From d34224e9f0440420e5e6813e3ebc1cd7bf1ba513 Mon Sep 17 00:00:00 2001 From: Marek Lindner Date: Sun, 6 Sep 2015 16:53:06 +0800 Subject: [PATCH] batman-adv: 2015.1 bugfixes & stability updates Signed-off-by: Marek Lindner --- ...ower-layer-header-length-to-headroom.patch | 88 --------------- ...-access-unregistered-net_device-obje.patch | 46 ++++++++ ...ower-layer-needed_-head-tail-room-to.patch | 101 ++++++++++++++++++ ...emory-leak-on-tt-add-with-invalid-vl.patch | 43 ++++++++ ...e-unnecessary-braces-for-test_bit-in.patch | 32 ++++++ ...e-unnecessary-braces-for-test_bit-in.patch | 32 ++++++ ...e-unnecessary-braces-for-test_bit-in.patch | 41 +++++++ ...ix-speedy-join-for-DAT-cache-replies.patch | 58 ++++++++++ ...-avoid-keeping-false-temporary-entry.patch | 51 +++++++++ ...ect-local-excess-vlans-in-TT-request.patch | 55 ++++++++++ 10 files changed, 459 insertions(+), 88 deletions(-) delete mode 100644 batman-adv/patches/0001-batman-adv-Add-lower-layer-header-length-to-headroom.patch create mode 100644 batman-adv/patches/0001-batman-adv-don-t-access-unregistered-net_device-obje.patch create mode 100644 batman-adv/patches/0002-batman-adv-Add-lower-layer-needed_-head-tail-room-to.patch create mode 100644 batman-adv/patches/0003-batman-adv-Fix-memory-leak-on-tt-add-with-invalid-vl.patch create mode 100644 batman-adv/patches/0004-batman-adv-Remove-unnecessary-braces-for-test_bit-in.patch create mode 100644 batman-adv/patches/0005-batman-adv-Remove-unnecessary-braces-for-test_bit-in.patch create mode 100644 batman-adv/patches/0006-batman-adv-Remove-unnecessary-braces-for-test_bit-in.patch create mode 100644 batman-adv/patches/0007-batman-adv-fix-speedy-join-for-DAT-cache-replies.patch create mode 100644 batman-adv/patches/0008-batman-adv-avoid-keeping-false-temporary-entry.patch create mode 100644 batman-adv/patches/0009-batman-adv-detect-local-excess-vlans-in-TT-request.patch diff --git a/batman-adv/patches/0001-batman-adv-Add-lower-layer-header-length-to-headroom.patch b/batman-adv/patches/0001-batman-adv-Add-lower-layer-header-length-to-headroom.patch deleted file mode 100644 index c5adedb..0000000 --- a/batman-adv/patches/0001-batman-adv-Add-lower-layer-header-length-to-headroom.patch +++ /dev/null @@ -1,88 +0,0 @@ -batman-adv: Add lower layer header length to headroom - -The maximum of hard_header_len and needed_headroom of all slave interfaces -of a batman-adv device must be used to define the batman-adv device -headroom/header_len. This is required to avoid too small headroom problems -when these slave devices try to send the encapsulated packet. - -The batman-adv therefore uses: - - needed_headroom = max(0, dev[0].needed_headroom, ..., - dev[n].needed_headroom) - hard_header_len = max(ETH_HLEN, dev[0].hard_header_len, ..., - dev[n].hard_header_len) + ETH_HLEN + - max(sizeof(batadv_*cast_packet)) - -Signed-off-by: Sven Eckelmann ---- - net/batman-adv/hard-interface.c | 33 +++++++++++++++++++++++++++++++++ - net/batman-adv/soft-interface.c | 2 +- - 2 files changed, 34 insertions(+), 1 deletion(-) - -diff --git a/net/batman-adv/hard-interface.c b/net/batman-adv/hard-interface.c -index f4a15d2e5eaf..a501aae1077b 100644 ---- a/net/batman-adv/hard-interface.c -+++ b/net/batman-adv/hard-interface.c -@@ -252,12 +252,45 @@ static void batadv_check_known_mac_addr(const struct net_device *net_dev) - rcu_read_unlock(); - } - -+/** -+ * batadv_hardif_recalc_headroom() - Recalculate skbuff headroom parameters -+ * @soft_iface: netdev struct of the mesh interface -+ */ -+static void batadv_hardif_recalc_headroom(struct net_device *soft_iface) -+{ -+ const struct batadv_hard_iface *hard_iface; -+ unsigned short hard_header_len = ETH_HLEN; -+ unsigned short needed_headroom = 0; -+ -+ rcu_read_lock(); -+ list_for_each_entry_rcu(hard_iface, &batadv_hardif_list, list) { -+ if ((hard_iface->if_status != BATADV_IF_ACTIVE) && -+ (hard_iface->if_status != BATADV_IF_TO_BE_ACTIVATED)) -+ continue; -+ -+ if (hard_iface->soft_iface != soft_iface) -+ continue; -+ -+ hard_header_len = max_t(unsigned short, hard_header_len, -+ hard_iface->net_dev->hard_header_len); -+ -+ needed_headroom = max_t(unsigned short, needed_headroom, -+ hard_iface->net_dev->needed_headroom); -+ } -+ rcu_read_unlock(); -+ -+ soft_iface->needed_headroom = needed_headroom; -+ soft_iface->hard_header_len = hard_header_len + batadv_max_header_len(); -+} -+ - int batadv_hardif_min_mtu(struct net_device *soft_iface) - { - struct batadv_priv *bat_priv = netdev_priv(soft_iface); - const struct batadv_hard_iface *hard_iface; - int min_mtu = INT_MAX; - -+ batadv_hardif_recalc_headroom(soft_iface); -+ - rcu_read_lock(); - list_for_each_entry_rcu(hard_iface, &batadv_hardif_list, list) { - if ((hard_iface->if_status != BATADV_IF_ACTIVE) && -diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c -index 36b23f31df2a..b4c110791203 100644 ---- a/net/batman-adv/soft-interface.c -+++ b/net/batman-adv/soft-interface.c -@@ -948,7 +948,7 @@ static void batadv_softif_init_early(struct net_device *dev) - */ - dev->mtu = ETH_DATA_LEN; - /* reserve more space in the skbuff for our header */ -- dev->hard_header_len = batadv_max_header_len(); -+ dev->hard_header_len = ETH_HLEN + batadv_max_header_len(); - - /* generate random address */ - eth_hw_addr_random(dev); --- -2.5.0 - - diff --git a/batman-adv/patches/0001-batman-adv-don-t-access-unregistered-net_device-obje.patch b/batman-adv/patches/0001-batman-adv-don-t-access-unregistered-net_device-obje.patch new file mode 100644 index 0000000..75da6fb --- /dev/null +++ b/batman-adv/patches/0001-batman-adv-don-t-access-unregistered-net_device-obje.patch @@ -0,0 +1,46 @@ +From 958aafba93c7e408237298c5b2c5d7c3e318402c Mon Sep 17 00:00:00 2001 +From: Antonio Quartulli +Date: Tue, 4 Aug 2015 22:26:19 +0200 +Subject: [PATCH 1/9] batman-adv: don't access unregistered net_device object + +In batadv_hardif_disable_interface() there is a call to +batadv_softif_destroy_sysfs() which in turns invokes +unregister_netdevice() on the soft_iface. +After this point we cannot rely on the soft_iface object +anymore because it might get free'd by the netdev periodic +routine at any time. + +For this reason the netdev_upper_dev_unlink(.., soft_iface) call +is moved before the invocation of batadv_softif_destroy_sysfs() so +that we can be sure that the soft_iface object is still valid. + +Signed-off-by: Antonio Quartulli +Signed-off-by: Marek Lindner +--- + net/batman-adv/hard-interface.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/net/batman-adv/hard-interface.c b/net/batman-adv/hard-interface.c +index f4a15d2..0565b20 100644 +--- a/net/batman-adv/hard-interface.c ++++ b/net/batman-adv/hard-interface.c +@@ -528,6 +528,8 @@ void batadv_hardif_disable_interface(struct batadv_hard_iface *hard_iface, + batadv_purge_outstanding_packets(bat_priv, hard_iface); + dev_put(hard_iface->soft_iface); + ++ netdev_upper_dev_unlink(hard_iface->net_dev, hard_iface->soft_iface); ++ + /* nobody uses this interface anymore */ + if (!bat_priv->num_ifaces) { + batadv_gw_check_client_stop(bat_priv); +@@ -536,7 +538,6 @@ void batadv_hardif_disable_interface(struct batadv_hard_iface *hard_iface, + batadv_softif_destroy_sysfs(hard_iface->soft_iface); + } + +- netdev_upper_dev_unlink(hard_iface->net_dev, hard_iface->soft_iface); + hard_iface->soft_iface = NULL; + batadv_hardif_free_ref(hard_iface); + +-- +2.5.0 + diff --git a/batman-adv/patches/0002-batman-adv-Add-lower-layer-needed_-head-tail-room-to.patch b/batman-adv/patches/0002-batman-adv-Add-lower-layer-needed_-head-tail-room-to.patch new file mode 100644 index 0000000..681c4b2 --- /dev/null +++ b/batman-adv/patches/0002-batman-adv-Add-lower-layer-needed_-head-tail-room-to.patch @@ -0,0 +1,101 @@ +From e2b4301f4e2d3695ed2024880d2295223cb2f857 Mon Sep 17 00:00:00 2001 +From: Sven Eckelmann +Date: Fri, 7 Aug 2015 19:28:42 +0200 +Subject: [PATCH 2/9] batman-adv: Add lower layer needed_(head|tail)room to own + ones + +The maximum of hard_header_len and maximum of all needed_(head|tail)room of +all slave interfaces of a batman-adv device must be used to define the +batman-adv device needed_(head|tail)room. This is required to avoid too +small buffer problems when these slave devices try to send the encapsulated +packet in a tx path without the possibility to resize the skbuff. + +Signed-off-by: Sven Eckelmann +Signed-off-by: Marek Lindner +--- + net/batman-adv/hard-interface.c | 41 +++++++++++++++++++++++++++++++++++++++++ + net/batman-adv/soft-interface.c | 2 -- + 2 files changed, 41 insertions(+), 2 deletions(-) + +diff --git a/net/batman-adv/hard-interface.c b/net/batman-adv/hard-interface.c +index 0565b20..f11345e 100644 +--- a/net/batman-adv/hard-interface.c ++++ b/net/batman-adv/hard-interface.c +@@ -252,6 +252,44 @@ static void batadv_check_known_mac_addr(const struct net_device *net_dev) + rcu_read_unlock(); + } + ++/** ++ * batadv_hardif_recalc_extra_skbroom() - Recalculate skbuff extra head/tailroom ++ * @soft_iface: netdev struct of the mesh interface ++ */ ++static void batadv_hardif_recalc_extra_skbroom(struct net_device *soft_iface) ++{ ++ const struct batadv_hard_iface *hard_iface; ++ unsigned short lower_header_len = ETH_HLEN; ++ unsigned short lower_headroom = 0; ++ unsigned short lower_tailroom = 0; ++ unsigned short needed_headroom; ++ ++ rcu_read_lock(); ++ list_for_each_entry_rcu(hard_iface, &batadv_hardif_list, list) { ++ if (hard_iface->if_status == BATADV_IF_NOT_IN_USE) ++ continue; ++ ++ if (hard_iface->soft_iface != soft_iface) ++ continue; ++ ++ lower_header_len = max_t(unsigned short, lower_header_len, ++ hard_iface->net_dev->hard_header_len); ++ ++ lower_headroom = max_t(unsigned short, lower_headroom, ++ hard_iface->net_dev->needed_headroom); ++ ++ lower_tailroom = max_t(unsigned short, lower_tailroom, ++ hard_iface->net_dev->needed_tailroom); ++ } ++ rcu_read_unlock(); ++ ++ needed_headroom = lower_headroom + (lower_header_len - ETH_HLEN); ++ needed_headroom += batadv_max_header_len(); ++ ++ soft_iface->needed_headroom = needed_headroom; ++ soft_iface->needed_tailroom = lower_tailroom; ++} ++ + int batadv_hardif_min_mtu(struct net_device *soft_iface) + { + struct batadv_priv *bat_priv = netdev_priv(soft_iface); +@@ -474,6 +512,8 @@ int batadv_hardif_enable_interface(struct batadv_hard_iface *hard_iface, + "Not using interface %s (retrying later): interface not active\n", + hard_iface->net_dev->name); + ++ batadv_hardif_recalc_extra_skbroom(soft_iface); ++ + /* begin scheduling originator messages on that interface */ + batadv_schedule_bat_ogm(hard_iface); + +@@ -529,6 +569,7 @@ void batadv_hardif_disable_interface(struct batadv_hard_iface *hard_iface, + dev_put(hard_iface->soft_iface); + + netdev_upper_dev_unlink(hard_iface->net_dev, hard_iface->soft_iface); ++ batadv_hardif_recalc_extra_skbroom(hard_iface->soft_iface); + + /* nobody uses this interface anymore */ + if (!bat_priv->num_ifaces) { +diff --git a/net/batman-adv/soft-interface.c b/net/batman-adv/soft-interface.c +index 51cda3a..10f6448 100644 +--- a/net/batman-adv/soft-interface.c ++++ b/net/batman-adv/soft-interface.c +@@ -947,8 +947,6 @@ static void batadv_softif_init_early(struct net_device *dev) + * have not been initialized yet + */ + dev->mtu = ETH_DATA_LEN; +- /* reserve more space in the skbuff for our header */ +- dev->hard_header_len = batadv_max_header_len(); + + /* generate random address */ + eth_hw_addr_random(dev); +-- +2.5.0 + diff --git a/batman-adv/patches/0003-batman-adv-Fix-memory-leak-on-tt-add-with-invalid-vl.patch b/batman-adv/patches/0003-batman-adv-Fix-memory-leak-on-tt-add-with-invalid-vl.patch new file mode 100644 index 0000000..8fc5f64 --- /dev/null +++ b/batman-adv/patches/0003-batman-adv-Fix-memory-leak-on-tt-add-with-invalid-vl.patch @@ -0,0 +1,43 @@ +From dba67bc80fbfe6a28fc3c1141cca1c556ab7e499 Mon Sep 17 00:00:00 2001 +From: Sven Eckelmann +Date: Tue, 18 Aug 2015 13:37:01 +0200 +Subject: [PATCH 3/9] batman-adv: Fix memory leak on tt add with invalid vlan + +The object tt_local is allocated with kmalloc and not initialized when the +function batadv_tt_local_add checks for the vlan. But this function can +only cleanup the object when the (not yet initialized) reference counter of +the object is 1. This is unlikely and thus the object would leak when the +vlan could not be found. + +Instead the uninitialized object tt_local has to be freed manually and the +pointer has to set to NULL to avoid calling the function which would try to +decrement the reference counter of the not existing object. + +CID: 1316518 +Fixes: 354136bcc3c4 ("batman-adv: fix kernel crash due to missing NULL checks") +Signed-off-by: Sven Eckelmann +Signed-off-by: Marek Lindner +--- + net/batman-adv/translation-table.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/net/batman-adv/translation-table.c b/net/batman-adv/translation-table.c +index 7986ec5..39283ff 100644 +--- a/net/batman-adv/translation-table.c ++++ b/net/batman-adv/translation-table.c +@@ -595,8 +595,11 @@ bool batadv_tt_local_add(struct net_device *soft_iface, const uint8_t *addr, + /* increase the refcounter of the related vlan */ + vlan = batadv_softif_vlan_get(bat_priv, vid); + if (WARN(!vlan, "adding TT local entry %pM to non-existent VLAN %d", +- addr, BATADV_PRINT_VID(vid))) ++ addr, BATADV_PRINT_VID(vid))) { ++ kfree(tt_local); ++ tt_local = NULL; + goto out; ++ } + + batadv_dbg(BATADV_DBG_TT, bat_priv, + "Creating new local tt entry: %pM (vid: %d, ttvn: %d)\n", +-- +2.5.0 + diff --git a/batman-adv/patches/0004-batman-adv-Remove-unnecessary-braces-for-test_bit-in.patch b/batman-adv/patches/0004-batman-adv-Remove-unnecessary-braces-for-test_bit-in.patch new file mode 100644 index 0000000..afe66a6 --- /dev/null +++ b/batman-adv/patches/0004-batman-adv-Remove-unnecessary-braces-for-test_bit-in.patch @@ -0,0 +1,32 @@ +From af3558688698479a56034f0fcbca164be2052aa8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Linus=20L=C3=BCssing?= +Date: Fri, 14 Aug 2015 17:23:48 +0200 +Subject: [PATCH 4/9] batman-adv: Remove unnecessary braces for test_bit() in + DAT +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Fixes: de466678 ("batman-adv: Fix broken DAT capability check") +Signed-off-by: Linus Lüssing +Signed-off-by: Marek Lindner +--- + net/batman-adv/distributed-arp-table.