232193 – in6_pcblookup_hash_locked() needs locking and inp validation possibly

Bug 232193 - in6_pcblookup_hash_locked() needs locking and inp validation possibly

Summary: in6_pcblookup_hash_locked() needs locking and inp validation possibly

Status:	Open

Alias:	None

Product:	Base System
Classification:	Unclassified
Component:	kern (show other bugs)
Version:	CURRENT
Hardware:	Any Any

Importance:	--- Affects Only Me
Assignee:	Bjoern A. Zeeb

URL:
Keywords:	ipv6

Depends on:
Blocks:	232348
	Show dependency tree / graph

Reported:	2018-10-12 00:14 UTC by Bjoern A. Zeeb
Modified:	2022-03-19 10:46 UTC (History)
CC List:	2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Bjoern A. Zeeb freebsd_committer

2018-10-12 00:14:12 UTC

When in6_pcblookup_hash_locked() is called from in6_pcblookup_hash() only the epoch() seems to protect it;  that means we might be able to get an inp out of the list which is marked FREED and we need to skip it;

the according places are already marked with "XXX locking" (which I seem to have put there a long time ago);  see what happened in IPv4 land for that as well, when touching this..

Comment 1 Bjoern A. Zeeb freebsd_committer

2018-10-12 00:17:31 UTC

The checks in in6_pcblookup_hash() are actually a function bug as well it seems and need to moved inside the _locked() variant;   the only other caller seems to be protect the call by a WLOCK so should be fine for that.


Crosscheck with IPv4.

Comment 2 Bjoern A. Zeeb freebsd_committer

2018-10-17 00:04:23 UTC

https://reviews.freebsd.org/D17593