Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 4fe56e60 authored by Sven Eckelmann's avatar Sven Eckelmann Committed by Antonio Quartulli
Browse files

batman-adv: Check hard_iface refcnt when receiving skb 



The receive function may start processing an incoming packet while the
hard_iface is shut down in a different context. All called functions called
with the batadv_hard_iface object belonging to the incoming interface would
have to check whether the reference counter is still > 0.

This is rather error-prone because this check can be forgotten easily.
Instead check the reference counter when receiving the object to make sure
that all called functions have a valid reference.

Signed-off-by: default avatarSven Eckelmann <sven@narfation.org>
Signed-off-by: default avatarMarek Lindner <mareklindner@neomailbox.ch>
Signed-off-by: default avatarAntonio Quartulli <a@unstable.cc>
parent 27353446

net/batman-adv/main.c

+13 −1
Original line number Diff line number Diff line
@@ -401,11 +401,19 @@ int batadv_batman_skb_recv(struct sk_buff *skb, struct net_device *dev, 


	hard_iface = container_of(ptype, struct batadv_hard_iface,

				  batman_adv_ptype);



	/* Prevent processing a packet received on an interface which is getting

	 * shut down otherwise the packet may trigger de-reference errors

	 * further down in the receive path.

	 */

	if (!kref_get_unless_zero(&hard_iface->refcount))

		goto err_out;



	skb = skb_share_check(skb, GFP_ATOMIC);



	/* skb was released by skb_share_check() */

	if (!skb)

		goto err_out;

		goto err_put;



	/* packet should hold at least type and version */

	if (unlikely(!pskb_may_pull(skb, 2)))
@@ -448,6 +456,8 @@ int batadv_batman_skb_recv(struct sk_buff *skb, struct net_device *dev, 
	if (ret == NET_RX_DROP)

		kfree_skb(skb);



	batadv_hardif_put(hard_iface);



	/* return NET_RX_SUCCESS in any case as we

	 * most probably dropped the packet for

	 * routing-logical reasons.
@@ -456,6 +466,8 @@ int batadv_batman_skb_recv(struct sk_buff *skb, struct net_device *dev, 


err_free:

	kfree_skb(skb);

err_put:

	batadv_hardif_put(hard_iface);

err_out:

	return NET_RX_DROP;

}