batman-adv: 2013.2.0 stability fixes
authorMarek Lindner <lindner_marek@yahoo.de>
Thu, 9 May 2013 09:56:23 +0000 (17:56 +0800)
committerMarek Lindner <lindner_marek@yahoo.de>
Thu, 9 May 2013 09:56:23 +0000 (17:56 +0800)
Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
batman-adv/Makefile
batman-adv/patches/0001-batman-adv-use-the-proper-header-len-when-checking-t.patch
batman-adv/patches/0002-batman-adv-vlan-add-protocol-argument-to-packet-tagging-fun.patch
batman-adv/patches/0003-batman-adv-check-proto-length-before-accessing-proto.patch [new file with mode: 0644]
batman-adv/patches/0004-batman-adv-check-return-value-of-pskb_trim_rcsum.patch [new file with mode: 0644]
batman-adv/patches/0005-batman-adv-make-DAT-drop-ARP-requests-targeting-loca.patch [new file with mode: 0644]
batman-adv/patches/0006-batman-adv-reorder-clean-up-routine-in-order-to-avoi.patch [new file with mode: 0644]

index d6cd9b8..51dc797 100644 (file)
@@ -12,7 +12,7 @@ PKG_NAME:=batman-adv
 
 PKG_VERSION:=2013.2.0
 BATCTL_VERSION:=2013.2.0
-PKG_RELEASE:=1
+PKG_RELEASE:=2
 PKG_MD5SUM:=9ec18300b96df22f0ed21c9f51e4ccef
 BATCTL_MD5SUM:=712f86cdd0f9076503fc48acf37e109e
 
index 753825e..0327e03 100644 (file)
@@ -1,7 +1,7 @@
 From 9b96ecbae7295269aaa0320667f646870de65661 Mon Sep 17 00:00:00 2001
 From: Antonio Quartulli <antonio@open-mesh.com>
 Date: Wed, 3 Apr 2013 10:14:20 +0200
-Subject: [PATCH 1/2] batman-adv: use the proper header len when checking the
+Subject: [PATCH 1/6] batman-adv: use the proper header len when checking the
  TTVN
 
 Unicast packet might be of type either UNICAST or
index cb88314..f00a33f 100644 (file)
@@ -1,7 +1,7 @@
 From 82d1a8ebf19a1b9841ee44ce7b2448114be3e772 Mon Sep 17 00:00:00 2001
 From: Patrick McHardy <kaber@trash.net>
 Date: Wed, 24 Apr 2013 17:42:56 +0200
-Subject: [PATCH 2/2] net: vlan: add protocol argument to packet tagging
+Subject: [PATCH 2/6] net: vlan: add protocol argument to packet tagging
  functions
 
