Module Name: src
Committed By: ozaki-r
Date: Sat Feb 24 07:53:15 UTC 2018
Avoid a race condition of DAD timer destructions
When we see dp->dad_ifa == NULL, it means that the ifa is being deleted and also
the callout is scheduled again by someone. We shouldn't rely on a result of
callout_pending to know if the callout is scheduled because it returns false if
the subsequent callout handler is already on the fly.
We have to always delegate the destruction of dp to the subsequent handler
unconditionally if dp->dad_ifa == NULL. Otherwise, the first handler destroys
the dp and the second handler tries to handle destroyed dp.
To generate a diff of this commit:
cvs rdiff -u -r1.266 -r1.267 src/sys/netinet/if_arp.c
cvs rdiff -u -r1.147 -r1.148 src/sys/netinet6/nd6_nbr.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.