diff options
| author | glebius <glebius@FreeBSD.org> | 2012-08-02 13:57:49 +0000 |
|---|---|---|
| committer | glebius <glebius@FreeBSD.org> | 2012-08-02 13:57:49 +0000 |
| commit | abf245020a075c487a1ac4e60c7069e2d8c9c7c3 (patch) | |
| tree | bc9d35350ff3e80778a0341908f6905a862f4004 /sys/netinet6/in6.c | |
| parent | 34fe3f296a23dcd2b2315ab9b7cbe217a7e36c17 (diff) | |
| download | FreeBSD-src-abf245020a075c487a1ac4e60c7069e2d8c9c7c3.zip FreeBSD-src-abf245020a075c487a1ac4e60c7069e2d8c9c7c3.tar.gz | |
Fix races between in_lltable_prefix_free(), lla_lookup(),
llentry_free() and arptimer():
o Use callout_init_rw() for lle timeout, this allows us safely
disestablish them.
- This allows us to simplify the arptimer() and make it
race safe.
o Consistently use ifp->if_afdata_lock to lock access to
linked lists in the lle hashes.
o Introduce new lle flag LLE_LINKED, which marks an entry that
is attached to the hash.
- Use LLE_LINKED to avoid double unlinking via consequent
calls to llentry_free().
- Mark lle with LLE_DELETED via |= operation istead of =,
so that other flags won't be lost.
o Make LLE_ADDREF(), LLE_REMREF() and LLE_FREE_LOCKED() more
consistent and provide more informative KASSERTs.
The patch is a collaborative work of all submitters and myself.
PR: kern/165863
Submitted by: Andrey Zonov <andrey zonov.org>
Submitted by: Ryan Stone <rysto32 gmail.com>
Submitted by: Eric van Gyzen <eric_van_gyzen dell.com>
Diffstat (limited to 'sys/netinet6/in6.c')
| -rw-r--r-- | sys/netinet6/in6.c | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/sys/netinet6/in6.c b/sys/netinet6/in6.c index 320bd7e..a7df9f8 100644 --- a/sys/netinet6/in6.c +++ b/sys/netinet6/in6.c @@ -2497,23 +2497,22 @@ in6_lltable_prefix_free(struct lltable *llt, const struct sockaddr *prefix, * (flags & LLE_STATIC) means deleting all entries * including static ND6 entries. */ + IF_AFDATA_WLOCK(llt->llt_ifp); for (i = 0; i < LLTBL_HASHTBL_SIZE; i++) { LIST_FOREACH_SAFE(lle, &llt->lle_head[i], lle_next, next) { if (IN6_ARE_MASKED_ADDR_EQUAL( - &((struct sockaddr_in6 *)L3_ADDR(lle))->sin6_addr, - &pfx->sin6_addr, - &msk->sin6_addr) && - ((flags & LLE_STATIC) || !(lle->la_flags & LLE_STATIC))) { - int canceled; - - canceled = callout_drain(&lle->la_timer); + &satosin6(L3_ADDR(lle))->sin6_addr, + &pfx->sin6_addr, &msk->sin6_addr) && + ((flags & LLE_STATIC) || + !(lle->la_flags & LLE_STATIC))) { LLE_WLOCK(lle); - if (canceled) + if (callout_stop(&lle->la_timer)) LLE_REMREF(lle); llentry_free(lle); } } } + IF_AFDATA_WUNLOCK(llt->llt_ifp); } static int @@ -2605,11 +2604,12 @@ in6_lltable_lookup(struct lltable *llt, u_int flags, lle->lle_tbl = llt; lle->lle_head = lleh; + lle->la_flags |= LLE_LINKED; LIST_INSERT_HEAD(lleh, lle, lle_next); } else if (flags & LLE_DELETE) { if (!(lle->la_flags & LLE_IFADDR) || (flags & LLE_IFADDR)) { LLE_WLOCK(lle); - lle->la_flags = LLE_DELETED; + lle->la_flags |= LLE_DELETED; LLE_WUNLOCK(lle); #ifdef DIAGNOSTIC log(LOG_INFO, "ifaddr cache = %p is deleted\n", lle); |