 Add a protocol argument to the VLAN packet tagging functions. In case of HW
diff --git a/batman-adv/patches/0003-batman-adv-check-proto-length-before-accessing-proto.patch b/batman-adv/patches/0003-batman-adv-check-proto-length-before-accessing-proto.patch
new file mode 100644 (file)
index 0000000..b7cb91f
--- /dev/null
@@ -0,0 +1,33 @@
+From aa7d19a5b97fe48657e075e8e4d130bd6916551e Mon Sep 17 00:00:00 2001
+From: Marek Lindner <lindner_marek@yahoo.de>
+Date: Sat, 27 Apr 2013 16:22:28 +0800
+Subject: [PATCH 3/6] batman-adv: check proto length before accessing proto
+ string buffer
+
+batadv_param_set_ra() strips the trailing '\n' from the supplied
+string buffer without checking the length of the buffer first. This
+patches avoids random memory access and associated potential
+crashes.
+
+Reported-by: Sasha Levin <sasha.levin@oracle.com>
+Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
+---
+ main.c |    2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/main.c b/main.c
+index 3e30a0f..9c620cd 100644
+--- a/main.c
++++ b/main.c
+@@ -475,7 +475,7 @@ static int batadv_param_set_ra(const char *val, const struct kernel_param *kp)
+       char *algo_name = (char *)val;
+       size_t name_len = strlen(algo_name);
+-      if (algo_name[name_len - 1] == '\n')
++      if (name_len > 0 && algo_name[name_len - 1] == '\n')
+               algo_name[name_len - 1] = '\0';
+       bat_algo_ops = batadv_algo_get(algo_name);
+-- 
+1.7.10.4
+
diff --git a/batman-adv/patches/0004-batman-adv-check-return-value-of-pskb_trim_rcsum.patch b/batman-adv/patches/0004-batman-adv-check-return-value-of-pskb_trim_rcsum.patch
new file mode 100644 (file)
index 0000000..29962a5
--- /dev/null
@@ -0,0 +1,44 @@
+From d22ebef1431aab13099370b89afa4ba55eb95c35 Mon Sep 17 00:00:00 2001
+From: Marek Lindner <lindner_marek@yahoo.de>
+Date: Tue, 7 May 2013 19:25:02 +0800
+Subject: [PATCH 4/6] batman-adv: check return value of pskb_trim_rcsum()
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Reported-by: Sven Eckelmann <sven@narfation.org>
+Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
+Acked-by: Martin Hundebøll <martin@hundeboll.net>
+---
+ network-coding.c |    8 ++++++--
+ 1 file changed, 6 insertions(+), 2 deletions(-)
+
+diff --git a/network-coding.c b/network-coding.c
+index f7c5430..e84629e 100644
+--- a/network-coding.c
++++ b/network-coding.c
+@@ -1514,6 +1514,7 @@ batadv_nc_skb_decode_packet(struct batadv_priv *bat_priv, struct sk_buff *skb,
+       struct ethhdr *ethhdr, ethhdr_tmp;
+       uint8_t *orig_dest, ttl, ttvn;
+       unsigned int coding_len;
++      int err;
+       /* Save headers temporarily */
+       memcpy(&coded_packet_tmp, skb->data, sizeof(coded_packet_tmp));
+@@ -1568,8 +1569,11 @@ batadv_nc_skb_decode_packet(struct batadv_priv *bat_priv, struct sk_buff *skb,
+                        coding_len);
+       /* Resize decoded skb if decoded with larger packet */
+-      if (nc_packet->skb->len > coding_len + h_size)
+-              pskb_trim_rcsum(skb, coding_len + h_size);
++      if (nc_packet->skb->len > coding_len + h_size) {
++              err = pskb_trim_rcsum(skb, coding_len + h_size);
++              if (err)
++                      return NULL;
++      }
+       /* Create decoded unicast packet */
+       unicast_packet = (struct batadv_unicast_packet *)skb->data;
+-- 
+1.7.10.4
+
diff --git a/batman-adv/patches/0005-batman-adv-make-DAT-drop-ARP-requests-targeting-loca.patch b/batman-adv/patches/0005-batman-adv-make-DAT-drop-ARP-requests-targeting-loca.patch
new file mode 100644 (file)
index 0000000..dd17f77
--- /dev/null
@@ -0,0 +1,48 @@
+From d6bd8b36fa1f3d72a6fd5942a6e9bde6ddafcd0d Mon Sep 17 00:00:00 2001
+From: Antonio Quartulli <ordex@autistici.org>
+Date: Thu, 9 May 2013 09:35:45 +0200
+Subject: [PATCH 5/6] batman-adv: make DAT drop ARP requests targeting local
+ clients
+
+In the outgoing ARP request snooping routine in DAT, ARP
