Date: Wed, 10 Dec 2008 04:06:55 +0000 (UTC) From: Kip Macy <kmacy@FreeBSD.org> To: src-committers@freebsd.org, svn-src-user@freebsd.org Subject: svn commit: r185834 - user/kmacy/head_arpv2/sys/netinet6 Message-ID: <200812100406.mBA46tx6014443@svn.freebsd.org>
index | next in thread | raw e-mail
Author: kmacy Date: Wed Dec 10 04:06:54 2008 New Revision: 185834 URL: http://svn.freebsd.org/changeset/base/185834 Log: - acquire the IF_AFDATA_LOCK ind nd6_storelladdr - drop the lle lock before return Modified: user/kmacy/head_arpv2/sys/netinet6/nd6.c Modified: user/kmacy/head_arpv2/sys/netinet6/nd6.c ============================================================================== --- user/kmacy/head_arpv2/sys/netinet6/nd6.c Wed Dec 10 04:05:46 2008 (r185833) +++ user/kmacy/head_arpv2/sys/netinet6/nd6.c Wed Dec 10 04:06:54 2008 (r185834) @@ -1872,7 +1872,8 @@ nd6_need_cache(struct ifnet *ifp) } /* - * the caller of this function needs to lock the interface table + * the callers of this function need to be re-worked to drop + * the lle lock, drop here for now */ int nd6_storelladdr(struct ifnet *ifp, struct rtentry *rt0, struct mbuf *m, @@ -1919,8 +1920,12 @@ nd6_storelladdr(struct ifnet *ifp, struc /* * the entry should have been created in nd6_store_lladdr */ + IF_AFDATA_LOCK(ifp); ln = lla_lookup(LLTABLE6(ifp), 0, dst); + IF_AFDATA_LOCK(ifp); if ((ln == NULL) || !(ln->la_flags & LLE_VALID)) { + if (ln) + LLE_RUNLOCK(ln); /* this could happen, if we could not allocate memory */ m_freem(m); return (1); @@ -1928,6 +1933,10 @@ nd6_storelladdr(struct ifnet *ifp, struc bcopy(&ln->ll_addr, desten, ifp->if_addrlen); *lle = ln; + LLE_RUNLOCK(ln); + /* + * A *small* use after free race exists here + */ return (0); }help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200812100406.mBA46tx6014443>