8 KB