PKG_VERSION:=2014.0.0
BATCTL_VERSION:=2014.0.0
-PKG_RELEASE:=1
+PKG_RELEASE:=2
PKG_MD5SUM:=8d58ecaede17dc05aab1b549dc09fa7d
BATCTL_MD5SUM:=b0bcf29fef80ddcc33769e13f5937d0a
From 746d6436f88899a79c1cb3b27af0614510368bb7 Mon Sep 17 00:00:00 2001
From: Marek Lindner <mareklindner@neomailbox.ch>
Date: Wed, 15 Jan 2014 20:31:18 +0800
-Subject: [PATCH 1/5] batman-adv: fix batman-adv header overhead calculation
+Subject: [PATCH 01/13] batman-adv: fix batman-adv header overhead calculation
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
/**
--
-1.8.5.3
+1.9.0.rc3
From 41b38727749a94c1a65cf0f4be9bfe1cbaf0adeb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Linus=20L=C3=BCssing?= <linus.luessing@web.de>
Date: Mon, 20 Jan 2014 11:06:44 +0100
-Subject: [PATCH 2/5] batman-adv: fix potential kernel paging error for unicast
- transmissions
+Subject: [PATCH 02/13] batman-adv: fix potential kernel paging error for
+ unicast transmissions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
/* inform the destination node that we are still missing a correct route
--
-1.8.5.3
+1.9.0.rc3
From 2b108ccd0533e1375e44c73ec58c69dde9a71687 Mon Sep 17 00:00:00 2001
From: Antonio Quartulli <antonio@meshcoding.com>
Date: Tue, 21 Jan 2014 11:22:05 +0100
-Subject: [PATCH 3/5] batman-adv: fix soft-interface MTU computation
+Subject: [PATCH 03/13] batman-adv: fix soft-interface MTU computation
The current MTU computation always returns a value
smaller than 1500bytes even if the real interfaces
/* adjusts the MTU if a new interface with a smaller MTU appeared. */
--
-1.8.5.3
+1.9.0.rc3
From db13d361ff6abf57090acfdeb0f5cedd8dd7f02e Mon Sep 17 00:00:00 2001
From: Antonio Quartulli <antonio@meshcoding.com>
Date: Mon, 27 Jan 2014 12:23:28 +0100
-Subject: [PATCH 4/5] batman-adv: fix TT-TVLV parsing on OGM reception
+Subject: [PATCH 04/13] batman-adv: fix TT-TVLV parsing on OGM reception
When accessing a TT-TVLV container in the OGM RX path
the variable pointing to the list of changes to apply is
ttvn, tt_change);
--
-1.8.5.3
+1.9.0.rc3
From dc08c045b46bdd9a5c81068a89f9f2a78d3d4bbd Mon Sep 17 00:00:00 2001
From: Antonio Quartulli <antonio@meshcoding.com>
Date: Tue, 28 Jan 2014 02:06:47 +0100
-Subject: [PATCH 5/5] batman-adv: release vlan object after checking the CRC
+Subject: [PATCH 05/13] batman-adv: release vlan object after checking the CRC
There is a refcounter unbalance in the CRC checking routine
invoked on OGM reception. A vlan object is retrieved (thus
}
--
-1.8.5.3
+1.9.0.rc3
--- /dev/null
+From eabdc3175b1d119cd673f36d06264cddb4803ace Mon Sep 17 00:00:00 2001
+From: Antonio Quartulli <antonio@meshcoding.com>
+Date: Thu, 30 Jan 2014 00:12:24 +0100
+Subject: [PATCH 06/13] batman-adv: properly check pskb_may_pull return value
+
+pskb_may_pull() returns 1 on success and 0 in case of failure,
+therefore checking for the return value being negative does
+not make sense at all.
+
+This way if the function fails we will probably read beyond the current
+skb data buffer. Fix this by doing the proper check.
