Differential D19872

Reinitialize source filter structures after removing an entry.
ClosedPublic
Actions

Authored by markj on Apr 10 2019, 4:13 AM.

Tags

None

Referenced Files

	Unknown Object (File)
	Thu, Apr 24, 8:56 AM

	Unknown Object (File)
	Mon, Apr 14, 8:05 AM

	Unknown Object (File)
	Mon, Apr 14, 3:55 AM

	Unknown Object (File)
	Sun, Apr 13, 8:38 PM

	Unknown Object (File)
	Sun, Apr 13, 7:27 PM

	Unknown Object (File)
	Sun, Apr 13, 7:23 PM

	Unknown Object (File)
	Wed, Apr 2, 3:28 PM

	Unknown Object (File)
	Mar 20 2025, 4:49 PM

View All 71 Files

Subscribers

Details

Reviewers

Group Reviewers

Commits

rS346118: Reinitialize multicast source filter structures after invalidation.

Summary

When leaving a multicast group, inp_leave_group() creates a hole in the
source filter and group membership arrays. It copies succeeding
elements down by 1 entry, so the last entry remains initialized with
stale data. This can trip an assertion in inp_join_group() which
verifies that the newly allocated source filter array entry does not
contain any source filters. Fix the problem by explicitly
reinitializing the last source filter array entry using the same
measures as in imo_grow().

Test Plan

The diff fixes this report from syzkaller:
https://syzkaller.appspot.com/bug?id=f5ead1657644d18c765fb186f26e0476bc9fc63c

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

markj created this revision.Apr 10 2019, 4:13 AM

Harbormaster completed remote builds in B23610: Diff 56032.Apr 10 2019, 4:13 AM

markj edited the test plan for this revision. (Show Details)Apr 10 2019, 4:16 AM

markj added a reviewer: network.

IPv6 has the same code.

Update IPv6 code.

Harbormaster completed remote builds in B23615: Diff 56047.Apr 10 2019, 1:38 PM

ae accepted this revision as: ae.Apr 10 2019, 3:58 PM

This revision is now accepted and ready to land.Apr 10 2019, 3:58 PM

Closed by commit rS346118: Reinitialize multicast source filter structures after invalidation. (authored by markj). · Explain WhyApr 11 2019, 8:01 AM

This revision was automatically updated to reflect the committed changes.

Herald added subscribers: bz, imp. · View Herald TranscriptApr 11 2019, 8:01 AM

Revision Contents
Changeset List

Path

Size

head/

sys/

netinet/

8 lines

netinet6/

8 lines

Diff 56087

head/sys/netinet/in_mcast.c

Loading...

head/sys/netinet6/in6_mcast.c

Loading...