Module Name: src Committed By: ozaki-r Date: Wed Jun 15 06:01:21 UTC 2016
Modified Files: src/sys/compat/linux/common: linux_socket.c src/sys/compat/linux32/common: linux32_socket.c src/sys/netinet6: nd6_rtr.c scope6.c Log Message: Protect if_byindex by pserialize To generate a diff of this commit: cvs rdiff -u -r1.127 -r1.128 src/sys/compat/linux/common/linux_socket.c cvs rdiff -u -r1.21 -r1.22 src/sys/compat/linux32/common/linux32_socket.c cvs rdiff -u -r1.111 -r1.112 src/sys/netinet6/nd6_rtr.c cvs rdiff -u -r1.13 -r1.14 src/sys/netinet6/scope6.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/sys/compat/linux/common/linux_socket.c diff -u src/sys/compat/linux/common/linux_socket.c:1.127 src/sys/compat/linux/common/linux_socket.c:1.128 --- src/sys/compat/linux/common/linux_socket.c:1.127 Thu May 12 02:24:16 2016 +++ src/sys/compat/linux/common/linux_socket.c Wed Jun 15 06:01:21 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: linux_socket.c,v 1.127 2016/05/12 02:24:16 ozaki-r Exp $ */ +/* $NetBSD: linux_socket.c,v 1.128 2016/06/15 06:01:21 ozaki-r Exp $ */ /*- * Copyright (c) 1995, 1998, 2008 The NetBSD Foundation, Inc. @@ -35,7 +35,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: linux_socket.c,v 1.127 2016/05/12 02:24:16 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: linux_socket.c,v 1.128 2016/06/15 06:01:21 ozaki-r Exp $"); #if defined(_KERNEL_OPT) #include "opt_inet.h" @@ -1092,16 +1092,21 @@ linux_getifname(struct lwp *l, register_ struct ifnet *ifp; struct linux_ifreq ifr; int error; + int s; error = copyin(data, &ifr, sizeof(ifr)); if (error) return error; + s = pserialize_read_enter(); ifp = if_byindex(ifr.ifr_ifru.ifru_ifindex); - if (ifp == NULL) + if (ifp == NULL) { + pserialize_read_exit(s); return ENODEV; + } strncpy(ifr.ifr_name, ifp->if_xname, sizeof(ifr.ifr_name)); + pserialize_read_exit(s); return copyout(&ifr, data, sizeof(ifr)); } Index: src/sys/compat/linux32/common/linux32_socket.c diff -u src/sys/compat/linux32/common/linux32_socket.c:1.21 src/sys/compat/linux32/common/linux32_socket.c:1.22 --- src/sys/compat/linux32/common/linux32_socket.c:1.21 Thu May 12 02:24:16 2016 +++ src/sys/compat/linux32/common/linux32_socket.c Wed Jun 15 06:01:21 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: linux32_socket.c,v 1.21 2016/05/12 02:24:16 ozaki-r Exp $ */ +/* $NetBSD: linux32_socket.c,v 1.22 2016/06/15 06:01:21 ozaki-r Exp $ */ /*- * Copyright (c) 2006 Emmanuel Dreyfus, all rights reserved. @@ -33,7 +33,7 @@ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: linux32_socket.c,v 1.21 2016/05/12 02:24:16 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: linux32_socket.c,v 1.22 2016/06/15 06:01:21 ozaki-r Exp $"); #include <sys/types.h> #include <sys/param.h> @@ -393,16 +393,21 @@ linux32_getifname(struct lwp *l, registe struct ifnet *ifp; struct linux32_ifreq ifr; int error; + int s; error = copyin(data, &ifr, sizeof(ifr)); if (error) return error; + s = pserialize_read_enter(); ifp = if_byindex(ifr.ifr_ifru.ifru_ifindex); - if (ifp == NULL) + if (ifp == NULL) { + pserialize_read_exit(s); return ENODEV; + } strncpy(ifr.ifr_name, ifp->if_xname, sizeof(ifr.ifr_name)); + pserialize_read_exit(s); return copyout(&ifr, data, sizeof(ifr)); } Index: src/sys/netinet6/nd6_rtr.c diff -u src/sys/netinet6/nd6_rtr.c:1.111 src/sys/netinet6/nd6_rtr.c:1.112 --- src/sys/netinet6/nd6_rtr.c:1.111 