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/net/batman-adv/distributed-arp-table.c b/net/batman-adv/distributed-arp-table.c +index 1caf7d2..63243a3 100644 +--- a/net/batman-adv/distributed-arp-table.c ++++ b/net/batman-adv/distributed-arp-table.c +@@ -453,7 +453,7 @@ static bool batadv_is_orig_node_eligible(struct batadv_dat_candidate *res, + int j; + + /* check if orig node candidate is running DAT */ +- if (!(test_bit(BATADV_ORIG_CAPA_HAS_DAT, &candidate->capabilities))) ++ if (!test_bit(BATADV_ORIG_CAPA_HAS_DAT, &candidate->capabilities)) + goto out; + + /* Check if this node has already been selected... */ +-- +2.5.0 + diff --git a/batman-adv/patches/0005-batman-adv-Remove-unnecessary-braces-for-test_bit-in.patch b/batman-adv/patches/0005-batman-adv-Remove-unnecessary-braces-for-test_bit-in.patch new file mode 100644 index 0000000..eecbdcd --- /dev/null +++ b/batman-adv/patches/0005-batman-adv-Remove-unnecessary-braces-for-test_bit-in.patch @@ -0,0 +1,32 @@ +From 5abaf07b4c24ab2d7bd9b0c0de946b1ee5e946ff Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Linus=20L=C3=BCssing?= +Date: Fri, 14 Aug 2015 17:23:49 +0200 +Subject: [PATCH 5/9] batman-adv: Remove unnecessary braces for test_bit() in + NC +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Fixes: dfb27e75 ("batman-adv: Fix broken NC capability check") +Signed-off-by: Linus Lüssing +Signed-off-by: Marek Lindner +--- + net/batman-adv/network-coding.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/net/batman-adv/network-coding.c b/net/batman-adv/network-coding.c +index 55a0b28..1a1f7e6 100644 +--- a/net/batman-adv/network-coding.c ++++ b/net/batman-adv/network-coding.c +@@ -894,7 +894,7 @@ void batadv_nc_update_nc_node(struct batadv_priv *bat_priv, + goto out; + + /* check if orig node is network coding enabled */ +- if (!(test_bit(BATADV_ORIG_CAPA_HAS_NC, &orig_node->capabilities))) ++ if (!test_bit(BATADV_ORIG_CAPA_HAS_NC, &orig_node->capabilities)) + goto out; + + /* accept ogms from 'good' neighbors and single hop neighbors */ +-- +2.5.0 + diff --git a/batman-adv/patches/0006-batman-adv-Remove-unnecessary-braces-for-test_bit-in.patch b/batman-adv/patches/0006-batman-adv-Remove-unnecessary-braces-for-test_bit-in.patch new file mode 100644 index 0000000..a4b4292 --- /dev/null +++ b/batman-adv/patches/0006-batman-adv-Remove-unnecessary-braces-for-test_bit-in.patch @@ -0,0 +1,41 @@ +From d126204d0471e0972142697f36364443a0bbc9cc Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Linus=20L=C3=BCssing?= +Date: Fri, 14 Aug 2015 17:23:50 +0200 +Subject: [PATCH 6/9] batman-adv: Remove unnecessary braces for test_bit() in + MCAST +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Fixes: 1798ad3f ("batman-adv: Fix broken MCAST capability check") +Signed-off-by: Linus Lüssing +Signed-off-by: Marek Lindner +--- + net/batman-adv/multicast.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/net/batman-adv/multicast.c b/net/batman-adv/multicast.c +index 8bdd69f..4541f08 100644 +--- a/net/batman-adv/multicast.c ++++ b/net/batman-adv/multicast.c +@@ -740,7 +740,7 @@ static void batadv_mcast_tvlv_ogm_handler_v1(struct batadv_priv *bat_priv, + * is a completely new orig_node no need to decrease the counter. + */ + if (orig_mcast_enabled && +- !(test_bit(BATADV_ORIG_CAPA_HAS_MCAST, &orig->capabilities))) { ++ !test_bit(BATADV_ORIG_CAPA_HAS_MCAST, &orig->capabilities)) { + if (orig_initialized) + atomic_dec(&bat_priv->mcast.num_disabled); + set_bit(BATADV_ORIG_CAPA_HAS_MCAST, &orig->capabilities); +@@ -798,7 +798,7 @@ void batadv_mcast_purge_orig(struct batadv_orig_node *orig) + + spin_lock_bh(&orig->mcast_handler_lock); + +- if (!