linux/net/batman-adv
Linus Lüssing 9d31b3ce81 batman-adv: fix potential TT client + orig-node memory leak
This patch fixes a potential memory leak which can occur once an
originator times out. On timeout the according global translation table
entry might not get purged correctly. Furthermore, the non purged TT
entry will cause its orig-node to leak, too. Which additionally can lead
to the new multicast optimization feature not kicking in because of a
therefore bogus counter.

In detail: The batadv_tt_global_entry->orig_list holds the reference to
the orig-node. Usually this reference is released after
BATADV_PURGE_TIMEOUT through: _batadv_purge_orig()->
batadv_purge_orig_node()->batadv_update_route()->_batadv_update_route()->
batadv_tt_global_del_orig() which purges this global tt entry and
releases the reference to the orig-node.

However, if between two batadv_purge_orig_node() calls the orig-node
timeout grew to 2*BATADV_PURGE_TIMEOUT then this call path isn't
reached. Instead the according orig-node is removed from the
originator hash in _batadv_purge_orig(), the batadv_update_route()
part is skipped and won't be reached anymore.

Fixing the issue by moving batadv_tt_global_del_orig() out of the rcu
callback.

Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
Acked-by: Antonio Quartulli <antonio@meshcoding.com>
Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
Signed-off-by: Antonio Quartulli <antonio@meshcoding.com>
2015-01-06 11:07:01 +01:00
..
bat_algo.h
bat_iv_ogm.c
bitarray.c
bitarray.h
bridge_loop_avoidance.c
bridge_loop_avoidance.h
debugfs.c
debugfs.h
distributed-arp-table.c
distributed-arp-table.h
fragmentation.c batman-adv: Unify fragment size calculation 2014-12-23 23:13:37 -05:00
fragmentation.h
gateway_client.c batman-adv: avoid NULL dereferences and fix if check 2014-12-23 23:13:37 -05:00
gateway_client.h
gateway_common.c
gateway_common.h
hard-interface.c
hard-interface.h
hash.c
hash.h
icmp_socket.c
icmp_socket.h
Kconfig
main.c
main.h
Makefile
multicast.c batman-adv: fix multicast counter when purging originators 2015-01-06 11:06:04 +01:00
multicast.h
network-coding.c batman-adv: fix lock class for decoding hash in network-coding.c 2015-01-06 11:05:12 +01:00
network-coding.h
originator.c batman-adv: fix potential TT client + orig-node memory leak 2015-01-06 11:07:01 +01:00
originator.h
packet.h
routing.c batman-adv: fix and simplify condition when bonding should be used 2015-01-06 11:05:07 +01:00
routing.h
send.c
send.h
soft-interface.c
soft-interface.h
sysfs.c
sysfs.h
translation-table.c
translation-table.h
types.h