svn commit: r346530 - in head/sys: netinet netinet6

Enji Cooper yaneurabeya at gmail.com
Mon Apr 22 07:52:19 UTC 2019


> On Apr 22, 2019, at 12:27 AM, Hans Petter Selasky <hselasky at FreeBSD.org> wrote:
> 
> Author: hselasky
> Date: Mon Apr 22 07:27:24 2019
> New Revision: 346530
> URL: https://svnweb.freebsd.org/changeset/base/346530
> 
> Log:
>  Fix panic in network stack due to memory use after free in relation to
>  fragmented packets.
> 
>  When sending IPv4 and IPv6 fragmented packets and a fragment is lost,
>  the mbuf making up the fragment will remain in the temporary hashed
>  fragment list for a while. If the network interface departs before the
>  so-called slow timeout clears the packet, the fragment causes a panic
>  when the timeout kicks in due to accessing a freed network interface
>  structure.
> 
>  Make sure that when a network device is departing, all hashed IPv4 and
>  IPv6 fragments belonging to it, get freed.
> 
>  Backtrace:
>  panic()
>  icmp6_reflect()
> 
>  hlim = ND_IFINFO(m->m_pkthdr.rcvif)->chlim;
>  ^^^^ rcvif->if_afdata[AF_INET6] is NULL.
> 
>  icmp6_error()
>  frag6_freef()
>  frag6_slowtimo()
>  pfslowtimo()
>  softclock_call_cc()
>  softclock()
>  ithread_loop()
> 
>  Differential Revision:	https://reviews.freebsd.org/D19622
>  Reviewed by:		bz (network), adrian
>  MFC after:		1 week
>  Sponsored by:		Mellanox Technologies

This commit broke the build on mips, etc:

07:36:06 
--- ip_reass.o ---

07:36:06 
/usr/src/sys/netinet/ip_reass.c:641: error: expected ')' before '(' token

07:36:06 *** [ip_reass.o] Error code 1

EVENTHANDLER_DEFINE looks like it doesn’t work with gcc?

Thanks,
-Enji


More information about the svn-src-head mailing list