linux-hardened/net/batman-adv
Antonio Quartulli 8b8e4bc039 batman-adv: fix race condition in TT full-table replacement
bug introduced with cea194d90b11aff7fc289149e4c7f305fad3535a

In the current TT code, when a TT_Response containing a full table is received
from an originator, first the node purges all the clients for that originator in
the global translation-table and then merges the newly received table.
During the purging phase each client deletion is done by means of a call_rcu()
invocation and at the end of this phase the global entry counter for that
originator is set to 0. However the invoked rcu function decreases the global
entry counter for that originator by one too and since the rcu invocation is
likely to be postponed, the node will end up in first setting the counter to 0
and then decreasing it one by one for each deleted client.

This bug leads to having a wrong global entry counter for the related node, say
X. Then when the node with the broken counter will answer to a TT_REQUEST on
behalf of node X, it will create faulty TT_RESPONSE that will generate an
unrecoverable situation on the node that asked for the full table recover.

The non-recoverability is given by the fact that the node with the broken
counter will keep answering on behalf of X because its knowledge about X's state
(ttvn + tt_crc) is correct.

To solve this problem the counter is not explicitly set to 0 anymore and the
counter decrement is performed right before the invocation of call_rcu().

Signed-off-by: Antonio Quartulli <ordex@autistici.org>
2012-06-23 17:21:35 +02:00
..
bat_algo.h batman-adv: Update copyright years 2012-02-17 02:50:21 +08:00
bat_debugfs.c batman-adv: replace HZ calculations with jiffies_to_msecs() 2012-05-11 10:08:13 +02:00
bat_debugfs.h batman-adv: Update copyright years 2012-02-17 02:50:21 +08:00
bat_iv_ogm.c batman-adv: prepare lq_update_lock to be shared among different protocols 2012-05-13 19:06:39 +02:00
bat_sysfs.c batman-adv: Adding hard_iface specific sysfs wrapper macros for UINT 2012-05-11 13:56:03 +02:00
bat_sysfs.h batman-adv: Update copyright years 2012-02-17 02:50:21 +08:00
bitarray.c batman-adv: Replace bitarray operations with bitmap 2012-04-11 14:28:58 +02:00
bitarray.h batman-adv: Replace bitarray operations with bitmap 2012-04-11 14:28:58 +02:00
bridge_loop_avoidance.c batman-adv: update copyright years 2012-05-11 13:56:07 +02:00
bridge_loop_avoidance.h batman-adv: update copyright years 2012-05-11 13:56:07 +02:00
gateway_client.c batman-adv: fix wrong dhcp option list browsing 2012-05-11 10:08:08 +02:00
gateway_client.h batman-adv: Update copyright years 2012-02-17 02:50:21 +08:00
gateway_common.c batman-adv: Ignore 80-chars per line limits for strings 2012-03-11 06:29:44 +08:00
gateway_common.h batman-adv: Update copyright years 2012-02-17 02:50:21 +08:00
hard-interface.c batman-adv: use shorter pr_warn instead of pr_warning 2012-05-13 19:06:41 +02:00
hard-interface.h batman-adv: Update copyright years 2012-02-17 02:50:21 +08:00
hash.c batman-adv: Update copyright years 2012-02-17 02:50:21 +08:00
hash.h batman-adv: Update copyright years 2012-02-17 02:50:21 +08:00
icmp_socket.c batman-adv: use ETH_HLEN instead of sizeof(struct ethhdr) 2012-04-18 09:54:01 +02:00
icmp_socket.h batman-adv: Update copyright years 2012-02-17 02:50:21 +08:00
Kconfig batman-adv: add bridge loop avoidance compile option 2012-04-11 14:29:00 +02:00
main.c batman-adv: refactoring API: find generalized name for bat_ogm_update_mac callback 2012-05-11 13:56:01 +02:00
main.h batman-adv: Start new development cycle 2012-05-13 19:06:42 +02:00
Makefile batman-adv: add bridge loop avoidance compile option 2012-04-11 14:29:00 +02:00
originator.c batman-adv: prepare lq_update_lock to be shared among different protocols 2012-05-13 19:06:39 +02:00
originator.h batman-adv: split neigh_new function into generic and batman iv specific parts 2012-05-11 13:55:57 +02:00
packet.h batman-adv: avoid temporary routing loops by being strict on forwarded OGMs 2012-05-11 13:56:05 +02:00
ring_buffer.c batman-adv: Update copyright years 2012-02-17 02:50:21 +08:00
ring_buffer.h batman-adv: Update copyright years 2012-02-17 02:50:21 +08:00
routing.c batman-adv: fix skb->data assignment 2012-06-19 14:49:08 -07:00
routing.h batman-adv: register batman ogm receive function during protocol init 2012-05-11 10:08:11 +02:00
send.c batman-adv: use shorter pr_warn instead of pr_warning 2012-05-13 19:06:41 +02:00
send.h batman-adv: Update copyright years 2012-02-17 02:50:21 +08:00
soft-interface.c batman-adv: use ETH_HLEN instead of sizeof(struct ethhdr) 2012-04-18 09:54:01 +02:00
soft-interface.h batman-adv: remove old bridge loop avoidance code 2012-04-11 14:28:58 +02:00
translation-table.c batman-adv: fix race condition in TT full-table replacement 2012-06-23 17:21:35 +02:00
translation-table.h batman-adv: improve unicast packet (re)routing 2012-05-13 19:06:38 +02:00
types.h batman-adv: prepare lq_update_lock to be shared among different protocols 2012-05-13 19:06:39 +02:00
unicast.c batman-adv: improve unicast packet (re)routing 2012-05-13 19:06:38 +02:00
unicast.h batman-adv: Update copyright years 2012-02-17 02:50:21 +08:00
vis.c batman-adv: use ETH_HLEN instead of sizeof(struct ethhdr) 2012-04-18 09:54:01 +02:00
vis.h batman-adv: Update copyright years 2012-02-17 02:50:21 +08:00