Date: Tue, 7 Dec 2021 15:13:17 -0800 From: Gleb Smirnoff <glebius@freebsd.org> To: Hans Petter Selasky <hps@selasky.org> Cc: src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Subject: Re: git: e3044071dec1 - main - in6p_set_multicast_if(): fix malloc(M_WAITOK) with epoch Message-ID: <Ya/qjaaabw8sXxMB@FreeBSD.org> In-Reply-To: <bba8c856-7105-a644-5c73-db7bfd232b60@selasky.org> References: <202112062236.1B6Ma4e0073785@gitrepo.freebsd.org> <bba8c856-7105-a644-5c73-db7bfd232b60@selasky.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Dec 07, 2021 at 08:36:58AM +0100, Hans Petter Selasky wrote: H> > --- a/sys/netinet6/in6_mcast.c H> > +++ b/sys/netinet6/in6_mcast.c H> > @@ -2454,9 +2454,9 @@ in6p_set_multicast_if(struct inpcb *inp, struct sockopt *sopt) H> > return (EADDRNOTAVAIL); H> > } H> > } H> > + NET_EPOCH_EXIT(et); /* XXXGL: unsafe ifp */ H> > imo = in6p_findmoptions(inp); H> > - imo->im6o_multicast_ifp = ifp; /* XXXGL: reference?! */ H> > - NET_EPOCH_EXIT(et); H> > + imo->im6o_multicast_ifp = ifp; H> > INP_WUNLOCK(inp); H> > H> > return (0); H> > H> H> You can ref the ifp before the EPOCH exit? Sure. The code should use ifnet_byindex_ref(). Note that d74b7baeb0d4 was a sweep commit to "cover" all unsafe uses of ifnet_byindex(). It was not my intent to fix all of them, but rather mark them with a comment and put NET_EPOCH_ASSERT() inside ifnet_byindex() to prevent future unsafe calls. -- Gleb Smirnoff
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Ya/qjaaabw8sXxMB>