+Request sent by local clients which are supposed to be
+replied by other local clients can be silently dropped.
+
+The destination host will reply by itself through the LAN
+and therefore there is no need to involve DAT.
+
+Reported-by: Carlos Quijano <carlos@crqgestion.es>
+Signed-off-by: Antonio Quartulli <ordex@autistici.org>
+Tested-by: Carlos Quijano <carlos@crqgestion.es>
+Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
+---
+ distributed-arp-table.c |   13 +++++++++++++
+ 1 file changed, 13 insertions(+)
+
+diff --git a/distributed-arp-table.c b/distributed-arp-table.c
+index 8e15d96..2399920 100644
+--- a/distributed-arp-table.c
++++ b/distributed-arp-table.c
+@@ -837,6 +837,19 @@ bool batadv_dat_snoop_outgoing_arp_request(struct batadv_priv *bat_priv,
+       dat_entry = batadv_dat_entry_hash_find(bat_priv, ip_dst);
+       if (dat_entry) {
++              /* If the ARP request is destined for a local client the local
++               * client will answer itself. DAT would only generate a
++               * duplicate packet.
++               *
++               * Moreover, if the soft-interface is enslaved into a bridge, an
++               * additional DAT answer may trigger kernel warnings about
++               * a packet coming from the wrong port.
++               */
++              if (batadv_is_my_client(bat_priv, dat_entry->mac_addr)) {
++                      ret = true;
++                      goto out;
++              }
++
+               skb_new = arp_create(ARPOP_REPLY, ETH_P_ARP, ip_src,
+                                    bat_priv->soft_iface, ip_dst, hw_src,
+                                    dat_entry->mac_addr, hw_src);
+-- 
+1.7.10.4
+
diff --git a/batman-adv/patches/0006-batman-adv-reorder-clean-up-routine-in-order-to-avoi.patch b/batman-adv/patches/0006-batman-adv-reorder-clean-up-routine-in-order-to-avoi.patch
new file mode 100644 (file)
index 0000000..8fa5f47
--- /dev/null
@@ -0,0 +1,57 @@
+From 763f413b9c74ccb25cb066408f49f07e5dd78f9b Mon Sep 17 00:00:00 2001
+From: Antonio Quartulli <ordex@autistici.org>
+Date: Tue, 7 May 2013 01:06:18 +0200
+Subject: [PATCH 6/6] batman-adv: reorder clean up routine in order to avoid
+ race conditions
+
+nc_worker accesses the originator table during its periodic
+work, but since the originator table is freed before
+stopping the worker this leads to a global protection fault.
+
+Fix this by killing the worker (in nc_free) before freeing
+the originator table.
+
+Moreover tidy up the entire clean up routine by running all
+the subcomponents freeing procedures first and then killing
+the TT and the originator tables at the end.
+
+Signed-off-by: Antonio Quartulli <ordex@autistici.org>
+Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
+---
+ main.c |   16 ++++++++++++----
+ 1 file changed, 12 insertions(+), 4 deletions(-)
+
+diff --git a/main.c b/main.c
+index 9c620cd..1240f07 100644
+--- a/main.c
++++ b/main.c
+@@ -163,14 +163,22 @@ void batadv_mesh_free(struct net_device *soft_iface)
+       batadv_vis_quit(bat_priv);
+       batadv_gw_node_purge(bat_priv);
+-      batadv_originator_free(bat_priv);
+       batadv_nc_free(bat_priv);
++      batadv_dat_free(bat_priv);
++      batadv_bla_free(bat_priv);
++      /* Free the TT and the originator tables only after having terminated
++       * all the other depending components which may use these structures for
++       * their purposes.
++       */
+       batadv_tt_free(bat_priv);
+-      batadv_bla_free(bat_priv);
+-
+-      batadv_dat_free(bat_priv);
++      /* Since the originator table clean up routine is accessing the TT
++       * tables as well, it has to be invoked after the TT tables have been
++       * freed and marked as empty. This ensures that no cleanup RCU callbacks
++       * accessing the TT data are scheduled for later execution.
++       */
++      batadv_originator_free(bat_priv);
+       free_percpu(bat_priv->bat_counters);
+-- 
+1.7.10.4
+