kern/132734: panic in net/if_mib.c
Mikolaj Golub
to.my.trociny at gmail.com
Thu Apr 23 19:30:04 UTC 2009
The following reply was made to PR kern/132734; it has been noted by GNATS.
From: Mikolaj Golub <to.my.trociny at gmail.com>
To: Alexey Illarionov <littlesavage at orionet.ru>
Cc: bug-followup at FreeBSD.org, Robert Watson <rwatson at FreeBSD.org>
Subject: Re: kern/132734: panic in net/if_mib.c
Date: Thu, 23 Apr 2009 22:29:36 +0300
SVN rev 191435 on 2009-04-23 18:23:08Z by rwatson
Merge r191434 from stable/7 to releng/7.2:
In sysctl_ifdata(), query the ifnet pointer using the index only
once, rather than querying it, validating it, and then re-querying
it without validating it. This may avoid a NULL pointer
dereference and resulting kernel page fault if an interface is
being deleted while bsnmp or other tools are querying data on the
interface.
The full fix, to properly refcount the interface for the duration
of the sysctl, is in 8.x, but is considered too high-risk for
7.2, so instead will appear in 7.3 (if all goes well).
So, Alexey, can you try upgrading to the latest stable/7 or releng/7.2 or
apply attached patch to see if this tweak at least eliminates the instant
panic?
--- if_mib.c (revision 191424)
+++ if_mib.c (working copy)
@@ -82,11 +82,9 @@
return EINVAL;
if (name[0] <= 0 || name[0] > if_index ||
- ifnet_byindex(name[0]) == NULL)
+ (ifp = ifnet_byindex(name[0])) == NULL)
return ENOENT;
- ifp = ifnet_byindex(name[0]);
-
switch(name[1]) {
default:
return ENOENT;
More information about the freebsd-net
mailing list