kern/156978: [lagg][patch] Take lagg rlock before checking flags
Andrew Boyer
aboyer at averesystems.com
Thu May 12 13:50:09 UTC 2011
>Number: 156978
>Category: kern
>Synopsis: [lagg][patch] Take lagg rlock before checking flags
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu May 12 13:50:09 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Andrew Boyer
>Release: 8.2-RELEASE
>Organization:
Avere Systems
>Environment:
N/A
>Description:
lagg_input() tests flags in the lagg data structures without a lock. If the flags check passes it then takes the rlock. It is safer to take the rlock before testing the flags.
When interfaces are changing it is possible to get kernel panics without this change.
>How-To-Repeat:
Rebooting a system with laggs configured sometimes panics with a NULL pointer dereference.
>Fix:
Take the rlock before testing the flags.
Patch attached with submission follows:
Index: sys/net/if_lagg.c
===================================================================
--- sys/net/if_lagg.c (revision 221809)
+++ sys/net/if_lagg.c (working copy)
@@ -1221,14 +1221,15 @@
struct lagg_softc *sc = lp->lp_softc;
struct ifnet *scifp = sc->sc_ifp;
+ LAGG_RLOCK(sc);
if ((scifp->if_drv_flags & IFF_DRV_RUNNING) == 0 ||
(lp->lp_flags & LAGG_PORT_DISABLED) ||
sc->sc_proto == LAGG_PROTO_NONE) {
+ LAGG_RUNLOCK(sc);
m_freem(m);
return (NULL);
}
- LAGG_RLOCK(sc);
ETHER_BPF_MTAP(scifp, m);
m = (*sc->sc_input)(sc, lp, m);
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-bugs
mailing list