On 18/08/16(Thu) 18:34, [email protected] wrote:
> >Synopsis: reproduceable panic in if_ether routines
> >Category: kernel
> >Environment:
> System : OpenBSD 5.9
> Details : OpenBSD 5.9 (GENERIC.MP) #0: Thu Aug 18 18:07:13 CEST 2016
>
> [email protected]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
>
> Architecture: OpenBSD.amd64
> Machine : amd64
> >Description:
> It is as root possible to panic the kernel. On a box that has the IP
> 192.168.34.4 netmask 255.255.255.0 and only one gateway at .1.
> >How-To-Repeat:
> made sure all patches are applied from errata...
> # ping 192.168.34.99
> # ifconfig em0 inet 192.168.34.99 netmask 255.255.255.0 alias
> # ping 192.168.34.99 <kernel panic here>
Could you confirm diff below fixes it?
Index: netinet6/in6.c
===================================================================
RCS file: /cvs/src/sys/netinet6/in6.c,v
retrieving revision 1.192
diff -u -p -r1.192 in6.c
--- netinet6/in6.c 4 Sep 2016 10:32:01 -0000 1.192
+++ netinet6/in6.c 3 Oct 2016 10:19:29 -0000
@@ -1212,7 +1217,7 @@ in6_ifinit(struct ifnet *ifp, struct in6
}
if (newhost)
- rt_ifa_addlocal(&(ia6->ia_ifa));
+ error = rt_ifa_addlocal(&(ia6->ia_ifa));
return (error);
}
Index: net/route.c
===================================================================
RCS file: /cvs/src/sys/net/route.c,v
retrieving revision 1.330
diff -u -p -r1.330 route.c
--- net/route.c 17 Sep 2016 07:35:05 -0000 1.330
+++ net/route.c 3 Oct 2016 10:19:30 -0000
@@ -1324,9 +1324,9 @@ rt_ifa_addlocal(struct ifaddr *ifa)
if (!ISSET(ifa->ifa_ifp->if_flags, (IFF_LOOPBACK|IFF_POINTOPOINT)))
flags |= RTF_LLINFO;
- /* If there is no loopback entry, allocate one. */
+ /* If there is no local entry, allocate one. */
rt = rtalloc(ifa->ifa_addr, 0, ifa->ifa_ifp->if_rdomain);
- if (rt == NULL || !ISSET(rt->rt_flags, flags))
+ if (rt == NULL || ISSET(rt->rt_flags, flags) != flags)
error = rt_ifa_add(ifa, flags, ifa->ifa_addr);
rtfree(rt);
@@ -1375,7 +1375,7 @@ rt_ifa_dellocal(struct ifaddr *ifa)
* to a shared medium.
*/
rt = rtalloc(ifa->ifa_addr, 0, ifa->ifa_ifp->if_rdomain);
- if (rt != NULL && ISSET(rt->rt_flags, flags))
+ if (rt != NULL && ISSET(rt->rt_flags, flags) == flags)
error = rt_ifa_del(ifa, flags, ifa->ifa_addr);
rtfree(rt);
Index: netinet/in.c
===================================================================
RCS file: /cvs/src/sys/netinet/in.c,v
retrieving revision 1.129
diff -u -p -r1.129 in.c
--- netinet/in.c 4 Sep 2016 10:32:01 -0000 1.129
+++ netinet/in.c 3 Oct 2016 10:19:31 -0000
@@ -637,8 +637,7 @@ in_ifinit(struct ifnet *ifp, struct in_i
* error occured, put back the original address.
*/
ifa_add(ifp, &ia->ia_ifa);
- rt_ifa_addlocal(&ia->ia_ifa);
-
+ error = rt_ifa_addlocal(&ia->ia_ifa);
if (error)
goto out;
