Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/sys/net Fix racy bridge_delete_member
details: https://anonhg.NetBSD.org/src/rev/74cba9669571
branches: trunk
changeset: 337478:74cba9669571
user: ozaki-r <ozaki-r%NetBSD.org@localhost>
date: Thu Apr 16 08:54:15 2015 +0000
description:
Fix racy bridge_delete_member
It can be called from bridge_ioctl_del and bridge_clone_destroy with
a same bridge member (bif) at the same time. We have to prevent
that happens.
Pointed out by riastradh@
diffstat:
sys/net/if_bridge.c | 15 +++++++++------
1 files changed, 9 insertions(+), 6 deletions(-)
diffs (61 lines):
diff -r b7de6d1356c7 -r 74cba9669571 sys/net/if_bridge.c
--- a/sys/net/if_bridge.c Thu Apr 16 08:38:36 2015 +0000
+++ b/sys/net/if_bridge.c Thu Apr 16 08:54:15 2015 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: if_bridge.c,v 1.97 2015/01/08 10:47:44 ozaki-r Exp $ */
+/* $NetBSD: if_bridge.c,v 1.98 2015/04/16 08:54:15 ozaki-r Exp $ */
/*
* Copyright 2001 Wasabi Systems, Inc.
@@ -80,7 +80,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_bridge.c,v 1.97 2015/01/08 10:47:44 ozaki-r Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_bridge.c,v 1.98 2015/04/16 08:54:15 ozaki-r Exp $");
#ifdef _KERNEL_OPT
#include "opt_bridge_ipf.h"
@@ -474,8 +474,10 @@
bridge_stop(ifp, 1);
+ BRIDGE_LOCK(sc);
while ((bif = LIST_FIRST(&sc->sc_iflist)) != NULL)
bridge_delete_member(sc, bif);
+ BRIDGE_UNLOCK(sc);
mutex_enter(&bridge_list_lock);
LIST_REMOVE(sc, sc_list);
@@ -815,7 +817,7 @@
{
struct ifnet *ifs = bif->bif_ifp;
- BRIDGE_LOCK(sc);
+ KASSERT(BRIDGE_LOCKED(sc));
ifs->if_input = ether_input;
ifs->if_bridge = NULL;
@@ -840,6 +842,8 @@
#endif
kmem_free(bif, sizeof(*bif));
+
+ BRIDGE_LOCK(sc);
}
static int
@@ -940,11 +944,10 @@
return ENOENT;
}
+ bridge_delete_member(sc, bif);
+
BRIDGE_UNLOCK(sc);
- bridge_delete_member(sc, bif);
-
-
switch (ifs->if_type) {
case IFT_ETHER:
/*
Home |
Main Index |
Thread Index |
Old Index