Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp2224803imm;
        Thu, 18 Oct 2018 10:59:52 -0700 (PDT)
X-Google-Smtp-Source: ACcGV609ApGl2VCLFcoa0ItimZX8qHkMgPqEFu23rEfYP25ILQh2INr6twDfvpsVcv9gDNasqnyW
X-Received: by 2002:a63:330e:: with SMTP id z14-v6mr2527428pgz.220.1539885592781;
        Thu, 18 Oct 2018 10:59:52 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1539885592; cv=none;
        d=google.com; s=arc-20160816;
        b=Xyztvfyt/Tx5Iyu8u+Kc5NtxjxB/xHGTIvtWysldpQSFXUAcT9pSlu/CCfdQZ3UdT/
         baL8ZPkV9tpfhwJ+cSmZTdRYHqOEY/jInsLf22iDxAWoBOIL9EkDTOaZ/DL1Bhed4P25
         YPAqRvrStNjcNSseVHbZeZziZb8uxl7LZEA+3PalF/Yw/g5wtzIX8mWyzrt/QdvS8aLF
         speYyF+J8mm/+TS8RXriZfruAxcRWNyNVjebbDx4xTDEFz7+8sZzOXUvajFTtm4wI7YI
         YlrG0gX8XHErHsdkau3Nwg9AzpnthKJsXDp7tSjQ1LIDCZf4EiEOQVYtx5Qtg5eH5UJk
         F3IQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:sender:content-transfer-encoding:mime-version
         :user-agent:references:in-reply-to:message-id:date:subject:cc:to
         :from:dkim-signature;
        bh=ROvVRbqt6Ec7JSQh2Cnyg4BwwzNKoRi3pJyzlXpbWGk=;
        b=OocFF2CZ189eT71T6pfy8KACS3jRlx4PmIneFoW/c1/ueGl9Mbem3fhTkiYB5OGIy9
         Hbl6xgDJ7Dljj1dZrOSUi7rKn/hIa292oxRX3DFhvoSW4VzunTwVAqGcEnINNKp+Lu/Y
         1hKw/ZlQt8UqzSgfHfVXcinWtpWI+6tNn8ox/R2CgLdi8HDvv0zCdlRBJywG+leondF6
         SfTfL/Xh2y7E4B60SoqFDMzsBqUeaxC+o7DyNti9vNoPjAgMkTsfC7+I+Zy1oM1sECzk
         Dmxu4LVUv5XMPFOzpsEetzADlhBW0cCcw9m6tuCHTBk1R3sE1tvpPnc+NuE0vdvkM7zP
         0WLw==
ARC-Authentication-Results: i=1; mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=GzO8soxM;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67])
        by mx.google.com with ESMTP id go3si21032864plb.266.2018.10.18.10.59.37;
        Thu, 18 Oct 2018 10:59:52 -0700 (PDT)
Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67;
Authentication-Results: mx.google.com;
       dkim=pass header.i=@kernel.org header.s=default header.b=GzO8soxM;
       spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S1729075AbeJSCAg (ORCPT <rfc822;zjuysxie86@gmail.com>
        + 99 others); Thu, 18 Oct 2018 22:00:36 -0400
Received: from mail.kernel.org ([198.145.29.99]:48246 "EHLO mail.kernel.org"
        rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
        id S1726650AbeJSCAf (ORCPT <rfc822;linux-kernel@vger.kernel.org>);
        Thu, 18 Oct 2018 22:00:35 -0400
Received: from localhost (ip-213-127-77-176.ip.prioritytelecom.net [213.127.77.176])
        (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
        (No client certificate requested)
        by mail.kernel.org (Postfix) with ESMTPSA id D277B204FD;
        Thu, 18 Oct 2018 17:58:29 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
        s=default; t=1539885510;
        bh=ZepONSE7vRYlFCstYC+CVESULLXP+dtB6Ihp3pHOy9Y=;
        h=From:To:Cc:Subject:Date:In-Reply-To:References:From;
        b=GzO8soxMlUFsrseRxsqesrN78jJmCdpkCAGGoXQMFnk5xz+N4E5T/+RrVU+XAMQoZ
         ezVzvUkJPDshiwrl7z1DC9nRdVSp/5P1JM46pOd7gzvL7tp/kPa0uqfgu/OfxolNip
         yQ9lY4hRUzYPja1RWRHxML07cmzhwvrDTW8M++mo=
From:   Greg Kroah-Hartman <gregkh@linuxfoundation.org>
To:     linux-kernel@vger.kernel.org
Cc:     Greg Kroah-Hartman <gregkh@linuxfoundation.org>,
        stable@vger.kernel.org, Sven Eckelmann <sven@narfation.org>,
        Marek Lindner <mareklindner@neomailbox.ch>,
        Simon Wunderlich <sw@simonwunderlich.de>,
        Sasha Levin <alexander.levin@microsoft.com>
Subject: [PATCH 4.18 09/53] batman-adv: Prevent duplicated gateway_node entry
Date:   Thu, 18 Oct 2018 19:54:02 +0200
Message-Id: <20181018175418.470883959@linuxfoundation.org>
X-Mailer: git-send-email 2.19.1
In-Reply-To: <20181018175416.561567978@linuxfoundation.org>
References: <20181018175416.561567978@linuxfoundation.org>
User-Agent: quilt/0.65
X-stable: review
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Sender: linux-kernel-owner@vger.kernel.org
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

