Date: Tue, 17 Dec 2013 21:41:23 +0000 (UTC) From: Navdeep Parhar <np@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r259527 - head/sys/dev/cxgbe/tom Message-ID: <201312172141.rBHLfNKa059838@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: np Date: Tue Dec 17 21:41:23 2013 New Revision: 259527 URL: http://svnweb.freebsd.org/changeset/base/259527 Log: Do not create a hardware IPv6 server if the listen address is not in6addr_any and is not in the CLIP table either. This fixes a reported TOE+IPv6 NULL-dereference panic in do_pass_open_rpl(). While here, stop creating hardware servers for any loopback address. It's just a waste of server tids. MFC after: 1 week Modified: head/sys/dev/cxgbe/tom/t4_listen.c head/sys/dev/cxgbe/tom/t4_tom.h Modified: head/sys/dev/cxgbe/tom/t4_listen.c ============================================================================== --- head/sys/dev/cxgbe/tom/t4_listen.c Tue Dec 17 21:39:40 2013 (r259526) +++ head/sys/dev/cxgbe/tom/t4_listen.c Tue Dec 17 21:41:23 2013 (r259527) @@ -203,6 +203,17 @@ alloc_lctx(struct adapter *sc, struct in return (NULL); } + if (inp->inp_vflag & INP_IPV6 && + !IN6_ARE_ADDR_EQUAL(&in6addr_any, &inp->in6p_laddr)) { + struct tom_data *td = sc->tom_softc; + + lctx->ce = hold_lip(td, &inp->in6p_laddr); + if (lctx->ce == NULL) { + free(lctx, M_CXGBE); + return (NULL); + } + } + lctx->ctrlq = &sc->sge.ctrlq[pi->port_id]; lctx->ofld_rxq = &sc->sge.ofld_rxq[pi->first_ofld_rxq]; refcount_init(&lctx->refcount, 1); @@ -219,6 +230,7 @@ static int free_lctx(struct adapter *sc, struct listen_ctx *lctx) { struct inpcb *inp = lctx->inp; + struct tom_data *td = sc->tom_softc; INP_WLOCK_ASSERT(inp); KASSERT(lctx->refcount == 0, @@ -230,6 +242,8 @@ free_lctx(struct adapter *sc, struct lis CTR4(KTR_CXGBE, "%s: stid %u, lctx %p, inp %p", __func__, lctx->stid, lctx, lctx->inp); + if (lctx->ce) + release_lip(td, lctx->ce); free_stid(sc, lctx); free(lctx, M_CXGBE); @@ -495,6 +509,12 @@ t4_listen_start(struct toedev *tod, stru INP_WLOCK_ASSERT(inp); + /* Don't start a hardware listener for any loopback address. */ + if (inp->inp_vflag & INP_IPV6 && IN6_IS_ADDR_LOOPBACK(&inp->in6p_laddr)) + return (0); + if (!(inp->inp_vflag & INP_IPV6) && + IN_LOOPBACK(ntohl(inp->inp_laddr.s_addr))) + return (0); #if 0 ADAPTER_LOCK(sc); if (IS_BUSY(sc)) { Modified: head/sys/dev/cxgbe/tom/t4_tom.h ============================================================================== --- head/sys/dev/cxgbe/tom/t4_tom.h Tue Dec 17 21:39:40 2013 (r259526) +++ head/sys/dev/cxgbe/tom/t4_tom.h Tue Dec 17 21:41:23 2013 (r259527) @@ -176,6 +176,7 @@ struct listen_ctx { struct inpcb *inp; /* listening socket's inp */ struct sge_wrq *ctrlq; struct sge_ofld_rxq *ofld_rxq; + struct clip_entry *ce; TAILQ_HEAD(, synq_entry) synq; };
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201312172141.rBHLfNKa059838>