From: Marek Lindner Date: Wed, 29 Jan 2014 05:00:04 +0000 (+0800) Subject: batman-adv: 2014.0.0 updated stability fixes X-Git-Url: http://git.openwrt.org/?p=feed%2Frouting.git;a=commitdiff_plain;h=4ef1f3eee1be739f0f3062408bd598c8c226e665 batman-adv: 2014.0.0 updated stability fixes Signed-off-by: Marek Lindner --- diff --git a/batman-adv/patches/0001-batman-adv-fix-batman-adv-header-overhead-calculatio.patch b/batman-adv/patches/0001-batman-adv-fix-batman-adv-header-overhead-calculatio.patch index 19b3356..31c2218 100644 --- a/batman-adv/patches/0001-batman-adv-fix-batman-adv-header-overhead-calculatio.patch +++ b/batman-adv/patches/0001-batman-adv-fix-batman-adv-header-overhead-calculatio.patch @@ -1,13 +1,14 @@ -From d72756b97529b3c6afa08933216aaa912bb16ce6 Mon Sep 17 00:00:00 2001 +From 746d6436f88899a79c1cb3b27af0614510368bb7 Mon Sep 17 00:00:00 2001 From: Marek Lindner Date: Wed, 15 Jan 2014 20:31:18 +0800 -Subject: [PATCH] batman-adv: fix batman-adv header overhead calculation +Subject: [PATCH 1/5] batman-adv: fix batman-adv header overhead calculation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Batman-adv prepends a full ethernet header in addition to its own -header. This has to be reflected in the MTU calculation. +header. This has to be reflected in the MTU calculation, especially +since the value is used to set dev->hard_header_len. Introduced by f1f310d5c261f0214f85afea95d5cd11d49d64c6 ("batman-adv: consider network coding overhead when calculating required mtu") @@ -33,5 +34,5 @@ index 4547bf0..fd85205 100644 /** -- -1.8.4.4 +1.8.5.3 diff --git a/batman-adv/patches/0002-batman-adv-fix-potential-kernel-paging-error-for-uni.patch b/batman-adv/patches/0002-batman-adv-fix-potential-kernel-paging-error-for-uni.patch new file mode 100644 index 0000000..30f5f55 --- /dev/null +++ b/batman-adv/patches/0002-batman-adv-fix-potential-kernel-paging-error-for-uni.patch @@ -0,0 +1,44 @@ +From 41b38727749a94c1a65cf0f4be9bfe1cbaf0adeb Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Linus=20L=C3=BCssing?= +Date: Mon, 20 Jan 2014 11:06:44 +0100 +Subject: [PATCH 2/5] batman-adv: fix potential kernel paging error for unicast + transmissions +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +batadv_send_skb_prepare_unicast(_4addr) might reallocate the skb's +data. If it does then our ethhdr pointer is not valid anymore in +batadv_send_skb_unicast(), resulting in a kernel paging error. + +Fixing this by refetching the ethhdr pointer after the potential +reallocation. + +Introduced by b46c60b9e1ee7a1909c542413a85875a750955d6 +("batman-adv: improve unicast packet (re)routing") + +Signed-off-by: Linus Lüssing +Acked-by: Antonio Quartulli +Signed-off-by: Marek Lindner +--- + send.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/send.c b/send.c +index b0a3d76..2035bd9 100644 +--- a/send.c ++++ b/send.c +@@ -281,6 +281,10 @@ static int batadv_send_skb_unicast(struct batadv_priv *bat_priv, + goto out; + } + ++ /* skb->data might have been reallocated by ++ * batadv_send_skb_prepare_unicast{,_4addr}() ++ */ ++ ethhdr = eth_hdr(skb); + unicast_packet = (struct batadv_unicast_packet *)skb->data; + + /* inform the destination node that we are still missing a correct route +-- +1.8.5.3 + diff --git a/batman-adv/patches/0003-batman-adv-fix-soft-interface-MTU-computation.patch b/batman-adv/patches/0003-batman-adv-fix-soft-interface-MTU-computation.patch new file mode 100644 index 0000000..ac718c0 --- /dev/null +++ b/batman-adv/patches/0003-batman-adv-fix-soft-interface-MTU-computation.patch @@ -0,0 +1,75 @@ +From 2b108ccd0533e1375e44c73ec58c69dde9a71687 Mon Sep 17 00:00:00 2001 +From: Antonio Quartulli +Date: Tue, 21 Jan 2014 11:22:05 +0100 +Subject: [PATCH 3/5] batman-adv: fix soft-interface MTU computation + +The current MTU computation always returns a value +smaller than 1500bytes even if the real interfaces +have an MTU large enough to compensate the batman-adv +overhead. + +Fix the computation by properly returning the highest +admitted value. + +Introduced by f7f2fe494388fca828094a4ebdab918a7b2d64f8 +("batman-adv: limit local translation table max size") + +Reported-by: Russell Senior +Signed-off-by: Antonio Quartulli +Signed-off-by: Marek Lindner +--- + hard-interface.c | 22 ++++++++++++++-------- + 1 file changed, 14 insertions(+), 8 deletions(-) + +diff --git a/hard-interface.c b/hard-interface.c +index 6792e03..0eb0b3b 100644 +--- a/hard-interface.c ++++ b/hard-interface.c +@@ -244,7 +244,7 @@ int batadv_hardif_min_mtu(struct net_device *soft_iface) + { + struct batadv_priv *bat_priv = netdev_priv(soft_iface); + const struct batadv_hard_iface *hard_iface; +- int min_mtu = ETH_DATA_LEN; ++ int