Gitiles
Code Review Sign In
review.evervolv.com / android_kernel_oneplus_msm8996 / e1a5382f978b67b5cc36eec65e6046730ce07714^! / . / net / batman-adv / icmp_socket.c
commite1a5382f978b67b5cc36eec65e6046730ce07714[log] [tgz]
authorLinus Lüssing <linus.luessing@web.de>Mon Mar 14 22:43:37 2011 +0000
committerSven Eckelmann <sven@narfation.org>Sun Apr 17 21:11:01 2011 +0200
treef7ca07cde3a49858d0cfa33e0189a659a1fcc95d
parent57f0c07c4d0da8bcc23e21c330fe9c7c5cf776b5 [diff] [blame]
batman-adv: Make orig_node->router an rcu protected pointer

The rcu protected macros rcu_dereference() and rcu_assign_pointer()
for the orig_node->router need to be used, as well as spin/rcu locking.
Otherwise we might end up using a router pointer pointing to already
freed memory.

Therefore this commit introduces the safe getter method
orig_node_get_router().

Signed-off-by: Linus Lüssing <linus.luessing@web.de>
Signed-off-by: Marek Lindner <lindner_marek@yahoo.de>
Signed-off-by: Sven Eckelmann <sven@narfation.org>

diff --git a/net/batman-adv/icmp_socket.c b/net/batman-adv/icmp_socket.c
index 34ce56c..49079c2 100644
--- a/net/batman-adv/icmp_socket.c
+++ b/net/batman-adv/icmp_socket.c

@@ -218,23 +218,13 @@
 	if (atomic_read(&bat_priv->mesh_state) != MESH_ACTIVE)
 		goto dst_unreach;
 
-	rcu_read_lock();
 	orig_node = orig_hash_find(bat_priv, icmp_packet->dst);
-
 	if (!orig_node)
-		goto unlock;
+		goto dst_unreach;
 
-	neigh_node = orig_node->router;
-
+	neigh_node = orig_node_get_router(orig_node);
 	if (!neigh_node)
-		goto unlock;
-
-	if (!atomic_inc_not_zero(&neigh_node->refcount)) {
-		neigh_node = NULL;
-		goto unlock;
-	}
-
-	rcu_read_unlock();
+		goto dst_unreach;
 
 	if (!neigh_node->if_incoming)
 		goto dst_unreach;
@@ -252,8 +242,6 @@
 	send_skb_packet(skb, neigh_node->if_incoming, neigh_node->addr);
 	goto out;
 
-unlock:
-	rcu_read_unlock();
 dst_unreach:
 	icmp_packet->msg_type = DESTINATION_UNREACHABLE;
 	bat_socket_add_packet(socket_client, icmp_packet, packet_len);