Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp3733127imm;
        Mon, 8 Oct 2018 08:40:26 -0700 (PDT)
X-Google-Smtp-Source: ACcGV61t2vz3Ju51WWJivkCVpjApswzAczdT55Pf4E5BEl//3EeMiD7fnyGpVMyIYG25CGRsTt/F
X-Received: by 2002:a17:902:d704:: with SMTP id w4-v6mr24938311ply.230.1539013226477;
        Mon, 08 Oct 2018 08:40:26 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1539013226; cv=none;
        d=google.com; s=arc-20160816;
        b=rsbHn0QVS84iMxR8mF0tTdDpLFoQnqRNdd+X0sszmauODVtuXnukDg37UPBeOh6cbl
         O6dDIIsx1TIg7i0een7jnQorj8cBER8Gt6M0AQCaM0Wq7Y7eyToEjw3F9dyOo6vIFcXi
         v8eCTnanFnMOfQ74iMhRBbR2meH2Ml3vV6JWCfzJEBsc5auKkkEqcDa34AUQoOHD3fSP
         Wx8ogNjHc9MRWbAUdrGmCuHOgvTFKwMGtBkLdAmU+U8Yi+5ITcHP/hD8+vrdYMGEflY+
         1dRTUnmTvP+zK0LKf0Lo7W4jyev0w3Ak0gaNDE5+CnuDWkRJ1sCRvEkEhMbGBBHdpglo
         Zfyg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:references:in-reply-to:message-id:date
         :subject:cc:to:from:dkim-signature;
        bh=A18HSoTC/Pj89aWULidZU0pHfMw62v31V02Qu/u+dgE=;
        b=ltU2cdAUKti3zncw3tarUvAE6EY6YZzyaDD+0sbVUgzui84Ex3Bm4rKC2to2YlCSYI
         W/tgLroy4Sf+nMy50rI4xPdhjP8fhAoFXFgX6BWi0HFNoUjfM/KqVw/Ynk/N5CKTxF+C
         jpLvlKev6Ce6/sLofVSCRDz9kWtNn/ultj5JyQDsH/MRxGmuTafd+qGlg8Xs9uIZDE8t
         XZAPlNeLbGC1ePzsH4UEnWSvrKamviwKwneuu+HuQueinMHXj5x4fufr2lx4cCweI82Y
         zYH48JI8wY56IFw6VXa+wQzIIKkx1vj7d8/QJmbvgu9c/5ZKYU9NTcRtCXe1atObI1EE
         D5kA==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=lKuhfmGb;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id h18-v6si15659532pgv.47.2018.10.08.08.40.11;
        Mon, 08 Oct 2018 08:40:26 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=lKuhfmGb;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1727585AbeJHWvM (ORCPT <rfc822;chauncqc@gmail.com> + 99 others);
        Mon, 8 Oct 2018 18:51:12 -0400
Received: from mail.kernel.org ([198.145.29.99]:55880 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726452AbeJHWhv (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 8 Oct 2018 18:37:51 -0400
Received: from sasha-vm.mshome.net (c-73-47-72-35.hsd1.nh.comcast.net [73.47.72.35])
        (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id A34D120644;
        Mon,  8 Oct 2018 15:25:35 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1539012336;
        bh=EgMxgeXjAQKIKMqz20hUAaretv0OcWcxHQlvaBoUumM=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=lKuhfmGb0vH9usq3n/MXEQrXfdgHQtj3zXgi3Uq0p18L3t8wLrCeI1KUaURU5UGKT
         XLgjZ2lE2sOmLYdWzOFydAxf0Y/D6CA1edvopP/NECgFMOH2ELkc2q5VOqo3ndSkv7
         VTuyvvSHr0lTlClWrpH+8q3LL9xQ2F3owSnEmqAo=
From:   Sasha Levin <sashal@kernel.org>
To:     stable@vger.kernel.org, linux-kernel@vger.kernel.org
Cc:     Sven Eckelmann <sven@narfation.org>,
        Simon Wunderlich <sw@simonwunderlich.de>,
        Sasha Levin <alexander.levin@microsoft.com>
Subject: [PATCH AUTOSEL 4.18 09/58] batman-adv: Prevent duplicated gateway_node entry
Date:   Mon,  8 Oct 2018 11:24:34 -0400
Message-Id: <20181008152523.70705-9-sashal@kernel.org>
X-Mailer: git-send-email 2.17.1
In-Reply-To: <20181008152523.70705-1-sashal@kernel.org>
References: <20181008152523.70705-1-sashal@kernel.org>
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

