[Bug 202691] race condition in if_lagg.c

[bugzilla-noreply at freebsd.org]

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=202691

            Bug ID: 202691
           Summary: race condition in if_lagg.c
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Many People
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: yizhouzhou at ict.ac.cn

by examine the lock mechanism in if_lagg.c, I find race conditions as follows:

in function lagg_port_destroy: 
890         ifp->if_lagg = NULL;
is protected by rm_wlock on its sc

while in function lagg_input:
1656         struct lagg_port *lp = ifp->if_lagg;
1657         struct lagg_softc *sc = lp->lp_softc;
is not protected by any locks.


possible fixed:
replace the locks in if_lagg.c with a global rmlock
and check the value of ifp->if_lagg in lagg_input
to be not null after read locked




Many thanks
Zhouyi

-- 
You are receiving this mail because:
You are the assignee for the bug.