Date: Mon, 22 Apr 2019 10:10:27 +0200 From: Hans Petter Selasky <hps@selasky.org> To: Enji Cooper <yaneurabeya@gmail.com> Cc: src-committers <src-committers@freebsd.org>, svn-src-all <svn-src-all@freebsd.org>, svn-src-head@freebsd.org Subject: Re: svn commit: r346530 - in head/sys: netinet netinet6 Message-ID: <87917500-0381-79d8-a34b-819848abed32@selasky.org> In-Reply-To: <2F3D6B17-AF4F-4B0F-B20E-5EF41DE851F9@gmail.com> References: <201904220727.x3M7ROpR009729@repo.freebsd.org> <2F3D6B17-AF4F-4B0F-B20E-5EF41DE851F9@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 4/22/19 9:52 AM, Enji Cooper wrote: > >> On Apr 22, 2019, at 12:27 AM, Hans Petter Selasky <hselasky@FreeBSD.org> wrote: >> >> Author: hselasky >> Date: Mon Apr 22 07:27:24 2019 >> New Revision: 346530 >> URL: https://svnweb.freebsd.org/changeset/base/346530 >> >> Log: >> Fix panic in network stack due to memory use after free in relation to >> fragmented packets. >> >> When sending IPv4 and IPv6 fragmented packets and a fragment is lost, >> the mbuf making up the fragment will remain in the temporary hashed >> fragment list for a while. If the network interface departs before the >> so-called slow timeout clears the packet, the fragment causes a panic >> when the timeout kicks in due to accessing a freed network interface >> structure. >> >> Make sure that when a network device is departing, all hashed IPv4 and >> IPv6 fragments belonging to it, get freed. >> >> Backtrace: >> panic() >> icmp6_reflect() >> >> hlim = ND_IFINFO(m->m_pkthdr.rcvif)->chlim; >> ^^^^ rcvif->if_afdata[AF_INET6] is NULL. >> >> icmp6_error() >> frag6_freef() >> frag6_slowtimo() >> pfslowtimo() >> softclock_call_cc() >> softclock() >> ithread_loop() >> >> Differential Revision: https://reviews.freebsd.org/D19622 >> Reviewed by: bz (network), adrian >> MFC after: 1 week >> Sponsored by: Mellanox Technologies > > This commit broke the build on mips, etc: > > 07:36:06 > --- ip_reass.o --- > > 07:36:06 > /usr/src/sys/netinet/ip_reass.c:641: error: expected ')' before '(' token > > 07:36:06 *** [ip_reass.o] Error code 1 > > EVENTHANDLER_DEFINE looks like it doesn’t work with gcc? I'm looking into it. Thank you! --HPS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?87917500-0381-79d8-a34b-819848abed32>