d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
93e59da238
freebsd-dev/sys/netinet6
History
Mark Johnston e02582d1ae Fix synchronization in the IPV6_2292PKTOPTIONS set handler. 
The inpcb needs to be locked when we update output packet options.
Otherwise it is possible for the IPV6_2292PKTOPTIONS handler to free
packet option structures while another thread is reading or updating
them.

Note that the option handler is still kind of broken.  For instance it
frees all options before performing privilege checks for individual
options.  However, this can be fixed separately.

Reported by:	syzbot+52eb0fd4ddc119787f9d@syzkaller.appspotmail.com
Reviewed by:	bz, tuexen
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D24125
2020-03-19 21:38:52 +00:00
..
dest6.c
frag6.c Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (17 of many) 2020-02-26 14:26:36 +00:00
icmp6.c Bring back redirect route expiration. 2020-01-22 13:53:18 +00:00
icmp6.h
in6_cksum.c
in6_fib.c in6_fib: return nh_ia in the ext interface as we do for IPv4 2020-03-03 09:50:33 +00:00
in6_fib.h in6_fib: return nh_ia in the ext interface as we do for IPv4 2020-03-03 09:50:33 +00:00
in6_gif.c Mechanically substitute assertion of in_epoch(net_epoch_preempt) to 2020-01-15 05:45:27 +00:00
in6_ifattach.c
in6_ifattach.h
in6_jail.c
in6_mcast.c Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (17 of many) 2020-02-26 14:26:36 +00:00
in6_pcb.c Fix race when accepting TCP connections. 2020-01-12 17:52:32 +00:00
in6_pcb.h Fix race when accepting TCP connections. 2020-01-12 17:52:32 +00:00
in6_pcbgroup.c
in6_proto.c Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (17 of many) 2020-02-26 14:26:36 +00:00
in6_rmx.c Bring back redirect route expiration. 2020-01-22 13:53:18 +00:00
in6_rss.c
in6_rss.h
in6_src.c ip6: retire in6_selectroute_fib() as promised 8 years ago 2020-03-03 13:48:12 +00:00
in6_var.h Bring back redirect route expiration. 2020-01-22 13:53:18 +00:00
in6.c Introduce NET_EPOCH_CALL() macro and use it everywhere where we free 2020-01-15 06:05:20 +00:00
in6.h
ip6_ecn.h
ip6_fastfwd.c fib6_rte_to_nh_*: return a link-local gw address with scope embedded 2020-03-03 09:45:16 +00:00
ip6_forward.c
ip6_gre.c Introduce NET_EPOCH_CALL() macro and use it everywhere where we free 2020-01-15 06:05:20 +00:00
ip6_id.c
ip6_input.c Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (17 of many) 2020-02-26 14:26:36 +00:00
ip6_mroute.c Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (17 of many) 2020-02-26 14:26:36 +00:00
ip6_mroute.h
ip6_output.c Fix synchronization in the IPV6_2292PKTOPTIONS set handler. 2020-03-19 21:38:52 +00:00
ip6_var.h ip6: retire in6_selectroute_fib() as promised 8 years ago 2020-03-03 13:48:12 +00:00
ip6.h
ip6protosw.h
ip_fw_nat64.h
ip_fw_nptv6.h
mld6_var.h
mld6.c mld6: initialize oifp to avoid bogus results/panics in edge cases 2020-02-28 11:16:41 +00:00
mld6.h
nd6_nbr.c
nd6_rtr.c nd6_rtr: constantly use __func__ for nd6log() 2020-01-12 17:41:09 +00:00
nd6.c
nd6.h nd6_rtr: make nd6_prefix_onlink() static 2020-01-12 16:58:21 +00:00
pim6_var.h
pim6.h
raw_ip6.c Make ip6_output() and ip_output() require network epoch. 2020-01-22 05:51:22 +00:00
raw_ip6.h
route6.c
scope6_var.h
scope6.c
sctp6_usrreq.c Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (14 of many) 2020-02-24 10:47:18 +00:00
sctp6_var.h
send.c
send.h
tcp6_var.h
udp6_usrreq.c Mark more nodes as CTLFLAG_MPSAFE or CTLFLAG_NEEDGIANT (17 of many) 2020-02-26 14:26:36 +00:00
udp6_var.h