kern/59340: bridge: a race condition on bridge_stop

To: kern-bug-people%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,netbsd-bugs%netbsd.org@localhost
Subject: kern/59340: bridge: a race condition on bridge_stop
From: ozaki-r%iij.ad.jp@localhost
Date: Tue, 22 Apr 2025 05:35:00 +0000 (UTC)

>Number:         59340
>Category:       kern
>Synopsis:       bridge: a race condition on bridge_stop
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Tue Apr 22 05:35:00 +0000 2025
>Originator:     Ryota Ozaki
>Release:        -current
>Organization:
>Environment:
>Description:
bridge_stop tries to stop callout by calling callout_halt.  However, callout_reset can be called after calling callout_halt, which is not expected, because there is a race condition (TOCTOU) on if_flags between bridge_stop and bridge_rtage_work that calls callout_reset.
>How-To-Repeat:
N/A
>Fix:
Ensure bridge_rtage_work not to call callout_reset before calling callout_halt in bridge_stop.

Prev by Date: PR/59340 CVS commit: src/sys/net
Next by Date: PR/59165 CVS commit: src/sys/dev/pci
Previous by Thread: PR/59340 CVS commit: src/sys/net
Next by Thread: PR/59165 CVS commit: src/sys/dev/pci
Indexes:

Home | Main Index | Thread Index | Old Index