Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 03 Sep 2019 14:08:12 -0000
From:      Enji Cooper <yaneurabeya@gmail.com>
To:        Hans Petter Selasky <hselasky@FreeBSD.org>
Cc:        src-committers <src-committers@freebsd.org>, svn-src-all <svn-src-all@freebsd.org>, svn-src-head@freebsd.org
Subject:   Re: svn commit: r346530 - in head/sys: netinet netinet6
Message-ID:  <2F3D6B17-AF4F-4B0F-B20E-5EF41DE851F9@gmail.com>
In-Reply-To: <201904220727.x3M7ROpR009729@repo.freebsd.org>
References:  <201904220727.x3M7ROpR009729@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 


> On Apr 22, 2019, at 12:27 AM, Hans Petter Selasky <hselasky@FreeBSD.org> wrote:
> 
> Author: hselasky
> Date: Mon Apr 22 07:27:24 2019
> New Revision: 346530
> URL: https://svnweb.freebsd.org/changeset/base/346530
> 
> Log:
>  Fix panic in network stack due to memory use after free in relation to
>  fragmented packets.
> 
>  When sending IPv4 and IPv6 fragmented packets and a fragment is lost,
>  the mbuf making up the fragment will remain in the temporary hashed
>  fragment list for a while. If the network interface departs before the
>  so-called slow timeout clears the packet, the fragment causes a panic
>  when the timeout kicks in due to accessing a freed network interface
>  structure.
> 
>  Make sure that when a network device is departing, all hashed IPv4 and
>  IPv6 fragments belonging to it, get freed.
> 
>  Backtrace:
>  panic()
>  icmp6_reflect()
> 
>  hlim = ND_IFINFO(m->m_pkthdr.rcvif)->chlim;
>  ^^^^ rcvif->if_afdata[AF_INET6] is NULL.
> 
>  icmp6_error()
>  frag6_freef()
>  frag6_slowtimo()
>  pfslowtimo()
>  softclock_call_cc()
>  softclock()
>  ithread_loop()
> 
>  Differential Revision:	https://reviews.freebsd.org/D19622
>  Reviewed by:		bz (network), adrian
>  MFC after:		1 week
>  Sponsored by:		Mellanox Technologies

This commit broke the build on mips, etc:

07:36:06 
--- ip_reass.o ---

07:36:06 
/usr/src/sys/netinet/ip_reass.c:641: error: expected ')' before '(' token

07:36:06 *** [ip_reass.o] Error code 1

EVENTHANDLER_DEFINE looks like it doesn’t work with gcc?

Thanks,
-Enji

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?2F3D6B17-AF4F-4B0F-B20E-5EF41DE851F9>