| 文件 | 最后提交记录 | 最后更新时间 |
|---|---|---|
batman-adv: Disable CONFIG_BATMAN_ADV_SYSFS by default The sysfs support in batman-adv is deprecated since a while and will be removed completely next year. All tools which were known to the batman-adv development team are supporting the batman-adv netlink interface since a while. Thus disabling CONFIG_BATMAN_ADV_SYSFS by default should not cause problems on most systems. It is still possible to enable it in case it is still required in a specific setup. Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> | 6 年前 | |
batman-adv: Update copyright years for 2020 Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> | 6 年前 | |
batman-adv: Update copyright years for 2020 Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> | 6 年前 | |
batman-adv: Update copyright years for 2020 Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> | 6 年前 | |
batman-adv: avoid OGM aggregation when skb tailroom is insufficient mainline inclusion from mainline-v7.0-rc5 commit 0d4aef630be9d5f9c1227d07669c26c4383b5ad0 category: bugfix bugzilla: https://atomgit.com/src-openeuler/kernel/issues/14430 CVE: CVE-2026-31683 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0d4aef630be9d5f9c1227d07669c26c4383b5ad0 -------------------------------- When OGM aggregation state is toggled at runtime, an existing forwarded packet may have been allocated with only packet_len bytes, while a later packet can still be selected for aggregation. Appending in this case can hit skb_put overflow conditions. Reject aggregation when the target skb tailroom cannot accommodate the new packet. The caller then falls back to creating a new forward packet instead of appending. Fixes: c6c8fea29769 ("net: Add batman-adv meshing protocol") Cc: stable@vger.kernel.org Reported-by: Yifan Wu <yifanwucs@gmail.com> Reported-by: Juefei Pu <tomapufckgml@gmail.com> Signed-off-by: Yuan Tan <tanyuan98@outlook.com> Signed-off-by: Xin Liu <bird@lzu.edu.cn> Signed-off-by: Ao Zhou <n05ec@lzu.edu.cn> Signed-off-by: Yang Yang <n05ec@lzu.edu.cn> Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> Conflicts: net/batman-adv/bat_iv_ogm.c [ Context conflict ] Signed-off-by: xujunjie-cover <xujunjie37@jd.com> | 1 个月前 | |
batman-adv: Update copyright years for 2020 Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> | 6 年前 | |
batman-adv: Drop unmanaged ELP metric worker mainline inclusion from mainline-v6.14-rc3 commit 8c8ecc98f5c65947b0070a24bac11e12e47cc65d category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBPLJA CVE: CVE-2025-21823 Reference: https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8c8ecc98f5c65947b0070a24bac11e12e47cc65d -------------------------------- The ELP worker needs to calculate new metric values for all neighbors "reachable" over an interface. Some of the used metric sources require locks which might need to sleep. This sleep is incompatible with the RCU list iterator used for the recorded neighbors. The initial approach to work around of this problem was to queue another work item per neighbor and then run this in a new context. Even when this solved the RCU vs might_sleep() conflict, it has a major problems: Nothing was stopping the work item in case it is not needed anymore - for example because one of the related interfaces was removed or the batman-adv module was unloaded - resulting in potential invalid memory accesses. Directly canceling the metric worker also has various problems: * cancel_work_sync for a to-be-deactivated interface is called with rtnl_lock held. But the code in the ELP metric worker also tries to use rtnl_lock() - which will never return in this case. This also means that cancel_work_sync would never return because it is waiting for the worker to finish. * iterating over the neighbor list for the to-be-deactivated interface is currently done using the RCU specific methods. Which means that it is possible to miss items when iterating over it without the associated spinlock - a behaviour which is acceptable for a periodic metric check but not for a cleanup routine (which must "stop" all still running workers) The better approch is to get rid of the per interface neighbor metric worker and handle everything in the interface worker. The original problems are solved by: * creating a list of neighbors which require new metric information inside the RCU protected context, gathering the metric according to the new list outside the RCU protected context * only use rcu_trylock inside metric gathering code to avoid a deadlock when the cancel_delayed_work_sync is called in the interface removal code (which is called with the rtnl_lock held) Cc: stable@vger.kernel.org Fixes: c833484e5f38 ("batman-adv: ELP - compute the metric based on the estimated throughput") Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> Signed-off-by: Zicheng Qu <quzicheng@huawei.com> | 1 年前 | |
batman-adv: Update copyright years for 2020 Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> | 6 年前 | |
batman-adv: Avoid double-rtnl_lock ELP metric worker stable inclusion from stable-v5.10.235 commit 4c3ae249431b4fcb315d7dfb4c3a13f9e443fd9b category: bugfix bugzilla: https://atomgit.com/src-openeuler/kernel/issues/14941 CVE: CVE-2026-43382 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=4c3ae249431b4fcb315d7dfb4c3a13f9e443fd9b -------------------------------- commit cfc83a3c71517b59c1047db57da31e26a9dc2f33 upstream. batadv_v_elp_get_throughput() might be called when the RTNL lock is already held. This could be problematic when the work queue item is cancelled via cancel_delayed_work_sync() in batadv_v_elp_iface_disable(). In this case, an rtnl_lock() would cause a deadlock. To avoid this, rtnl_trylock() was used in this function to skip the retrieval of the ethtool information in case the RTNL lock was already held. But for cfg80211 interfaces, batadv_get_real_netdev() was called - which also uses rtnl_lock(). The approach for __ethtool_get_link_ksettings() must also be used instead and the lockless version __batadv_get_real_netdev() has to be called. Cc: stable@vger.kernel.org Fixes: 8c8ecc98f5c6 ("batman-adv: Drop unmanaged ELP metric worker") Reported-by: Christian Schmidbauer <github@grische.xyz> Signed-off-by: Sven Eckelmann <sven@narfation.org> Tested-by: Sören Skaarup <freifunk_nordm4nn@gmx.de> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: xujunjie-cover <xujunjie37@jd.com> | 1 个月前 | |
