>Number: 156978
>Category: kern
>Synopsis: [lagg][patch] Take lagg rlock before checking flags
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Thu May 12 13:50:09 UTC 2011
>Closed-Date:
>Last-Modified:
>Originator: Andrew Boyer
>Release: 8.2-RELEASE
>Organization:
Avere Systems
>Environment:
N/A
>Description:
lagg_input() tests flags in the lagg data structures without a lock. If the
flags check passes it then takes the rlock. It is safer to take the rlock
before testing the flags.
When interfaces are changing it is possible to get kernel panics without this
change.
>How-To-Repeat:
Rebooting a system with laggs configured sometimes panics with a NULL pointer
dereference.
>Fix:
Take the rlock before testing the flags.
Patch attached with submission follows:
Index: sys/net/if_lagg.c
===================================================================
--- sys/net/if_lagg.c (revision 221809)
+++ sys/net/if_lagg.c (working copy)
@@ -1221,14 +1221,15 @@
struct lagg_softc *sc = lp->lp_softc;
struct ifnet *scifp = sc->sc_ifp;
+ LAGG_RLOCK(sc);
if ((scifp->if_drv_flags & IFF_DRV_RUNNING) == 0 ||
(lp->lp_flags & LAGG_PORT_DISABLED) ||
sc->sc_proto == LAGG_PROTO_NONE) {
+ LAGG_RUNLOCK(sc);
m_freem(m);
return (NULL);
}
- LAGG_RLOCK(sc);
ETHER_BPF_MTAP(scifp, m);
m = (*sc->sc_input)(sc, lp, m);
>Release-Note:
>Audit-Trail:
>Unformatted:
_______________________________________________
freebsd-bugs@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "freebsd-bugs-unsubscr...@freebsd.org"
