Date: Mon, 4 Apr 2011 09:56:10 +0000 (UTC) From: Sergey Kandaurov <pluknet@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-8@freebsd.org Subject: svn commit: r220322 - stable/8/sys/netinet Message-ID: <201104040956.p349uAKe078447@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: pluknet Date: Mon Apr 4 09:56:10 2011 New Revision: 220322 URL: http://svn.freebsd.org/changeset/base/220322 Log: MFC r219828: Reference ifaddr object before unlocking as it can be freed from another context at the moment of later access. PR: kern/155555 Submitted by: Andrew Boyer <aboyer att averesystems.com> Modified: stable/8/sys/netinet/in.c Directory Properties: stable/8/sys/ (props changed) stable/8/sys/amd64/include/xen/ (props changed) stable/8/sys/cddl/contrib/opensolaris/ (props changed) stable/8/sys/contrib/dev/acpica/ (props changed) stable/8/sys/contrib/pf/ (props changed) Modified: stable/8/sys/netinet/in.c ============================================================================== --- stable/8/sys/netinet/in.c Mon Apr 4 09:38:05 2011 (r220321) +++ stable/8/sys/netinet/in.c Mon Apr 4 09:56:10 2011 (r220322) @@ -1174,8 +1174,8 @@ in_scrubprefix(struct in_ifaddr *target) * doesn't support such action. */ if ((ia->ia_flags & IFA_ROUTE) == 0 - && (ia->ia_ifp->if_type != IFT_CARP) - ) { + && (ia->ia_ifp->if_type != IFT_CARP)) { + ifa_ref(&ia->ia_ifa); IN_IFADDR_RUNLOCK(); rtinit(&(target->ia_ifa), (int)RTM_DELETE, rtinitflags(target)); @@ -1185,6 +1185,7 @@ in_scrubprefix(struct in_ifaddr *target) rtinitflags(ia) | RTF_UP); if (error == 0) ia->ia_flags |= IFA_ROUTE; + ifa_free(&ia->ia_ifa); return (error); } }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201104040956.p349uAKe078447>