Author: pluknet
Date: Mon Mar 21 14:19:40 2011
New Revision: 219828
URL: http://svn.freebsd.org/changeset/base/219828
Log:
Reference ifaddr object before unlocking as it can be freed
from another context at the moment of later access.
PR: kern/155555
Submitted by: Andrew Boyer <aboyer att averesystems.com>
Approved by: avg (mentor)
MFC after: 2 weeks
Modified:
head/sys/netinet/in.c
Modified: head/sys/netinet/in.c
==============================================================================
--- head/sys/netinet/in.c Mon Mar 21 14:18:40 2011 (r219827)
+++ head/sys/netinet/in.c Mon Mar 21 14:19:40 2011 (r219828)
@@ -1174,8 +1174,8 @@ in_scrubprefix(struct in_ifaddr *target)
* doesn't support such action.
*/
if ((ia->ia_flags & IFA_ROUTE) == 0
- && (ia->ia_ifp->if_type != IFT_CARP)
- ) {
+ && (ia->ia_ifp->if_type != IFT_CARP)) {
+ ifa_ref(&ia->ia_ifa);
IN_IFADDR_RUNLOCK();
rtinit(&(target->ia_ifa), (int)RTM_DELETE,
rtinitflags(target));
@@ -1185,6 +1185,7 @@ in_scrubprefix(struct in_ifaddr *target)
rtinitflags(ia) | RTF_UP);
if (error == 0)
ia->ia_flags |= IFA_ROUTE;
+ ifa_free(&ia->ia_ifa);
return (error);
}
}
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
