On Tue, Dec 07, 2021 at 08:36:58AM +0100, Hans Petter Selasky wrote: H> > --- a/sys/netinet6/in6_mcast.c H> > +++ b/sys/netinet6/in6_mcast.c H> > @@ -2454,9 +2454,9 @@ in6p_set_multicast_if(struct inpcb *inp, struct sockopt *sopt) H> > return (EADDRNOTAVAIL); H> > } H> > } H> > + NET_EPOCH_EXIT(et); /* XXXGL: unsafe ifp */ H> > imo = in6p_findmoptions(inp); H> > - imo->im6o_multicast_ifp = ifp; /* XXXGL: reference?! */ H> > - NET_EPOCH_EXIT(et); H> > + imo->im6o_multicast_ifp = ifp; H> > INP_WUNLOCK(inp); H> > H> > return (0); H> > H> H> You can ref the ifp before the EPOCH exit?
Sure. The code should use ifnet_byindex_ref(). Note that d74b7baeb0d4 was a sweep commit to "cover" all unsafe uses of ifnet_byindex(). It was not my intent to fix all of them, but rather mark them with a comment and put NET_EPOCH_ASSERT() inside ifnet_byindex() to prevent future unsafe calls. -- Gleb Smirnoff
