[Bug 286949] Race condition in ether_ifattach

Reply: bugzilla-noreply_a_freebsd.org: "[Bug 286949] Race condition in ether_ifattach"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Tue, 20 May 2025 13:43:18 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=286949

            Bug ID: 286949
           Summary: Race condition in ether_ifattach
           Product: Base System
           Version: 13.5-RELEASE
          Hardware: arm64
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: kern
          Assignee: bugs@FreeBSD.org
          Reporter: mibelanger@qnx.com

There appears to be a race condition in ether_ifattach (if_ethersubr.c).
The ether_ifattach() function calls if_attach, where the interface will get
announced, and then ether_ifattach continues with the initialization of the
ifp.

In our reported case, a startup script is loading the driver and bringing the
interface up with ifconfig.
Since they are putting these commands to the background, ifconfig is not
properly waiting for the driver load to fully complete.
When ifconfig is successful, it will send the IPv6 neighbour discovery
packets…and this can result in a crash if ether_ifattach is not complete
(ifp->if_output is NULL).

We are considering breaking up if_attach_internal, so that ether_ifattach can
call the first part and then call the end part after the ifp is fully setup.
We can reproduce the issue by adding an artificial delay after the if_attach in
ether_ifattach.

-- 
You are receiving this mail because:
You are the assignee for the bug.