Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 3 Feb 2006 18:05:04 +0200
From:      Ruslan Ermilov <ru@FreeBSD.org>
To:        Gleb Smirnoff <glebius@FreeBSD.org>
Cc:        cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   Re: cvs commit: src/sys/netinet ip_dummynet.c
Message-ID:  <20060203160504.GH10228@ip.net.ua>
In-Reply-To: <200602031138.k13BcK09081443@repoman.freebsd.org>
References:  <200602031138.k13BcK09081443@repoman.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

--mR8QP4gmHujQHb1c
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Feb 03, 2006 at 11:38:19AM +0000, Gleb Smirnoff wrote:
> glebius     2006-02-03 11:38:19 UTC
>=20
>   FreeBSD src repository
>=20
>   Modified files:
>     sys/netinet          ip_dummynet.c=20
>   Log:
>   Dropping the lock in the transmit_event() is not safe, because we
>   store some pipe pointers on stack. If user reconfigures dummynet
>   in the interlock gap, we can work with freed pipes after relock.
>  =20
>   To fix this, we decided not to send packets in transmit_event(),
>   but fill a queue. At the end of dummynet() and dummynet_io(),
>   after the lock is dropped, if there is something in the queue
>   we run dummynet_send() to process the queue.
>  =20
>   In collaboration with:  ru
>  =20
>   Revision  Changes    Path
>   1.98      +115 -94   src/sys/netinet/ip_dummynet.c
>=20
The insufficient locking resulted in a "NULL-like" pointer dereference.
Fault virtual address was 0x18: NULL + 8 (sizeof of a pointer on amd64)
+ 0x10 (structure offset).

Thanks for providing the fix so quickly and for working over night!


Cheers,
--=20
Ruslan Ermilov
ru@FreeBSD.org
FreeBSD committer

--mR8QP4gmHujQHb1c
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (FreeBSD)

iD8DBQFD438wqRfpzJluFF4RAufZAJ9BpFVb2FdT4tVWUDKUJm78CE3LDACbB1lu
AnqsoeUl5ZWKDstXKNQFaf0=
=S7Ic
-----END PGP SIGNATURE-----

--mR8QP4gmHujQHb1c--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060203160504.GH10228>