[Bug 220078] [patch] [panic] [ipfw] repeatable kernel panic due to unlocked INADDR_TO_IFP usage

Mon Jun 19 21:04:23 UTC 2017

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=220078

--- Comment #10 from Cassiano Peixoto <peixoto.cassiano at gmail.com> ---
(In reply to Eugene Grosbein from comment #9)
mcast has been reject:

# patch < mcast.patch 
Hmm...  Looks like a unified diff to me...
The text leading up to this was:
--------------------------
|--- sys/netinet/in_mcast.c.orig        2017-04-20 15:01:10.786840000 +0700
|+++ sys/netinet/in_mcast.c     2017-06-17 18:24:34.034823000 +0700
--------------------------
Patching file sys/netinet/in_mcast.c using Plan A...
Hunk #1 succeeded at 1340 (offset 2 lines).
Hunk #2 succeeded at 1378 (offset 2 lines).
Hunk #3 succeeded at 1878 (offset 2 lines).
Hunk #4 succeeded at 1895 (offset 2 lines).
Hunk #5 succeeded at 2229 (offset 2 lines).
Hunk #6 failed at 2288.
Hunk #7 succeeded at 2452 (offset 2 lines).
Hunk #8 succeeded at 2491 (offset 2 lines).
1 out of 8 hunks failed--saving rejects to sys/netinet/in_mcast.c.rej
done
Exit 1

# cat sys/netinet/in_mcast.c.rej
@@ -2283,9 +2288,11 @@
                 * XXX NOTE WELL: The RFC 3678 API is preferred because
                 * using an IPv4 address as a key is racy.
                 */
-               if (!in_nullhost(mreqs.imr_interface))
+               if (!in_nullhost(mreqs.imr_interface)) {
+                       IN_IFADDR_RLOCK(&in_ifa_tracker);
                        INADDR_TO_IFP(mreqs.imr_interface, ifp);
-
+                       IN_IFADDR_RUNLOCK(&in_ifa_tracker);
+               }
                CTR3(KTR_IGMPV3, "%s: imr_interface = 0x%08x, ifp = %p",
                    __func__, ntohl(mreqs.imr_interface.s_addr), ifp);

-- 
You are receiving this mail because:
You are on the CC list for the bug.
