Date: Thu, 22 Mar 2018 21:18:34 +0000 (UTC) From: Sean Bruno <sbruno@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r331376 - head/sys/netinet6 Message-ID: <201803222118.w2MLIYIm019124@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: sbruno Date: Thu Mar 22 21:18:34 2018 New Revision: 331376 URL: https://svnweb.freebsd.org/changeset/base/331376 Log: Handle locking and memory safety for IPV6_PATHMTU in ip6_ctloutput(). Submitted by: Jason Eggleston <jason@eggnet.com> Reviewed by: ae Sponsored by: Limelight Networks Differential Revision: https://reviews.freebsd.org/D14622 Modified: head/sys/netinet6/ip6_output.c Modified: head/sys/netinet6/ip6_output.c ============================================================================== --- head/sys/netinet6/ip6_output.c Thu Mar 22 20:47:25 2018 (r331375) +++ head/sys/netinet6/ip6_output.c Thu Mar 22 21:18:34 2018 (r331376) @@ -2053,6 +2053,7 @@ do { \ { u_long pmtu = 0; struct ip6_mtuinfo mtuinfo; + struct in6_addr addr; if (!(so->so_state & SS_ISCONNECTED)) return (ENOTCONN); @@ -2060,9 +2061,14 @@ do { \ * XXX: we dot not consider the case of source * routing, or optional information to specify * the outgoing interface. + * Copy faddr out of in6p to avoid holding lock + * on inp during route lookup. */ + INP_RLOCK(in6p); + bcopy(&in6p->in6p_faddr, &addr, sizeof(addr)); + INP_RUNLOCK(in6p); error = ip6_getpmtu_ctl(so->so_fibnum, - &in6p->in6p_faddr, &pmtu); + &addr, &pmtu); if (error) break; if (pmtu > IPV6_MAXPACKET)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201803222118.w2MLIYIm019124>