Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp2229056imm; Thu, 18 Oct 2018 11:03:24 -0700 (PDT) X-Google-Smtp-Source: ACcGV61Xkb5IO/lYn4OeoAT1Kthft9diuRWwJDog6DPhkBZ1tXYuOTfmrf5im7Z32jpPj9EuuMX/ X-Received: by 2002:a62:5887:: with SMTP id m129-v6mr1951151pfb.254.1539885804577; Thu, 18 Oct 2018 11:03:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539885804; cv=none; d=google.com; s=arc-20160816; b=yIETfjf/oVfZEETYJDP0JwMefj0zpNPnnR69LqBMVHJwib02pxtkbtDgCxNxeI5b8D k8rc1QW0tqi/idyp20P5S/sCKCM6lHJ1EPWPGxstvzfcZ/bR9oKSRGQMjj4F5cY7dR8K +7MFmVXozNmTLnvRXSkZOS7nO6K8qvOzd4IyrO75YoI8yCnGtBDfo5pMxXVVunsNOdjy +ea6N3NVtkSuOk1H93dKgOnMqqJNse4wvdGNGJ/Lr57LAZh+yQhWCJsZRKSKW9tNTEOL 8mvtGMm2IPWJVmPXsd9ySEcaWHpS6c6xlezqGxgeKMjFWCbeSj4rjixRnu969nFqAQfu 3CRg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=UtL/wjyWL54J45J1lXN5jbYqEyr3W8dlNG7QM7v1M24=; b=uqJiwSzR4oIRNxtEr0Ist91PX7eazSEbJjreLUFGxh2irNYalFM6lrf9voRDufUWmE W3P5WjhSOh516owa8pd96fy0uQPBOvtKmJkMz2cMpx8g8UYlYaOUWnvHa25XmecgzccS tXcPKBNAnErorb8wBIEFzPu6NmDwP73s7ohUW2swhv3PKXtIRv7iIvJ13xYHslQTYltX EZseLlngdhXUSryCB0bAycWste0B6E2hdJux3/zsRqMP74zraloABztM2pKkIYkT/oQU 7qAVFB7gGDT9Jk/vP0aj7MdPgZWWlAcwkW7AgRqBvIAuB7et6tu/z4NW4XgsJFDaDOOw 7uHg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=QAhjZZ+u; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id g10-v6si20259705plt.212.2018.10.18.11.03.08; Thu, 18 Oct 2018 11:03:24 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=QAhjZZ+u; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729668AbeJSCED (ORCPT + 99 others); Thu, 18 Oct 2018 22:04:03 -0400 Received: from mail.kernel.org ([198.145.29.99]:52164 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1729073AbeJSCEC (ORCPT ); Thu, 18 Oct 2018 22:04:02 -0400 Received: from localhost (ip-213-127-77-176.ip.prioritytelecom.net [213.127.77.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id CE15021480; Thu, 18 Oct 2018 18:01:55 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1539885716; bh=Rl48ME+C+ezw/eMoNs40vSBWhuO5d++ZTBQoIO2OpBE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=QAhjZZ+uvdibRRmY+tzc1qHgGPWMmOQhZXugbgXrpo7ZrlygEmWo2Qh6hlnQ8AWb6 MB+h5qBEK+rxenN7b8hIPgckklCpfwuJhF3tRlzx969yNAiR+hxFj3pd9se4ojvslI MGxiizpVjXSP0UqcyRiH2hR9bTmpqRuolB+ngeNU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Sven Eckelmann , Simon Wunderlich , Sasha Levin Subject: [PATCH 4.14 08/41] batman-adv: Prevent duplicated global TT entry Date: Thu, 18 Oct 2018 19:54:23 +0200 Message-Id: <20181018175418.332222705@linuxfoundation.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018175416.718399607@linuxfoundation.org> References: <20181018175416.718399607@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: Sven Eckelmann [ Upstream commit e7136e48ffdfb9f37b0820f619380485eb407361 ] The function batadv_tt_global_orig_entry_add is responsible for adding new tt_orig_list_entry to the orig_list. It first checks whether the entry already is in the list or not. If it is, then the creation of a new entry is aborted. But the lock for the list is only held when the list is really modified. This could lead to duplicated entries because another context could create an entry with the same key between the check and the list manipulation. The check and the manipulation of the list must therefore be in the same locked code section. Fixes: d657e621a0f5 ("batman-adv: add reference counting for type batadv_tt_orig_list_entry") Signed-off-by: Sven Eckelmann Signed-off-by: Simon Wunderlich Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- net/batman-adv/translation-table.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/net/batman-adv/translation-table.c +++ b/net/batman-adv/translation-table.c @@ -1587,6 +1587,8 @@ batadv_tt_global_orig_entry_add(struct b { struct batadv_tt_orig_list_entry *orig_entry; + spin_lock_bh(&tt_global->list_lock); + orig_entry = batadv_tt_global_orig_entry_find(tt_global, orig_node); if (orig_entry) { /* refresh the ttvn: the current value could be a bogus one that @@ -1609,11 +1611,9 @@ batadv_tt_global_orig_entry_add(struct b orig_entry->flags = flags; kref_init(&orig_entry->refcount); - spin_lock_bh(&tt_global->list_lock); kref_get(&orig_entry->refcount); hlist_add_head_rcu(&orig_entry->list, &tt_global->orig_list); - spin_unlock_bh(&tt_global->list_lock); atomic_inc(&tt_global->orig_list_count); sync_flags: @@ -1621,6 +1621,8 @@ sync_flags: out: if (orig_entry) batadv_tt_orig_list_entry_put(orig_entry); + + spin_unlock_bh(&tt_global->list_lock); } /**