[Bug 197059] network locks up with IPv6 udp traffic

Thu Mar 12 09:04:30 UTC 2015

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=197059

--- Comment #7 from commit-hook at freebsd.org ---
A commit references this bug:

Author: ae
Date: Thu Mar 12 09:04:21 UTC 2015
New revision: 279911
URL: https://svnweb.freebsd.org/changeset/base/279911

Log:
  MFC r279588:
    Fix deadlock in IPv6 PCB code.

    When several threads are trying to send datagram to the same destination,
    but fragmentation is disabled and datagram size exceeds link MTU,
    ip6_output() calls pfctlinput2(PRC_MSGSIZE). It does notify all
    sockets wanted to know MTU to this destination. And since all threads
    hold PCB lock while sending, taking the lock for each PCB in the
    in6_pcbnotify() leads to deadlock.

    RFC 3542 p.11.3 suggests notify all application wanted to receive
    IPV6_PATHMTU ancillary data for each ICMPv6 packet too big message.
    But it doesn't require this, when we don't receive ICMPv6 message.

    Change ip6_notify_pmtu() function to be able use it directly from
    ip6_output() to notify only one socket, and to notify all sockets
    when ICMPv6 packet too big message received.

  MFC r279684:
    tcp6_ctlinput() doesn't pass MTU value to in6_pcbnotify().
    Check cmdarg isn't NULL before dereference, this check was in the
    ip6_notify_pmtu() before r279588.

  PR:        197059
  Sponsored by:    Yandex LLC

Changes:
_U  stable/10/
  stable/10/sys/netinet6/in6_pcb.c
  stable/10/sys/netinet6/ip6_input.c
  stable/10/sys/netinet6/ip6_output.c
  stable/10/sys/netinet6/ip6_var.h

-- 
You are receiving this mail because:
You are on the CC list for the bug.