FreeBSD Bugzilla – Attachment 183568 Details for
Bug 220078
[patch] [panic] repeatable kernel panic due to unlocked INADDR_TO_IFP usage
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
lock access to INADDR_TO_IFP in the in_mcast.c
in_mcast.c.diff (text/plain), 2.64 KB, created by
Eugene Grosbein
on 2017-06-17 12:19:08 UTC
(
hide
)
Description:
lock access to INADDR_TO_IFP in the in_mcast.c
Filename:
MIME Type:
Creator:
Eugene Grosbein
Created:
2017-06-17 12:19:08 UTC
Size:
2.64 KB
patch
obsolete
>--- sys/netinet/in_mcast.c.orig 2017-04-20 15:01:10.786840000 +0700 >+++ sys/netinet/in_mcast.c 2017-06-17 18:24:34.034823000 +0700 >@@ -1338,6 +1338,7 @@ static int > inp_block_unblock_source(struct inpcb *inp, struct sockopt *sopt) > { > struct group_source_req gsr; >+ struct rm_priotracker in_ifa_tracker; > sockunion_t *gsa, *ssa; > struct ifnet *ifp; > struct in_mfilter *imf; >@@ -1375,9 +1376,11 @@ inp_block_unblock_source(struct inpcb *i > ssa->sin.sin_len = sizeof(struct sockaddr_in); > ssa->sin.sin_addr = mreqs.imr_sourceaddr; > >- if (!in_nullhost(mreqs.imr_interface)) >+ if (!in_nullhost(mreqs.imr_interface)) { >+ IN_IFADDR_RLOCK(&in_ifa_tracker); > INADDR_TO_IFP(mreqs.imr_interface, ifp); >- >+ IN_IFADDR_RUNLOCK(&in_ifa_tracker); >+ } > if (sopt->sopt_name == IP_BLOCK_SOURCE) > doblock = 1; > >@@ -1873,7 +1876,6 @@ inp_getmoptions(struct inpcb *inp, struc > * > * Returns NULL if no ifp could be found. > * >- * SMPng: TODO: Acquire the appropriate locks for INADDR_TO_IFP. > * FUTURE: Implement IPv4 source-address selection. > */ > static struct ifnet * >@@ -1891,7 +1893,9 @@ inp_lookup_mcast_ifp(const struct inpcb > > ifp = NULL; > if (!in_nullhost(ina)) { >+ IN_IFADDR_RLOCK(&in_ifa_tracker); > INADDR_TO_IFP(ina, ifp); >+ IN_IFADDR_RUNLOCK(&in_ifa_tracker); > } else { > fibnum = inp ? inp->inp_inc.inc_fibnum : 0; > if (fib4_lookup_nh_basic(fibnum, gsin->sin_addr, 0, 0, &nh4)==0) >@@ -2223,6 +2227,7 @@ inp_leave_group(struct inpcb *inp, struc > { > struct group_source_req gsr; > struct ip_mreq_source mreqs; >+ struct rm_priotracker in_ifa_tracker; > sockunion_t *gsa, *ssa; > struct ifnet *ifp; > struct in_mfilter *imf; >@@ -2281,9 +2286,11 @@ inp_leave_group(struct inpcb *inp, struc > * XXX NOTE WELL: The RFC 3678 API is preferred because > * using an IPv4 address as a key is racy. > */ >- if (!in_nullhost(mreqs.imr_interface)) >+ if (!in_nullhost(mreqs.imr_interface)) { >+ IN_IFADDR_RLOCK(&in_ifa_tracker); > INADDR_TO_IFP(mreqs.imr_interface, ifp); >- >+ IN_IFADDR_RUNLOCK(&in_ifa_tracker); >+ } > CTR3(KTR_IGMPV3, "%s: imr_interface = 0x%08x, ifp = %p", > __func__, ntohl(mreqs.imr_interface.s_addr), ifp); > >@@ -2443,6 +2450,7 @@ out_inp_locked: > static int > inp_set_multicast_if(struct inpcb *inp, struct sockopt *sopt) > { >+ struct rm_priotracker in_ifa_tracker; > struct in_addr addr; > struct ip_mreqn mreqn; > struct ifnet *ifp; >@@ -2481,7 +2489,9 @@ inp_set_multicast_if(struct inpcb *inp, > if (in_nullhost(addr)) { > ifp = NULL; > } else { >+ IN_IFADDR_RLOCK(&in_ifa_tracker); > INADDR_TO_IFP(addr, ifp); >+ IN_IFADDR_RUNLOCK(&in_ifa_tracker); > if (ifp == NULL) > return (EADDRNOTAVAIL); > }
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=183568">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 220078
:
183567
| 183568 |
183569
|
183570
|
183590
|
187688
|
187689