batman-adv: Drop unmanaged ELP metric worker mainline inclusion from mainline-v6.14-rc3 commit 8c8ecc98f5c65947b0070a24bac11e12e47cc65d category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBPLJA CVE: CVE-2025-21823 Reference: https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8c8ecc98f5c65947b0070a24bac11e12e47cc65d -------------------------------- The ELP worker needs to calculate new metric values for all neighbors "reachable" over an interface. Some of the used metric sources require locks which might need to sleep. This sleep is incompatible with the RCU list iterator used for the recorded neighbors. The initial approach to work around of this problem was to queue another work item per neighbor and then run this in a new context. Even when this solved the RCU vs might_sleep() conflict, it has a major problems: Nothing was stopping the work item in case it is not needed anymore - for example because one of the related interfaces was removed or the batman-adv module was unloaded - resulting in potential invalid memory accesses. Directly canceling the metric worker also has various problems: * cancel_work_sync for a to-be-deactivated interface is called with rtnl_lock held. But the code in the ELP metric worker also tries to use rtnl_lock() - which will never return in this case. This also means that cancel_work_sync would never return because it is waiting for the worker to finish. * iterating over the neighbor list for the to-be-deactivated interface is currently done using the RCU specific methods. Which means that it is possible to miss items when iterating over it without the associated spinlock - a behaviour which is acceptable for a periodic metric check but not for a cleanup routine (which must "stop" all still running workers) The better approch is to get rid of the per interface neighbor metric worker and handle everything in the interface worker. The original problems are solved by: * creating a list of neighbors which require new metric information inside the RCU protected context, gathering the metric according to the new list outside the RCU protected context * only use rcu_trylock inside metric gathering code to avoid a deadlock when the cancel_delayed_work_sync is called in the interface removal code (which is called with the rtnl_lock held) Cc: stable@vger.kernel.org Fixes: c833484e5f38 ("batman-adv: ELP - compute the metric based on the estimated throughput") Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> Signed-off-by: Zicheng Qu <quzicheng@huawei.com> | 1 年前 | |
batman-adv: Add new include for min/max helpers mainline inclusion from mainline-v5.11-rc1 commit fcd193e1dfa6842e2783b04d98345767fe99cf31 category: other bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBPLJA CVE: CVE-2025-21823 Reference: https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fcd193e1dfa6842e2783b04d98345767fe99cf31 -------------------------------- The commit b296a6d53339 ("kernel.h: split out min()/max() et al. helpers") moved the min/max helper functionality from kernel.h to minmax.h. Adjust the kernel code accordingly to avoid fragile indirect includes. Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> Signed-off-by: Zicheng Qu <quzicheng@huawei.com> | 1 年前 | |
batman-adv: Update copyright years for 2020 Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> | 6 年前 | |
batman-adv: Update copyright years for 2020 Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> | 6 年前 | |
batman-adv: Update copyright years for 2020 Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> | 6 年前 | |
batman-adv: hold claim backbone gateways by reference stable inclusion from stable-v6.6.135 commit 2f55b58b5a0bbed192d60c444a45a49cdf1b545f category: bugfix bugzilla: https://atomgit.com/src-openeuler/kernel/issues/14399 CVE: CVE-2026-31657 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=2f55b58b5a0bbed192d60c444a45a49cdf1b545f -------------------------------- commit 82d8701b2c930d0e96b0dbc9115a218d791cb0d2 upstream. batadv_bla_add_claim() can replace claim->backbone_gw and drop the old gateway's last reference while readers still follow the pointer. The netlink claim dump path dereferences claim->backbone_gw->orig and takes claim->backbone_gw->crc_lock without pinning the underlying backbone gateway. batadv_bla_check_claim() still has the same naked pointer access pattern. Reuse batadv_bla_claim_get_backbone_gw() in both readers so they operate on a stable gateway reference until the read-side work is complete. This keeps the dump and claim-check paths aligned with the lifetime rules introduced for the other BLA claim readers. Fixes: 23721387c409 ("batman-adv: add basic bridge loop avoidance code") Fixes: 04f3f5bf1883 ("batman-adv: add B.A.T.M.A.N. Dump BLA claims via netlink") Cc: stable@vger.kernel.org Reported-by: Yifan Wu <yifanwucs@gmail.com> Reported-by: Juefei Pu <tomapufckgml@gmail.com> Co-developed-by: Yuan Tan <yuantan098@gmail.com> Signed-off-by: Yuan Tan <yuantan098@gmail.com> Suggested-by: Xin Liu <bird@lzu.edu.cn> Signed-off-by: Haoze Xie <royenheart@gmail.com> Signed-off-by: Ao Zhou <n05ec@lzu.edu.cn> Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: xujunjie-cover <xujunjie37@jd.com> | 1 个月前 | |
