svn commit: r356321 - head/sys/netinet
Mark Johnston
markj at FreeBSD.org
Fri Jan 3 17:03:11 UTC 2020
Author: markj
Date: Fri Jan 3 17:03:10 2020
New Revision: 356321
URL: https://svnweb.freebsd.org/changeset/base/356321
Log:
Take the ifnet's address lock in igmp_v3_cancel_link_timers().
inm_rele_locked() may remove the multicast address associated with inm.
Reported by: syzbot+871c5d1fd5fac6c28f52 at syzkaller.appspotmail.com
Reviewed by: hselasky
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D23009
Modified:
head/sys/netinet/igmp.c
Modified: head/sys/netinet/igmp.c
==============================================================================
--- head/sys/netinet/igmp.c Fri Jan 3 16:28:10 2020 (r356320)
+++ head/sys/netinet/igmp.c Fri Jan 3 17:03:10 2020 (r356321)
@@ -1981,7 +1981,7 @@ igmp_set_version(struct igmp_ifsoftc *igi, const int v
static void
igmp_v3_cancel_link_timers(struct igmp_ifsoftc *igi)
{
- struct ifmultiaddr *ifma;
+ struct ifmultiaddr *ifma, *ifmatmp;
struct ifnet *ifp;
struct in_multi *inm;
struct in_multi_head inm_free_tmp;
@@ -2007,7 +2007,8 @@ igmp_v3_cancel_link_timers(struct igmp_ifsoftc *igi)
* for all memberships scoped to this link.
*/
ifp = igi->igi_ifp;
- CK_STAILQ_FOREACH(ifma, &ifp->if_multiaddrs, ifma_link) {
+ IF_ADDR_WLOCK(ifp);
+ CK_STAILQ_FOREACH_SAFE(ifma, &ifp->if_multiaddrs, ifma_link, ifmatmp) {
if (ifma->ifma_addr->sa_family != AF_INET ||
ifma->ifma_protospec == NULL)
continue;
@@ -2051,6 +2052,7 @@ igmp_v3_cancel_link_timers(struct igmp_ifsoftc *igi)
inm->inm_timer = 0;
mbufq_drain(&inm->inm_scq);
}
+ IF_ADDR_WUNLOCK(ifp);
inm_release_list_deferred(&inm_free_tmp);
}
More information about the svn-src-all
mailing list