+
+Signed-off-by: Antonio Quartulli <antonio@meshcoding.com>
+Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
+---
+ routing.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/routing.c b/routing.c
+index f28920f..f7579d0 100644
+--- a/routing.c
++++ b/routing.c
+@@ -833,7 +833,7 @@ static int batadv_check_unicast_ttvn(struct batadv_priv *bat_priv,
+ int is_old_ttvn;
+
+ /* check if there is enough data before accessing it */
+- if (pskb_may_pull(skb, hdr_len + ETH_HLEN) < 0)
++ if (!pskb_may_pull(skb, hdr_len + ETH_HLEN))
+ return 0;
+
+ /* create a copy of the skb (in case of for re-routing) to modify it. */
+--
+1.9.0.rc3
+
--- /dev/null
+From 9a91d33c0ea234faf59ee7543d5253e6809a6b6f Mon Sep 17 00:00:00 2001
+From: Antonio Quartulli <antonio@meshcoding.com>
+Date: Thu, 30 Jan 2014 13:57:27 +0100
+Subject: [PATCH 07/13] batman-adv: remove useless assignment
+
+Introduced by 41b38727749a94c1a65cf0f4be9bfe1cbaf0adeb
+ ("batman-adv: fix potential kernel paging error for unicast transmissions")
+
+Signed-off-by: Antonio Quartulli <antonio@meshcoding.com>
+Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
+---
+ send.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/send.c b/send.c
+index 2035bd9..75be770 100644
+--- a/send.c
++++ b/send.c
+@@ -256,7 +256,7 @@ static int batadv_send_skb_unicast(struct batadv_priv *bat_priv,
+ struct batadv_orig_node *orig_node,
+ unsigned short vid)
+ {
+- struct ethhdr *ethhdr = (struct ethhdr *)skb->data;
++ struct ethhdr *ethhdr;
+ struct batadv_unicast_packet *unicast_packet;
+ int ret = NET_XMIT_DROP;
+
+--
+1.9.0.rc3
+
+++ /dev/null
-From f9170f22998a276e04b4c7d91da4c373609d28b3 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Linus=20L=C3=BCssing?= <linus.luessing@web.de>
-Date: Sun, 19 Jan 2014 22:22:45 +0100
-Subject: [PATCH] batman-adv: use vlan_/eth_hdr() instead of skb->data in
- interface_tx path
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-Our .ndo_start_xmit handler (batadv_interface_tx()) can rely on having
-the skb mac header pointer set correctly since the following commit
-present in kernels >= 3.9:
-
-"net: reset mac header in dev_start_xmit()" (6d1ccff627)
-
-Therefore we can safely use eth_hdr() and vlan_eth_hdr() instead of
-skb->data now, which spares us some ugly type casts.
-
-Signed-off-by: Linus Lüssing <linus.luessing@web.de>
-Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
----
- compat.h | 11 +++++++++++
- 1 file changed, 11 insertions(+)
-
-diff --git a/compat.h b/compat.h
-index 57c9d96..9692ed2 100644
---- a/compat.h
-+++ b/compat.h
-@@ -302,6 +302,17 @@ static int batadv_interface_set_mac_addr(struct net_device *dev, void *p) \
- }\
- static int __batadv_interface_set_mac_addr(x, y)
-
-+#define batadv_interface_tx(x, y) \
-+__batadv_interface_tx(struct sk_buff *skb, struct net_device *soft_iface); \
-+static int batadv_interface_tx(struct sk_buff *skb, \
-+ struct net_device *soft_iface) \
-+{ \
-+ skb_reset_mac_header(skb); \
-+ return __batadv_interface_tx(skb, soft_iface); \
-+} \
-+static int __batadv_interface_tx(struct sk_buff *skb, \
-+ struct net_device *soft_iface)
-+
- #define netdev_master_upper_dev_link netdev_set_master
- #define netdev_upper_dev_unlink(slave, master) netdev_set_master(slave, NULL)