Fri Jun 10 13:31:44 2016 +++ src/sys/netinet6/nd6_rtr.c Wed Jun 15 06:01:21 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: nd6_rtr.c,v 1.111 2016/06/10 13:31:44 ozaki-r Exp $ */ +/* $NetBSD: nd6_rtr.c,v 1.112 2016/06/15 06:01:21 ozaki-r Exp $ */ /* $KAME: nd6_rtr.c,v 1.95 2001/02/07 08:09:47 itojun Exp $ */ /* @@ -31,7 +31,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: nd6_rtr.c,v 1.111 2016/06/10 13:31:44 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: nd6_rtr.c,v 1.112 2016/06/15 06:01:21 ozaki-r Exp $"); #include <sys/param.h> #include <sys/systm.h> @@ -2123,8 +2123,12 @@ nd6_setdefaultiface(int ifindex) { ifnet_t *ifp; int error = 0; + int s; - if ((ifp = if_byindex(ifindex)) == NULL) { + s = pserialize_read_enter(); + ifp = if_byindex(ifindex); + if (ifp == NULL) { + pserialize_read_exit(s); return EINVAL; } if (nd6_defifindex != ifindex) { @@ -2138,6 +2142,7 @@ nd6_setdefaultiface(int ifindex) */ scope6_setdefault(nd6_defifp); } + pserialize_read_exit(s); return (error); } Index: src/sys/netinet6/scope6.c diff -u src/sys/netinet6/scope6.c:1.13 src/sys/netinet6/scope6.c:1.14 --- src/sys/netinet6/scope6.c:1.13 Thu May 19 03:11:42 2016 +++ src/sys/netinet6/scope6.c Wed Jun 15 06:01:21 2016 @@ -1,4 +1,4 @@ -/* $NetBSD: scope6.c,v 1.13 2016/05/19 03:11:42 ozaki-r Exp $ */ +/* $NetBSD: scope6.c,v 1.14 2016/06/15 06:01:21 ozaki-r Exp $ */ /* $KAME$ */ /*- @@ -31,7 +31,7 @@ */ #include <sys/cdefs.h> -__KERNEL_RCSID(0, "$NetBSD: scope6.c,v 1.13 2016/05/19 03:11:42 ozaki-r Exp $"); +__KERNEL_RCSID(0, "$NetBSD: scope6.c,v 1.14 2016/06/15 06:01:21 ozaki-r Exp $"); #include <sys/param.h> #include <sys/malloc.h> @@ -120,6 +120,7 @@ scope6_set(struct ifnet *ifp, const stru for (i = 0; i < 16; i++) { if (idlist->s6id_list[i] && idlist->s6id_list[i] != sid->s6id_list[i]) { + int s; /* * An interface zone ID must be the corresponding * interface index by definition. @@ -128,6 +129,7 @@ scope6_set(struct ifnet *ifp, const stru idlist->s6id_list[i] != ifp->if_index) return (EINVAL); + s = pserialize_read_enter(); if (i == IPV6_ADDR_SCOPE_LINKLOCAL && !if_byindex(idlist->s6id_list[i])) { /* @@ -136,8 +138,10 @@ scope6_set(struct ifnet *ifp, const stru * IDs, but we check the consistency for * safety in later use. */ + pserialize_read_exit(s); return (EINVAL); } + pserialize_read_exit(s); /* * XXX: we must need lots of work in this case, @@ -295,15 +299,20 @@ sa6_embedscope(struct sockaddr_in6 *sin6 if (zoneid != 0 && (IN6_IS_SCOPE_LINKLOCAL(&sin6->sin6_addr) || IN6_IS_ADDR_MC_INTFACELOCAL(&sin6->sin6_addr))) { + int s; /* * At this moment, we only check interface-local and * link-local scope IDs, and use interface indices as the * zone IDs assuming a one-to-one mapping between interfaces * and links. */ + s = pserialize_read_enter(); ifp = if_byindex(zoneid); - if (ifp == NULL) + if (ifp == NULL) { + pserialize_read_exit(s); return (ENXIO); + } + pserialize_read_exit(s); /* XXX assignment to 16bit from 32bit variable */ sin6->sin6_addr.s6_addr16[1] = htons(zoneid & 0xffff); @@ -349,8 +358,12 @@ sa6_recoverscope(struct sockaddr_in6 *si */ zoneid = ntohs(sin6->sin6_addr.s6_addr16[1]); if (zoneid) { - if (!if_byindex(zoneid)) + int s = pserialize_read_enter(); + if (!if_byindex(zoneid)) { + pserialize_read_exit(s); return (ENXIO); + } + pserialize_read_exit(s); sin6->sin6_addr.s6_addr16[1] = 0; sin6->sin6_scope_id = zoneid; }