4.18-stable review patch.  If anyone has any objections, please let me know.

------------------

From: Sven Eckelmann <sven@narfation.org>

[ Upstream commit dff9bc42ab0b2d38c5e90ddd79b238fed5b4c7ad ]

The function batadv_gw_node_add is responsible for adding new gw_node to
the gateway_list. It is expecting that the caller already checked that
there is not already an entry with the same key or not.

But the lock for the list is only held when the list is really modified.
This could lead to duplicated entries because another context could create
an entry with the same key between the check and the list manipulation.

The check and the manipulation of the list must therefore be in the same
locked code section.

Fixes: c6c8fea29769 ("net: Add batman-adv meshing protocol")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Acked-by: Marek Lindner <mareklindner@neomailbox.ch>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/batman-adv/gateway_client.c |   11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

--- a/net/batman-adv/gateway_client.c
+++ b/net/batman-adv/gateway_client.c
@@ -32,6 +32,7 @@
 #include <linux/kernel.h>
 #include <linux/kref.h>
 #include <linux/list.h>
+#include <linux/lockdep.h>
 #include <linux/netdevice.h>
 #include <linux/netlink.h>
 #include <linux/rculist.h>
@@ -348,6 +349,9 @@ out:
  * @bat_priv: the bat priv with all the soft interface information
  * @orig_node: originator announcing gateway capabilities
  * @gateway: announced bandwidth information
+ *
+ * Has to be called with the appropriate locks being acquired
+ * (gw.list_lock).
  */
 static void batadv_gw_node_add(struct batadv_priv *bat_priv,
 			       struct batadv_orig_node *orig_node,
@@ -355,6 +359,8 @@ static void batadv_gw_node_add(struct ba
 {
 	struct batadv_gw_node *gw_node;
 
+	lockdep_assert_held(&bat_priv->gw.list_lock);
+
 	if (gateway->bandwidth_down == 0)
 		return;
 
@@ -369,10 +375,8 @@ static void batadv_gw_node_add(struct ba
 	gw_node->bandwidth_down = ntohl(gateway->bandwidth_down);
 	gw_node->bandwidth_up = ntohl(gateway->bandwidth_up);
 
-	spin_lock_bh(&bat_priv->gw.list_lock);
 	kref_get(&gw_node->refcount);
 	hlist_add_head_rcu(&gw_node->list, &bat_priv->gw.gateway_list);
-	spin_unlock_bh(&bat_priv->gw.list_lock);
 
 	batadv_dbg(BATADV_DBG_BATMAN, bat_priv,
 		   "Found new gateway %pM -> gw bandwidth: %u.%u/%u.%u MBit\n",
@@ -428,11 +432,14 @@ void batadv_gw_node_update(struct batadv
 {
 	struct batadv_gw_node *gw_node, *curr_gw = NULL;
 
+	spin_lock_bh(&bat_priv->gw.list_lock);
 	gw_node = batadv_gw_node_get(bat_priv, orig_node);
 	if (!gw_node) {
 		batadv_gw_node_add(bat_priv, orig_node, gateway);
+		spin_unlock_bh(&bat_priv->gw.list_lock);
 		goto out;
 	}
+	spin_unlock_bh(&bat_priv->gw.list_lock);
 
 	if (gw_node->bandwidth_down == ntohl(gateway->bandwidth_down) &&
 	    gw_node->bandwidth_up == ntohl(gateway->bandwidth_up))