Bug 232193 - in6_pcblookup_hash_locked() needs locking and inp validation possibly
Summary: in6_pcblookup_hash_locked() needs locking and inp validation possibly
Status: Open
Alias: None
Product: Base System
Classification: Unclassified
Component: kern (show other bugs)
Version: CURRENT
Hardware: Any Any
: --- Affects Only Me
Assignee: Bjoern A. Zeeb
URL:
Keywords: ipv6
Depends on:
Blocks: 232348
  Show dependency treegraph
 
Reported: 2018-10-12 00:14 UTC by Bjoern A. Zeeb
Modified: 2018-10-17 08:28 UTC (History)
1 user (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Bjoern A. Zeeb freebsd_committer 2018-10-12 00:14:12 UTC
When in6_pcblookup_hash_locked() is called from in6_pcblookup_hash() only the epoch() seems to protect it;  that means we might be able to get an inp out of the list which is marked FREED and we need to skip it;

the according places are already marked with "XXX locking" (which I seem to have put there a long time ago);  see what happened in IPv4 land for that as well, when touching this..
Comment 1 Bjoern A. Zeeb freebsd_committer 2018-10-12 00:17:31 UTC
The checks in in6_pcblookup_hash() are actually a function bug as well it seems and need to moved inside the _locked() variant;   the only other caller seems to be protect the call by a WLOCK so should be fine for that.


Crosscheck with IPv4.
Comment 2 Bjoern A. Zeeb freebsd_committer 2018-10-17 00:04:23 UTC
https://reviews.freebsd.org/D17593