Author: glebius
Date: Mon Nov 4 17:35:37 2019
New Revision: 354336
URL: https://svnweb.freebsd.org/changeset/base/354336
Log:
In nd6_timer() enter the network epoch earlier. The defrouter_del() may
call into leaf functions that require epoch. Since the function is already
run in non-sleepable context, it should be safe to cover it whole with epoch.
Reported by: syzcaller
Modified:
head/sys/netinet6/nd6.c
Modified: head/sys/netinet6/nd6.c
==============================================================================
--- head/sys/netinet6/nd6.c Mon Nov 4 14:19:09 2019 (r354335)
+++ head/sys/netinet6/nd6.c Mon Nov 4 17:35:37 2019 (r354336)
@@ -918,6 +918,7 @@ nd6_timer(void *arg)
defrouter_unlink(dr, &drq);
ND6_WUNLOCK();
+ NET_EPOCH_ENTER(et);
while ((dr = TAILQ_FIRST(&drq)) != NULL) {
TAILQ_REMOVE(&drq, dr, dr_entry);
defrouter_del(dr);
@@ -931,7 +932,6 @@ nd6_timer(void *arg)
*
* XXXRW: in6_ifaddrhead locking.
*/
- NET_EPOCH_ENTER(et);
addrloop:
CK_STAILQ_FOREACH_SAFE(ia6, &V_in6_ifaddrhead, ia_link, nia6) {
/* check address lifetime */
_______________________________________________
svn-src-head@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"
