kernel-ark/net
Antonio Quartulli 8b8e4bc039 batman-adv: fix race condition in TT full-table replacement
bug introduced with cea194d90b11aff7fc289149e4c7f305fad3535a

In the current TT code, when a TT_Response containing a full table is received
from an originator, first the node purges all the clients for that originator in
the global translation-table and then merges the newly received table.
During the purging phase each client deletion is done by means of a call_rcu()
invocation and at the end of this phase the global entry counter for that
originator is set to 0. However the invoked rcu function decreases the global
entry counter for that originator by one too and since the rcu invocation is
likely to be postponed, the node will end up in first setting the counter to 0
and then decreasing it one by one for each deleted client.

This bug leads to having a wrong global entry counter for the related node, say
X. Then when the node with the broken counter will answer to a TT_REQUEST on
behalf of node X, it will create faulty TT_RESPONSE that will generate an
unrecoverable situation on the node that asked for the full table recover.

The non-recoverability is given by the fact that the node with the broken
counter will keep answering on behalf of X because its knowledge about X's state
(ttvn + tt_crc) is correct.

To solve this problem the counter is not explicitly set to 0 anymore and the
counter decrement is performed right before the invocation of call_rcu().

Signed-off-by: Antonio Quartulli <ordex@autistici.org>
2012-06-23 17:21:35 +02:00
..
9p Autogenerated GPG tag for Rusty D1ADB8F1: 15EE 8D6C AB0E 7F0C F999 BFCB D920 0E6C D1AD B8F1 2012-05-21 20:20:23 -07:00
802 tokenring: delete all remaining driver support 2012-05-15 20:23:16 -04:00
8021q Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-05-16 22:17:37 -04:00
appletalk appletalk: Remove out of date message in printk 2012-06-07 13:11:59 -07:00
atm Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jikos/trivial 2012-05-22 19:22:50 -07:00
ax25 Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-04-23 23:15:17 -04:00
batman-adv batman-adv: fix race condition in TT full-table replacement 2012-06-23 17:21:35 +02:00
bluetooth Bluetooth: Fix sending HCI_Disconnect only when connected 2012-06-14 12:19:39 -03:00
bridge ipv6: correct the ipv6 option name - Pad0 to Pad1 2012-05-17 15:49:51 -04:00
caif net: remove my future former mail address 2012-06-17 16:29:38 -07:00
can net: remove skb_orphan_try() 2012-06-15 15:30:15 -07:00
ceph Merge git://git.kernel.org/pub/scm/linux/kernel/git/sage/ceph-client 2012-05-30 11:17:19 -07:00
core net: remove skb_orphan_try() 2012-06-15 15:30:15 -07:00
dcb net: dcb: add CEE notify calls 2012-04-25 19:47:17 -04:00
dccp net: include/net/sock.h cleanup 2012-05-17 04:50:21 -04:00
decnet net: Convert net_ratelimit uses to net_<level>_ratelimited 2012-05-15 13:45:03 -04:00
dns_resolver Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2012-05-21 20:27:36 -07:00
dsa dsa: Convert compare_ether_addr to ether_addr_equal 2012-05-09 20:49:19 -04:00
ethernet net, drivers/net: Convert compare_ether_addr_64bits to ether_addr_equal_64bits 2012-05-10 23:33:01 -04:00
ieee802154 ieee802154: interface type to be added 2012-05-16 15:17:08 -04:00
ipv4 snmp: fix OutOctets counter to include forwarded datagrams 2012-06-07 14:50:56 -07:00
ipv6 ipv6: Move ipv6 proc file registration to end of init order 2012-06-18 18:38:50 -07:00
ipx ipx: Remove spurious NULL checking in ipx_ioctl(). 2012-05-19 00:51:04 -04:00
irda net: Convert all sysctl registrations to register_net_sysctl 2012-04-20 21:22:30 -04:00
iucv net: remove skb_orphan_try() 2012-06-15 15:30:15 -07:00
key
l2tp l2tp: fix a race in l2tp_ip_sendmsg() 2012-06-08 14:30:51 -07:00
lapb lapb: Neaten debugging 2012-05-17 18:45:20 -04:00
llc net: include/net/sock.h cleanup 2012-05-17 04:50:21 -04:00
mac80211 mac80211: stop polling in disassociation 2012-06-13 10:17:55 +02:00
mac802154 mac802154: monitor device support 2012-05-16 15:17:08 -04:00
netfilter netfilter: nf_ct_h323: fix bug in rtcp natting 2012-06-07 14:53:17 +02:00
netlabel
netlink genetlink: Build a generic netlink family module alias 2012-05-29 22:33:56 -04:00
netrom net: Convert all sysctl registrations to register_net_sysctl 2012-04-20 21:22:30 -04:00
nfc NFC: Fix possible NULL ptr deref when getting the name of a socket 2012-06-08 13:47:07 -04:00
openvswitch Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2012-05-16 22:17:37 -04:00
packet af_packet: packet_getsockopt() cleanup 2012-04-21 16:36:42 -04:00
phonet net: remove my future former mail address 2012-06-17 16:29:38 -07:00
rds rds_rdma: don't assume infiniband device is PCI 2012-05-29 17:30:07 -04:00
rfkill
rose net: Convert all sysctl registrations to register_net_sysctl 2012-04-20 21:22:30 -04:00
rxrpc
sched sch_atm.c: get rid of poinless extern 2012-06-01 10:37:18 -04:00
sctp sctp: fix warning when compiling without IPv6 2012-06-19 00:26:26 -07:00
sunrpc Merge branch 'for-3.5' of git://linux-nfs.org/~bfields/linux 2012-06-01 08:32:58 -07:00
tipc tipc: compress out gratuitous extra carriage returns 2012-04-30 15:53:56 -04:00
unix net: sock_diag_handler structs can be const 2012-04-25 20:46:59 -04:00
wanrouter net/wanrouter: Deprecate and schedule for removal 2012-05-24 16:22:53 -04:00
wimax
wireless cfg80211: fix potential deadlock in regulatory 2012-06-13 10:17:53 +02:00
x25 net: add a limit parameter to sk_add_backlog() 2012-04-23 22:28:28 -04:00
xfrm ipv6: fix incorrect ipsec fragment 2012-05-27 01:11:22 -04:00
compat.c Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2012-05-21 20:27:36 -07:00
Kconfig net: drop NET dependency from HAVE_BPF_JIT 2012-05-21 12:50:12 -07:00
Makefile econet: remove ancient bug ridden protocol 2012-05-18 01:35:08 -04:00
nonet.c
socket.c Merge branch 'for-3.5' of git://git.kernel.org/pub/scm/linux/kernel/git/tj/percpu 2012-05-22 17:37:47 -07:00
sysctl_net.c net: delete all instances of special processing for token ring 2012-05-15 20:14:35 -04:00