From: Sven Eckelmann <sven@narfation.org>

[ Upstream commit dff9bc42ab0b2d38c5e90ddd79b238fed5b4c7ad ]

The function batadv_gw_node_add is responsible for adding new gw_node to
the gateway_list. It is expecting that the caller already checked that
there is not already an entry with the same key or not.

But the lock for the list is only held when the list is really modified.
This could lead to duplicated entries because another context could create
an entry with the same key between the check and the list manipulation.

The check and the manipulation of the list must therefore be in the same
locked code section.

Fixes: c6c8fea29769 ("net: Add batman-adv meshing protocol")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Acked-by: Marek Lindner <mareklindner@neomailbox.ch>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
---
 net/batman-adv/gateway_client.c | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/net/batman-adv/gateway_client.c b/net/batman-adv/gateway_client.c
index 8b198ee798c9..140c61a3f1ec 100644
--- a/net/batman-adv/gateway_client.c
+++ b/net/batman-adv/gateway_client.c
@@ -32,6 +32,7 @@
 #include <linux/kernel.h>
 #include <linux/kref.h>
 #include <linux/list.h>
+#include <linux/lockdep.h>
 #include <linux/netdevice.h>
 #include <linux/netlink.h>
 #include <linux/rculist.h>
@@ -348,6 +349,9 @@ void batadv_gw_check_election(struct batadv_priv *bat_priv,
  * @bat_priv: the bat priv with all the soft interface information
  * @orig_node: originator announcing gateway capabilities
  * @gateway: announced bandwidth information
+ *
+ * Has to be called with the appropriate locks being acquired
+ * (gw.list_lock).
  */
 static void batadv_gw_node_add(struct batadv_priv *bat_priv,
 			       struct batadv_orig_node *orig_node,
@@ -355,6 +359,8 @@ static void batadv_gw_node_add(struct batadv_priv *bat_priv,
 {
 	struct batadv_gw_node *gw_node;
 
+	lockdep_assert_held(&bat_priv->gw.list_lock);
+
 	if (gateway->bandwidth_down == 0)
 		return;
 
@@ -369,10 +375,8 @@ static void batadv_gw_node_add(struct batadv_priv *bat_priv,
 	gw_node->bandwidth_down = ntohl(gateway->bandwidth_down);
 	gw_node->bandwidth_up = ntohl(gateway->bandwidth_up);
 
-	spin_lock_bh(&bat_priv->gw.list_lock);
 	kref_get(&gw_node->refcount);
 	hlist_add_head_rcu(&gw_node->list, &bat_priv->gw.gateway_list);
-	spin_unlock_bh(&bat_priv->gw.list_lock);
 
 	batadv_dbg(BATADV_DBG_BATMAN, bat_priv,
 		   "Found new gateway %pM -> gw bandwidth: %u.%u/%u.%u MBit\n",
@@ -428,11 +432,14 @@ void batadv_gw_node_update(struct batadv_priv *bat_priv,
 {
 	struct batadv_gw_node *gw_node, *curr_gw = NULL;
 
+	spin_lock_bh(&bat_priv->gw.list_lock);
 	gw_node = batadv_gw_node_get(bat_priv, orig_node);
 	if (!gw_node) {
 		batadv_gw_node_add(bat_priv, orig_node, gateway);
+		spin_unlock_bh(&bat_priv->gw.list_lock);
 		goto out;
 	}
+	spin_unlock_bh(&bat_priv->gw.list_lock);
 
 	if (gw_node->bandwidth_down == ntohl(gateway->bandwidth_down) &&
 	    gw_node->bandwidth_up == ntohl(gateway->bandwidth_up))
-- 
2.17.1