From nobody Wed Nov 1 09:06:06 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SL1MM0XCdz503ng; Wed, 1 Nov 2023 09:06:07 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4SL1ML6Z9Sz3K3P; Wed, 1 Nov 2023 09:06:06 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1698829567; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=dQ+vCrOVxLFY0q/zUicEjRprFH4RPnkTM5Jq/gnuEqE=; b=hZf+OS3iZ4SalzjBMRacuyW3MYwh7L5/5ltQkY+LzKOu1DT3uZZE7QmYG3oVyXlSsvW/Ja NiSp5B5rdDfR1tdzNIerPWvmYOD9TtGIoyHrGw8oAw6qPGKmsCvjhj/4dUFKOb+SdBvUWy sFuLiPhGLMw9UlQv95Ts5SPzAVck9lR1XyqqpLvZm8LyRwZPCfoTFMbFTQmBLe6OL5qxtp 6doP1mGMCZQPtg8a6xAyKYAN3E3gddPQJRou5SvUMTeXfUGUQ3By6d0fXKoi8nsbpKaXPa ep59OMRG5Gfc81QibnTxJKvpeFyeQGLIhDK8oVmaDkK/qwax5nFg8PWrYwxWOQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1698829567; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=dQ+vCrOVxLFY0q/zUicEjRprFH4RPnkTM5Jq/gnuEqE=; b=ZCEpBthZ+Y9OM7eWyVv3zIBOgDGmaObn62oL/HCzfX5iP5ktHUdHGa4Zjso45CyCKTIgGW xv+atQ1ymvt6EH+WeI4V6gO9tERT4zj++LYHypO0HGZg4YVjmdFeGsep4aKR8jcReLCWAQ hyrhFlLgckkkfiKeUzkOaJBY7+TtkfYU5AnBDLjGCpn5fby283/DnJOM4xR9FMdwPJZqdn kuiFX3f3zMnszSbR9P9CBGstTp97cNGOe+UYSWTLhyOuN2Ir4Ds0otc6YbVCt/Hg2uQJ2F zyMUVeSlxHkrx9tEG+NMiPMl+P5ESKpdC4120b6VEFZ4IlkRyDuPBcjhl7UrSA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1698829567; a=rsa-sha256; cv=none; b=XNB6BlzcB7Lu7+a1q4EA8Y3HhwKUGu4IQnIfKcUvDYYcYtYqf9MQ2v7PKsQruMxieDF7Ob hb2yKUMtNAg7bZLrVqDVhMI1LvPISJNCmSvWQUw4CvcjgJK3XvbF0HGbRCwoMSsPdZQpwD JKc7uXlIsJnpILd5EJuTZZF4228ZuSBh3J3YsY7uEHABPFcdbtasu3GktMS2I7bcx6A5Yu 6D/O2OeSY0z0phmPbkMwnbzmdKKlQcNL2JpVvPEWvzMzF3vP88+Wc4hKBfzYsaSvNczlkL c90Tp0XLYZBNMVXIx2jHBb/0f/1S8QrRf24HNZ7F39gfrHsGFJBxFfuQd31uyA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4SL1ML5T2bzg6G; Wed, 1 Nov 2023 09:06:06 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 3A1966a0065134; Wed, 1 Nov 2023 09:06:06 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 3A1966gm065132; Wed, 1 Nov 2023 09:06:06 GMT (envelope-from git) Date: Wed, 1 Nov 2023 09:06:06 GMT Message-Id: <202311010906.3A1966gm065132@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: 9abf60f5cebf - stable/13 - netlink: fix potential llentry lock leak in newneigh handler List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 9abf60f5cebf1904959daacb4084113acc78a173 Auto-Submitted: auto-generated The branch stable/13 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=9abf60f5cebf1904959daacb4084113acc78a173 commit 9abf60f5cebf1904959daacb4084113acc78a173 Author: R. Christian McDonald AuthorDate: 2023-10-23 11:23:55 +0000 Commit: Kristof Provost CommitDate: 2023-10-31 08:08:44 +0000 netlink: fix potential llentry lock leak in newneigh handler The netlink newneigh handler has the potential to leak the lock on llentry objects in the kernel. This patch reconciles several paths through the newneigh handler that could result in a lock leak. MFC after: 1 week Reviewed by: markj, kp Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D42307 (cherry picked from commit ae2ca32781a90abe987e128ca167ab400a87f369) --- sys/netlink/route/neigh.c | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/sys/netlink/route/neigh.c b/sys/netlink/route/neigh.c index 140194b4ad32..dcb37313d0db 100644 --- a/sys/netlink/route/neigh.c +++ b/sys/netlink/route/neigh.c @@ -416,17 +416,18 @@ rtnl_handle_newneigh(struct nlmsghdr *hdr, struct nlpcb *nlp, struct nl_pstate * struct llentry *lle_tmp = lla_lookup(llt, LLE_EXCLUSIVE, attrs.nda_dst); if (lle_tmp != NULL) { error = EEXIST; - if (hdr->nlmsg_flags & NLM_F_EXCL) { - LLE_WUNLOCK(lle_tmp); - lle_tmp = NULL; - } else if (hdr->nlmsg_flags & NLM_F_REPLACE) { + if (hdr->nlmsg_flags & NLM_F_REPLACE) { + error = EPERM; if ((lle_tmp->la_flags & LLE_IFADDR) == 0) { + error = 0; /* success */ lltable_unlink_entry(llt, lle_tmp); + llentry_free(lle_tmp); + lle_tmp = NULL; lltable_link_entry(llt, lle); - error = 0; - } else - error = EPERM; + } } + if (lle_tmp) + LLE_WUNLOCK(lle_tmp); } else { if (hdr->nlmsg_flags & NLM_F_CREATE) lltable_link_entry(llt, lle); @@ -436,14 +437,11 @@ rtnl_handle_newneigh(struct nlmsghdr *hdr, struct nlpcb *nlp, struct nl_pstate * IF_AFDATA_WUNLOCK(attrs.nda_ifp); if (error != 0) { - if (lle != NULL) - llentry_free(lle); + /* throw away the newly allocated llentry */ + llentry_free(lle); return (error); } - if (lle_tmp != NULL) - llentry_free(lle_tmp); - /* XXX: We're inside epoch */ EVENTHANDLER_INVOKE(lle_event, lle, LLENTRY_RESOLVED); LLE_WUNLOCK(lle);