batman-adv: mcast: fix duplicate mcast packets in BLA backbone from mesh Scenario: * Multicast frame send from mesh to a BLA backbone (multiple nodes with their bat0 bridged together, with BLA enabled) Issue: * BLA backbone nodes receive the frame multiple times on bat0, once from mesh->bat0 and once from each backbone_gw from LAN For unicast, a node will send only to the best backbone gateway according to the TQ. However for multicast we currently cannot determine if multiple destination nodes share the same backbone if they don't share the same backbone with us. So we need to keep sending the unicasts to all backbone gateways and let the backbone gateways decide which one will forward the frame. We can use the CLAIM mechanism to make this decision. One catch: The batman-adv gateway feature for DHCP packets potentially sends multicast packets in the same batman-adv unicast header as the multicast optimizations code. And we are not allowed to drop those even if we did not claim the source address of the sender, as for such packets there is only this one multicast-in-unicast packet. How can we distinguish the two cases? The gateway feature uses a batman-adv unicast 4 address header. While the multicast-to-unicasts feature uses a simple, 3 address batman-adv unicast header. So let's use this to distinguish. Fixes: fe2da6ff27c7 ("batman-adv: check incoming packet type for bla") Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue> Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> | 5 年前 | |
batman-adv: Update copyright years for 2020 Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> | 6 年前 | |
batman-adv: Update copyright years for 2020 Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> | 6 年前 | |
batman-adv: Broken sync while rescheduling delayed work stable inclusion from stable-v5.10.184 commit 9ece26ff08152393231cfbfd0b29a402bdee2f78 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I8IRR2 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=9ece26ff08152393231cfbfd0b29a402bdee2f78 -------------------------------- commit abac3ac97fe8734b620e7322a116450d7f90aa43 upstream. Syzkaller got a lot of crashes like: KASAN: use-after-free Write in *_timers* All of these crashes point to the same memory area: The buggy address belongs to the object at ffff88801f870000 which belongs to the cache kmalloc-8k of size 8192 The buggy address is located 5320 bytes inside of 8192-byte region [ffff88801f870000, ffff88801f872000) This area belongs to : batadv_priv->batadv_priv_dat->delayed_work->timer_list The reason for these issues is the lack of synchronization. Delayed work (batadv_dat_purge) schedules new timer/work while the device is being deleted. As the result new timer/delayed work is set after cancel_delayed_work_sync() was called. So after the device is freed the timer list contains pointer to already freed memory. Found by Linux Verification Center (linuxtesting.org) with syzkaller. Cc: stable@kernel.org Fixes: 2f1dfbe18507 ("batman-adv: Distributed ARP Table - implement local storage") Signed-off-by: Vladislav Efanov <VEfanov@ispras.ru> Acked-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: sanglipeng <sanglipeng1@jd.com> | 2 年前 | |
batman-adv: remove unused inline function batadv_arp_change_timeout There's no callers in-tree. Signed-off-by: YueHaibing <yuehaibing@huawei.com> Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> | 6 年前 | |
batman-adv: Add new include for min/max helpers mainline inclusion from mainline-v5.11-rc1 commit fcd193e1dfa6842e2783b04d98345767fe99cf31 category: other bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBPLJA CVE: CVE-2025-21823 Reference: https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fcd193e1dfa6842e2783b04d98345767fe99cf31 -------------------------------- The commit b296a6d53339 ("kernel.h: split out min()/max() et al. helpers") moved the min/max helper functionality from kernel.h to minmax.h. Adjust the kernel code accordingly to avoid fragile indirect includes. Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> Signed-off-by: Zicheng Qu <quzicheng@huawei.com> | 1 年前 | |
batman-adv: Update copyright years for 2020 Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> | 6 年前 | |
batman-adv: Check ptr for NULL before reducing its refcnt stable inclusion from stable-v5.10.110 commit 73f7cbb15191298ec58c0bee3202690d54aa72de bugzilla: https://gitee.com/openeuler/kernel/issues/I574AL Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=73f7cbb15191298ec58c0bee3202690d54aa72de -------------------------------- commit 6340dcbd619450c1bb55eb999e554e4f0e6dab0a upstream. The commit b37a46683739 ("netdevice: add the case if dev is NULL") changed the way how the NULL check for net_devices have to be handled when trying to reduce its reference counter. Before this commit, it was the responsibility of the caller to check whether the object is NULL or not. But it was changed to behave more like kfree. Now the callee has to handle the NULL-case. The batman-adv code was scanned via cocinelle for similar places. These were changed to use the paradigm @@ identifier E, T, R, C; identifier put; @@ void put(struct T *E) { + if (!E) + return; kref_put(&E->C, R); } Functions which were used in other sources files were moved to the header to allow the compiler to inline the NULL check and the kref_put call. Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Yu Liao <liaoyu15@huawei.com> Reviewed-by: Wei Li <liwei391@huawei.com> Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com> | 3 年前 | |
batman-adv: Check ptr for NULL before reducing its refcnt stable inclusion from stable-v5.10.110 commit 73f7cbb15191298ec58c0bee3202690d54aa72de bugzilla: https://gitee.com/openeuler/kernel/issues/I574AL Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=73f7cbb15191298ec58c0bee3202690d54aa72de -------------------------------- commit 6340dcbd619450c1bb55eb999e554e4f0e6dab0a upstream. The commit b37a46683739 ("netdevice: add the case if dev is NULL") changed the way how the NULL check for net_devices have to be handled when trying to reduce its reference counter. Before this commit, it was the responsibility of the caller to check whether the object is NULL or not. But it was changed to behave more like kfree. Now the callee has to handle the NULL-case. The batman-adv code was scanned via cocinelle for similar places. These were changed to use the paradigm @@ identifier E, T, R, C; identifier put; @@ void put(struct T *E) { + if (!E) + return; kref_put(&E->C, R); } Functions which were used in other sources files were moved to the header to allow the compiler to inline the NULL check and the kref_put call. Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Yu Liao <liaoyu15@huawei.com> Reviewed-by: Wei Li <liwei391@huawei.com> Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com> | 3 年前 | |
