Page MenuHomeFreeBSD

Fix unlocked access to ifnet address list
ClosedPublic

Authored by rstone on Jul 17 2016, 6:22 PM.

Details

Summary

in_broadcast() was iterator over the ifnet address list without
first taking an if_addr_rlock. This could cause a panic if a
concurrent operation modified the list.

Test Plan

Added and removed IPs in a loop on an ifnet while traffic was actively
running on it.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

rstone retitled this revision from to Fix unlocked access to ifnet address list.
rstone updated this object.
rstone edited the test plan for this revision. (Show Details)
bz requested changes to this revision.Jul 17 2016, 6:52 PM
bz added a reviewer: bz.
bz added a subscriber: bz.

If I am not mistaken the function calls are for modules (especially 3rd party) while we should use the macros in the kernel (unless I misremember something here)?

This revision now requires changes to proceed.Jul 17 2016, 6:52 PM
rstone edited edge metadata.

Use macros for code compiled in kernel

so apparently this is called on nearly every packet that passes through ip_output() (according to a comparison of dtrace and netstat output). Adding an additional lock/unlock to the transmit path concerns me, but this is obviously the right fix. Does in_broadcast() really need to be called so much?

This revision was automatically updated to reflect the committed changes.