Date: Thu, 26 Jan 2006 20:10:48 -0600 From: Craig Boston <craig@olyun.gank.org> To: freebsd-net@freebsd.org Subject: Re: Race condition in ip6_getpmtu (actually gif)? Message-ID: <20060127021048.GB18728@nowhere> In-Reply-To: <20060127020528.GA18728@nowhere> References: <20060125152032.GA40581@nowhere> <20060127020528.GA18728@nowhere>
next in thread | previous in thread | raw e-mail | index | archive | help
--Kj7319i9nmIyA2yE Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Thu, Jan 26, 2006 at 08:05:28PM -0600, Craig Boston wrote: > Attached is a quick hack... Whoops, patch _actually_ attached this time. --Kj7319i9nmIyA2yE Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename="gif6.patch" === net/if_gif.c ================================================================== --- net/if_gif.c (/vendor/sys) (revision 292) +++ net/if_gif.c (/gif6) (revision 292) @@ -154,6 +154,8 @@ return (ENOSPC); } + mtx_init(&sc->gif_ro_mtx, "gif_ro_mtx", NULL, MTX_DEF); + GIF2IFP(sc)->if_softc = sc; if_initname(GIF2IFP(sc), ifc->ifc_name, unit); @@ -227,6 +229,7 @@ mtx_lock(&gif_mtx); LIST_REMOVE(sc, gif_list); mtx_unlock(&gif_mtx); + mtx_destroy(&sc->gif_ro_mtx); gif_destroy(sc); } === net/if_gif.h ================================================================== --- net/if_gif.h (/vendor/sys) (revision 292) +++ net/if_gif.h (/gif6) (revision 292) @@ -65,6 +65,7 @@ struct route_in6 gifscr_ro6; /* xxx */ #endif } gifsc_gifscr; + struct mtx gif_ro_mtx; int gif_flags; const struct encaptab *encap_cookie4; const struct encaptab *encap_cookie6; === netinet6/in6_gif.c ================================================================== --- netinet6/in6_gif.c (/vendor/sys) (revision 292) +++ netinet6/in6_gif.c (/gif6) (revision 292) @@ -195,25 +195,30 @@ dst->sin6_family = sin6_dst->sin6_family; dst->sin6_len = sizeof(struct sockaddr_in6); dst->sin6_addr = sin6_dst->sin6_addr; + mtx_lock(&sc->gif_ro_mtx); if (sc->gif_ro6.ro_rt) { RTFREE(sc->gif_ro6.ro_rt); sc->gif_ro6.ro_rt = NULL; } + mtx_unlock(&sc->gif_ro_mtx); #if 0 GIF2IFP(sc)->if_mtu = GIF_MTU; #endif } + mtx_lock(&sc->gif_ro_mtx); if (sc->gif_ro6.ro_rt == NULL) { rtalloc((struct route *)&sc->gif_ro6); if (sc->gif_ro6.ro_rt == NULL) { m_freem(m); + mtx_unlock(&sc->gif_ro_mtx); return ENETUNREACH; } /* if it constitutes infinite encapsulation, punt. */ if (sc->gif_ro.ro_rt->rt_ifp == ifp) { m_freem(m); + mtx_unlock(&sc->gif_ro_mtx); return ENETUNREACH; /*XXX*/ } #if 0 @@ -238,6 +243,7 @@ RTFREE(sc->gif_ro6.ro_rt); sc->gif_ro6.ro_rt = NULL; } + mtx_unlock(&sc->gif_ro_mtx); return (error); } --Kj7319i9nmIyA2yE--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060127021048.GB18728>