Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp3732328imm; Mon, 8 Oct 2018 08:39:45 -0700 (PDT) X-Google-Smtp-Source: ACcGV60qxdGcZ7S+m2imJHSUUXZcadDjpBrx4wFSmUOSHVVjZTDuwS2pldJNc0SysrEh3WpSTa8G X-Received: by 2002:a63:d30c:: with SMTP id b12-v6mr21746439pgg.61.1539013185777; Mon, 08 Oct 2018 08:39:45 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539013185; cv=none; d=google.com; s=arc-20160816; b=vq9M9lP5TKbIki9+gT+bWI8XiqBb/uv8YWWeu4T8Sz/WSEfJQgWUzsvjB4iwB/IPMe HILNl9oAImNGCg6W7kFTrw3m7k0t9qxBzLYaS0Kv8cqlKSyK/JWx1nSU1gd0zF/s3G4K ies6iZWnz4eeAIKe2fm4U378O++9O48MjbnqiP3pKCDaB2qdlMOmMOGNWlS8silTRiu1 3dHrW1e8TF/95tG2vqkDUKH13kTf8zYH2dpvvVU8kEgD3ihviGVPjoP8c0DwzMFU7VKC i88IQ4WVT1GNsV1knEZGn1wVKKKhwWcI0X7EIgTy7P+DtYWKsNK4LbB28RTv6kD5WXlT hzYg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:references:in-reply-to:message-id:date :subject:cc:to:from:dkim-signature; bh=Pt7D6Zt2tIPYHg4nyLMxDblvJyMR4WsRhsks53kdQuU=; b=UviOX9i+mZMk0xbh8McmqxzRbNueAYS6CvRAYyBkzUWsJVIQkSFnQphk7/RHaOKWc/ IMYC25Oswh8h/QznGuIHCOzL132+KSzKCxa2Rm8pIKEHwW/MgFci4/HB7/V2f7HhM9vg 0NBRSE4r8ZuNPdEiq3oWJ8VS3fd7R61Lk4mzoe7NSAlswMOSl7+5zycwjVs3l931NzcB H+ivg49wIk5CxFlfXkhZKRqwbLJDk28WGom9U8H4OT+e0LhGVjCRbWyd1i3UL4cNg0/Z jpli+A4Hpnwx1NNQO5ER3yM2/a5N1kMap/TDwodkECq1upepyQVqcu2LMJHBxqvF/zET 5KhA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="vSr6zHj/"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id d4-v6si17563413pgj.341.2018.10.08.08.39.30; Mon, 08 Oct 2018 08:39:45 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b="vSr6zHj/"; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1726984AbeJHWhz (ORCPT + 99 others); Mon, 8 Oct 2018 18:37:55 -0400 Received: from mail.kernel.org ([198.145.29.99]:55998 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726679AbeJHWhy (ORCPT ); Mon, 8 Oct 2018 18:37:54 -0400 Received: from sasha-vm.mshome.net (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id F24B82087C; Mon, 8 Oct 2018 15:25:38 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1539012339; bh=fGdmdF2VgOHP7MCob3d/nA7dLx2vIoZR9hC41cWEKQo=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=vSr6zHj/z1fOMn1hU2F0EkwrfUo4Y+NvXGIaWGog+xoL5XTXUFhiIoZBG6OgqsDTZ V1SE0gw5sYd6ils5WS2KHEDpNv6CU+QAj9R/uFoh1zgQ6WG0foTrwnCH7rNAF6sg+u t9y/yjim8f1LWaTOG6lAvkbdNIut31H+on4ihdFM= From: Sasha Levin To: stable@vger.kernel.org, linux-kernel@vger.kernel.org Cc: Sven Eckelmann , Simon Wunderlich , Sasha Levin Subject: [PATCH AUTOSEL 4.18 13/58] batman-adv: Prevent duplicated tvlv handler Date: Mon, 8 Oct 2018 11:24:38 -0400 Message-Id: <20181008152523.70705-13-sashal@kernel.org> X-Mailer: git-send-email 2.17.1 In-Reply-To: <20181008152523.70705-1-sashal@kernel.org> References: <20181008152523.70705-1-sashal@kernel.org> Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org From: Sven Eckelmann [ Upstream commit ae3cdc97dc10c7a3b31f297dab429bfb774c9ccb ] The function batadv_tvlv_handler_register is responsible for adding new tvlv_handler to the handler_list. It first checks whether the entry already is in the list or not. If it is, then the creation of a new entry is aborted. But the lock for the list is only held when the list is really modified. This could lead to duplicated entries because another context could create an entry with the same key between the check and the list manipulation. The check and the manipulation of the list must therefore be in the same locked code section. Fixes: ef26157747d4 ("batman-adv: tvlv - basic infrastructure") Signed-off-by: Sven Eckelmann Signed-off-by: Simon Wunderlich Signed-off-by: Sasha Levin --- net/batman-adv/tvlv.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/net/batman-adv/tvlv.c b/net/batman-adv/tvlv.c index a637458205d1..40e69c9346d2 100644 --- a/net/batman-adv/tvlv.c +++ b/net/batman-adv/tvlv.c @@ -529,15 +529,20 @@ void batadv_tvlv_handler_register(struct batadv_priv *bat_priv, { struct batadv_tvlv_handler *tvlv_handler; + spin_lock_bh(&bat_priv->tvlv.handler_list_lock); + tvlv_handler = batadv_tvlv_handler_get(bat_priv, type, version); if (tvlv_handler) { + spin_unlock_bh(&bat_priv->tvlv.handler_list_lock); batadv_tvlv_handler_put(tvlv_handler); return; } tvlv_handler = kzalloc(sizeof(*tvlv_handler), GFP_ATOMIC); - if (!tvlv_handler) + if (!tvlv_handler) { + spin_unlock_bh(&bat_priv->tvlv.handler_list_lock); return; + } tvlv_handler->ogm_handler = optr; tvlv_handler->unicast_handler = uptr; @@ -547,7 +552,6 @@ void batadv_tvlv_handler_register(struct batadv_priv *bat_priv, kref_init(&tvlv_handler->refcount); INIT_HLIST_NODE(&tvlv_handler->list); - spin_lock_bh(&bat_priv->tvlv.handler_list_lock); kref_get(&tvlv_handler->refcount); hlist_add_head_rcu(&tvlv_handler->list, &bat_priv->tvlv.handler_list); spin_unlock_bh(&bat_priv->tvlv.handler_list_lock); -- 2.17.1