diff options
| author | np <np@FreeBSD.org> | 2013-12-17 21:41:23 +0000 |
|---|---|---|
| committer | np <np@FreeBSD.org> | 2013-12-17 21:41:23 +0000 |
| commit | b2e6c8c6a25b206b73d8b7096a555089b40bbe4b (patch) | |
| tree | 105282ef808f8ed55bf8aa9514f776a64adb6ce4 /sys/dev/cxgbe | |
| parent | 9b92b4d5f6291c68a2fa3ed273a284c177f4a791 (diff) | |
| download | FreeBSD-src-b2e6c8c6a25b206b73d8b7096a555089b40bbe4b.zip FreeBSD-src-b2e6c8c6a25b206b73d8b7096a555089b40bbe4b.tar.gz | |
Do not create a hardware IPv6 server if the listen address is not
in6addr_any and is not in the CLIP table either. This fixes a reported
TOE+IPv6 NULL-dereference panic in do_pass_open_rpl().
While here, stop creating hardware servers for any loopback address.
It's just a waste of server tids.
MFC after: 1 week
Diffstat (limited to 'sys/dev/cxgbe')
| -rw-r--r-- | sys/dev/cxgbe/tom/t4_listen.c | 20 | ||||
| -rw-r--r-- | sys/dev/cxgbe/tom/t4_tom.h | 1 |
2 files changed, 21 insertions, 0 deletions
diff --git a/sys/dev/cxgbe/tom/t4_listen.c b/sys/dev/cxgbe/tom/t4_listen.c index 17f4adb..0dc02e3 100644 --- a/sys/dev/cxgbe/tom/t4_listen.c +++ b/sys/dev/cxgbe/tom/t4_listen.c @@ -203,6 +203,17 @@ alloc_lctx(struct adapter *sc, struct inpcb *inp, struct port_info *pi) return (NULL); } + if (inp->inp_vflag & INP_IPV6 && + !IN6_ARE_ADDR_EQUAL(&in6addr_any, &inp->in6p_laddr)) { + struct tom_data *td = sc->tom_softc; + + lctx->ce = hold_lip(td, &inp->in6p_laddr); + if (lctx->ce == NULL) { + free(lctx, M_CXGBE); + return (NULL); + } + } + lctx->ctrlq = &sc->sge.ctrlq[pi->port_id]; lctx->ofld_rxq = &sc->sge.ofld_rxq[pi->first_ofld_rxq]; refcount_init(&lctx->refcount, 1); @@ -219,6 +230,7 @@ static int free_lctx(struct adapter *sc, struct listen_ctx *lctx) { struct inpcb *inp = lctx->inp; + struct tom_data *td = sc->tom_softc; INP_WLOCK_ASSERT(inp); KASSERT(lctx->refcount == 0, @@ -230,6 +242,8 @@ free_lctx(struct adapter *sc, struct listen_ctx *lctx) CTR4(KTR_CXGBE, "%s: stid %u, lctx %p, inp %p", __func__, lctx->stid, lctx, lctx->inp); + if (lctx->ce) + release_lip(td, lctx->ce); free_stid(sc, lctx); free(lctx, M_CXGBE); @@ -495,6 +509,12 @@ t4_listen_start(struct toedev *tod, struct tcpcb *tp) INP_WLOCK_ASSERT(inp); + /* Don't start a hardware listener for any loopback address. */ + if (inp->inp_vflag & INP_IPV6 && IN6_IS_ADDR_LOOPBACK(&inp->in6p_laddr)) + return (0); + if (!(inp->inp_vflag & INP_IPV6) && + IN_LOOPBACK(ntohl(inp->inp_laddr.s_addr))) + return (0); #if 0 ADAPTER_LOCK(sc); if (IS_BUSY(sc)) { diff --git a/sys/dev/cxgbe/tom/t4_tom.h b/sys/dev/cxgbe/tom/t4_tom.h index 927bc94..6328240 100644 --- a/sys/dev/cxgbe/tom/t4_tom.h +++ b/sys/dev/cxgbe/tom/t4_tom.h @@ -176,6 +176,7 @@ struct listen_ctx { struct inpcb *inp; /* listening socket's inp */ struct sge_wrq *ctrlq; struct sge_ofld_rxq *ofld_rxq; + struct clip_entry *ce; TAILQ_HEAD(, synq_entry) synq; }; |