- #define netdev_master_upper_dev_get(dev) \
---
-1.8.5.3
-
--- /dev/null
+From b921e8f70aa929766856decfe79ee8e78ba21e23 Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Linus=20L=C3=BCssing?= <linus.luessing@web.de>
+Date: Sun, 2 Feb 2014 22:53:11 +0800
+Subject: [PATCH 08/13] batman-adv: backport eth_hdr() compat fix to avoid
+ kernel oops
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Introduced by 41b38727749a94c1a65cf0f4be9bfe1cbaf0adeb
+ ("batman-adv: fix potential kernel paging error for unicast transmissions")
+
+Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
+CC: Linus Lüssing <linus.luessing@web.de>
+---
+ compat.h | 11 +++++++++++
+ 1 file changed, 11 insertions(+)
+
+diff --git a/compat.h b/compat.h
+index a4ab202..deea92b 100644
+--- a/compat.h
++++ b/compat.h
+@@ -289,6 +289,17 @@ static int batadv_interface_set_mac_addr(struct net_device *dev, void *p) \
+ }\
+ static int __batadv_interface_set_mac_addr(x, y)
+
++#define batadv_interface_tx(x, y) \
++__batadv_interface_tx(struct sk_buff *skb, struct net_device *soft_iface); \
++static int batadv_interface_tx(struct sk_buff *skb, \
++ struct net_device *soft_iface) \
++{ \
++ skb_reset_mac_header(skb); \
++ return __batadv_interface_tx(skb, soft_iface); \
++} \
++static int __batadv_interface_tx(struct sk_buff *skb, \
++ struct net_device *soft_iface)
++
+ #define netdev_master_upper_dev_link netdev_set_master
+ #define netdev_upper_dev_unlink(slave, master) netdev_set_master(slave, NULL)
+ #define netdev_master_upper_dev_get(dev) \
+--
+1.9.0.rc3
+
--- /dev/null
+From cb4d66e6803b854663ee758e3eecbda183b0b007 Mon Sep 17 00:00:00 2001
+From: Simon Wunderlich <sw@simonwunderlich.de>
+Date: Sat, 8 Feb 2014 16:45:06 +0100
+Subject: [PATCH 09/13] batman-adv: fix potential orig_node reference leak
+
+Since batadv_orig_node_new() sets the refcount to two, assuming that
+the calling function will use a reference for putting the orig_node into
+a hash or similar, both references must be freed if initialization of
+the orig_node fails. Otherwise that object may be leaked in that error
+case.
+
+Reported-by: Antonio Quartulli <antonio@meshcoding.com>
+Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
+Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
+---
+ bat_iv_ogm.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/bat_iv_ogm.c b/bat_iv_ogm.c
+index 6f4fcdc..c07e59f 100644
+--- a/bat_iv_ogm.c
++++ b/bat_iv_ogm.c
+@@ -256,6 +256,8 @@ batadv_iv_ogm_orig_get(struct batadv_priv *bat_priv, const uint8_t *addr)
+ free_bcast_own:
+ kfree(orig_node->bat_iv.bcast_own);
+ free_orig_node:
++ /* free twice, as batadv_orig_node_new sets refcount to 2 */
++ batadv_orig_node_free_ref(orig_node);
+ batadv_orig_node_free_ref(orig_node);
+
+ return NULL;
+--
+1.9.0.rc3
+
--- /dev/null
+From df99b07081eeda5cca292afe2dcc5cb3bf5be154 Mon Sep 17 00:00:00 2001
+From: Antonio Quartulli <antonio@meshcoding.com>
+Date: Tue, 11 Feb 2014 11:26:43 +0100
+Subject: [PATCH 10/13] batman-adv: fix memory access by setting mac_header in
+ DAT
+
+In the TX path we now have functions that rely on the
+skb->mac_header field. DAT does not set such field when
+creating its own ARP packets thus leading to wrong memory
+access.
+
+Fix it by always setting the mac_header after having forged
+the ARP packet.
