Date: Mon, 21 Mar 2011 14:19:40 +0000 (UTC) From: Sergey Kandaurov <pluknet@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r219828 - head/sys/netinet Message-ID: <201103211419.p2LEJeZF008127@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: pluknet Date: Mon Mar 21 14:19:40 2011 New Revision: 219828 URL: http://svn.freebsd.org/changeset/base/219828 Log: Reference ifaddr object before unlocking as it can be freed from another context at the moment of later access. PR: kern/155555 Submitted by: Andrew Boyer <aboyer att averesystems.com> Approved by: avg (mentor) MFC after: 2 weeks Modified: head/sys/netinet/in.c Modified: head/sys/netinet/in.c ============================================================================== --- head/sys/netinet/in.c Mon Mar 21 14:18:40 2011 (r219827) +++ head/sys/netinet/in.c Mon Mar 21 14:19:40 2011 (r219828) @@ -1174,8 +1174,8 @@ in_scrubprefix(struct in_ifaddr *target) * doesn't support such action. */ if ((ia->ia_flags & IFA_ROUTE) == 0 - && (ia->ia_ifp->if_type != IFT_CARP) - ) { + && (ia->ia_ifp->if_type != IFT_CARP)) { + ifa_ref(&ia->ia_ifa); IN_IFADDR_RUNLOCK(); rtinit(&(target->ia_ifa), (int)RTM_DELETE, rtinitflags(target)); @@ -1185,6 +1185,7 @@ in_scrubprefix(struct in_ifaddr *target) rtinitflags(ia) | RTF_UP); if (error == 0) ia->ia_flags |= IFA_ROUTE; + ifa_free(&ia->ia_ifa); return (error); } }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201103211419.p2LEJeZF008127>