NetBSD-Bugs archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

PR/53075 CVS commit: [netbsd-8] src/sys

The following reply was made to PR kern/53075; it has been noted by GNATS.

From: "Martin Husemann" <>
Subject: PR/53075 CVS commit: [netbsd-8] src/sys
Date: Mon, 2 Apr 2018 08:54:35 +0000

 Module Name:	src
 Committed By:	martin
 Date:		Mon Apr  2 08:54:35 UTC 2018
 Modified Files:
 	src/sys/netinet [netbsd-8]: if_arp.c
 	src/sys/netinet6 [netbsd-8]: nd6_nbr.c
 Log Message:
 Pull up following revision(s) (requested by ozaki-r in ticket #686):
 	sys/netinet/if_arp.c: revision 1.271
 	sys/netinet6/nd6_nbr.c: revision 1.151,1.152
 Avoid passing NULL to nd6_dad_duplicated
 Fix PR kern/53075
 Fix a race condition on DAD destructions (again)
 The previous fix to DAD timers was wrong; it avoided a use-after-free but
 instead introduced a memory leak.  The destruction method had delegated
 a destruction of a DAD timer to the timer itself and told that by setting NULL
 to dp->dad_ifa.  However, the previous fix made DAD timers do nothing on
 the sign.
 Fixing the issue with using callout_stop isn't easy.  One approach is to have
 a refcount on dp but it introduces extra complexity that we want to avoid.
 The new fix falls back to using callout_halt, which was abandoned because of
 softnet_lock.  Fortunately now the network stack is protected by KERNEL_LOCK
 so we can remove softnet_lock from DAD timers (callout) and use callout_halt
 To generate a diff of this commit:
 cvs rdiff -u -r1.250.2.7 -r1.250.2.8 src/sys/netinet/if_arp.c
 cvs rdiff -u -r1.138.6.5 -r1.138.6.6 src/sys/netinet6/nd6_nbr.c
 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

Home | Main Index | Thread Index | Old Index