Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 22 Mar 2018 21:18:34 +0000 (UTC)
From:      Sean Bruno <sbruno@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   svn commit: r331376 - head/sys/netinet6
Message-ID:  <201803222118.w2MLIYIm019124@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: sbruno
Date: Thu Mar 22 21:18:34 2018
New Revision: 331376
URL: https://svnweb.freebsd.org/changeset/base/331376

Log:
  Handle locking and memory safety for IPV6_PATHMTU in ip6_ctloutput().
  
  Submitted by:	Jason Eggleston <jason@eggnet.com>
  Reviewed by:	ae
  Sponsored by:	Limelight Networks
  Differential Revision:	https://reviews.freebsd.org/D14622

Modified:
  head/sys/netinet6/ip6_output.c

Modified: head/sys/netinet6/ip6_output.c
==============================================================================
--- head/sys/netinet6/ip6_output.c	Thu Mar 22 20:47:25 2018	(r331375)
+++ head/sys/netinet6/ip6_output.c	Thu Mar 22 21:18:34 2018	(r331376)
@@ -2053,6 +2053,7 @@ do {									\
 			{
 				u_long pmtu = 0;
 				struct ip6_mtuinfo mtuinfo;
+				struct in6_addr addr;
 
 				if (!(so->so_state & SS_ISCONNECTED))
 					return (ENOTCONN);
@@ -2060,9 +2061,14 @@ do {									\
 				 * XXX: we dot not consider the case of source
 				 * routing, or optional information to specify
 				 * the outgoing interface.
+				 * Copy faddr out of in6p to avoid holding lock
+				 * on inp during route lookup.
 				 */
+				INP_RLOCK(in6p);
+				bcopy(&in6p->in6p_faddr, &addr, sizeof(addr));
+				INP_RUNLOCK(in6p);
 				error = ip6_getpmtu_ctl(so->so_fibnum,
-				    &in6p->in6p_faddr, &pmtu);
+				    &addr, &pmtu);
 				if (error)
 					break;
 				if (pmtu > IPV6_MAXPACKET)



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201803222118.w2MLIYIm019124>