From owner-svn-src-stable-9@FreeBSD.ORG  Mon Sep 10 14:37:43 2012
Return-Path: <owner-svn-src-stable-9@FreeBSD.ORG>
Delivered-To: svn-src-stable-9@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id AB1CD1065670;
	Mon, 10 Sep 2012 14:37:43 +0000 (UTC) (envelope-from bz@FreeBSD.org)
Received: from mx1.sbone.de (mx1.sbone.de [IPv6:2a01:4f8:130:3ffc::401:25])
	by mx1.freebsd.org (Postfix) with ESMTP id 28A8F8FC16;
	Mon, 10 Sep 2012 14:37:43 +0000 (UTC)
Received: from mail.sbone.de (mail.sbone.de [IPv6:fde9:577b:c1a9:31::2013:587])
	(using TLSv1 with cipher ADH-CAMELLIA256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.sbone.de (Postfix) with ESMTPS id 04B9825D39FD;
	Mon, 10 Sep 2012 14:37:41 +0000 (UTC)
Received: from content-filter.sbone.de (content-filter.sbone.de
	[IPv6:fde9:577b:c1a9:31::2013:2742])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.sbone.de (Postfix) with ESMTPS id 1D216BE8520;
	Mon, 10 Sep 2012 14:37:41 +0000 (UTC)
X-Virus-Scanned: amavisd-new at sbone.de
Received: from mail.sbone.de ([IPv6:fde9:577b:c1a9:31::2013:587])
	by content-filter.sbone.de (content-filter.sbone.de
	[fde9:577b:c1a9:31::2013:2742]) (amavisd-new, port 10024)
	with ESMTP id terLHZjZ9oEB; Mon, 10 Sep 2012 14:37:38 +0000 (UTC)
Received: from nv.sbone.de (nv.sbone.de [IPv6:fde9:577b:c1a9:31::2013:138])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mail.sbone.de (Postfix) with ESMTPSA id 41C17BE853C;
	Mon, 10 Sep 2012 14:37:38 +0000 (UTC)
Date: Mon, 10 Sep 2012 14:37:38 +0000 (UTC)
From: "Bjoern A. Zeeb" <bz@FreeBSD.org>
To: Gleb Smirnoff <glebius@FreeBSD.org>
In-Reply-To: <201209101202.q8AC2xqE049573@svn.freebsd.org>
Message-ID: <alpine.BSF.2.00.1209101436540.13080@ai.fobar.qr>
References: <201209101202.q8AC2xqE049573@svn.freebsd.org>
X-OpenPGP-Key-Id: 0x14003F198FEFA3E77207EE8D2B58B8F83CCF1842
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: svn-src-stable@freebsd.org, svn-src-all@freebsd.org,
	src-committers@freebsd.org, svn-src-stable-9@freebsd.org
Subject: Re: svn commit: r240309 - in stable/9/sys: net netinet netinet6
X-BeenThere: svn-src-stable-9@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: SVN commit messages for only the 9-stable src tree
	<svn-src-stable-9.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-stable-9>, 
	<mailto:svn-src-stable-9-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-src-stable-9>
List-Post: <mailto:svn-src-stable-9@freebsd.org>
List-Help: <mailto:svn-src-stable-9-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-src-stable-9>, 
	<mailto:svn-src-stable-9-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Sep 2012 14:37:43 -0000

On Mon, 10 Sep 2012, Gleb Smirnoff wrote:

> Author: glebius
> Date: Mon Sep 10 12:02:58 2012
> New Revision: 240309
> URL: http://svn.freebsd.org/changeset/base/240309
>
> Log:
>  Merge r232054 by kmacy:
>    When using flowtable llentrys can outlive the interface with
>    which they're associated at which the lle_tbl pointer points
>    to freed memory and the llt_free pointer is no longer valid.
>
>    Move the free pointer in to the llentry itself and update the
>    initalization sites.

This breaks the KBI.


