Date: Wed, 13 Sep 2017 19:07:14 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 222308] ip_multicast: Panic due to VNET being invalid on lagg during SIOCDELMULTI Message-ID: <bug-222308-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D222308 Bug ID: 222308 Summary: ip_multicast: Panic due to VNET being invalid on lagg during SIOCDELMULTI Product: Base System Version: 11.1-RELEASE Hardware: amd64 OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: freebsd-bugs@FreeBSD.org Reporter: brent@beanfield.com Issue is detailed in a patch to FreeNAS by Chris Torek, seen here: https://github.com/freenas/os/commit/34462da8e3b1089311dd4627953d558929cc04= fc#diff-c9065ed6e74837c7cb1ded9eb39e7fb9 I believe this panic is currently affecting me on nas4free 11.1.0.4 which utilizes FreeBSD 11.1-RELEASE-P1 Copying his comments: In in_leavegroup_locked(), when we're shedding a multicast group, we may (or may not) delete it from an interface via the igmp_change_state() call. This is where we currently set the multicast's vnet, and then restore the old vnet on return. However, a few lines later we use inm_release_locked() to release the inet multicast data structure, and that in turn may -- not necessarily will, only if the inm really is being freed -- call if_delmulti_ifma(), which may -- not necessarily will, again -- call the interface's SIOCDELMULTI ioctl (if and only if there is an interface and this was the last ref to this multicast address). For (at least) the lagg interface, we still need the current vnet to be valid during the SIOCDELMULTI. So, don't restore the old vnet until we've not only finished the IGMP code but also inm_release_locked(). --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-222308-8>