batman-adv: Switch to kstrtox.h for kstrtou64 stable inclusion from stable-v5.10.185 commit 7ce0e8b287204dd0b8c9ca001da16b8f6658ceee category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I8J4KH Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=7ce0e8b287204dd0b8c9ca001da16b8f6658ceee -------------------------------- commit 55207227189a07513ba4107d72e256313a66a2f3 upstream. The commit 4c52729377ea ("kernel.h: split out kstrtox() and simple_strtox() to a separate header") moved the kstrtou64 function to a new header called linux/kstrtox.h. Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: sanglipeng <sanglipeng1@jd.com> | 2 年前 | |
batman-adv: Update copyright years for 2020 Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> | 6 年前 | |
batman-adv: Avoid double-rtnl_lock ELP metric worker stable inclusion from stable-v5.10.235 commit 4c3ae249431b4fcb315d7dfb4c3a13f9e443fd9b category: bugfix bugzilla: https://atomgit.com/src-openeuler/kernel/issues/14941 CVE: CVE-2026-43382 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=4c3ae249431b4fcb315d7dfb4c3a13f9e443fd9b -------------------------------- commit cfc83a3c71517b59c1047db57da31e26a9dc2f33 upstream. batadv_v_elp_get_throughput() might be called when the RTNL lock is already held. This could be problematic when the work queue item is cancelled via cancel_delayed_work_sync() in batadv_v_elp_iface_disable(). In this case, an rtnl_lock() would cause a deadlock. To avoid this, rtnl_trylock() was used in this function to skip the retrieval of the ethtool information in case the RTNL lock was already held. But for cfg80211 interfaces, batadv_get_real_netdev() was called - which also uses rtnl_lock(). The approach for __ethtool_get_link_ksettings() must also be used instead and the lockless version __batadv_get_real_netdev() has to be called. Cc: stable@vger.kernel.org Fixes: 8c8ecc98f5c6 ("batman-adv: Drop unmanaged ELP metric worker") Reported-by: Christian Schmidbauer <github@grische.xyz> Signed-off-by: Sven Eckelmann <sven@narfation.org> Tested-by: Sören Skaarup <freifunk_nordm4nn@gmx.de> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: xujunjie-cover <xujunjie37@jd.com> | 1 个月前 | |
batman-adv: Avoid double-rtnl_lock ELP metric worker stable inclusion from stable-v5.10.235 commit 4c3ae249431b4fcb315d7dfb4c3a13f9e443fd9b category: bugfix bugzilla: https://atomgit.com/src-openeuler/kernel/issues/14941 CVE: CVE-2026-43382 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=4c3ae249431b4fcb315d7dfb4c3a13f9e443fd9b -------------------------------- commit cfc83a3c71517b59c1047db57da31e26a9dc2f33 upstream. batadv_v_elp_get_throughput() might be called when the RTNL lock is already held. This could be problematic when the work queue item is cancelled via cancel_delayed_work_sync() in batadv_v_elp_iface_disable(). In this case, an rtnl_lock() would cause a deadlock. To avoid this, rtnl_trylock() was used in this function to skip the retrieval of the ethtool information in case the RTNL lock was already held. But for cfg80211 interfaces, batadv_get_real_netdev() was called - which also uses rtnl_lock(). The approach for __ethtool_get_link_ksettings() must also be used instead and the lockless version __batadv_get_real_netdev() has to be called. Cc: stable@vger.kernel.org Fixes: 8c8ecc98f5c6 ("batman-adv: Drop unmanaged ELP metric worker") Reported-by: Christian Schmidbauer <github@grische.xyz> Signed-off-by: Sven Eckelmann <sven@narfation.org> Tested-by: Sören Skaarup <freifunk_nordm4nn@gmx.de> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: xujunjie-cover <xujunjie37@jd.com> | 1 个月前 | |
batman-adv: Update copyright years for 2020 Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> | 6 年前 | |
batman-adv: Update copyright years for 2020 Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> | 6 年前 | |
batman-adv: Add new include for min/max helpers mainline inclusion from mainline-v5.11-rc1 commit fcd193e1dfa6842e2783b04d98345767fe99cf31 category: other bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBPLJA CVE: CVE-2025-21823 Reference: https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fcd193e1dfa6842e2783b04d98345767fe99cf31 -------------------------------- The commit b296a6d53339 ("kernel.h: split out min()/max() et al. helpers") moved the min/max helper functionality from kernel.h to minmax.h. Adjust the kernel code accordingly to avoid fragile indirect includes. Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> Signed-off-by: Zicheng Qu <quzicheng@huawei.com> | 1 年前 | |
batman-adv: Update copyright years for 2020 Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> | 6 年前 | |
batman-adv: set .owner to THIS_MODULE If THIS_MODULE is not set, the module would be removed while debugfs is being used. It eventually makes kernel panic. Fixes: c6c8fea29769 ("net: Add batman-adv meshing protocol") Signed-off-by: Taehee Yoo <ap420073@gmail.com> Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> | 5 年前 | |
batman-adv: Fix typos and grammar in documentation Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> | 5 年前 | |
batman-adv: Add new include for min/max helpers mainline inclusion from mainline-v5.11-rc1 commit fcd193e1dfa6842e2783b04d98345767fe99cf31 category: other bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBPLJA CVE: CVE-2025-21823 Reference: https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fcd193e1dfa6842e2783b04d98345767fe99cf31 -------------------------------- The commit b296a6d53339 ("kernel.h: split out min()/max() et al. helpers") moved the min/max helper functionality from kernel.h to minmax.h. Adjust the kernel code accordingly to avoid fragile indirect includes. Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> Signed-off-by: Zicheng Qu <quzicheng@huawei.com> | 1 年前 | |
batman-adv: Start new development cycle Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> | 5 年前 | |
