netfilter: IDLETIMER: be syzkaller friendly

[pandora-kernel.git] / net / batman-adv / routing.c

diff --git a/net/batman-adv/routing.c b/net/batman-adv/routing.c
index f961cc5..cc82ec5 100644 (file)
--- a/net/batman-adv/routing.c
+++ b/net/batman-adv/routing.c
@@ -98,6 +98,15 @@ static void _update_route(struct bat_priv *bat_priv,
                neigh_node = NULL;
 
        spin_lock_bh(&orig_node->neigh_list_lock);
+       /* curr_router used earlier may not be the current orig_node->router
+        * anymore because it was dereferenced outside of the neigh_list_lock
+        * protected region. After the new best neighbor has replace the current
+        * best neighbor the reference counter needs to decrease. Consequently,
+        * the code needs to ensure the curr_router variable contains a pointer
+        * to the replaced best neighbor.
+        */
+       curr_router = rcu_dereference_protected(orig_node->router, true);
+
        rcu_assign_pointer(orig_node->router, neigh_node);
        spin_unlock_bh(&orig_node->neigh_list_lock);
 
@@ -619,6 +628,8 @@ int recv_tt_query(struct sk_buff *skb, struct hard_iface *recv_if)
                /* packet needs to be linearized to access the TT changes */
                if (skb_linearize(skb) < 0)
                        goto out;
+               /* skb_linearize() possibly changed skb->data */
+               tt_query = (struct tt_query_packet *)skb->data;
 
                if (is_my_mac(tt_query->dst))
                        handle_tt_response(bat_priv, tt_query);