Fix unlocked access to ifnet address list
ClosedPublic
Actions

Authored by rstone on Jul 17 2016, 6:22 PM.

Details

Reviewers

Commits

rS304437: Fix unlocked access to ifnet address list

Summary

in_broadcast() was iterator over the ifnet address list without
first taking an if_addr_rlock. This could cause a panic if a
concurrent operation modified the list.

Test Plan

Added and removed IPs in a loop on an ifnet while traffic was actively
running on it.

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

rstone updated this revision to Diff 18496.Jul 17 2016, 6:22 PM

rstone retitled this revision from to Fix unlocked access to ifnet address list.

rstone updated this object.

rstone edited the test plan for this revision. (Show Details)

Herald added a subscriber: imp. · View Herald TranscriptJul 17 2016, 6:22 PM

rstone added a subscriber: network.Jul 17 2016, 6:23 PM

If I am not mistaken the function calls are for modules (especially 3rd party) while we should use the macros in the kernel (unless I misremember something here)?

This revision now requires changes to proceed.Jul 17 2016, 6:52 PM

Use macros for code compiled in kernel

so apparently this is called on nearly every packet that passes through ip_output() (according to a comparison of dtrace and netstat output). Adding an additional lock/unlock to the transmit path concerns me, but this is obviously the right fix. Does in_broadcast() really need to be called so much?

Closed by commit rS304437: Fix unlocked access to ifnet address list (authored by rstone). · Explain WhyAug 18 2016, 10:59 PM

This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Path

Size

head/

sys/

netinet/

in.c

12 lines

Diff 19473

View Options

Fix unlocked access to ifnet address listClosedPublicActions