Date: Mon, 4 Nov 2019 17:35:38 +0000 (UTC) From: Gleb Smirnoff <glebius@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r354336 - head/sys/netinet6 Message-ID: <201911041735.xA4HZcM6017384@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: glebius Date: Mon Nov 4 17:35:37 2019 New Revision: 354336 URL: https://svnweb.freebsd.org/changeset/base/354336 Log: In nd6_timer() enter the network epoch earlier. The defrouter_del() may call into leaf functions that require epoch. Since the function is already run in non-sleepable context, it should be safe to cover it whole with epoch. Reported by: syzcaller Modified: head/sys/netinet6/nd6.c Modified: head/sys/netinet6/nd6.c ============================================================================== --- head/sys/netinet6/nd6.c Mon Nov 4 14:19:09 2019 (r354335) +++ head/sys/netinet6/nd6.c Mon Nov 4 17:35:37 2019 (r354336) @@ -918,6 +918,7 @@ nd6_timer(void *arg) defrouter_unlink(dr, &drq); ND6_WUNLOCK(); + NET_EPOCH_ENTER(et); while ((dr = TAILQ_FIRST(&drq)) != NULL) { TAILQ_REMOVE(&drq, dr, dr_entry); defrouter_del(dr); @@ -931,7 +932,6 @@ nd6_timer(void *arg) * * XXXRW: in6_ifaddrhead locking. */ - NET_EPOCH_ENTER(et); addrloop: CK_STAILQ_FOREACH_SAFE(ia6, &V_in6_ifaddrhead, ia_link, nia6) { /* check address lifetime */
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201911041735.xA4HZcM6017384>