Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 11 Apr 2022 14:10:50 GMT
From:      Mark Johnston <markj@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org
Subject:   git: 53460a2c7e0e - releng/13.1 - net: Fix LLE lock leaks
Message-ID:  <202204111410.23BEAoGP065214@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch releng/13.1 has been updated by markj:

URL: https://cgit.FreeBSD.org/src/commit/?id=53460a2c7e0e07d4a18025ab4a0d151c5be6fa18

commit 53460a2c7e0e07d4a18025ab4a0d151c5be6fa18
Author:     Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2022-04-08 15:46:19 +0000
Commit:     Mark Johnston <markj@FreeBSD.org>
CommitDate: 2022-04-11 13:59:21 +0000

    net: Fix LLE lock leaks
    
    Historically, lltable_try_set_entry_addr() would release the LLE lock
    upon failure.  After some refactoring, it no longer does so, but
    consumers were not adjusted accordingly.
    
    Also fix a leak that can occur if lltable_calc_llheader() fails in the
    ARP code, but I suspect that such a failure can only occur due to a code
    bug.
    
    Approved by:    re (gjb)
    Reviewed by:    bz, melifaro
    Reported by:    pho
    Fixes:          0b79b007ebfc ("[lltable] Restructure nd6 code.")
    Sponsored by:   The FreeBSD Foundation
    
    (cherry picked from commit dd91d8448665dd31df5be7341756394293c6e36c)
    (cherry picked from commit 078d50f9dd14ac77145b2cf8f143d49329b2c4f7)
---
 sys/netinet/if_ether.c | 8 ++++++--
 sys/netinet6/nd6_nbr.c | 4 +---
 2 files changed, 7 insertions(+), 5 deletions(-)

diff --git a/sys/netinet/if_ether.c b/sys/netinet/if_ether.c
index 5400f35d953f..59a7c78cb03b 100644
--- a/sys/netinet/if_ether.c
+++ b/sys/netinet/if_ether.c
@@ -1239,16 +1239,20 @@ arp_check_update_lle(struct arphdr *ah, struct in_addr isaddr, struct ifnet *ifp
 	/* Calculate full link prepend to use in lle */
 	linkhdrsize = sizeof(linkhdr);
 	if (lltable_calc_llheader(ifp, AF_INET, ar_sha(ah), linkhdr,
-	    &linkhdrsize, &lladdr_off) != 0)
+	    &linkhdrsize, &lladdr_off) != 0) {
+		LLE_WUNLOCK(la);
 		return;
+	}
 
 	/* Check if something has changed */
 	if (memcmp(la->r_linkdata, linkhdr, linkhdrsize) != 0 ||
 	    (la->la_flags & LLE_VALID) == 0) {
 		/* Try to perform LLE update */
 		if (lltable_try_set_entry_addr(ifp, la, linkhdr, linkhdrsize,
-		    lladdr_off) == 0)
+		    lladdr_off) == 0) {
+			LLE_WUNLOCK(la);
 			return;
+		}
 
 		/* Clear fast path feedback request if set */
 		llentry_mark_used(la);
diff --git a/sys/netinet6/nd6_nbr.c b/sys/netinet6/nd6_nbr.c
index 0c6dd9e0361f..3a56964f8eb3 100644
--- a/sys/netinet6/nd6_nbr.c
+++ b/sys/netinet6/nd6_nbr.c
@@ -855,10 +855,8 @@ nd6_na_input(struct mbuf *m, int off, int icmp6len)
 				    linkhdr, &linkhdrsize, &lladdr_off) != 0)
 					goto freeit;
 				if (lltable_try_set_entry_addr(ifp, ln, linkhdr,
-				    linkhdrsize, lladdr_off) == 0) {
-					ln = NULL;
+				    linkhdrsize, lladdr_off) == 0)
 					goto freeit;
-				}
 				EVENTHANDLER_INVOKE(lle_event, ln,
 				    LLENTRY_RESOLVED);
 			}



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202204111410.23BEAoGP065214>