From nobody Wed Nov 1 09:06:05 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SL1MK5PGPz503j7; Wed, 1 Nov 2023 09:06:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SL1MK4jsCz3Jx0; Wed, 1 Nov 2023 09:06:05 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1698829565; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=FePaRcymf7+skO4TCApyNiVhYG51rwjuo0lf4GQaJIs=; b=MukyETaqNw7djmJFUd3f5CJBeHm2hxeG3J4G3K4BfzzlwQ1aEnvEBDJs32pZry/RvWuRBE ATr/e9IBYWxuIyBMah7yPdwiNwHshi+RQvSW6TmTHpKGZOwFNHo8Bj301mR8Fhmsf1foF2 +4Wo0VMrSxMkSJVrRabo6bLS5p8wQmVMzem/X6HJcmXNHBu58HcGyf4Ed6wHlznlJbsHIG JhI/cGjQRGsQNFQHUEGBphz8r9bazmTVew7As4Q3Pz6zcaWnzdBAszhwSxGMv0FOtbqTG9 KW/9iMBDoqQguE/b170UXKAOt9qiS4g1ZGZb2J/KSikupa2CnWlO0nttOz7cAA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1698829565; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=FePaRcymf7+skO4TCApyNiVhYG51rwjuo0lf4GQaJIs=; b=qwjHhOICmxfIKBKljuBuzxZCwY5hMOn43kowM/Kk8EfuviCnYDLM87IFbuHfudGLONBHbp xBJxFfXZ+mQN0z5RRANjzxYklLjFSrlozwdfDnO+7tDDrkvzkOyLPciNY7yMyAZ1qNnvgj OcpWp7PYkEMVOhT4NyJho1TS6hxaRV9x3lZbcz2YSJ/wsAfbniNHdS/0ugJ4gd0oMPhFnA T2WtKb14PRcub9dW+26vsOfNDqo281KCEm6oachgGRCzFUHXFv7iEx26VrF7wL1+cpIR2k 4gMiVr5nNwKX81MTl9HEfN6t4Crijfn+WGWxllV9q9wPd6z5foLHoe8i7grfvg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1698829565; a=rsa-sha256; cv=none; b=DK7IazeVo0fTS8NqXi2w4tcqsMjwfCEHqwYr6mbrAErZ6z1AHNu+256DiQt+NzQUa43tW7 Fdgou7tA/VtEdfEInZw60wpokG/xtMiFhyTAR73OZIUPuEeesrV0k7xI+qyMXCnejfMdJR u8tQctF1GdbC4fKI2Ve29WvUM1lG+eRyrBTSciLNGMf40VfkBiJGxPVALPFnyJ1SftBU7R bXpQLGav7+LbQ3n+5h1FaGu8uO5R4Om3LnHh42Ja18uoCetc+3h2uNw2Ocq1u8g7jLpB9B w5DM0uAJiS3QfNae+zaWkJ58cCWWTX/Ni1tjD3EDzUQ2pipUPaMi9aTqdaBDJg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4SL1MK3nQBzfvL; Wed, 1 Nov 2023 09:06:05 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 3A1965RS064950; Wed, 1 Nov 2023 09:06:05 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 3A19654x064940; Wed, 1 Nov 2023 09:06:05 GMT (envelope-from git) Date: Wed, 1 Nov 2023 09:06:05 GMT Message-Id: <202311010906.3A19654x064940@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: eff832ae7b24 - stable/14 - netlink: fix potential llentry lock leak in newneigh handler List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: eff832ae7b248c499464cad93c365a1594715e07 Auto-Submitted: auto-generated The branch stable/14 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=eff832ae7b248c499464cad93c365a1594715e07 commit eff832ae7b248c499464cad93c365a1594715e07 Author: R. Christian McDonald AuthorDate: 2023-10-23 11:23:55 +0000 Commit: Kristof Provost CommitDate: 2023-11-01 09:05:49 +0000 netlink: fix potential llentry lock leak in newneigh handler The netlink newneigh handler has the potential to leak the lock on llentry objects in the kernel. This patch reconciles several paths through the newneigh handler that could result in a lock leak. MFC after: 1 week Reviewed by: markj, kp Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D42307 (cherry picked from commit ae2ca32781a90abe987e128ca167ab400a87f369) --- sys/netlink/route/neigh.c | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/sys/netlink/route/neigh.c b/sys/netlink/route/neigh.c index 9914e7febf57..5be0c1f9d91f 100644 --- a/sys/netlink/route/neigh.c +++ b/sys/netlink/route/neigh.c @@ -436,17 +436,18 @@ rtnl_handle_newneigh(struct nlmsghdr *hdr, struct nlpcb *nlp, struct nl_pstate * struct llentry *lle_tmp = lla_lookup(llt, LLE_EXCLUSIVE, attrs.nda_dst); if (lle_tmp != NULL) { error = EEXIST; - if (hdr->nlmsg_flags & NLM_F_EXCL) { - LLE_WUNLOCK(lle_tmp); - lle_tmp = NULL; - } else if (hdr->nlmsg_flags & NLM_F_REPLACE) { + if (hdr->nlmsg_flags & NLM_F_REPLACE) { + error = EPERM; if ((lle_tmp->la_flags & LLE_IFADDR) == 0) { + error = 0; /* success */ lltable_unlink_entry(llt, lle_tmp); + llentry_free(lle_tmp); + lle_tmp = NULL; lltable_link_entry(llt, lle); - error = 0; - } else - error = EPERM; + } } + if (lle_tmp) + LLE_WUNLOCK(lle_tmp); } else { if (hdr->nlmsg_flags & NLM_F_CREATE) lltable_link_entry(llt, lle); @@ -456,14 +457,11 @@ rtnl_handle_newneigh(struct nlmsghdr *hdr, struct nlpcb *nlp, struct nl_pstate * IF_AFDATA_WUNLOCK(attrs.nda_ifp); if (error != 0) { - if (lle != NULL) - llentry_free(lle); + /* throw away the newly allocated llentry */ + llentry_free(lle); return (error); } - if (lle_tmp != NULL) - llentry_free(lle_tmp); - /* XXX: We're inside epoch */ EVENTHANDLER_INVOKE(lle_event, lle, LLENTRY_RESOLVED); LLE_WUNLOCK(lle);