From owner-svn-src-all@FreeBSD.ORG Fri Jul 12 18:54:49 2013 Return-Path: Delivered-To: svn-src-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 5EF2FBA6; Fri, 12 Jul 2013 18:54:49 +0000 (UTC) (envelope-from trociny@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id 40F0718DD; Fri, 12 Jul 2013 18:54:49 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.7/8.14.7) with ESMTP id r6CIsn05010091; Fri, 12 Jul 2013 18:54:49 GMT (envelope-from trociny@svn.freebsd.org) Received: (from trociny@localhost) by svn.freebsd.org (8.14.7/8.14.5/Submit) id r6CIsmXx010086; Fri, 12 Jul 2013 18:54:48 GMT (envelope-from trociny@svn.freebsd.org) Message-Id: <201307121854.r6CIsmXx010086@svn.freebsd.org> From: Mikolaj Golub Date: Fri, 12 Jul 2013 18:54:48 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-9@freebsd.org Subject: svn commit: r253281 - in stable/9/sys: netinet netinet6 X-SVN-Group: stable-9 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Jul 2013 18:54:49 -0000 Author: trociny Date: Fri Jul 12 18:54:47 2013 New Revision: 253281 URL: http://svnweb.freebsd.org/changeset/base/253281 Log: MFC r252710: In r227207, to fix the issue with possible NULL inp_socket pointer dereferencing, when checking for SO_REUSEPORT option (and SO_REUSEADDR for multicast), INP_REUSEPORT flag was introduced to cache the socket option. It was decided then that one flag would be enough to cache both SO_REUSEPORT and SO_REUSEADDR: when processing SO_REUSEADDR setsockopt(2), it was checked if it was called for a multicast address and INP_REUSEPORT was set accordingly. Unfortunately that approach does not work when setsockopt(2) is called before binding to a multicast address: the multicast check fails and INP_REUSEPORT is not set. Fix this by adding INP_REUSEADDR flag to unconditionally cache SO_REUSEADDR. PR: 179901 Submitted by: Michael Gmelin freebsd grem.de (initial version) Reviewed by: rwatson Approved by: re (kib) Modified: stable/9/sys/netinet/in_pcb.c stable/9/sys/netinet/in_pcb.h stable/9/sys/netinet/ip_output.c stable/9/sys/netinet6/in6_pcb.c stable/9/sys/netinet6/ip6_output.c Directory Properties: stable/9/sys/ (props changed) Modified: stable/9/sys/netinet/in_pcb.c ============================================================================== --- stable/9/sys/netinet/in_pcb.c Fri Jul 12 18:52:33 2013 (r253280) +++ stable/9/sys/netinet/in_pcb.c Fri Jul 12 18:54:47 2013 (r253281) @@ -466,6 +466,23 @@ in_pcb_lport(struct inpcb *inp, struct i return (0); } + +/* + * Return cached socket options. + */ +short +inp_so_options(const struct inpcb *inp) +{ + short so_options; + + so_options = 0; + + if ((inp->inp_flags2 & INP_REUSEPORT) != 0) + so_options |= SO_REUSEPORT; + if ((inp->inp_flags2 & INP_REUSEADDR) != 0) + so_options |= SO_REUSEADDR; + return (so_options); +} #endif /* INET || INET6 */ #ifdef INET @@ -594,8 +611,7 @@ in_pcbbind_setup(struct inpcb *inp, stru if (tw == NULL || (reuseport & tw->tw_so_options) == 0) return (EADDRINUSE); - } else if (t && (reuseport == 0 || - (t->inp_flags2 & INP_REUSEPORT) == 0)) { + } else if (t && (reuseport & inp_so_options(t)) == 0) { #ifdef INET6 if (ntohl(sin->sin_addr.s_addr) != INADDR_ANY || Modified: stable/9/sys/netinet/in_pcb.h ============================================================================== --- stable/9/sys/netinet/in_pcb.h Fri Jul 12 18:52:33 2013 (r253280) +++ stable/9/sys/netinet/in_pcb.h Fri Jul 12 18:54:47 2013 (r253281) @@ -442,6 +442,7 @@ struct tcpcb * inp_inpcbtotcpcb(struct inpcb *inp); void inp_4tuple_get(struct inpcb *inp, uint32_t *laddr, uint16_t *lp, uint32_t *faddr, uint16_t *fp); +short inp_so_options(const struct inpcb *inp); #endif /* _KERNEL */ @@ -543,6 +544,7 @@ void inp_4tuple_get(struct inpcb *inp, #define INP_PCBGROUPWILD 0x00000004 /* in pcbgroup wildcard list */ #define INP_REUSEPORT 0x00000008 /* SO_REUSEPORT option is set */ #define INP_FREED 0x00000010 /* inp itself is not valid */ +#define INP_REUSEADDR 0x00000020 /* SO_REUSEADDR option is set */ /* * Flags passed to in_pcblookup*() functions. Modified: stable/9/sys/netinet/ip_output.c ============================================================================== --- stable/9/sys/netinet/ip_output.c Fri Jul 12 18:52:33 2013 (r253280) +++ stable/9/sys/netinet/ip_output.c Fri Jul 12 18:54:47 2013 (r253281) @@ -899,13 +899,10 @@ ip_ctloutput(struct socket *so, struct s switch (sopt->sopt_name) { case SO_REUSEADDR: INP_WLOCK(inp); - if (IN_MULTICAST(ntohl(inp->inp_laddr.s_addr))) { - if ((so->so_options & - (SO_REUSEADDR | SO_REUSEPORT)) != 0) - inp->inp_flags2 |= INP_REUSEPORT; - else - inp->inp_flags2 &= ~INP_REUSEPORT; - } + if ((so->so_options & SO_REUSEADDR) != 0) + inp->inp_flags2 |= INP_REUSEADDR; + else + inp->inp_flags2 &= ~INP_REUSEADDR; INP_WUNLOCK(inp); error = 0; break; Modified: stable/9/sys/netinet6/in6_pcb.c ============================================================================== --- stable/9/sys/netinet6/in6_pcb.c Fri Jul 12 18:52:33 2013 (r253280) +++ stable/9/sys/netinet6/in6_pcb.c Fri Jul 12 18:54:47 2013 (r253281) @@ -245,8 +245,7 @@ in6_pcbbind(register struct inpcb *inp, if (tw == NULL || (reuseport & tw->tw_so_options) == 0) return (EADDRINUSE); - } else if (t && (reuseport == 0 || - (t->inp_flags2 & INP_REUSEPORT) == 0)) { + } else if (t && (reuseport & inp_so_options(t)) == 0) { return (EADDRINUSE); } #ifdef INET @@ -267,8 +266,8 @@ in6_pcbbind(register struct inpcb *inp, INP_IPV6PROTO) == (t->inp_vflag & INP_IPV6PROTO)))) return (EADDRINUSE); - } else if (t && (reuseport == 0 || - (t->inp_flags2 & INP_REUSEPORT) == 0) && + } else if (t && + (reuseport & inp_so_options(t)) == 0 && (ntohl(t->inp_laddr.s_addr) != INADDR_ANY || (t->inp_vflag & INP_IPV6PROTO) != 0)) return (EADDRINUSE); Modified: stable/9/sys/netinet6/ip6_output.c ============================================================================== --- stable/9/sys/netinet6/ip6_output.c Fri Jul 12 18:52:33 2013 (r253280) +++ stable/9/sys/netinet6/ip6_output.c Fri Jul 12 18:54:47 2013 (r253281) @@ -1491,13 +1491,10 @@ ip6_ctloutput(struct socket *so, struct switch (sopt->sopt_name) { case SO_REUSEADDR: INP_WLOCK(in6p); - if (IN_MULTICAST(ntohl(in6p->inp_laddr.s_addr))) { - if ((so->so_options & - (SO_REUSEADDR | SO_REUSEPORT)) != 0) - in6p->inp_flags2 |= INP_REUSEPORT; - else - in6p->inp_flags2 &= ~INP_REUSEPORT; - } + if ((so->so_options & SO_REUSEADDR) != 0) + in6p->inp_flags2 |= INP_REUSEADDR; + else + in6p->inp_flags2 &= ~INP_REUSEADDR; INP_WUNLOCK(in6p); error = 0; break;