+
+Introduced by 41b38727749a94c1a65cf0f4be9bfe1cbaf0adeb
+("batman-adv: fix potential kernel paging error for unicast transmissions")
+
+Reported-by: Russel Senior <russell@personaltelco.net>
+Signed-off-by: Antonio Quartulli <antonio@meshcoding.com>
+Tested-by: Russel Senior <russell@personaltelco.net>
+Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
+---
+ distributed-arp-table.c | 5 +++++
+ 1 file changed, 5 insertions(+)
+
+diff --git a/distributed-arp-table.c b/distributed-arp-table.c
+index 6da587a..0b69b61 100644
+--- a/distributed-arp-table.c
++++ b/distributed-arp-table.c
+@@ -1028,6 +1028,11 @@ bool batadv_dat_snoop_incoming_arp_request(struct batadv_priv *bat_priv,
+ if (!skb_new)
+ goto out;
+
++ /* the rest of the TX path assumes that the mac_header offset pointing
++ * to the inner Ethernet header has been set, therefore reset it now.
++ */
++ skb_reset_mac_header(skb_new);
++
+ if (vid & BATADV_VLAN_HAS_TAG)
+ skb_new = vlan_insert_tag(skb_new, htons(ETH_P_8021Q),
+ vid & VLAN_VID_MASK);
+--
+1.9.0.rc3
+
--- /dev/null
+From be4385eacf30ad55a5cf4574768624ce8141a0c7 Mon Sep 17 00:00:00 2001
+From: Antonio Quartulli <antonio@open-mesh.com>
+Date: Tue, 11 Feb 2014 17:05:06 +0100
+Subject: [PATCH 11/13] batman-adv: fix TT CRC computation by ensuring byte
+ order
+
+When computing the CRC on a 2byte variable the order of
+the bytes obviously alters the final result. This means
+that computing the CRC over the same value on two archs
+having different endianess leads to different numbers.
+
+The global and local translation table CRC computation
+routine makes this mistake while processing the clients
+VIDs. The result is a continuous CRC mismatching between
+nodes having different endianess.
+
+Fix this by converting the VID to Network Order before
+processing it. This guarantees that every node uses the same
+byte order.
+
+Introduced by 21a57f6e7a3b4455dfe68ee07a7b901d9e7f200b
+("batman-adv: make the TT CRC logic VLAN specific")
+
+Reported-by: Russel Senior <russell@personaltelco.net>
+Signed-off-by: Antonio Quartulli <antonio@open-mesh.com>
+Tested-by: Russell Senior <russell@personaltelco.net>
+Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
+---
+ translation-table.c | 16 ++++++++++++----
+ 1 file changed, 12 insertions(+), 4 deletions(-)
+
+diff --git a/translation-table.c b/translation-table.c
+index 05c2a9b..24e3267 100644
+--- a/translation-table.c
++++ b/translation-table.c
+@@ -1961,6 +1961,7 @@ static uint32_t batadv_tt_global_crc(struct batadv_priv *bat_priv,
+ struct hlist_head *head;
+ uint32_t i, crc_tmp, crc = 0;
+ uint8_t flags;
++ __be16 tmp_vid;
+
+ for (i = 0; i < hash->size; i++) {
+ head = &hash->table[i];
+@@ -1997,8 +1998,11 @@ static uint32_t batadv_tt_global_crc(struct batadv_priv *bat_priv,
+ orig_node))
+ continue;
+
+- crc_tmp = crc32c(0, &tt_common->vid,
+- sizeof(tt_common->vid));
++ /* use network order to read the VID: this ensures that
++ * every node reads the bytes in the same order.
++ */
++ tmp_vid = htons(tt_common->vid);
++ crc_tmp = crc32c(0, &tmp_vid, sizeof(tmp_vid));
+
+ /* compute the CRC on flags that have to be kept in sync
+ * among nodes
+@@ -2032,6 +2036,7 @@ static uint32_t batadv_tt_local_crc(struct batadv_priv *bat_priv,
+ struct hlist_head *head;
+ uint32_t i, crc_tmp, crc = 0;
+ uint8_t flags;
++ __be16 tmp_vid;
+
+ for (i = 0; i < hash->size; i++) {
+ head = &hash->table[i];
+@@ -2050,8 +2055,11 @@ static uint32_t batadv_tt_local_crc(struct batadv_priv *bat_priv,
+ if (tt_common->flags & BATADV_TT_CLIENT_NEW)
+ continue;
+
+- crc_tmp = crc32c(0, &tt_common->vid,
+- sizeof(tt_common->vid));
++ /* use network order to read the VID: this ensures that
++ * every node reads the bytes in the same order.
