HomeFreeBSD
Diffusion FreeBSD src repository 24069f0dc073

infiniband: Widen NET_EPOCH coverage
24069f0dc073
Actions

Description

infiniband: Widen NET_EPOCH coverage

From static code analysis, some device drivers (cxgbe, mlx4, mthca, and qlnx)
do not enter net epoch before lagg_input_infiniband(). If IPoIB interface is a
member of lagg(4) interface, and after returning from lagg_input_infiniband()
the receiving interface of mbuf is set to lagg(4) interface, then when
concurrently destroying the lagg(4) interface, there is a small window that the
interface gets destroyed and becomes invalid before infiniband_input() re-enter
net epoch, thus leading use-after-free.

Widen NET_EPOCH coverage to prevent use-after-free.

Thanks hselasky@ for testing with mlx5 devices.

Reviewed by: hselasky
Tested by: hselasky
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D39275

(cherry picked from commit 90820ef121b38479f2479c03c12c69f940f5fa33)
(cherry picked from commit 5d45e09d50e648a75667c9b12b204eb62fa60ed2)

Details

Provenance
zleiAuthored on Apr 2 2023, 4:51 PM
Reviewer
hselasky
Differential Revision
D39275: infiniband: Widen NET_EPOCH coverage
Parents
rG114126825629: lagg(4): Tap traffic after protocol processing
Branches
Unknown
Tags
Unknown

Changes (1)

PathSize
sys/
net/

rG24069f0dc073

View Options

sys/net/if_infiniband.c

Loading...