Project

General

Profile

Actions
Copy link

Bug #440

open

tt: potential update of common.flags by multiple callers

Added by Sven Eckelmann 14 days ago. Updated 4 days ago.

Status:
New
Priority:
Normal
Assignee:
Antonio Quartulli
Target version:
-
Start date:
06/04/2026
Due date:
% Done:

0%

Estimated time:

Description

Does the code in batadv_tt_local_add allow concurrent unprotected updates to tt_local->common.flags and tt_global->common.flags?

Because batadv_interface_tx (the ndo_start_xmit handler) is configured with lltx = true, it executes without the netdev tx lock. This could allow multiple CPUs processing outgoing packets from the same client MAC to call batadv_tt_local_add() concurrently.

A concurrent execution could cause one CPU to overwrite the flag updates of another via non-atomic read-modify-write operations (|= and &=). For example, if CPU A clears the BATADV_TT_CLIENT_ROAM flag while CPU B simultaneously sets the BATADV_TT_CLIENT_WIFI flag, could the ROAM flag clearance be permanently lost, leaving the client stuck in an incorrect roaming state?

See https://sashiko.dev/#/patchset/20260603072527.174487-1-sw@simonwunderlich.de?part=15

Related issues 1 (1 open0 closed)

Is duplicate of batman-adv - Bug #404: KCSAN: data-race in batadv_tt_local_add / batadv_tt_local_addNewAntonio Quartulli11/08/2019

Actions
Actions
Copy link
 #1

Updated by Sven Eckelmann 14 days ago

  • Description updated (diff)
Actions
Copy link
 #2

Updated by Sven Eckelmann 14 days ago

  • Description updated (diff)
Actions
Copy link
 #3

Updated by Sven Eckelmann 14 days ago

  • Is duplicate of Bug #404: KCSAN: data-race in batadv_tt_local_add / batadv_tt_local_add added
Actions
Copy link

Also available in: Atom PDF