ipv6: make mc_forwarding atomic stable inclusion from stable-v5.10.111 commit fb5ac62fbe16dcc273e90bec99ce637ff2bd60c3 category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I5GL1Z Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=fb5ac62fbe16dcc273e90bec99ce637ff2bd60c3 -------------------------------- [ Upstream commit 145c7a793838add5e004e7d49a67654dc7eba147 ] This fixes minor data-races in ip6_mc_input() and batadv_mcast_mla_rtr_flags_softif_get_ipv6() Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com> Reviewed-by: Wei Li <liwei391@huawei.com> | 3 年前 | |
batman-adv: mcast: don't send link-local multicast to mcast routers stable inclusion from stable-v5.10.91 commit 4c34d5fd8c96a088098c24b09f0f18dc17ee76ed bugzilla: 186187 https://gitee.com/openeuler/kernel/issues/I4SI2C Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=4c34d5fd8c96a088098c24b09f0f18dc17ee76ed -------------------------------- commit 938f2e0b57ffe8a6df71e1e177b2978b1b33fe5e upstream. The addition of routable multicast TX handling introduced a bug/regression for packets with a link-local multicast destination: These packets would be sent to all batman-adv nodes with a multicast router and to all batman-adv nodes with an old version without multicast router detection. This even disregards the batman-adv multicast fanout setting, which can potentially lead to an unwanted, high number of unicast transmissions or even congestion. Fixing this by avoiding to send link-local multicast packets to nodes in the multicast router list. Fixes: 11d458c1cb9b ("batman-adv: mcast: apply optimizations for routable packets, too") Signed-off-by: Linus Lüssing <linus.luessing@c0d3.blue> Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Chen Jun <chenjun102@huawei.com> Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com> | 4 年前 | |
batman-adv: Add new include for min/max helpers mainline inclusion from mainline-v5.11-rc1 commit fcd193e1dfa6842e2783b04d98345767fe99cf31 category: other bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBPLJA CVE: CVE-2025-21823 Reference: https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fcd193e1dfa6842e2783b04d98345767fe99cf31 -------------------------------- The commit b296a6d53339 ("kernel.h: split out min()/max() et al. helpers") moved the min/max helper functionality from kernel.h to minmax.h. Adjust the kernel code accordingly to avoid fragile indirect includes. Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> Signed-off-by: Zicheng Qu <quzicheng@huawei.com> | 1 年前 | |
batman-adv: Update copyright years for 2020 Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> | 6 年前 | |
batman-adv: fix OOB read/write in network-coding decode stable inclusion from stable-v5.10.243 commit 1e36c6c8dc8023b4bbe9a16e819f9998b9b6a183 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/ICYXVP CVE: CVE-2025-39839 Reference: https://git.kernel.org/stable/c/1e36c6c8dc8023b4bbe9a16e819f9998b9b6a183 -------------------------------- commit d77b6ff0ce35a6d0b0b7b9581bc3f76d041d4087 upstream. batadv_nc_skb_decode_packet() trusts coded_len and checks only against skb->len. XOR starts at sizeof(struct batadv_unicast_packet), reducing payload headroom, and the source skb length is not verified, allowing an out-of-bounds read and a small out-of-bounds write. Validate that coded_len fits within the payload area of both destination and source sk_buffs before XORing. Fixes: 2df5278b0267 ("batman-adv: network coding - receive coded packets and decode them") Cc: stable@vger.kernel.org Reported-by: Stanislav Fort <disclosure@aisle.com> Signed-off-by: Stanislav Fort <stanislav.fort@aisle.com> Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: niuli33 <niuli33@jd.com> | 7 个月前 | |
batman-adv: Update copyright years for 2020 Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> | 6 年前 | |
batman-adv: bypass empty buckets in batadv_purge_orig_ref() mainline inclusion from mainline-v6.10-rc1 commit 40dc8ab605894acae1473e434944924a22cfaaa0 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IACS84 CVE: CVE-2024-40981 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=40dc8ab605894acae1473e434944924a22cfaaa0 --------------------------- Many syzbot reports are pointing to soft lockups in batadv_purge_orig_ref() [1] Root cause is unknown, but we can avoid spending too much time there and perhaps get more interesting reports. [1] watchdog: BUG: soft lockup - CPU#0 stuck for 27s! [kworker/u4:6:621] Modules linked in: irq event stamp: 6182794 hardirqs last enabled at (6182793): [<ffff8000801dae10>] __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386 hardirqs last disabled at (6182794): [<ffff80008ad66a78>] __el1_irq arch/arm64/kernel/entry-common.c:533 [inline] hardirqs last disabled at (6182794): [<ffff80008ad66a78>] el1_interrupt+0x24/0x68 arch/arm64/kernel/entry-common.c:551 softirqs last enabled at (6182792): [<ffff80008aab71c4>] spin_unlock_bh include/linux/spinlock.h:396 [inline] softirqs last enabled at (6182792): [<ffff80008aab71c4>] batadv_purge_orig_ref+0x114c/0x1228 net/batman-adv/originator.c:1287 softirqs last disabled at (6182790): [<ffff80008aab61dc>] spin_lock_bh include/linux/spinlock.h:356 [inline] softirqs last disabled at (6182790): [<ffff80008aab61dc>] batadv_purge_orig_ref+0x164/0x1228 net/batman-adv/originator.c:1271 CPU: 0 PID: 621 Comm: kworker/u4:6 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 Workqueue: bat_events batadv_purge_orig pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : should_resched arch/arm64/include/asm/preempt.h:79 [inline] pc : __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:388 lr : __local_bh_enable_ip+0x224/0x44c kernel/softirq.c:386 sp : ffff800099007970 x29: ffff800099007980 x28: 1fffe00018fce1bd x27: dfff800000000000 x26: ffff0000d2620008 x25: ffff0000c7e70de8 x24: 0000000000000001 x23: 1fffe00018e57781 x22: dfff800000000000 x21: ffff80008aab71c4 x20: ffff0001b40136c0 x19: ffff0000c72bbc08 x18: 1fffe0001a817bb0 x17: ffff800125414000 x16: ffff80008032116c x15: 0000000000000001 x14: 