[thirdparty/kernel/stable-queue.git] / releases / 4.9.135 / batman-adv-fix-hardif_neigh-refcount-on-queue_work-failure.patch

From foo@baz Thu Oct 18 11:11:32 CEST 2018
From: Marek Lindner <mareklindner@neomailbox.ch>
Date: Fri, 7 Sep 2018 05:45:55 +0800
Subject: batman-adv: fix hardif_neigh refcount on queue_work() failure

From: Marek Lindner <mareklindner@neomailbox.ch>

[ Upstream commit 4c4af6900844ab04c9434c972021d7b48610e06a ]

The hardif_neigh refcounter is to be decreased by the queued work and
currently is never decreased if the queue_work() call fails.
Fix by checking the queue_work() return value and decrease refcount
if necessary.

Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
Signed-off-by: Sven Eckelmann <sven@narfation.org>
Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 net/batman-adv/bat_v_elp.c |    8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

--- a/net/batman-adv/bat_v_elp.c
+++ b/net/batman-adv/bat_v_elp.c
@@ -243,6 +243,7 @@ static void batadv_v_elp_periodic_work(s
 	struct batadv_priv *bat_priv;
 	struct sk_buff *skb;
 	u32 elp_interval;
+	bool ret;
 
 	bat_v = container_of(work, struct batadv_hard_iface_bat_v, elp_wq.work);
 	hard_iface = container_of(bat_v, struct batadv_hard_iface, bat_v);
@@ -304,8 +305,11 @@ static void batadv_v_elp_periodic_work(s
 		 * may sleep and that is not allowed in an rcu protected
 		 * context. Therefore schedule a task for that.
 		 */
-		queue_work(batadv_event_workqueue,
-			   &hardif_neigh->bat_v.metric_work);
+		ret = queue_work(batadv_event_workqueue,
+				 &hardif_neigh->bat_v.metric_work);
+
+		if (!ret)
+			batadv_hardif_neigh_put(hardif_neigh);
 	}
 	rcu_read_unlock();
Commit	Line	Data
be7e94f8 GKH	1	From foo@baz Thu Oct 18 11:11:32 CEST 2018
	2	From: Marek Lindner <mareklindner@neomailbox.ch>
	3	Date: Fri, 7 Sep 2018 05:45:55 +0800
	4	Subject: batman-adv: fix hardif_neigh refcount on queue_work() failure
	5
	6	From: Marek Lindner <mareklindner@neomailbox.ch>
	7
	8	[ Upstream commit 4c4af6900844ab04c9434c972021d7b48610e06a ]
	9
	10	The hardif_neigh refcounter is to be decreased by the queued work and
	11	currently is never decreased if the queue_work() call fails.
	12	Fix by checking the queue_work() return value and decrease refcount
	13	if necessary.
	14
	15	Signed-off-by: Marek Lindner <mareklindner@neomailbox.ch>
	16	Signed-off-by: Sven Eckelmann <sven@narfation.org>
	17	Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
	18	Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
	19	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	20	---
	21	net/batman-adv/bat_v_elp.c \| 8 ++++++--
	22	1 file changed, 6 insertions(+), 2 deletions(-)
	23
	24	--- a/net/batman-adv/bat_v_elp.c
	25	+++ b/net/batman-adv/bat_v_elp.c
	26	@@ -243,6 +243,7 @@ static void batadv_v_elp_periodic_work(s
	27	struct batadv_priv *bat_priv;
	28	struct sk_buff *skb;
	29	u32 elp_interval;
	30	+ bool ret;
	31
	32	bat_v = container_of(work, struct batadv_hard_iface_bat_v, elp_wq.work);
	33	hard_iface = container_of(bat_v, struct batadv_hard_iface, bat_v);
	34	@@ -304,8 +305,11 @@ static void batadv_v_elp_periodic_work(s
	35	* may sleep and that is not allowed in an rcu protected
	36	* context. Therefore schedule a task for that.
	37	*/
	38	- queue_work(batadv_event_workqueue,
	39	- &hardif_neigh->bat_v.metric_work);
	40	+ ret = queue_work(batadv_event_workqueue,
	41	+ &hardif_neigh->bat_v.metric_work);
	42	+
	43	+ if (!ret)
	44	+ batadv_hardif_neigh_put(hardif_neigh);
	45	}
	46	rcu_read_unlock();
	47