++ */
++ tmp_vid = htons(tt_common->vid);
++ crc_tmp = crc32c(0, &tmp_vid, sizeof(tmp_vid));
+
+ /* compute the CRC on flags that have to be kept in sync
+ * among nodes
+--
+1.9.0.rc3
+
--- /dev/null
+From 9289542085d7e298b90c7b6fb6efb509dab69d8b Mon Sep 17 00:00:00 2001
+From: Antonio Quartulli <antonio@open-mesh.com>
+Date: Tue, 11 Feb 2014 17:05:07 +0100
+Subject: [PATCH 12/13] batman-adv: free skb on TVLV parsing success
+
+When the TVLV parsing routine succeed the skb is left
+untouched thus leading to a memory leak.
+
+Fix this by consuming the skb in case of success.
+
+Introduced by 0b6aa0d43767889eeda43a132cf5e73df4e63bf2
+("batman-adv: tvlv - basic infrastructure")
+
+Reported-by: Russel Senior <russell@personaltelco.net>
+Signed-off-by: Antonio Quartulli <antonio@open-mesh.com>
+Tested-by: Russell Senior <russell@personaltelco.net>
+Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
+---
+ routing.c | 2 ++
+ 1 file changed, 2 insertions(+)
+
+diff --git a/routing.c b/routing.c
+index f7579d0..71bf698 100644
+--- a/routing.c
++++ b/routing.c
+@@ -1063,6 +1063,8 @@ int batadv_recv_unicast_tvlv(struct sk_buff *skb,
+
+ if (ret != NET_RX_SUCCESS)
+ ret = batadv_route_unicast_packet(skb, recv_if);
++ else
++ consume_skb(skb);
+
+ return ret;
+ }
+--
+1.9.0.rc3
+
--- /dev/null
+From d4acda1cb9cca135e7b91777bb2680518b3cffa0 Mon Sep 17 00:00:00 2001
+From: Antonio Quartulli <antonio@meshcoding.com>
+Date: Sat, 15 Feb 2014 02:17:20 +0100
+Subject: [PATCH 13/13] batman-adv: avoid double free when orig_node
+ initialization fails
+
+In the failure path of the orig_node initialization routine
+the orig_node->bat_iv.bcast_own field is free'd twice: first
+in batadv_iv_ogm_orig_get() and then later in
+batadv_orig_node_free_rcu().
+
+Fix it by removing the kfree in batadv_iv_ogm_orig_get().
+
+Signed-off-by: Antonio Quartulli <antonio@meshcoding.com>
+Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
+---
+ bat_iv_ogm.c | 6 ++----
+ 1 file changed, 2 insertions(+), 4 deletions(-)
+
+diff --git a/bat_iv_ogm.c b/bat_iv_ogm.c
+index c07e59f..fdf4322 100644
+--- a/bat_iv_ogm.c
++++ b/bat_iv_ogm.c
+@@ -243,18 +243,16 @@ batadv_iv_ogm_orig_get(struct batadv_priv *bat_priv, const uint8_t *addr)
+ size = bat_priv->num_ifaces * sizeof(uint8_t);
+ orig_node->bat_iv.bcast_own_sum = kzalloc(size, GFP_ATOMIC);
+ if (!orig_node->bat_iv.bcast_own_sum)
+- goto free_bcast_own;
++ goto free_orig_node;
+
+ hash_added = batadv_hash_add(bat_priv->orig_hash, batadv_compare_orig,
+ batadv_choose_orig, orig_node,
+ &orig_node->hash_entry);
+ if (hash_added != 0)
+- goto free_bcast_own;
++ goto free_orig_node;
+
+ return orig_node;
+
+-free_bcast_own:
+- kfree(orig_node->bat_iv.bcast_own);
+ free_orig_node:
+ /* free twice, as batadv_orig_node_new sets refcount to 2 */
+ batadv_orig_node_free_ref(orig_node);
+--
+1.9.0.rc3
+
projects / feed / routing.git / commitdiff