Date: Wed, 24 Aug 2005 04:45:02 +0000 (UTC) From: Robert Watson <rwatson@FreeBSD.org> To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/sys/net if.c Message-ID: <200508240445.j7O4j2ST002619@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help
rwatson 2005-08-24 04:45:02 UTC
FreeBSD src repository
Modified files: (Branch: RELENG_6)
sys/net if.c
Log:
Merge if.c:1.240, if.c:1.241, if.c:1.242 from HEAD to RELENG_6, which
correct nits in the addition of if_addr_mtx:
if.c:1.240:
Initialize the if_addr mutex in if_alloc() rather than waiting until
if_attach(). This allows ethernet drivers to use it in their routines
to program their MAC filters before ether_ifattach() is called (de(4) is
one such driver). Also, the if_addr mutex is destroyed in if_free()
rather than if_detach(), so there was another potential bug in that a
driver that failed during attach and called if_free() without having
called ether_ifattach() would have tried to destroy an uninitialized
mutex.
Reported by: Holm Tiffe holm at freibergnet dot de
Discussed with: rwatson
if.c:1.241:
destroy lock _before_ free'ing the structure it resides in
if.c:1.242:
- Move IF_ADDR_LOCK_DESTROY(ifp) from if_free to if_free_type.
- Add a note that additions should be made to if_free_type and not
if_free to help avoid this in the future.
This apparently fixes a use after free in if_bridge and may fix bugs
in other direct if_free_type consumers.
Reported by: thompsa
Approved by: re (hrs)
Revision Changes Path
1.234.2.7 +3 -3 src/sys/net/if.c
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200508240445.j7O4j2ST002619>