Diffusion FreeBSD src repository - subversion rS120041

The in6_ifattach() routine contains the following code:
rS120041Unpublished
Actions

Unpublished Commit · Learn More

No further details are available.

Description

The in6_ifattach() routine contains the following code:

in6_pcbpurgeif0(LIST_FIRST(udbinfo.listhead), ifp);
in6_pcbpurgeif0(LIST_FIRST(ripcbinfo.listhead), ifp);

The problem here is that udbinfo.listhead and ripcbinfo.listhead are
not initialized during the device probe/attach phase of the kernel
boot process. So if, for example, a network driver calls ether_ifattach()
in its foo_attach() routine and then decides that something is wrong
and calls ether_ifdetach() to reverse the process, we will panic trying
to dereference the uninitialized list head pointers. (Though the
same sequence of events performed after the kernel has come up works
file, i.e. doing kldload if_foo from multiuser.)

Change this to:

if (udbinfo.listhead != NULL)
        in6_pcbpurgeif0(LIST_FIRST(udbinfo.listhead), ifp);
if (ripcbinfo.listhead != NULL)
        in6_pcbpurgeif0(LIST_FIRST(ripcbinfo.listhead), ifp);

to avoid the NULL pointer dereferences.

Details

Provenance

wpaul

Authored on

Parents

rS120040: Simplify (and micro-optimize) pmap_unuse_pt(): Only one caller,

Branches

Unknown

Tags

Unknown

Event Timeline

Changes (1)

Path

Size

head/

sys/

netinet6/

in6_ifattach.c

rS120041

View Options

head/sys/netinet6/in6_ifattach.c

The in6_ifattach() routine contains the following code:rS120041UnpublishedActions