On Mon, Nov 27, 2017 at 10:43:09AM +0100, Martin Pieuchot wrote:
> Here's a diff that includes that and prevent a user-after-free pointed
> out by visa@. We should not try to dereference `rt' if nd6_free() has
> been called.
>
> Hrvoje Popovski confirmed he couldn't reproduce the panic with this
On 23/11/17(Thu) 15:34, Alexander Bluhm wrote:
> On Wed, Nov 22, 2017 at 04:24:22PM +0100, Martin Pieuchot wrote:
> > Diff below implements 3/ because it seems the simplest approach to
> > me and reduce differences with ARP a bit further.
>
> Yes.
>
> > void
> > -nd6_llinfo_settimer(struct
On Wed, Nov 22, 2017 at 04:24:22PM +0100, Martin Pieuchot wrote:
> Diff below implements 3/ because it seems the simplest approach to
> me and reduce differences with ARP a bit further.
Yes.
> void
> -nd6_llinfo_settimer(struct llinfo_nd6 *ln, int secs)
> +nd6_llinfo_settimer(struct llinfo_nd6
Hrvoje Popovski the great, found another crazy race related with NDP:
# ifconfig vlan300 destroy
kernel: protection fault trap, code=0
Stopped at nd6_ns_output+0x30: cmpb$0xff,0(%r13)
ddb{0}> trace
nd6_ns_output(ff0786bfe210,81434800,...) at nd6_ns_output+0x30