If there is a system with a bpf consumer running and a packet is wanted

to be transmitted but the arp cache entry expired, which triggers an arp request to be sent, the bpf code might want to sleep but crash the system due to a non sleep lock held from the arp entry not released properly. Release the lock before calling the arp request code to solve the issue as is done on all the other code paths. PR: 200323 Approved by: ae, gnn(mentor) MFC after: 1 week Sponsored by: Netgate Differential Revision: https://reviews.freebsd.org/D2828
svn path=/head/; revision=284512
2015-06-17 12:23:04 +00:00 · 2015-06-17 12:23:04 +00:00 · f0516b3c96 · 2020-12-20 02:59:44 +00:00
commit f0516b3c96
parent 1fa1d4a651
1 changed files with 12 additions and 3 deletions
--- a/sys/netinet/if_ether.c
+++ b/sys/netinet/if_ether.c
@ -364,6 +364,7 @@ arpresolve(struct ifnet *ifp, int is_gw, struct mbuf *m,
 	if ((la->la_flags & LLE_VALID) &&
 	    ((la->la_flags & LLE_STATIC) || la->la_expire > time_uptime)) {
 		bcopy(&la->ll_addr, desten, ifp->if_addrlen);
+		renew = 0;
 		/*
 		 * If entry has an expiry time and it is approaching,
 		 * see if we need to send an ARP request within this
@ -371,14 +372,22 @@ arpresolve(struct ifnet *ifp, int is_gw, struct mbuf *m,
 		 */
 		if (!(la->la_flags & LLE_STATIC) &&
 		    time_uptime + la->la_preempt > la->la_expire) {
-			arprequest(ifp, NULL, &SIN(dst)->sin_addr, NULL);
+			renew = 1;
 			la->la_preempt--;
 		}

 		if (pflags != NULL)
 			*pflags = la->la_flags;
-		error = 0;
-		goto done;
+
+		if (flags & LLE_EXCLUSIVE)
+			LLE_WUNLOCK(la);
+		else
+			LLE_RUNLOCK(la);
+
+		if (renew == 1)
+			arprequest(ifp, NULL, &SIN(dst)->sin_addr, NULL);
+
+		return (0);
 	}

 	if (la->la_flags & LLE_STATIC) {   /* should not happen! */