Page MenuHomeFreeBSD
Differential D39317

inet6: protect address manipulation with a lock
ClosedPublic
Actions

Authored by mjg on Mar 29 2023, 1:07 PM.
Tags
None
Referenced Files
Unknown Object (File)
Nov 29 2024, 1:58 AM
Unknown Object (File)
Sep 17 2024, 3:52 AM
Unknown Object (File)
Sep 16 2024, 8:36 PM
Unknown Object (File)
Aug 19 2024, 7:32 PM
Unknown Object (File)
Aug 15 2024, 8:27 AM
Unknown Object (File)
Jul 28 2024, 10:30 PM
Unknown Object (File)
Jul 26 2024, 3:50 PM
Unknown Object (File)
Jul 26 2024, 3:50 PM
View All 48 Files
Subscribers
ae
cmcdonald_netgate.com
glebius
imp
kp
melifaro
zlei

Details

Reviewers
kp
Group Reviewers
network
Commits
rGff99bfe3ef73: inet6: protect address manipulation with a lock
rGf5a365e51fee: inet6: protect address manipulation with a lock
Summary
inet6: protect address manipulation with a lock

This is a total hack/bare minimum which follows inet4.

Otherwise 2 threads removing the same address can easily crash.
Test Plan
#!/bin/sh

IFNAME=igc0
INET6ADDR=2001:db8:bdbd::123/48

while true; do
    ifconfig $IFNAME inet6 $INET6ADDR &                      
    ifconfig $IFNAME inet6 $INET6ADDR delete &                   
done

crashes stock kernel with:

--- trap 0xc, rip = 0xffffffff80fd9293, rsp = 0xfffffe00cd68c9d0, rbp = 0xfffffe00cd68ca20 ---
in6_unlink_ifa() at in6_unlink_ifa+0x63/frame 0xfffffe00cd68ca20
in6_purgeaddr() at in6_purgeaddr+0x367/frame 0xfffffe00cd68cb40
in6_purgeifaddr() at in6_purgeifaddr+0x13/frame 0xfffffe00cd68cb60
in6_control() at in6_control+0x532/frame 0xfffffe00cd68cbc0
ifioctl() at ifioctl+0x7bc/frame 0xfffffe00cd68ccc0
kern_ioctl() at kern_ioctl+0x26d/frame 0xfffffe00cd68cd30
sys_ioctl() at sys_ioctl+0x101/frame 0xfffffe00cd68ce00
amd64_syscall() at amd64_syscall+0x10c/frame 0xfffffe00cd68cf30
fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe00cd68cf30

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

mjg created this revision.Mar 29 2023, 1:07 PM
Herald added subscribers: glebius, melifaro, ae, imp. · View Herald TranscriptMar 29 2023, 1:07 PM
mjg requested review of this revision.Mar 29 2023, 1:07 PM
guest-patmaddox added a subscriber: guest-patmaddox.Mar 29 2023, 4:55 PM
cmcdonald_netgate.com added a subscriber: cmcdonald_netgate.com.Mar 29 2023, 7:51 PM
kp accepted this revision as: kp.Mar 30 2023, 1:37 AM
kp added a subscriber: kp.

fwiw, Gleb added the IPv4 lock in https://cgit.freebsd.org/src/commit/?id=f7a39160c259ea83b507b0808418619712572428.

It's a bit of a big hammer, but it's going to be more effective than finding and handling individual races, and it's probably not very important to be able to add/remove millions of addresses per second.

Nit: it should be a per-vnet lock, but the IPv4 one isn't either. Perhaps that's something we should fix in a separate commit.

This revision was not accepted when it landed; it landed in state Needs Review.Mar 30 2023, 8:47 AM
Closed by commit rGf5a365e51fee: inet6: protect address manipulation with a lock (authored by mjg). · Explain Why
This revision was automatically updated to reflect the committed changes.
mjg added a commit: rGf5a365e51fee: inet6: protect address manipulation with a lock.
guest-patmaddox removed a subscriber: guest-patmaddox.Jul 29 2023, 5:38 AM
zlei added a commit: rGff99bfe3ef73: inet6: protect address manipulation with a lock.May 10 2024, 4:31 PM
zlei added a subscriber: zlei.May 10 2024, 4:36 PM

Xref a PR: 271344 which was reported after the fix.

Revision Contents
Changeset List

PathSize
sys/
netinet6/
9 lines

Diff 119658

View Options

sys/netinet6/in6.c

Loading...