Date: Thu, 12 May 2011 13:49:33 GMT From: Andrew Boyer <aboyer@averesystems.com> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/156978: [lagg][patch] Take lagg rlock before checking flags Message-ID: <201105121349.p4CDnXMU079503@red.freebsd.org> Resent-Message-ID: <201105121350.p4CDo900083376@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 156978
>Category: kern
>Synopsis: [lagg][patch] Take lagg rlock before checking flags
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu May 12 13:50:09 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Andrew Boyer
>Release: 8.2-RELEASE
>Organization:
Avere Systems
>Environment:
N/A
>Description:
lagg_input() tests flags in the lagg data structures without a lock. If the flags check passes it then takes the rlock. It is safer to take the rlock before testing the flags.
When interfaces are changing it is possible to get kernel panics without this change.
>How-To-Repeat:
Rebooting a system with laggs configured sometimes panics with a NULL pointer dereference.
>Fix:
Take the rlock before testing the flags.
Patch attached with submission follows:
Index: sys/net/if_lagg.c
===================================================================
--- sys/net/if_lagg.c (revision 221809)
+++ sys/net/if_lagg.c (working copy)
@@ -1221,14 +1221,15 @@
struct lagg_softc *sc = lp->lp_softc;
struct ifnet *scifp = sc->sc_ifp;
+ LAGG_RLOCK(sc);
if ((scifp->if_drv_flags & IFF_DRV_RUNNING) == 0 ||
(lp->lp_flags & LAGG_PORT_DISABLED) ||
sc->sc_proto == LAGG_PROTO_NONE) {
+ LAGG_RUNLOCK(sc);
m_freem(m);
return (NULL);
}
- LAGG_RLOCK(sc);
ETHER_BPF_MTAP(scifp, m);
m = (*sc->sc_input)(sc, lp, m);
>Release-Note:
>Audit-Trail:
>Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201105121349.p4CDnXMU079503>