Module Name: src
Committed By: ozaki-r
Date: Thu Mar 8 06:48:23 UTC 2018
Modified Files:
src/sys/netinet: if_arp.c
src/sys/netinet6: nd6_nbr.c
Log Message:
Fix a race condition on DAD destructions (again)
The previous fix to DAD timers was wrong; it avoided a use-after-free but
instead introduced a memory leak. The destruction method had delegated
a destruction of a DAD timer to the timer itself and told that by setting NULL
to dp->dad_ifa. However, the previous fix made DAD timers do nothing on
the sign.
Fixing the issue with using callout_stop isn't easy. One approach is to have
a refcount on dp but it introduces extra complexity that we want to avoid.
The new fix falls back to using callout_halt, which was abandoned because of
softnet_lock. Fortunately now the network stack is protected by KERNEL_LOCK
so we can remove softnet_lock from DAD timers (callout) and use callout_halt
safely.
To generate a diff of this commit:
cvs rdiff -u -r1.270 -r1.271 src/sys/netinet/if_arp.c
cvs rdiff -u -r1.151 -r1.152 src/sys/netinet6/nd6_nbr.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
