batman-adv: prevent ELP transmission interval underflow

batadv_v_elp_start_timer() enqeues a delayed work. The time when it starts
is randomly chosen between (elp_interval - BATADV_JITTER) and
(elp_interval + BATADV_JITTER). The configured elp_interval must therefore
be larger or equal to BATADV_JITTER to avoid that it causes an underflow of
the unsigned integer. If this would happen, then a "fast" ELP interval
would turn into a "day long" delay.

At the same time, it must not be larger than the maximum value the variable
can store.

Cc: stable@kernel.org
Fixes: a10800829040 ("batman-adv: Add elp_interval hardif genl configuration")
Signed-off-by: Sven Eckelmann <sven@narfation.org>

diff --git a/net/batman-adv/netlink.c b/net/batman-adv/netlink.c
index e5463003a3bd69bd1fdf14cdc7804e030a06d9fd..1ba206e4027332f0291c0f5d7f0b07f0e80a3724 100644 (file)
--- a/net/batman-adv/netlink.c
+++ b/net/batman-adv/netlink.c
@@ -919,9 +919,15 @@ static int batadv_netlink_set_hardif(struct sk_buff *skb,
 #ifdef CONFIG_BATMAN_ADV_BATMAN_V
 
        if (info->attrs[BATADV_ATTR_ELP_INTERVAL]) {
+               u32 elp_interval;
+
                attr = info->attrs[BATADV_ATTR_ELP_INTERVAL];
+               elp_interval = nla_get_u32(attr);
+
+               elp_interval = min_t(u32, elp_interval, INT_MAX);
+               elp_interval = max_t(u32, elp_interval, BATADV_JITTER);
 
-               WRITE_ONCE(hard_iface->bat_v.elp_interval, nla_get_u32(attr));
+               WRITE_ONCE(hard_iface->bat_v.elp_interval, elp_interval);
        }
 
        if (info->attrs[BATADV_ATTR_THROUGHPUT_OVERRIDE]) {