min_mtu = INT_MAX; + + rcu_read_lock(); + list_for_each_entry_rcu(hard_iface, &batadv_hardif_list, list) { +@@ -259,8 +259,6 @@ int batadv_hardif_min_mtu(struct net_device *soft_iface) + } + rcu_read_unlock(); + +- atomic_set(&bat_priv->packet_size_max, min_mtu); +- + if (atomic_read(&bat_priv->fragmentation) == 0) + goto out; + +@@ -271,13 +269,21 @@ int batadv_hardif_min_mtu(struct net_device *soft_iface) + min_mtu = min_t(int, min_mtu, BATADV_FRAG_MAX_FRAG_SIZE); + min_mtu -= sizeof(struct batadv_frag_packet); + min_mtu *= BATADV_FRAG_MAX_FRAGMENTS; +- atomic_set(&bat_priv->packet_size_max, min_mtu); +- +- /* with fragmentation enabled we can fragment external packets easily */ +- min_mtu = min_t(int, min_mtu, ETH_DATA_LEN); + + out: +- return min_mtu - batadv_max_header_len(); ++ /* report to the other components the maximum amount of bytes that ++ * batman-adv can send over the wire (without considering the payload ++ * overhead). For example, this value is used by TT to compute the ++ * maximum local table table size ++ */ ++ atomic_set(&bat_priv->packet_size_max, min_mtu); ++ ++ /* the real soft-interface MTU is computed by removing the payload ++ * overhead from the maximum amount of bytes that was just computed. ++ * ++ * However batman-adv does not support MTUs bigger than ETH_DATA_LEN ++ */ ++ return min_t(int, min_mtu - batadv_max_header_len(), ETH_DATA_LEN); + } + + /* adjusts the MTU if a new interface with a smaller MTU appeared. */ +-- +1.8.5.3 + diff --git a/batman-adv/patches/0004-batman-adv-fix-TT-TVLV-parsing-on-OGM-reception.patch b/batman-adv/patches/0004-batman-adv-fix-TT-TVLV-parsing-on-OGM-reception.patch new file mode 100644 index 0000000..d34225f --- /dev/null +++ b/batman-adv/patches/0004-batman-adv-fix-TT-TVLV-parsing-on-OGM-reception.patch @@ -0,0 +1,35 @@ +From db13d361ff6abf57090acfdeb0f5cedd8dd7f02e Mon Sep 17 00:00:00 2001 +From: Antonio Quartulli +Date: Mon, 27 Jan 2014 12:23:28 +0100 +Subject: [PATCH 4/5] batman-adv: fix TT-TVLV parsing on OGM reception + +When accessing a TT-TVLV container in the OGM RX path +the variable pointing to the list of changes to apply is +altered by mistake. + +This makes the TT component read data at the wrong position +in the OGM packet buffer. + +Fix it by removing the bogus pointer alteration. + +Signed-off-by: Antonio Quartulli +Signed-off-by: Marek Lindner +--- + translation-table.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/translation-table.c b/translation-table.c +index 3fca99d..45b6155 100644 +--- a/translation-table.c ++++ b/translation-table.c +@@ -3204,7 +3204,6 @@ static void batadv_tt_update_orig(struct batadv_priv *bat_priv, + + spin_lock_bh(&orig_node->tt_lock); + +- tt_change = (struct batadv_tvlv_tt_change *)tt_buff; + batadv_tt_update_changes(bat_priv, orig_node, tt_num_changes, + ttvn, tt_change); + +-- +1.8.5.3 + diff --git a/batman-adv/patches/0005-batman-adv-release-vlan-object-after-checking-the-CR.patch b/batman-adv/patches/0005-batman-adv-release-vlan-object-after-checking-the-CR.patch new file mode 100644 index 0000000..58b95e8 --- /dev/null +++ b/batman-adv/patches/0005-batman-adv-release-vlan-object-after-checking-the-CR.patch @@ -0,0 +1,50 @@ +From dc08c045b46bdd9a5c81068a89f9f2a78d3d4bbd Mon Sep 17 00:00:00 2001 +From: Antonio Quartulli +Date: Tue, 28 Jan 2014 02:06:47 +0100 +Subject: [PATCH 5/5] batman-adv: release vlan object after checking the CRC + +There is a refcounter unbalance in the CRC checking routine +invoked on OGM reception. A vlan object is retrieved (thus +its refcounter is increased by one) but it is never properly +released. This leads to a memleak because the vlan object +will never be free'd. + +Fix this by releasing the vlan object after having read the +CRC. + +Reported-by: Russell Senior +Reported-by: Daniel +Reported-by: cmsv +Signed-off-by: Antonio Quartulli +Signed-off-by: Marek Lindner +--- + translation-table.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/translation-table.c b/translation-table.c +index 45b6155..05c2a9b 100644 +--- a/translation-table.c ++++ b/translation-table.c +@@ -2248,6 +2248,7 @@ static bool batadv_tt_global_check_crc(struct batadv_orig_node *orig_node, + { + struct batadv_tvlv_tt_vlan_data *tt_vlan_tmp; + struct batadv_orig_node_vlan *vlan; ++ uint32_t crc; + int i; + + /* check if each received CRC matches the locally stored one */ +@@ -2267,7 +2268,10 @@ static bool batadv_tt_global_check_crc(struct batadv_orig_node *orig_node, + if (!vlan) + return false; + +- if (vlan->tt.crc != ntohl(tt_vlan_tmp->crc)) ++ crc = vlan->tt.crc; ++ batadv_orig_node_vlan_free_ref(vlan); ++ ++ if (crc != ntohl(tt_vlan_tmp->crc)) + return false; + } + +-- +1.8.5.3 +