Date: Tue, 27 Nov 2018 09:04:48 +0000 From: bugzilla-noreply@freebsd.org To: net@FreeBSD.org Subject: [Bug 230498] Fatal trap 12: page fault while in kernel mode in sysctl_dumpentry from sysctl NET_RT_DUMP Message-ID: <bug-230498-7501-V5heAm67eJ@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-230498-7501@https.bugs.freebsd.org/bugzilla/> References: <bug-230498-7501@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D230498 --- Comment #19 from commit-hook@freebsd.org --- A commit references this bug: Author: ae Date: Tue Nov 27 09:04:07 UTC 2018 New revision: 341008 URL: https://svnweb.freebsd.org/changeset/base/341008 Log: Fix possible panic during ifnet detach in rtsock. The panic can happen, when some application does dump of routing table using sysctl interface. To prevent this, set IFF_DYING flag in if_detach_internal() function, when ifnet under lock is removed from the chain. In sysctl_rtsock() take IFNET_RLOCK_NOSLEEP() to prevent ifnet detach during routes enumeration. In case, if some interface was detached in the time before we take the lock, add the check, that ifnet is not DYING. This prevents access to memory that could be freed after ifnet is unlinked. PR: 227720, 230498, 233306 Reviewed by: bz, eugen MFC after: 1 week Sponsored by: Yandex LLC Differential Revision: https://reviews.freebsd.org/D18338 Changes: head/sys/net/if.c head/sys/net/rtsock.c --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-230498-7501-V5heAm67eJ>