> Modified:
>  stable/9/sys/net/if_llatbl.h
>  stable/9/sys/netinet/in.c
>  stable/9/sys/netinet6/in6.c
> Directory Properties:
>  stable/9/sys/   (props changed)
>
> Modified: stable/9/sys/net/if_llatbl.h
> ==============================================================================
> --- stable/9/sys/net/if_llatbl.h	Mon Sep 10 11:50:42 2012	(r240308)
> +++ stable/9/sys/net/if_llatbl.h	Mon Sep 10 12:02:58 2012	(r240309)
> @@ -106,7 +106,6 @@ struct llentry {
> 		("negative refcnt %d", (lle)->lle_refcnt));	\
> 	(lle)->lle_refcnt++;					\
> } while (0)
> -
> #define	LLE_REMREF(lle)	do {					\
> 	LLE_WLOCK_ASSERT(lle);					\
> 	KASSERT((lle)->lle_refcnt > 1,				\
> @@ -116,7 +115,7 @@ struct llentry {
>
> #define	LLE_FREE_LOCKED(lle) do {				\
> 	if ((lle)->lle_refcnt <= 1)				\
> -		(lle)->lle_tbl->llt_free((lle)->lle_tbl, (lle));\
> +		(lle)->lle_free((lle)->lle_tbl, (lle));\
> 	else {							\
> 		(lle)->lle_refcnt--;				\
> 		LLE_WUNLOCK(lle);				\
> @@ -152,7 +151,6 @@ struct lltable {
> 	int			llt_af;
> 	struct ifnet		*llt_ifp;
>
> -	void			(*llt_free)(struct lltable *, struct llentry *);
> 	void			(*llt_prefix_free)(struct lltable *,
> 				    const struct sockaddr *prefix,
> 				    const struct sockaddr *mask,
>
> Modified: stable/9/sys/netinet/in.c
> ==============================================================================
> --- stable/9/sys/netinet/in.c	Mon Sep 10 11:50:42 2012	(r240308)
> +++ stable/9/sys/netinet/in.c	Mon Sep 10 12:02:58 2012	(r240309)
> @@ -1323,6 +1323,20 @@ struct in_llentry {
> 	struct sockaddr_in	l3_addr4;
> };
>
> +/*
> + * Deletes an address from the address table.
> + * This function is called by the timer functions
> + * such as arptimer() and nd6_llinfo_timer(), and
> + * the caller does the locking.
> + */
> +static void
> +in_lltable_free(struct lltable *llt, struct llentry *lle)
> +{
> +	LLE_WUNLOCK(lle);
> +	LLE_LOCK_DESTROY(lle);
> +	free(lle, M_LLTABLE);
> +}
> +
> static struct llentry *
> in_lltable_new(const struct sockaddr *l3addr, u_int flags)
> {
> @@ -1340,25 +1354,11 @@ in_lltable_new(const struct sockaddr *l3
> 	lle->base.la_expire = time_uptime; /* mark expired */
> 	lle->l3_addr4 = *(const struct sockaddr_in *)l3addr;
> 	lle->base.lle_refcnt = 1;
> +	lle->base.lle_free = in_lltable_free;
> 	LLE_LOCK_INIT(&lle->base);
> 	return &lle->base;
> }
>
> -/*
> - * Deletes an address from the address table.
> - * This function is called by the timer functions
> - * such as arptimer() and nd6_llinfo_timer(), and
> - * the caller does the locking.
> - */
> -static void
> -in_lltable_free(struct lltable *llt, struct llentry *lle)
> -{
> -	LLE_WUNLOCK(lle);
> -	LLE_LOCK_DESTROY(lle);
> -	free(lle, M_LLTABLE);
> -}
> -
> -
> #define IN_ARE_MASKED_ADDR_EQUAL(d, a, m)	(			\
> 	    (((ntohl((d)->sin_addr.s_addr) ^ (a)->sin_addr.s_addr) & (m)->sin_addr.s_addr)) == 0 )
>
> @@ -1640,7 +1640,6 @@ in_domifattach(struct ifnet *ifp)
>
> 	llt = lltable_init(ifp, AF_INET);
> 	if (llt != NULL) {
> -		llt->llt_free = in_lltable_free;
> 		llt->llt_prefix_free = in_lltable_prefix_free;
> 		llt->llt_lookup = in_lltable_lookup;
> 		llt->llt_dump = in_lltable_dump;
>
> Modified: stable/9/sys/netinet6/in6.c
> ==============================================================================
> --- stable/9/sys/netinet6/in6.c	Mon Sep 10 11:50:42 2012	(r240308)
> +++ stable/9/sys/netinet6/in6.c	Mon Sep 10 12:02:58 2012	(r240309)
> @@ -2421,6 +2421,20 @@ struct in6_llentry {
> 	struct sockaddr_in6	l3_addr6;
> };
>
> +/*
> + * Deletes an address from the address table.
> + * This function is called by the timer functions
> + * such as arptimer() and nd6_llinfo_timer(), and
> + * the caller does the locking.
> + */
> +static void
> +in6_lltable_free(struct lltable *llt, struct llentry *lle)
> +{
> +	LLE_WUNLOCK(lle);
> +	LLE_LOCK_DESTROY(lle);
> +	free(lle, M_LLTABLE);
> +}
> +
> static struct llentry *
> in6_lltable_new(const struct sockaddr *l3addr, u_int flags)
> {
> @@ -2433,6 +2447,7 @@ in6_lltable_new(const struct sockaddr *l
>
> 	lle->l3_addr6 = *(const struct sockaddr_in6 *)l3addr;
> 	lle->base.lle_refcnt = 1;
> +	lle->base.lle_free = in6_lltable_free;
> 	LLE_LOCK_INIT(&lle->base);
> 	callout_init_rw(&lle->base.ln_timer_ch, &lle->base.lle_lock,
> 	    CALLOUT_RETURNUNLOCKED);
> @@ -2440,20 +2455,6 @@ in6_lltable_new(const struct sockaddr *l
> 	return &lle->base;
> }
>
> -/*
> - * Deletes an address from the address table.
> - * This function is called by the timer functions
> - * such as arptimer() and nd6_llinfo_timer(), and
> - * the caller does the locking.
> - */
> -static void
> -in6_lltable_free(struct lltable *llt, struct llentry *lle)
> -{
> -	LLE_WUNLOCK(lle);
> -	LLE_LOCK_DESTROY(lle);
> -	free(lle, M_LLTABLE);
> -}
> -
> static void
> in6_lltable_prefix_free(struct lltable *llt,
> 			const struct sockaddr *prefix,
> @@ -2695,7 +2696,6 @@ in6_domifattach(struct ifnet *ifp)
> 	ext->scope6_id = scope6_ifattach(ifp);
> 	ext->lltable = lltable_init(ifp, AF_INET6);
> 	if (ext->lltable != NULL) {
> -		ext->lltable->llt_free = in6_lltable_free;
> 		ext->lltable->llt_prefix_free = in6_lltable_prefix_free;
> 		ext->lltable->llt_lookup = in6_lltable_lookup;
> 		ext->lltable->llt_dump = in6_lltable_dump;
>

-- 
Bjoern A. Zeeb                                 You have to have visions!
          Stop bit received. Insert coin for new address family.