freebsd-dev

History

Kirk McKusick b03587f06a Malloc buckets of size 128 have been having their 64-byte offset trashed after being freed. This has caused several panics including kern/42277 related to soft updates. Jim Kuhn tracked the problem down to ipfw limit rule processing. In the expiry of dynamic rules, it is possible for an O_LIMIT_PARENT rule to be removed when it still has live children. When the children eventually do expire, a pointer to the (long gone) parent is dereferenced and a count decremented. Since this memory can, and is, allocated for other purposes (in the case of kern/42277 an inodedep structure), chaos ensues. The offset in question in inodedep is the offset of the 16 bit count field in the ipfw2 ipfw_dyn_rule. Submitted by: Jim Kuhn <jkuhn@sandvine.com> Reviewed by: "Evgueni V. Gavrilov" <aquatique@rusunix.org> Reviewed by: Ben Pfountz <netprince@vt.edu> MFC after: 1 week		2003-10-16 02:00:12 +00:00
..
libalias	Grrr...add the Skinny alias code forgotten in the last commit.	2003-09-23 07:42:33 +00:00
accf_data.c
accf_http.c
icmp6.h	nuke unused ICMPV6CTL_NAMES and KEYCTL_NAMES macros.	2003-10-07 15:14:33 +00:00
icmp_var.h
if_atm.c	Locking for updates to routing table entries. Each rtentry gets a mutex	2003-10-04 03:44:50 +00:00
if_atm.h
if_ether.c	Locking for updates to routing table entries. Each rtentry gets a mutex	2003-10-04 03:44:50 +00:00
if_ether.h
igmp_var.h
igmp.c	Remove redundant initialization of rti; SLIST_FOREACH does that for	2003-08-28 22:15:05 +00:00
igmp.h
in_cksum.c
in_gif.c	- fix typo in comment.	2003-10-07 17:46:18 +00:00
in_gif.h	- fix typo in comment.	2003-10-07 17:46:18 +00:00
in_pcb.c	Locking for updates to routing table entries. Each rtentry gets a mutex	2003-10-04 03:44:50 +00:00
in_pcb.h	Add the IP_ONESBCAST option, to enable undirected IP broadcasts to be sent on	2003-08-20 14:46:40 +00:00
in_proto.c	hookup ctlinput for fast ipsec versions of esp+ah protocols	2003-10-03 22:06:36 +00:00
in_rmx.c	Lock ip forwarding route cache. While we're at it, remove the global	2003-10-14 19:19:12 +00:00
in_systm.h
in_var.h	Move from a custom-crafted singly-linked list to the SLIST_* macros	2003-08-20 17:09:01 +00:00
in.c
in.h	Add the IP_ONESBCAST option, to enable undirected IP broadcasts to be sent on	2003-08-20 14:46:40 +00:00
ip6.h	add /CONSTCOND/ to reduce diffs against latest KAME.	2003-09-25 13:40:06 +00:00
ip_divert.c	o add locking	2003-09-05 00:00:51 +00:00
ip_dummynet.c	Minor fixups + add locking.	2003-09-17 00:54:04 +00:00
ip_dummynet.h	place some kernel-specific data structures under #ifdef _KERNEL	2003-10-03 20:58:56 +00:00
ip_ecn.c
ip_ecn.h
ip_encap.c
ip_encap.h
ip_flow.c	Locking for updates to routing table entries. Each rtentry gets a mutex	2003-10-04 03:44:50 +00:00
ip_flow.h	add locking	2003-09-01 05:12:36 +00:00
ip_fw2.c	Malloc buckets of size 128 have been having their 64-byte offset	2003-10-16 02:00:12 +00:00
ip_fw.h
ip_gre.c
ip_gre.h
ip_icmp.c	Locking for updates to routing table entries. Each rtentry gets a mutex	2003-10-04 03:44:50 +00:00
ip_icmp.h
ip_id.c
ip_input.c	purge extraneous ';'s	2003-10-15 18:19:28 +00:00
ip_mroute.c	Add locking.	2003-09-06 04:53:43 +00:00
ip_mroute.h
ip_output.c	Locking for updates to routing table entries. Each rtentry gets a mutex	2003-10-04 03:44:50 +00:00
ip_var.h	Lock ip forwarding route cache. While we're at it, remove the global	2003-10-14 19:19:12 +00:00
ip.h
ipprotosw.h
pim_var.h
pim.h
raw_ip.c	shuffle code so we don't "continue" and miss a needed unlock operation	2003-09-17 21:13:16 +00:00
tcp_debug.c
tcp_debug.h
tcp_fsm.h
tcp_input.c
tcp_output.c
tcp_reass.c
tcp_seq.h
tcp_subr.c	Fix a bunch of off-by-one errors in the range checking code.	2003-09-11 21:40:21 +00:00
tcp_syncache.c	Change instances of callout_init that specify MPSAFE behaviour to	2003-08-19 17:51:11 +00:00
tcp_timer.c
tcp_timer.h
tcp_timewait.c	Fix a bunch of off-by-one errors in the range checking code.	2003-09-11 21:40:21 +00:00
tcp_usrreq.c
tcp_var.h
tcp.h
tcpip.h
udp_usrreq.c	PR: kern/56343	2003-09-03 02:19:29 +00:00
udp_var.h
udp.h