releases/4.9.104/batman-adv-fix-netlink-dumping-of-bla-claims.patch - pub/scm/linux/kernel/git/stable/stable-queue - Git at Google

 From foo@baz Sun May 27 17:33:38 CEST 2018
 From: Sven Eckelmann <sven@narfation.org>
 Date: Sat, 24 Feb 2018 12:03:36 +0100
 Subject: batman-adv: Fix netlink dumping of BLA claims

 From: Sven Eckelmann <sven@narfation.org>

 [ Upstream commit b0264ecdfeab5f889b02ec54af7ca8cc1c245e2f ]

 The function batadv_bla_claim_dump_bucket must be able to handle
 non-complete dumps of a single bucket. It tries to do that by saving the
 latest dumped index in *idx_skip to inform the caller about the current
 state.

 But the caller only assumes that buckets were not completely dumped when
 the return code is non-zero. This function must therefore also return a
 non-zero index when the dumping of an entry failed. Otherwise the caller
 will just skip all remaining buckets.

 And the function must also reset *idx_skip back to zero when it finished a
 bucket. Otherwise it will skip the same number of entries in the next
 bucket as the previous one had.

 Fixes: 04f3f5bf1883 ("batman-adv: add B.A.T.M.A.N. Dump BLA claims via netlink")
 Reported-by: Linus Lüssing <linus.luessing@c0d3.blue>
 Signed-off-by: Sven Eckelmann <sven@narfation.org>
 Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
 Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 ---
  net/batman-adv/bridge_loop_avoidance.c |   11 +++++++----
  1 file changed, 7 insertions(+), 4 deletions(-)

 --- a/net/batman-adv/bridge_loop_avoidance.c
 +++ b/net/batman-adv/bridge_loop_avoidance.c
 @@ -2149,22 +2149,25 @@ batadv_bla_claim_dump_bucket(struct sk_b
  {
  	struct batadv_bla_claim *claim;
  	int idx = 0;
 +	int ret = 0;

  	rcu_read_lock();
  	hlist_for_each_entry_rcu(claim, head, hash_entry) {
  		if (idx++ < *idx_skip)
  			continue;
 -		if (batadv_bla_claim_dump_entry(msg, portid, seq,
 -						primary_if, claim)) {
 +
 +		ret = batadv_bla_claim_dump_entry(msg, portid, seq,
 +						  primary_if, claim);
 +		if (ret) {
  			*idx_skip = idx - 1;
  			goto unlock;
  		}
  	}

 -	*idx_skip = idx;
 +	*idx_skip = 0;
  unlock:
  	rcu_read_unlock();
 -	return 0;
 +	return ret;
  }

  /**
	From foo@baz Sun May 27 17:33:38 CEST 2018
	From: Sven Eckelmann <sven@narfation.org>
	Date: Sat, 24 Feb 2018 12:03:36 +0100
	Subject: batman-adv: Fix netlink dumping of BLA claims

	From: Sven Eckelmann <sven@narfation.org>

	[ Upstream commit b0264ecdfeab5f889b02ec54af7ca8cc1c245e2f ]

	The function batadv_bla_claim_dump_bucket must be able to handle
	non-complete dumps of a single bucket. It tries to do that by saving the
	latest dumped index in *idx_skip to inform the caller about the current
	state.

	But the caller only assumes that buckets were not completely dumped when
	the return code is non-zero. This function must therefore also return a
	non-zero index when the dumping of an entry failed. Otherwise the caller
	will just skip all remaining buckets.

	And the function must also reset *idx_skip back to zero when it finished a
	bucket. Otherwise it will skip the same number of entries in the next
	bucket as the previous one had.

	Fixes: 04f3f5bf1883 ("batman-adv: add B.A.T.M.A.N. Dump BLA claims via netlink")
	Reported-by: Linus Lüssing <linus.luessing@c0d3.blue>
	Signed-off-by: Sven Eckelmann <sven@narfation.org>
	Signed-off-by: Simon Wunderlich <sw@simonwunderlich.de>
	Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	---
	net/batman-adv/bridge_loop_avoidance.c \| 11 +++++++----
	1 file changed, 7 insertions(+), 4 deletions(-)

	--- a/net/batman-adv/bridge_loop_avoidance.c
	+++ b/net/batman-adv/bridge_loop_avoidance.c
	@@ -2149,22 +2149,25 @@ batadv_bla_claim_dump_bucket(struct sk_b
	{
	struct batadv_bla_claim *claim;
	int idx = 0;
	+ int ret = 0;

	rcu_read_lock();
	hlist_for_each_entry_rcu(claim, head, hash_entry) {
	if (idx++ < *idx_skip)
	continue;
	- if (batadv_bla_claim_dump_entry(msg, portid, seq,
	- primary_if, claim)) {
	+
	+ ret = batadv_bla_claim_dump_entry(msg, portid, seq,
	+ primary_if, claim);
	+ if (ret) {
	*idx_skip = idx - 1;
	goto unlock;
	}
	}

	- *idx_skip = idx;
	+ *idx_skip = 0;
	unlock:
	rcu_read_unlock();
	- return 0;
	+ return ret;
	}

	/**