tech-net archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: sofree patches

Sorry,  here is the patch.

skd

Stephen Degler wrote:

This should fix two issues I'm seeing.
1) Crashes with netkey sockets during ipsec processing ipsec_getpolicybysock (null inpcb assertion in getpolicybysock) 
2) Crashes with so_lock assertions in sbappendaddr during key exchanges.
sofree should not be called because its essentially a double free (pool put). 




Index: sys/net/link_proto.c
===================================================================
RCS file: /cvsroot/src/sys/net/link_proto.c,v
retrieving revision 1.4
diff -u -u -r1.4 link_proto.c
--- sys/net/link_proto.c        13 May 2008 18:09:22 -0000      1.4
+++ sys/net/link_proto.c        14 Jul 2008 21:16:10 -0000
@@ -211,7 +211,7 @@
                sosetlock(so);
                return 0;
        case PRU_DETACH:
-               sofree(so);
+               sounlock(so);
                return 0;
        case PRU_CONTROL:
                return link_control(so, (unsigned long)m, nam,
Index: sys/net/raw_cb.c
===================================================================
RCS file: /cvsroot/src/sys/net/raw_cb.c,v
retrieving revision 1.19
diff -u -u -r1.19 raw_cb.c
--- sys/net/raw_cb.c    24 Apr 2008 11:38:37 -0000      1.19
+++ sys/net/raw_cb.c    14 Jul 2008 21:16:10 -0000
@@ -99,9 +99,6 @@
 
        so->so_pcb = 0;
        KASSERT(so->so_lock == softnet_lock);   /* XXX */
-       /* sofree drops the socket's lock. */
-       sofree(so);
-       mutex_enter(softnet_lock);
        LIST_REMOVE(rp, rcb_list);
 #ifdef notdef
        if (rp->rcb_laddr)
Index: sys/netinet/in_pcb.c
===================================================================
RCS file: /cvsroot/src/sys/netinet/in_pcb.c,v
retrieving revision 1.125
diff -u -u -r1.125 in_pcb.c
--- sys/netinet/in_pcb.c        5 May 2008 17:11:17 -0000       1.125
+++ sys/netinet/in_pcb.c        14 Jul 2008 21:16:10 -0000
@@ -483,18 +483,16 @@
        if (inp->inp_af != AF_INET)
                return;
 
+       s = splnet();
+
 #if defined(IPSEC) || defined(FAST_IPSEC)
        ipsec4_delete_pcbpolicy(inp);
 #endif /*IPSEC*/
        so->so_pcb = 0;
-       /* sofree drop's the socket's lock */
-       sofree(so);
-       mutex_enter(softnet_lock);
        if (inp->inp_options)
                (void)m_free(inp->inp_options);
        rtcache_free(&inp->inp_route);
        ip_freemoptions(inp->inp_moptions);
-       s = splnet();
        in_pcbstate(inp, INP_ATTACHED);
        LIST_REMOVE(&inp->inp_head, inph_lhash);
        CIRCLEQ_REMOVE(&inp->inp_table->inpt_queue, &inp->inp_head,
Index: sys/netinet6/in6_pcb.c
===================================================================
RCS file: /cvsroot/src/sys/netinet6/in6_pcb.c,v
retrieving revision 1.97
diff -u -u -r1.97 in6_pcb.c
--- sys/netinet6/in6_pcb.c      24 Apr 2008 11:38:38 -0000      1.97
+++ sys/netinet6/in6_pcb.c      14 Jul 2008 21:16:11 -0000
@@ -495,13 +495,11 @@
        if (in6p->in6p_af != AF_INET6)
                return;
 
+       s = splnet();
 #if defined(IPSEC) || defined(FAST_IPSEC)
        ipsec6_delete_pcbpolicy(in6p);
 #endif /* IPSEC */
        so->so_pcb = 0;
-       /* sofree drops the socket's lock */
-       sofree(so);
-       mutex_enter(softnet_lock);
        if (in6p->in6p_options)
                m_freem(in6p->in6p_options);
        if (in6p->in6p_outputopts != NULL) {
@@ -510,7 +508,6 @@
        }
        rtcache_free(&in6p->in6p_route);
        ip6_freemoptions(in6p->in6p_moptions);
-       s = splnet();
        in6_pcbstate(in6p, IN6P_ATTACHED);
        LIST_REMOVE(&in6p->in6p_head, inph_lhash);
        CIRCLEQ_REMOVE(&in6p->in6p_table->inpt_queue, &in6p->in6p_head,
Home | Main Index | Thread Index | Old Index