git.osdn.net Git - android-x86/kernel.git/commit

batman-adv: mcast: fix multicast tt/tvlv worker locking

commit a3c7cd0cdf1107f891aff847ad481e34df727055 upstream.

Syzbot has reported some issues with the locking assumptions made for
the multicast tt/tvlv worker: It was able to trigger the WARN_ON() in
batadv_mcast_mla_tt_retract() and batadv_mcast_mla_tt_add().
While hard/not reproduceable for us so far it seems that the
delayed_work_pending() we use might not be quite safe from reordering.

Therefore this patch adds an explicit, new spinlock to protect the
update of the mla_list and flags in bat_priv and then removes the
WARN_ON(delayed_work_pending()).

Reported-by: syzbot+83f2d54ec6b7e417e13f@syzkaller.appspotmail.com
Reported-by: syzbot+050927a651272b145a5d@syzkaller.appspotmail.com
Reported-by: syzbot+979ffc89b87309b1b94b@syzkaller.appspotmail.com
Reported-by: syzbot+f9f3f388440283da2965@syzkaller.appspotmail.com
Fixes: cbebd363b2e9 ("batman-adv: Use own timer for multicast TT and TVLV updates")
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

author	Linus Lüssing <linus.luessing@c0d3.blue>
	Wed, 24 Apr 2019 01:19:14 +0000 (03:19 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Fri, 31 May 2019 13:46:05 +0000 (06:46 -0700)
commit	363aa80a51c996fcb3b1fe4704e964534d4fad34
tree	93ce237e516bfa45c628dff4f6611a754a4c9609	tree \| snapshot
parent	003e2d74c554648c38853971c893953224ad72b8	commit \| diff

net/batman-adv/main.c		diff \| blob \| history
net/batman-adv/multicast.c		diff \| blob \| history
net/batman-adv/types.h		diff \| blob \| history