Diffusion FreeBSD src repository - subversion rS292254

Properly drain callouts in the IPFW subsystem to avoid use after free
rS292254
Actions

Description

Properly drain callouts in the IPFW subsystem to avoid use after free
panics when unloading the dummynet and IPFW modules:

The callout drain function can sleep and should not be called having

a non-sleepable lock locked. Remove locks around "ipfw_dyn_uninit(0)".

Add a new "dn_gone" variable to prevent asynchronous restart of

dummynet callouts when unloading the dummynet kernel module.

Call "dn_reschedule()" locked so that "dn_gone" can be set and

checked atomically with regard to starting a new callout.

Reviewed by: hiren
MFC after: 1 week
Differential Revision: https://reviews.freebsd.org/D3855

Details

Provenance

• hselasky

Authored on

Reviewer

hiren

Differential Revision

D3855: Properly drain callouts in the IPFW subsystem

Parents

rS292253: Fix a typo (opencrypto -> crypto) and remove useless comment.

Branches

Unknown

Tags

Unknown

Event Timeline

• hselasky committed rS292254: Properly drain callouts in the IPFW subsystem to avoid use after free.Dec 15 2015, 9:02 AM

Changes (3)

Path

Size

head/

sys/

netpfil/

ipfw/

ip_dn_io.c

ip_dummynet.c

ip_fw2.c

rS292254

View Options

head/sys/netpfil/ipfw/ip_dn_io.c

View Options

head/sys/netpfil/ipfw/ip_dummynet.c

View Options

head/sys/netpfil/ipfw/ip_fw2.c

Properly drain callouts in the IPFW subsystem to avoid use after freerS292254Actions

Description

Details

Event Timeline

Changes (3)

rS292254

head/sys/netpfil/ipfw/ip_dn_io.c

head/sys/netpfil/ipfw/ip_dummynet.c

head/sys/netpfil/ipfw/ip_fw2.c

Properly drain callouts in the IPFW subsystem to avoid use after free
rS292254
Actions