(test_bit(BATADV_ORIG_CAPA_HAS_MCAST, &orig->capabilities)) && ++ if (!test_bit(BATADV_ORIG_CAPA_HAS_MCAST, &orig->capabilities) && + test_bit(BATADV_ORIG_CAPA_HAS_MCAST, &orig->capa_initialized)) + atomic_dec(&bat_priv->mcast.num_disabled); + +-- +2.5.0 + diff --git a/batman-adv/patches/0007-batman-adv-fix-speedy-join-for-DAT-cache-replies.patch b/batman-adv/patches/0007-batman-adv-fix-speedy-join-for-DAT-cache-replies.patch new file mode 100644 index 0000000..d88508a --- /dev/null +++ b/batman-adv/patches/0007-batman-adv-fix-speedy-join-for-DAT-cache-replies.patch @@ -0,0 +1,58 @@ +From 2decb5f1fef1484f1b7319aaf2f36b5492d8d943 Mon Sep 17 00:00:00 2001 +From: Simon Wunderlich +Date: Wed, 2 Sep 2015 20:09:54 +0200 +Subject: [PATCH 7/9] batman-adv: fix speedy join for DAT cache replies + +DAT Cache replies are answered on behalf of other clients which are not +connected to the answering originator. Therefore, we shouldn't add these +clients to the answering originators TT table through speed join to +avoid bogus entries. + +Reported-by: Alessandro Bolletta +Signed-off-by: Simon Wunderlich +Acked-by: Antonio Quartulli +Signed-off-by: Marek Lindner +--- + net/batman-adv/routing.c | 19 +++++++++++++++---- + 1 file changed, 15 insertions(+), 4 deletions(-) + +diff --git a/net/batman-adv/routing.c b/net/batman-adv/routing.c +index c360c0c..96b5daa 100644 +--- a/net/batman-adv/routing.c ++++ b/net/batman-adv/routing.c +@@ -836,6 +836,7 @@ int batadv_recv_unicast_packet(struct sk_buff *skb, + uint8_t *orig_addr; + struct batadv_orig_node *orig_node = NULL; + int check, hdr_size = sizeof(*unicast_packet); ++ enum batadv_subtype subtype; + bool is4addr; + + unicast_packet = (struct batadv_unicast_packet *)skb->data; +@@ -863,10 +864,20 @@ int batadv_recv_unicast_packet(struct sk_buff *skb, + /* packet for me */ + if (batadv_is_my_mac(bat_priv, unicast_packet->dest)) { + if (is4addr) { +- batadv_dat_inc_counter(bat_priv, +- unicast_4addr_packet->subtype); +- orig_addr = unicast_4addr_packet->src; +- orig_node = batadv_orig_hash_find(bat_priv, orig_addr); ++ subtype = unicast_4addr_packet->subtype; ++ batadv_dat_inc_counter(bat_priv, subtype); ++ ++ /* Only payload data should be considered for speedy ++ * join. For example, DAT also uses unicast 4addr ++ * types, but those packets should not be considered ++ * for speedy join, since the clients do not actually ++ * reside at the sending originator. ++ */ ++ if (subtype == BATADV_P_DATA) { ++ orig_addr = unicast_4addr_packet->src; ++ orig_node = batadv_orig_hash_find(bat_priv, ++ orig_addr); ++ } + } + + if (batadv_dat_snoop_incoming_arp_request(bat_priv, skb, +-- +2.5.0 + diff --git a/batman-adv/patches/0008-batman-adv-avoid-keeping-false-temporary-entry.patch b/batman-adv/patches/0008-batman-adv-avoid-keeping-false-temporary-entry.patch new file mode 100644 index 0000000..0e7dbab --- /dev/null +++ b/batman-adv/patches/0008-batman-adv-avoid-keeping-false-temporary-entry.patch @@ -0,0 +1,51 @@ +From 4a73d7438dfb60c7ac82758875292bc14f363b45 Mon Sep 17 00:00:00 2001 +From: Simon Wunderlich +Date: Wed, 2 Sep 2015 20:09:55 +0200 +Subject: [PATCH 8/9] batman-adv: avoid keeping false temporary entry + +In the case when a temporary entry is added first and a proper tt entry +is added after that, the temporary tt entry is kept in the orig list. +However the temporary flag is removed at this point, and therefore the +purge function can not find this temporary entry anymore. + +Therefore, remove the previous temp entry before adding the new proper +one. + +This case can happen if a client behind a given originator moves before +the TT announcement is sent out. Other than that, this case can also be +created by bogus or malicious payload frames for VLANs which are not +existent on the sending originator. + +Reported-by: Alessandro Bolletta +Signed-off-by: Simon Wunderlich +Acked-by: Antonio Quartulli +Signed-off-by: Marek Lindner +--- + net/batman-adv/translation-table.c | 10 ++++++++-- + 1 file changed, 8 insertions(+), 2 deletions(-) + +diff --git a/net/batman-adv/translation-table.c b/net/batman-adv/translation-table.c +index 39283ff..9ac1a46 100644 +--- a/net/batman-adv/translation-table.c ++++ b/net/batman-adv/translation-table.c +@@ -1419,9 +1419,15 @@ static bool batadv_tt_global_add(struct batadv_priv *bat_priv, + } + + /* if the client was temporary added before receiving the first +- * OGM announcing it, we have to clear the TEMP flag ++ * OGM announcing it, we have to clear the TEMP flag. Also, ++ * remove the previous temporary orig node and re-add it ++ * if required. If the orig entry changed, the new one which ++ * is a non-temporary entry is preferred. + */ +- common->flags &= ~BATADV_TT_CLIENT_TEMP; ++ if (common->flags & BATADV_TT_CLIENT_TEMP) { ++ batadv_tt_global_del_orig_list(tt_global_entry); ++ common->flags &= ~BATADV_TT_CLIENT_TEMP; ++ } + + /* the change can carry possible "attribute" flags like the + * TT_CLIENT_WIFI, therefore they have to be copied in the +-- +2.5.0 + diff --git a/batman-adv/patches/0009-batman-adv-detect-local-excess-vlans-in-TT-request.patch b/batman-adv/patches/0009-batman-adv-detect-local-excess-vlans-in-TT-request.patch new file mode 100644 index 0000000..66e0dcf --- /dev/null +++ b/batman-adv/patches/0009-batman-adv-detect-local-excess-vlans-in-TT-request.patch @@ -0,0 +1,55 @@ +From 2dd1d9f06ac1208b1921aa90d479c3940bc70b4f Mon Sep 17 00:00:00 2001 +From: Simon Wunderlich +Date: Wed, 2 Sep 2015 20:09:56 +0200 +Subject: [PATCH 9/9] batman-adv: detect local excess vlans in TT request + +If the local representation of the global TT table of one originator has +more VLAN entries than the respective TT update, there is some +inconsistency present. By detecting and reporting this inconsistency, +the global table gets updated and the excess VLAN will get removed in +the process. + +Reported-by: Alessandro Bolletta +Signed-off-by: Simon Wunderlich +Acked-by: Antonio Quartulli +Signed-off-by: Marek Lindner +--- + net/batman-adv/translation-table.c | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) + +diff --git a/net/batman-adv/translation-table.c b/net/batman-adv/translation-table.c +index 9ac1a46..7e4657e 100644 +--- a/net/batman-adv/translation-table.c ++++ b/net/batman-adv/translation-table.c +@@ -2394,8 +2394,8 @@ static bool batadv_tt_global_check_crc(struct batadv_orig_node *orig_node, + { + struct batadv_tvlv_tt_vlan_data *tt_vlan_tmp; + struct batadv_orig_node_vlan *vlan; ++ int i, orig_num_vlan; + uint32_t crc; +- int i; + + /* check if each received CRC matches the locally stored one */ + for (i = 0; i < num_vlan; i++) { +@@ -2421,6 +2421,18 @@ static bool batadv_tt_global_check_crc(struct batadv_orig_node *orig_node, + return false; + } + ++ /* check if any excess VLANs exist locally for the originator ++ * which are not mentioned in the TVLV from the originator. ++ */ ++ rcu_read_lock(); ++ orig_num_vlan = 0; ++ list_for_each_entry_rcu(vlan, &orig_node->vlan_list, list) ++ orig_num_vlan++; ++ rcu_read_unlock(); ++ ++ if (orig_num_vlan > num_vlan) ++ return false; ++ + return true; + } + +-- +2.5.0 + -- 2.30.2