| created | 2021-09-13T16:25:35Z |
|---|---|
| begin | 2021-09-07T00:00:00Z |
| end | 2021-09-08T00:00:00Z |
| path | src/sys |
| commits | 2 |
| date | 2021-09-07T09:56:00Z | |||
|---|---|---|---|---|
| author | mvs | |||
| files | src/sys/net/rtsock.c | log | diff | annotate |
| message |
Fix the race between if_detach() and rtm_output(). When the dying network interface descriptor has if_get(9) obtained reference owned by foreign thread, the if_detach() thread will sleep just after it removed this interface from the interface index map. The data related to this interface is still in routing table, so if_get(9) called by concurrent rtm_output() thread will return NULL and the following "ifp != NULL" assertion will be triggered. So remove the "ifp != NULL" assertions from rtm_output() and try to grab `ifp' as early as possible then hold it until we finish the work. In the case we won the race and we have `ifp' non NULL, concurrent if_detach() thread will wait us. In the case we lost we just return ESRCH. The problem reported by danj@. Diff tested by danj@. ok mpi@ |
|||
| date | 2021-09-07T16:07:46Z | |||
|---|---|---|---|---|
| author | mvs | |||
| files | src/sys/net/rtsock.c | log | diff | annotate |
| message |
Fix NULL pointer dereference introduced by previous commit. Reported-by: [email protected] ok mpi@ |
|||