d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

mld: fix epoch assertion

Browse Source 
in6ifa_ifpforlinklocal() asserts the net epoch.  The test case from r354832
revealed code paths where we call into the function without having
acquired the net epoch first and consequently we hit the assert.
This happens in certain MLD states during VNET shutdown and most people
normaly not notice this.

For correctness acquire the net epoch around calls to
mld_v1_transmit_report() in all cases to avoid the assertion firing.

MFC after:	2 weeks
Sponsored by:	Netflix
This commit is contained in:
bz 2019-11-19 14:53:13 +00:00
parent e63a1eebc8
commit 3dc60fd5da
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
sys/netinet6/mld6.c
View File

@ -1800,6 +1800,7 @@ mld_v1_transmit_report(struct in6_multi *in6m, const int type)
struct mbuf *mh, *md;
struct mld_hdr *mld;
NET_EPOCH_ASSERT();
IN6_MULTI_LIST_LOCK_ASSERT();
MLD_LOCK_ASSERT();
@ -1968,6 +1969,7 @@ static int
mld_initial_join(struct in6_multi *inm, struct mld_ifsoftc *mli,
const int delay)
{
struct epoch_tracker et;
struct ifnet *ifp;
struct mbufq *mq;
int error, retval, syncstates;
@ -2035,8 +2037,10 @@ mld_initial_join(struct in6_multi *inm, struct mld_ifsoftc *mli,
V_current_state_timers_running6 = 1;
} else {
inm->in6m_state = MLD_IDLE_MEMBER;
NET_EPOCH_ENTER(et);
error = mld_v1_transmit_report(inm,
MLD_LISTENER_REPORT);
NET_EPOCH_EXIT(et);
if (error == 0) {
inm->in6m_timer = odelay;
V_current_state_timers_running6 = 1;
@ -2181,6 +2185,7 @@ mld_handle_state_change(struct in6_multi *inm, struct mld_ifsoftc *mli)
static void
mld_final_leave(struct in6_multi *inm, struct mld_ifsoftc *mli)
{
struct epoch_tracker et;
int syncstates;
#ifdef KTR
char ip6tbuf[INET6_ADDRSTRLEN];
@ -2214,7 +2219,9 @@ mld_final_leave(struct in6_multi *inm, struct mld_ifsoftc *mli)
panic("%s: MLDv2 state reached, not MLDv2 mode",
__func__);
#endif
NET_EPOCH_ENTER(et);
mld_v1_transmit_report(inm, MLD_LISTENER_DONE);
NET_EPOCH_EXIT(et);
inm->in6m_state = MLD_NOT_MEMBER;
V_current_state_timers_running6 = 1;
} else if (mli->mli_version == MLD_VERSION_2) {
@ -3194,6 +3201,7 @@ mld_v2_encap_report(struct ifnet *ifp, struct mbuf *m)
/*
* RFC3590: OK to send as :: or tentative during DAD.
*/
NET_EPOCH_ASSERT();
ia = in6ifa_ifpforlinklocal(ifp, IN6_IFF_NOTREADY|IN6_IFF_ANYCAST);
if (ia == NULL)
CTR1(KTR_MLD, "%s: warning: ia is NULL", __func__);