1fffe0001ee9d610 x13: 0000000000000000 x12: 0000000000000003 x11: 0000000000000000 x10: 0000000000ff0100 x9 : 0000000000000000 x8 : 00000000005e5789 x7 : ffff80008aab61dc x6 : 0000000000000000 x5 : 0000000000000000 x4 : 0000000000000001 x3 : 0000000000000000 x2 : 0000000000000006 x1 : 0000000000000080 x0 : ffff800125414000 Call trace: __daif_local_irq_enable arch/arm64/include/asm/irqflags.h:27 [inline] arch_local_irq_enable arch/arm64/include/asm/irqflags.h:49 [inline] __local_bh_enable_ip+0x228/0x44c kernel/softirq.c:386 __raw_spin_unlock_bh include/linux/spinlock_api_smp.h:167 [inline] _raw_spin_unlock_bh+0x3c/0x4c kernel/locking/spinlock.c:210 spin_unlock_bh include/linux/spinlock.h:396 [inline] batadv_purge_orig_ref+0x114c/0x1228 net/batman-adv/originator.c:1287 batadv_purge_orig+0x20/0x70 net/batman-adv/originator.c:1300 process_one_work+0x694/0x1204 kernel/workqueue.c:2633 process_scheduled_works kernel/workqueue.c:2706 [inline] worker_thread+0x938/0xef4 kernel/workqueue.c:2787 kthread+0x288/0x310 kernel/kthread.c:388 ret_from_fork+0x10/0x20 arch/arm64/kernel/entry.S:860 Sending NMI from CPU 0 to CPUs 1: NMI backtrace for cpu 1 CPU: 1 PID: 0 Comm: swapper/1 Not tainted 6.8.0-rc7-syzkaller-g707081b61156 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/29/2024 pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--) pc : arch_local_irq_enable+0x8/0xc arch/arm64/include/asm/irqflags.h:51 lr : default_idle_call+0xf8/0x128 kernel/sched/idle.c:103 sp : ffff800093a17d30 x29: ffff800093a17d30 x28: dfff800000000000 x27: 1ffff00012742fb4 x26: ffff80008ec9d000 x25: 0000000000000000 x24: 0000000000000002 x23: 1ffff00011d93a74 x22: ffff80008ec9d3a0 x21: 0000000000000000 x20: ffff0000c19dbc00 x19: ffff8000802d0fd8 x18: 1fffe00036804396 x17: ffff80008ec9d000 x16: ffff8000802d089c x15: 0000000000000001 x14: 1fffe00036805f10 x13: 0000000000000000 x12: 0000000000000003 x11: 0000000000000001 x10: 0000000000000003 x9 : 0000000000000000 x8 : 00000000000ce8d1 x7 : ffff8000804609e4 x6 : 0000000000000000 x5 : 0000000000000001 x4 : 0000000000000001 x3 : ffff80008ad6aac0 x2 : 0000000000000000 x1 : ffff80008aedea60 x0 : ffff800125436000 Call trace: __daif_local_irq_enable arch/arm64/include/asm/irqflags.h:27 [inline] arch_local_irq_enable+0x8/0xc arch/arm64/include/asm/irqflags.h:49 cpuidle_idle_call kernel/sched/idle.c:170 [inline] do_idle+0x1f0/0x4e8 kernel/sched/idle.c:312 cpu_startup_entry+0x5c/0x74 kernel/sched/idle.c:410 secondary_start_kernel+0x198/0x1c0 arch/arm64/kernel/smp.c:272 __secondary_switched+0xb8/0xbc arch/arm64/kernel/head.S:404 Signed-off-by: Eric Dumazet <edumazet@google.com> Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> Signed-off-by: Liu Jian <liujian56@huawei.com> | 1 年前 | |
batman-adv: Check ptr for NULL before reducing its refcnt stable inclusion from stable-v5.10.110 commit 73f7cbb15191298ec58c0bee3202690d54aa72de bugzilla: https://gitee.com/openeuler/kernel/issues/I574AL Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=73f7cbb15191298ec58c0bee3202690d54aa72de -------------------------------- commit 6340dcbd619450c1bb55eb999e554e4f0e6dab0a upstream. The commit b37a46683739 ("netdevice: add the case if dev is NULL") changed the way how the NULL check for net_devices have to be handled when trying to reduce its reference counter. Before this commit, it was the responsibility of the caller to check whether the object is NULL or not. But it was changed to behave more like kfree. Now the callee has to handle the NULL-case. The batman-adv code was scanned via cocinelle for similar places. These were changed to use the paradigm @@ identifier E, T, R, C; identifier put; @@ void put(struct T *E) { + if (!E) + return; kref_put(&E->C, R); } Functions which were used in other sources files were moved to the header to allow the compiler to inline the NULL check and the kref_put call. Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Yu Liao <liaoyu15@huawei.com> Reviewed-by: Wei Li <liwei391@huawei.com> Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com> | 3 年前 | |
batman-adv: prepare for const netdev->dev_addr stable inclusion from stable-v5.16.20 commit 47ce5f1e3e4e87f141310c975497a4de87f49ab9 category: bugfix bugzilla: https://atomgit.com/src-openeuler/kernel/issues/14399 CVE: CVE-2026-31657 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=47ce5f1e3e4e87f141310c975497a4de87f49ab9 -------------------------------- netdev->dev_addr will be constant soon, make sure the qualifier is propagated thru batman-adv. Signed-off-by: Jakub Kicinski <kuba@kernel.org> Acked-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: xujunjie-cover <xujunjie37@jd.com> | 1 个月前 | |
batman-adv: Update copyright years for 2020 Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> | 6 年前 | |
batman-adv: Drop repeated words in comments checkpatch found various instances of "Possible repeated word" in various comments. Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> | 5 年前 | |
batman-adv: Update copyright years for 2020 Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> | 6 年前 | |
net: vlan: introduce skb_vlan_eth_hdr() stable inclusion from stable-v5.10.205 commit d15e4b825dc0b0ad24a54d493be2f17bd8eb7f0b category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I9JPUP Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=d15e4b825dc0b0ad24a54d493be2f17bd8eb7f0b -------------------------------- [ Upstream commit 1f5020acb33f926030f62563c86dffca35c7b701 ] Similar to skb_eth_hdr() introduced in commit 96cc4b69581d ("macvlan: do not assume mac_header is set in macvlan_broadcast()"), let's introduce a skb_vlan_eth_hdr() helper which can be used in TX-only code paths to get to the VLAN header based on skb->data rather than based on the skb_mac_header(skb). We also consolidate the drivers that dereference skb->data to go through this helper. Signed-off-by: Vladimir Oltean <vladimir.oltean@nxp.com> Reviewed-by: Eric Dumazet <edumazet@google.com> Reviewed-by: Simon Horman <simon.horman@corigine.com> Reviewed-by: Florian Fainelli <f.fainelli@gmail.com> Signed-off-by: David S. Miller <davem@davemloft.net> Stable-dep-of: 9fc95fe95c3e ("net: fec: correct queue selection") Signed-off-by: Sasha Levin <sashal@kernel.org> Signed-off-by: sanglipeng <sanglipeng1@jd.com> | 2 年前 | |
