CVSROOT: /cvs
Module name: src
Changes by: bl...@cvs.openbsd.org 2022/08/29 01:51:45
Modified files:
sys/dev/dt : dt_prov_static.c
sys/net : if_enc.c if_mpe.c if_mpip.c if_mpw.c if_pppx.c
if_var.h route.c rtsock.c
sys/netinet : in.c
sys/netinet6 : in6.c nd6_nbr.c
sys/sys : refcnt.h
Log message:
Use struct refcnt for interface address reference counting.
There was a crash due to use after free of the ifa although it is
ref counted. As ifa_refcnt was a simple integer increment, there
may be a path where multiple CPUs access it concurrently. So change
to struct refcnt which is MP safe and provides dt(4) leak debugging.
Link level address for IPsec enc(4) and various MPLS interfaces is
special. There ifa is part of struct sc. Use refcount anyway and
add a panic to detect use after free.
bug report stsp@; OK mvs@
