batman-adv: Fix reference counting of hardif_neigh_node object for neigh_node
authorSven Eckelmann <sven@narfation.org>
Fri, 11 Mar 2016 15:44:06 +0000 (16:44 +0100)
committerAntonio Quartulli <a@unstable.cc>
Fri, 29 Apr 2016 11:46:11 +0000 (19:46 +0800)
commitabe59c65225ccd63a5964e2f2a73dd2995b948e7
treec4d0400fc0300e70782296e1ac8375a98625d2ac
parenta33d970d0b54b09746d5540af8271fad4eb10229
batman-adv: Fix reference counting of hardif_neigh_node object for neigh_node

The batadv_neigh_node was specific to a batadv_hardif_neigh_node and held
an implicit reference to it. But this reference was never stored in form of
a pointer in the batadv_neigh_node itself. Instead
batadv_neigh_node_release depends on a consistent state of
hard_iface->neigh_list and that batadv_hardif_neigh_get always returns the
batadv_hardif_neigh_node object which it has a reference for. But
batadv_hardif_neigh_get cannot guarantee that because it is working only
with rcu_read_lock on this list. It can therefore happen that a neigh_addr
is in this list twice or that batadv_hardif_neigh_get cannot find the
batadv_hardif_neigh_node for an neigh_addr due to some other list
operations taking place at the same time.

Instead add a batadv_hardif_neigh_node pointer directly in
batadv_neigh_node which will be used for the reference counter decremented
on release of batadv_neigh_node.

Fixes: cef63419f7db ("batman-adv: add list of unique single hop neighbors per hard-interface")
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
net/batman-adv/originator.c
net/batman-adv/types.h