Date: Wed, 9 Oct 2013 06:54:37 GMT From: Slawa Olhovchenkov <slw@zxy.spb.ru> To: freebsd-gnats-submit@FreeBSD.org Subject: kern/182851: thread-unsafe handled routing tables Message-ID: <201310090654.r996sb7q010383@oldred.freebsd.org> Resent-Message-ID: <201310090700.r99700CR042837@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 182851 >Category: kern >Synopsis: thread-unsafe handled routing tables >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Oct 09 07:00:00 UTC 2013 >Closed-Date: >Last-Modified: >Originator: Slawa Olhovchenkov >Release: 9.2, 10.0 >Organization: >Environment: >Description: sys/net/radix.c contains /* * Work area -- the following point to 3 buffers of size max_keylen, * allocated in this order in a block of memory malloc'ed by rn_init. * rn_zeros, rn_ones are set in rn_init and used in readonly afterwards. * addmask_key is used in rn_addmask in rw mode and not thread-safe. */ static char *rn_zeros, *rn_ones, *addmask_key; addmask_key used by rn_addmask (called from rn_lookup, rn_addroute and rn_delete). In all cases rn_addmask used in RW mode w/o proper locking. addmask_key is absolutly globaly used -- for IPv4, IPv6 and other at once. As result -- incorrect routing lookup, routing update and so. (for example: kernel: rn_addmask: mask impossibly already in tree) >How-To-Repeat: >Fix: Delete global addmask_key. Use local (on stack in rn_addmask) buffer. >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201310090654.r996sb7q010383>