Date: Tue, 20 May 2025 13:43:18 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 286949] Race condition in ether_ifattach Message-ID: <bug-286949-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=286949 Bug ID: 286949 Summary: Race condition in ether_ifattach Product: Base System Version: 13.5-RELEASE Hardware: arm64 OS: Any Status: New Severity: Affects Some People Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: mibelanger@qnx.com There appears to be a race condition in ether_ifattach (if_ethersubr.c). The ether_ifattach() function calls if_attach, where the interface will get announced, and then ether_ifattach continues with the initialization of the ifp. In our reported case, a startup script is loading the driver and bringing the interface up with ifconfig. Since they are putting these commands to the background, ifconfig is not properly waiting for the driver load to fully complete. When ifconfig is successful, it will send the IPv6 neighbour discovery packets…and this can result in a crash if ether_ifattach is not complete (ifp->if_output is NULL). We are considering breaking up if_attach_internal, so that ether_ifattach can call the first part and then call the end part after the ifp is fully setup. We can reproduce the issue by adding an artificial delay after the if_attach in ether_ifattach. -- You are receiving this mail because: You are the assignee for the bug.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-286949-227>