Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 24 Feb 2020 09:58:57 +0000 (UTC)
From:      Hans Petter Selasky <hselasky@FreeBSD.org>
To:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org
Subject:   svn commit: r358274 - in stable/11/sys: net netinet netinet6
Message-ID:  <202002240958.01O9wvBp085557@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help
Author: hselasky
Date: Mon Feb 24 09:58:57 2020
New Revision: 358274
URL: https://svnweb.freebsd.org/changeset/base/358274

Log:
  MFC r358013:
  Fix kernel panic while trying to read multicast stream.
  
  When VIMAGE is enabled make sure the "m_pkthdr.rcvif" pointer is set
  for all mbufs being input by the IGMP/MLD6 code. Else there will be a
  NULL-pointer dereference in the netisr code when trying to set the
  VNET based on the incoming mbuf. Add an assert to catch this when
  queueing mbufs on a netisr to make debugging of similar cases easier.
  
  Found by:	Vladislav V. Prodan
  PR:		244002
  Reviewed by:	bz@
  Sponsored by:	Mellanox Technologies

Modified:
  stable/11/sys/net/netisr.c
  stable/11/sys/netinet/igmp.c
  stable/11/sys/netinet6/mld6.c
Directory Properties:
  stable/11/   (props changed)

Modified: stable/11/sys/net/netisr.c
==============================================================================
--- stable/11/sys/net/netisr.c	Mon Feb 24 09:57:47 2020	(r358273)
+++ stable/11/sys/net/netisr.c	Mon Feb 24 09:58:57 2020	(r358274)
@@ -1053,6 +1053,8 @@ netisr_queue_src(u_int proto, uintptr_t source, struct
 	if (m != NULL) {
 		KASSERT(!CPU_ABSENT(cpuid), ("%s: CPU %u absent", __func__,
 		    cpuid));
+		VNET_ASSERT(m->m_pkthdr.rcvif != NULL,
+		    ("%s:%d rcvif == NULL: m=%p", __func__, __LINE__, m));
 		error = netisr_queue_internal(proto, m, cpuid);
 	} else
 		error = ENOBUFS;

Modified: stable/11/sys/netinet/igmp.c
==============================================================================
--- stable/11/sys/netinet/igmp.c	Mon Feb 24 09:57:47 2020	(r358273)
+++ stable/11/sys/netinet/igmp.c	Mon Feb 24 09:58:57 2020	(r358274)
@@ -301,6 +301,7 @@ igmp_save_context(struct mbuf *m, struct ifnet *ifp)
 #ifdef VIMAGE
 	m->m_pkthdr.PH_loc.ptr = ifp->if_vnet;
 #endif /* VIMAGE */
+	m->m_pkthdr.rcvif = ifp;
 	m->m_pkthdr.flowid = ifp->if_index;
 }
 

Modified: stable/11/sys/netinet6/mld6.c
==============================================================================
--- stable/11/sys/netinet6/mld6.c	Mon Feb 24 09:57:47 2020	(r358273)
+++ stable/11/sys/netinet6/mld6.c	Mon Feb 24 09:58:57 2020	(r358274)
@@ -277,6 +277,7 @@ mld_save_context(struct mbuf *m, struct ifnet *ifp)
 #ifdef VIMAGE
 	m->m_pkthdr.PH_loc.ptr = ifp->if_vnet;
 #endif /* VIMAGE */
+	m->m_pkthdr.rcvif = ifp;
 	m->m_pkthdr.flowid = ifp->if_index;
 }
 



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202002240958.01O9wvBp085557>