git.osdn.net Git - android-x86/kernel.git/commit

author	Linus Lüssing <linus.luessing@c0d3.blue>
	Wed, 24 Apr 2019 01:19:14 +0000 (03:19 +0200)
committer	Simon Wunderlich <sw@simonwunderlich.de>
	Mon, 6 May 2019 09:40:46 +0000 (11:40 +0200)
commit	a3c7cd0cdf1107f891aff847ad481e34df727055
tree	7e22ab7d0e0ec6a22b1095bd2af1b61bf79ad9a2	tree \| snapshot
parent	bdc76fd299600736e832f1525f4f23dd210b97cb	commit \| diff

batman-adv: mcast: fix multicast tt/tvlv worker locking

Syzbot has reported some issues with the locking assumptions made for
the multicast tt/tvlv worker: It was able to trigger the WARN_ON() in
batadv_mcast_mla_tt_retract() and batadv_mcast_mla_tt_add().
While hard/not reproduceable for us so far it seems that the
delayed_work_pending() we use might not be quite safe from reordering.

Therefore this patch adds an explicit, new spinlock to protect the
update of the mla_list and flags in bat_priv and then removes the
WARN_ON(delayed_work_pending()).

Reported-by: syzbot+83f2d54ec6b7e417e13f@syzkaller.appspotmail.com
Reported-by: syzbot+050927a651272b145a5d@syzkaller.appspotmail.com
Reported-by: syzbot+979ffc89b87309b1b94b@syzkaller.appspotmail.com
Reported-by: syzbot+f9f3f388440283da2965@syzkaller.appspotmail.com
Fixes: cbebd363b2e9 ("batman-adv: Use own timer for multicast TT and TVLV updates")
Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>

net/batman-adv/main.c		diff \| blob \| history
net/batman-adv/multicast.c		diff \| blob \| history
net/batman-adv/types.h		diff \| blob \| history