batman-adv: Check ptr for NULL before reducing its refcnt stable inclusion from stable-v5.10.110 commit 73f7cbb15191298ec58c0bee3202690d54aa72de bugzilla: https://gitee.com/openeuler/kernel/issues/I574AL Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=73f7cbb15191298ec58c0bee3202690d54aa72de -------------------------------- commit 6340dcbd619450c1bb55eb999e554e4f0e6dab0a upstream. The commit b37a46683739 ("netdevice: add the case if dev is NULL") changed the way how the NULL check for net_devices have to be handled when trying to reduce its reference counter. Before this commit, it was the responsibility of the caller to check whether the object is NULL or not. But it was changed to behave more like kfree. Now the callee has to handle the NULL-case. The batman-adv code was scanned via cocinelle for similar places. These were changed to use the paradigm @@ identifier E, T, R, C; identifier put; @@ void put(struct T *E) { + if (!E) + return; kref_put(&E->C, R); } Functions which were used in other sources files were moved to the header to allow the compiler to inline the NULL check and the kref_put call. Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Yu Liao <liaoyu15@huawei.com> Reviewed-by: Wei Li <liwei391@huawei.com> Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com> | 3 年前 | |
batman-adv: Fix refcnt leak in batadv_store_throughput_override batadv_show_throughput_override() invokes batadv_hardif_get_by_netdev(), which gets a batadv_hard_iface object from net_dev with increased refcnt and its reference is assigned to a local pointer 'hard_iface'. When batadv_store_throughput_override() returns, "hard_iface" becomes invalid, so the refcount should be decreased to keep refcount balanced. The issue happens in one error path of batadv_store_throughput_override(). When batadv_parse_throughput() returns NULL, the refcnt increased by batadv_hardif_get_by_netdev() is not decreased, causing a refcnt leak. Fix this issue by jumping to "out" label when batadv_parse_throughput() returns NULL. Fixes: 0b5ecc6811bd ("batman-adv: add throughput override attribute to hard_ifaces") Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn> Signed-off-by: Xin Tan <tanxin.ctf@gmail.com> Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> | 6 年前 | |
batman-adv: Update copyright years for 2020 Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> | 6 年前 | |
batman-adv: prepare for const netdev->dev_addr stable inclusion from stable-v5.16.20 commit 47ce5f1e3e4e87f141310c975497a4de87f49ab9 category: bugfix bugzilla: https://atomgit.com/src-openeuler/kernel/issues/14399 CVE: CVE-2026-31657 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=47ce5f1e3e4e87f141310c975497a4de87f49ab9 -------------------------------- netdev->dev_addr will be constant soon, make sure the qualifier is propagated thru batman-adv. Signed-off-by: Jakub Kicinski <kuba@kernel.org> Acked-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: xujunjie-cover <xujunjie37@jd.com> | 1 个月前 | |
batman-adv: Update copyright years for 2020 Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> | 6 年前 | |
batman-adv: Update copyright years for 2020 Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> | 6 年前 | |
batman-adv: trace: Drop unneeded types.h include The commit 04ae87a52074 ("ftrace: Rework event_create_dir()") restructured various macros in the ftrace framework. These changes also had the nice side effect that the linux/types.h include is no longer necessary to define some of the types used by these macros. Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> | 6 年前 | |
batman-adv: Avoid infinite loop trying to resize local TT stable inclusion from stable-v5.10.216 commit 70a8be9dc2fb65d67f8c1e0c88c587e08e2e575d category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9QRL7 CVE: CVE-2024-35982 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=70a8be9dc2fb65d67f8c1e0c88c587e08e2e575d -------------------------------- commit b1f532a3b1e6d2e5559c7ace49322922637a28aa upstream. If the MTU of one of an attached interface becomes too small to transmit the local translation table then it must be resized to fit inside all fragments (when enabled) or a single packet. But if the MTU becomes too low to transmit even the header + the VLAN specific part then the resizing of the local TT will never succeed. This can for example happen when the usable space is 110 bytes and 11 VLANs are on top of batman-adv. In this case, at least 116 byte would be needed. There will just be an endless spam of batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (110) in the log but the function will never finish. Problem here is that the timeout will be halved all the time and will then stagnate at 0 and therefore never be able to reduce the table even more. There are other scenarios possible with a similar result. The number of BATADV_TT_CLIENT_NOPURGE entries in the local TT can for example be too high to fit inside a packet. Such a scenario can therefore happen also with only a single VLAN + 7 non-purgable addresses - requiring at least 120 bytes. While this should be handled proactively when: * interface with too low MTU is added * VLAN is added * non-purgeable local mac is added * MTU of an attached interface is reduced * fragmentation setting gets disabled (which most likely requires dropping attached interfaces) not all of these scenarios can be prevented because batman-adv is only consuming events without the the possibility to prevent these actions (non-purgable MAC address added, MTU of an attached interface is reduced). It is therefore necessary to also make sure that the code is able to handle also the situations when there were already incompatible system configuration are present. Cc: stable@vger.kernel.org Fixes: a19d3d85e1b8 ("batman-adv: limit local translation table max size") Reported-by: syzbot+a6a4b5bb3da165594cff@syzkaller.appspotmail.com Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Guo Mengqi <guomengqi3@huawei.com> | 2 年前 | |
