Page MenuHomeFreeBSD

Fix unlocked access to ifnet address list
ClosedPublic

Authored by rstone on Jul 17 2016, 6:22 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Oct 18, 9:51 AM
Unknown Object (File)
Sun, Oct 12, 10:04 AM
Unknown Object (File)
Sun, Oct 12, 10:04 AM
Unknown Object (File)
Sep 20 2025, 10:37 PM
Unknown Object (File)
Sep 13 2025, 5:42 AM
Unknown Object (File)
Sep 13 2025, 4:11 AM
Unknown Object (File)
Sep 11 2025, 11:01 PM
Unknown Object (File)
Sep 11 2025, 8:22 PM
Subscribers

Details

Summary

in_broadcast() was iterator over the ifnet address list without
first taking an if_addr_rlock. This could cause a panic if a
concurrent operation modified the list.

Test Plan

Added and removed IPs in a loop on an ifnet while traffic was actively
running on it.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 4544
Build 4596: arc lint + arc unit

Event Timeline

rstone retitled this revision from to Fix unlocked access to ifnet address list.
rstone updated this object.
rstone edited the test plan for this revision. (Show Details)
bz requested changes to this revision.Jul 17 2016, 6:52 PM
bz added a reviewer: bz.
bz added a subscriber: bz.

If I am not mistaken the function calls are for modules (especially 3rd party) while we should use the macros in the kernel (unless I misremember something here)?

This revision now requires changes to proceed.Jul 17 2016, 6:52 PM
rstone edited edge metadata.

Use macros for code compiled in kernel

so apparently this is called on nearly every packet that passes through ip_output() (according to a comparison of dtrace and netstat output). Adding an additional lock/unlock to the transmit path concerns me, but this is obviously the right fix. Does in_broadcast() really need to be called so much?

This revision was automatically updated to reflect the committed changes.