From owner-cvs-all@FreeBSD.ORG Wed Aug 24 04:45:03 2005 Return-Path: X-Original-To: cvs-all@FreeBSD.org Delivered-To: cvs-all@FreeBSD.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 17DC016A41F; Wed, 24 Aug 2005 04:45:03 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from repoman.freebsd.org (repoman.freebsd.org [216.136.204.115]) by mx1.FreeBSD.org (Postfix) with ESMTP id DC41343D45; Wed, 24 Aug 2005 04:45:02 +0000 (GMT) (envelope-from rwatson@FreeBSD.org) Received: from repoman.freebsd.org (localhost [127.0.0.1]) by repoman.freebsd.org (8.13.1/8.13.1) with ESMTP id j7O4j2Br002620; Wed, 24 Aug 2005 04:45:02 GMT (envelope-from rwatson@repoman.freebsd.org) Received: (from rwatson@localhost) by repoman.freebsd.org (8.13.1/8.13.1/Submit) id j7O4j2ST002619; Wed, 24 Aug 2005 04:45:02 GMT (envelope-from rwatson) Message-Id: <200508240445.j7O4j2ST002619@repoman.freebsd.org> From: Robert Watson Date: Wed, 24 Aug 2005 04:45:02 +0000 (UTC) To: src-committers@FreeBSD.org, cvs-src@FreeBSD.org, cvs-all@FreeBSD.org X-FreeBSD-CVS-Branch: RELENG_6 Cc: Subject: cvs commit: src/sys/net if.c X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Aug 2005 04:45:03 -0000 rwatson 2005-08-24 04:45:02 UTC FreeBSD src repository Modified files: (Branch: RELENG_6) sys/net if.c Log: Merge if.c:1.240, if.c:1.241, if.c:1.242 from HEAD to RELENG_6, which correct nits in the addition of if_addr_mtx: if.c:1.240: Initialize the if_addr mutex in if_alloc() rather than waiting until if_attach(). This allows ethernet drivers to use it in their routines to program their MAC filters before ether_ifattach() is called (de(4) is one such driver). Also, the if_addr mutex is destroyed in if_free() rather than if_detach(), so there was another potential bug in that a driver that failed during attach and called if_free() without having called ether_ifattach() would have tried to destroy an uninitialized mutex. Reported by: Holm Tiffe holm at freibergnet dot de Discussed with: rwatson if.c:1.241: destroy lock _before_ free'ing the structure it resides in if.c:1.242: - Move IF_ADDR_LOCK_DESTROY(ifp) from if_free to if_free_type. - Add a note that additions should be made to if_free_type and not if_free to help avoid this in the future. This apparently fixes a use after free in if_bridge and may fix bugs in other direct if_free_type consumers. Reported by: thompsa Approved by: re (hrs) Revision Changes Path 1.234.2.7 +3 -3 src/sys/net/if.c