Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp2229121imm; Thu, 18 Oct 2018 11:03:29 -0700 (PDT) X-Google-Smtp-Source: ACcGV60KlMXoSxw5DLT9+sqgSU7OKYeOwfknU8Vdx94U5S9wSeXHs8xo+XGoL73KtyTlPR445F91 X-Received: by 2002:a63:db04:: with SMTP id e4-v6mr29392132pgg.280.1539885809388; Thu, 18 Oct 2018 11:03:29 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539885809; cv=none; d=google.com; s=arc-20160816; b=QE5/0WD9uw1gwa9ofkkCN46p/A+xUxOwcRHdd5JO3m/AnhmvxFJbcxAl2gLq+qPtl+ /BJ9o7maVqvQsgk86htsA4et+wENdNfH8kjAn4UeE922S5FzlON9Zv5BnGEQ/OJfKAYW irFEDn64Y6Vu1fy9vilg3oU2owwBv05hv2KXdWINIoy0Pl5lVUrIOOzws3PNmAhgLfkQ IW8Yw5zGqlO9wMHyeE2EIf6kMbZWWB2svXIKVCooEB2JGJLlSnE+2Kz9nOK/grl6GKxf 5mCFy3Xp3XRhQR7KmIQfwVNBQhsfDtHy4ZnLegGQGNbbGSE99nPe/EP/sN71Ww7gGgxq FRCA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=8o3BF7JPirkasgDbMAFqGJtKXLonfuHJR1z/e2xTLWQ=; b=vBGlZKyZQKeql2kqb94lGlULbrqTQcHuwFOZ0OUp7JuwfeI4x5Ls3zAs47UughDkjy MY1wqMXijdu7zPe4Mmu0ZSRbuW8buu4ceXV0nWBCTUxmMflnEuM9Jxc8Wt+LIbJ/yTGc OXOiAcEGd3yO0sY7rFcbQ1nDFdBTwkGMSbQYH/Emsbh2fyuaMD7kAV7AyA9CPKU1lggL ClMCzeRZv0tsxSYK8urN4H3B5bDURTF19w7DOMRXWrVyV8WE+8KXjupOjQuLFPY5wNWE cAXEhE0jbatrGUdv3nkQ6HKrbD28lZ8lyPYHRb099/gL5twqi9ChwWOWKfuKBXbXrPPy aZhA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=1tiAwIGd; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id 5-v6si23155955pfz.160.2018.10.18.11.03.13; Thu, 18 Oct 2018 11:03:29 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=1tiAwIGd; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729675AbeJSCEG (ORCPT + 99 others); Thu, 18 Oct 2018 22:04:06 -0400 Received: from mail.kernel.org ([198.145.29.99]:52256 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728348AbeJSCEG (ORCPT ); Thu, 18 Oct 2018 22:04:06 -0400 Received: from localhost (ip-213-127-77-176.ip.prioritytelecom.net [213.127.77.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 8D9A521476; Thu, 18 Oct 2018 18:01:59 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1539885720; bh=rjIoZiQMDXt+sDCRiRNuEdfITQ3IWMBI7xPRX6ivo60=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=1tiAwIGdrrPuxJog/hogzOkD/TISVJm9gyBA9ziQoInfojLgxRTIFf5sz5Syr3w1M eErHS1ocXRS7ap4wbiQ13rXooiE5rabQN44C/cpUzkQFnTXGjxfPTNoLt0M9wzvoTs LJucYhAfdh7QrtGcbzD8YHevU9I833jvdgdLgeQ8= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Sven Eckelmann , Simon Wunderlich , Sasha Levin Subject: [PATCH 4.14 09/41] batman-adv: Prevent duplicated tvlv handler Date: Thu, 18 Oct 2018 19:54:24 +0200 Message-Id: <20181018175418.483224176@linuxfoundation.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018175416.718399607@linuxfoundation.org> References: <20181018175416.718399607@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.14-stable review patch. If anyone has any objections, please let me know. ------------------ From: Sven Eckelmann [ Upstream commit ae3cdc97dc10c7a3b31f297dab429bfb774c9ccb ] The function batadv_tvlv_handler_register is responsible for adding new tvlv_handler to the handler_list. It first checks whether the entry already is in the list or not. If it is, then the creation of a new entry is aborted. But the lock for the list is only held when the list is really modified. This could lead to duplicated entries because another context could create an entry with the same key between the check and the list manipulation. The check and the manipulation of the list must therefore be in the same locked code section. Fixes: ef26157747d4 ("batman-adv: tvlv - basic infrastructure") Signed-off-by: Sven Eckelmann Signed-off-by: Simon Wunderlich Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- net/batman-adv/tvlv.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) --- a/net/batman-adv/tvlv.c +++ b/net/batman-adv/tvlv.c @@ -528,15 +528,20 @@ void batadv_tvlv_handler_register(struct { struct batadv_tvlv_handler *tvlv_handler; + spin_lock_bh(&bat_priv->tvlv.handler_list_lock); + tvlv_handler = batadv_tvlv_handler_get(bat_priv, type, version); if (tvlv_handler) { + spin_unlock_bh(&bat_priv->tvlv.handler_list_lock); batadv_tvlv_handler_put(tvlv_handler); return; } tvlv_handler = kzalloc(sizeof(*tvlv_handler), GFP_ATOMIC); - if (!tvlv_handler) + if (!tvlv_handler) { + spin_unlock_bh(&bat_priv->tvlv.handler_list_lock); return; + } tvlv_handler->ogm_handler = optr; tvlv_handler->unicast_handler = uptr; @@ -546,7 +551,6 @@ void batadv_tvlv_handler_register(struct kref_init(&tvlv_handler->refcount); INIT_HLIST_NODE(&tvlv_handler->list); - spin_lock_bh(&bat_priv->tvlv.handler_list_lock); kref_get(&tvlv_handler->refcount); hlist_add_head_rcu(&tvlv_handler->list, &bat_priv->tvlv.handler_list); spin_unlock_bh(&bat_priv->tvlv.handler_list_lock);