batman-adv: Check ptr for NULL before reducing its refcnt stable inclusion from stable-v5.10.110 commit 73f7cbb15191298ec58c0bee3202690d54aa72de bugzilla: https://gitee.com/openeuler/kernel/issues/I574AL Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=73f7cbb15191298ec58c0bee3202690d54aa72de -------------------------------- commit 6340dcbd619450c1bb55eb999e554e4f0e6dab0a upstream. The commit b37a46683739 ("netdevice: add the case if dev is NULL") changed the way how the NULL check for net_devices have to be handled when trying to reduce its reference counter. Before this commit, it was the responsibility of the caller to check whether the object is NULL or not. But it was changed to behave more like kfree. Now the callee has to handle the NULL-case. The batman-adv code was scanned via cocinelle for similar places. These were changed to use the paradigm @@ identifier E, T, R, C; identifier put; @@ void put(struct T *E) { + if (!E) + return; kref_put(&E->C, R); } Functions which were used in other sources files were moved to the header to allow the compiler to inline the NULL check and the kref_put call. Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Yu Liao <liaoyu15@huawei.com> Reviewed-by: Wei Li <liwei391@huawei.com> Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com> | 3 年前 | |
batman-adv: prepare for const netdev->dev_addr stable inclusion from stable-v5.16.20 commit 47ce5f1e3e4e87f141310c975497a4de87f49ab9 category: bugfix bugzilla: https://atomgit.com/src-openeuler/kernel/issues/14399 CVE: CVE-2026-31657 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=47ce5f1e3e4e87f141310c975497a4de87f49ab9 -------------------------------- netdev->dev_addr will be constant soon, make sure the qualifier is propagated thru batman-adv. Signed-off-by: Jakub Kicinski <kuba@kernel.org> Acked-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: xujunjie-cover <xujunjie37@jd.com> | 1 个月前 | |
batman-adv: prepare for const netdev->dev_addr stable inclusion from stable-v5.16.20 commit 47ce5f1e3e4e87f141310c975497a4de87f49ab9 category: bugfix bugzilla: https://atomgit.com/src-openeuler/kernel/issues/14399 CVE: CVE-2026-31657 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=47ce5f1e3e4e87f141310c975497a4de87f49ab9 -------------------------------- netdev->dev_addr will be constant soon, make sure the qualifier is propagated thru batman-adv. Signed-off-by: Jakub Kicinski <kuba@kernel.org> Acked-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: David S. Miller <davem@davemloft.net> Signed-off-by: xujunjie-cover <xujunjie37@jd.com> | 1 个月前 | |
batman-adv: Drop unmanaged ELP metric worker mainline inclusion from mainline-v6.14-rc3 commit 8c8ecc98f5c65947b0070a24bac11e12e47cc65d category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/IBPLJA CVE: CVE-2025-21823 Reference: https://web.git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8c8ecc98f5c65947b0070a24bac11e12e47cc65d -------------------------------- The ELP worker needs to calculate new metric values for all neighbors "reachable" over an interface. Some of the used metric sources require locks which might need to sleep. This sleep is incompatible with the RCU list iterator used for the recorded neighbors. The initial approach to work around of this problem was to queue another work item per neighbor and then run this in a new context. Even when this solved the RCU vs might_sleep() conflict, it has a major problems: Nothing was stopping the work item in case it is not needed anymore - for example because one of the related interfaces was removed or the batman-adv module was unloaded - resulting in potential invalid memory accesses. Directly canceling the metric worker also has various problems: * cancel_work_sync for a to-be-deactivated interface is called with rtnl_lock held. But the code in the ELP metric worker also tries to use rtnl_lock() - which will never return in this case. This also means that cancel_work_sync would never return because it is waiting for the worker to finish. * iterating over the neighbor list for the to-be-deactivated interface is currently done using the RCU specific methods. Which means that it is possible to miss items when iterating over it without the associated spinlock - a behaviour which is acceptable for a periodic metric check but not for a cleanup routine (which must "stop" all still running workers) The better approch is to get rid of the per interface neighbor metric worker and handle everything in the interface worker. The original problems are solved by: * creating a list of neighbors which require new metric information inside the RCU protected context, gathering the metric according to the new list outside the RCU protected context * only use rcu_trylock inside metric gathering code to avoid a deadlock when the cancel_delayed_work_sync is called in the interface removal code (which is called with the rtnl_lock held) Cc: stable@vger.kernel.org Fixes: c833484e5f38 ("batman-adv: ELP - compute the metric based on the estimated throughput") Signed-off-by: Sven Eckelmann <sven@narfation.org> Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de> Signed-off-by: Zicheng Qu <quzicheng@huawei.com> | 1 年前 |
| 文件 | 最后提交记录 | 最后更新时间 |
|---|---|---|
| 6 年前 | ||
| 6 年前 | ||
| 6 年前 | ||
| 6 年前 | ||
| 1 个月前 | ||
| 6 年前 | ||
| 1 年前 | ||
| 6 年前 | ||
| 1 个月前 | ||
| 1 年前 | ||
| 1 年前 | ||
| 6 年前 | ||
| 6 年前 | ||
| 6 年前 | ||
| 1 个月前 | ||
| 5 年前 | ||
| 6 年前 | ||
| 6 年前 | ||
| 2 年前 | ||
| 6 年前 | ||
| 1 年前 | ||
| 6 年前 | ||
| 3 年前 | ||
| 3 年前 | ||
| 2 年前 | ||
| 6 年前 | ||
| 1 个月前 | ||
| 1 个月前 | ||
| 6 年前 | ||
| 6 年前 | ||
| 1 年前 | ||
| 6 年前 | ||
| 5 年前 | ||
| 5 年前 | ||
| 1 年前 | ||
| 5 年前 | ||
| 3 年前 | ||
| 4 年前 | ||
| 1 年前 | ||
| 6 年前 | ||
| 7 个月前 | ||
| 6 年前 | ||
| 1 年前 | ||
| 3 年前 | ||
| 1 个月前 | ||
| 6 年前 | ||
| 5 年前 | ||
| 6 年前 | ||
| 2 年前 | ||
| 3 年前 | ||
| 6 年前 | ||
| 6 年前 | ||
| 1 个月前 | ||
| 6 年前 | ||
| 6 年前 | ||
| 6 年前 | ||
| 2 年前 | ||
| 3 年前 | ||
| 1 个月前 | ||
| 1 个月前 | ||
| 1 年前 |