|Summary:||in6_pcblookup_hash_locked() needs locking and inp validation possibly|
|Product:||Base System||Reporter:||Bjoern A. Zeeb <bz>|
|Component:||kern||Assignee:||Bjoern A. Zeeb <bz>|
|Severity:||Affects Only Me||CC:||bz|
|Bug Depends on:|
Description Bjoern A. Zeeb 2018-10-12 00:14:12 UTC
When in6_pcblookup_hash_locked() is called from in6_pcblookup_hash() only the epoch() seems to protect it; that means we might be able to get an inp out of the list which is marked FREED and we need to skip it; the according places are already marked with "XXX locking" (which I seem to have put there a long time ago); see what happened in IPv4 land for that as well, when touching this..
Comment 1 Bjoern A. Zeeb 2018-10-12 00:17:31 UTC
The checks in in6_pcblookup_hash() are actually a function bug as well it seems and need to moved inside the _locked() variant; the only other caller seems to be protect the call by a WLOCK so should be fine for that. Crosscheck with IPv4.