Date: Fri, 16 Dec 2016 22:39:31 +0000 (UTC) From: Alan Somers <asomers@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r310180 - head/sys/net Message-ID: <201612162239.uBGMdVSL027853@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: asomers Date: Fri Dec 16 22:39:30 2016 New Revision: 310180 URL: https://svnweb.freebsd.org/changeset/base/310180 Log: Fix panic during lagg destruction with simultaneous status check If you run "ifconfig lagg0 destroy" and "ifconfig lagg0" at the same time a page fault may result. The first process will destroy ifp->if_lagg in lagg_clone_destroy (called by if_clone_destroy). Then the second process will observe that ifp->if_lagg is NULL at the top of lagg_port_ioctl and goto fallback: where it will promptly dereference ifp->if_lagg anyway. The solution is to repeat the NULL check for ifp->if_lagg MFC after: 4 weeks Sponsored by: Spectra Logic Corp Differential Revision: https://reviews.freebsd.org/D8512 Modified: head/sys/net/if_lagg.c Modified: head/sys/net/if_lagg.c ============================================================================== --- head/sys/net/if_lagg.c Fri Dec 16 22:37:16 2016 (r310179) +++ head/sys/net/if_lagg.c Fri Dec 16 22:39:30 2016 (r310180) @@ -252,6 +252,7 @@ SYSCTL_INT(_net_link_lagg, OID_AUTO, def &VNET_NAME(def_flowid_shift), 0, "Default setting for flowid shift for load sharing"); +#pragma clang optimize off static void vnet_lagg_init(const void *unused __unused) { @@ -1022,7 +1023,7 @@ lagg_port_ioctl(struct ifnet *ifp, u_lon return (error); fallback: - if (lp->lp_ioctl != NULL) + if (lp != NULL && lp->lp_ioctl != NULL) return ((*lp->lp_ioctl)(ifp, cmd, data)); return (EINVAL);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201612162239.uBGMdVSL027853>