Received: by 2002:ac0:a582:0:0:0:0:0 with SMTP id m2-v6csp2231834imm; Thu, 18 Oct 2018 11:05:48 -0700 (PDT) X-Google-Smtp-Source: ACcGV61Yp1WzLsHOa90Z8HWueJCO4yOuajCKbPNFAXjMVfqJ1Bdm7Sv3pT4Y5nmI7lMaRJN+EYH6 X-Received: by 2002:a63:3dcb:: with SMTP id k194-v6mr29306214pga.191.1539885948016; Thu, 18 Oct 2018 11:05:48 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1539885947; cv=none; d=google.com; s=arc-20160816; b=fB/o/9mq4cmV/0Pb4mw2hl/KTD1aht+9K33b1wqO5yZLBJt/HXSW+KWGwMI3J61dyQ 7CaXti6DYK8iICiMMp7WHFp1axXzVBMaV4aZoXKVHWgMXAic+1Ry/+1W3/HY/XAooAEa frf7GxakWJoJAhQgOg4rm8hvRXjqYKtIm/RcS7hCBCM7GFOgmAqnzOLVm+yW/3jdHEJi 3y3huLgOT77OUrtxx4om55uURF0eBMW+lYDLcoCtqch+SirMTeX6TVfLNsBgfsBf6P55 BqjaEw59jeYvBaMo6IVaF0diVTkpRJey8GUB17pGBCq5wuUVBfuVVzBI00TV3rwpEg84 GgSA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:content-transfer-encoding:mime-version :user-agent:references:in-reply-to:message-id:date:subject:cc:to :from:dkim-signature; bh=dD5z+xIxL2q62IWoJLRMOpU8DvyRSPZgUpFaEmPgtAQ=; b=a9jmuiCvd3DIq2VFZ9HWdGBU05oYdtwoHsmZ9eYmDXP5mMwaM1E3fhw4TQTamyos6n jFA0k9249wbaqFSj2K1dSEBDr1CmqW5r10u0PUYUb7fvEgKZ+pxDmGnBUaXrAm5vQkX0 KRXFBQjHrFAka0ZFbQLx18fSPBs5R5yHgec5jvZDgDg7bzoEL+EsJg9+MsYA/FRje/Fk Fm/rWcdjmXzqV980JbykPsp7buLU8XHTIzUz2w49KXlgqd4M/PaxxIK8Ni2wfc8m7hty OfXx11B5Q7EtvSVFHJ9qe8RkfnDRDbUpttG1BNYpKs610WfN8fwLcI1xV2sZeYSwIcmU PrjQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=sU7E96SZ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id b3-v6si15564555plc.103.2018.10.18.11.05.32; Thu, 18 Oct 2018 11:05:47 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@kernel.org header.s=default header.b=sU7E96SZ; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1730094AbeJSCGa (ORCPT + 99 others); Thu, 18 Oct 2018 22:06:30 -0400 Received: from mail.kernel.org ([198.145.29.99]:54894 "EHLO mail.kernel.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728416AbeJSCG3 (ORCPT ); Thu, 18 Oct 2018 22:06:29 -0400 Received: from localhost (ip-213-127-77-176.ip.prioritytelecom.net [213.127.77.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.kernel.org (Postfix) with ESMTPSA id 307A721476; Thu, 18 Oct 2018 18:04:22 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org; s=default; t=1539885863; bh=q81Diwt//6dk9EM+5I90GX0puoimrJ+VpKs0QEs/JkE=; h=From:To:Cc:Subject:Date:In-Reply-To:References:From; b=sU7E96SZerN/t8JWq0p7+QKngEH4iO8KQyTo7sLysbQeP/1r0tBklQuPlrKRBpVLZ hcZTACQcXZ7l08jZDHZR5BWU6LpyIvHnEtXnQeVaN0F3UDo/DDgOFndfvKqCsNJCFH SN4wkPs8MaCv3d9oSpOEfW/47psWWK8sMHxC0+RU= From: Greg Kroah-Hartman To: linux-kernel@vger.kernel.org Cc: Greg Kroah-Hartman , stable@vger.kernel.org, Sven Eckelmann , Simon Wunderlich , Sasha Levin Subject: [PATCH 4.9 06/35] batman-adv: Prevent duplicated global TT entry Date: Thu, 18 Oct 2018 19:54:35 +0200 Message-Id: <20181018175423.410360298@linuxfoundation.org> X-Mailer: git-send-email 2.19.1 In-Reply-To: <20181018175422.506152522@linuxfoundation.org> References: <20181018175422.506152522@linuxfoundation.org> User-Agent: quilt/0.65 X-stable: review MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org 4.9-stable review patch. If anyone has any objections, please let me know. ------------------ From: Sven Eckelmann [ Upstream commit e7136e48ffdfb9f37b0820f619380485eb407361 ] The function batadv_tt_global_orig_entry_add is responsible for adding new tt_orig_list_entry to the orig_list. It first checks whether the entry already is in the list or not. If it is, then the creation of a new entry is aborted. But the lock for the list is only held when the list is really modified. This could lead to duplicated entries because another context could create an entry with the same key between the check and the list manipulation. The check and the manipulation of the list must therefore be in the same locked code section. Fixes: d657e621a0f5 ("batman-adv: add reference counting for type batadv_tt_orig_list_entry") Signed-off-by: Sven Eckelmann Signed-off-by: Simon Wunderlich Signed-off-by: Sasha Levin Signed-off-by: Greg Kroah-Hartman --- net/batman-adv/translation-table.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) --- a/net/batman-adv/translation-table.c +++ b/net/batman-adv/translation-table.c @@ -1550,6 +1550,8 @@ batadv_tt_global_orig_entry_add(struct b { struct batadv_tt_orig_list_entry *orig_entry; + spin_lock_bh(&tt_global->list_lock); + orig_entry = batadv_tt_global_orig_entry_find(tt_global, orig_node); if (orig_entry) { /* refresh the ttvn: the current value could be a bogus one that @@ -1570,16 +1572,16 @@ batadv_tt_global_orig_entry_add(struct b orig_entry->ttvn = ttvn; kref_init(&orig_entry->refcount); - spin_lock_bh(&tt_global->list_lock); kref_get(&orig_entry->refcount); hlist_add_head_rcu(&orig_entry->list, &tt_global->orig_list); - spin_unlock_bh(&tt_global->list_lock); atomic_inc(&tt_global->orig_list_count); out: if (orig_entry) batadv_tt_orig_list_entry_put(orig_entry); + + spin_unlock_bh(&tt_global->list_lock); } /**