svn commit: r259527 - head/sys/dev/cxgbe/tom

Navdeep Parhar Tue, 17 Dec 2013 13:42:50 -0800

Author: np
Date: Tue Dec 17 21:41:23 2013
New Revision: 259527
URL: http://svnweb.freebsd.org/changeset/base/259527


Log:
  Do not create a hardware IPv6 server if the listen address is not
  in6addr_any and is not in the CLIP table either.  This fixes a reported
  TOE+IPv6 NULL-dereference panic in do_pass_open_rpl().
  
  While here, stop creating hardware servers for any loopback address.
  It's just a waste of server tids.
  
  MFC after:    1 week

Modified:
  head/sys/dev/cxgbe/tom/t4_listen.c
  head/sys/dev/cxgbe/tom/t4_tom.h

Modified: head/sys/dev/cxgbe/tom/t4_listen.c
==============================================================================
--- head/sys/dev/cxgbe/tom/t4_listen.c  Tue Dec 17 21:39:40 2013        
(r259526)
+++ head/sys/dev/cxgbe/tom/t4_listen.c  Tue Dec 17 21:41:23 2013        
(r259527)
@@ -203,6 +203,17 @@ alloc_lctx(struct adapter *sc, struct in
                return (NULL);
        }
 
+       if (inp->inp_vflag & INP_IPV6 &&
+           !IN6_ARE_ADDR_EQUAL(&in6addr_any, &inp->in6p_laddr)) {
+               struct tom_data *td = sc->tom_softc;
+
+               lctx->ce = hold_lip(td, &inp->in6p_laddr);
+               if (lctx->ce == NULL) {
+                       free(lctx, M_CXGBE);
+                       return (NULL);
+               }
+       }
+
        lctx->ctrlq = &sc->sge.ctrlq[pi->port_id];
        lctx->ofld_rxq = &sc->sge.ofld_rxq[pi->first_ofld_rxq];
        refcount_init(&lctx->refcount, 1);
@@ -219,6 +230,7 @@ static int
 free_lctx(struct adapter *sc, struct listen_ctx *lctx)
 {
        struct inpcb *inp = lctx->inp;
+       struct tom_data *td = sc->tom_softc;
 
        INP_WLOCK_ASSERT(inp);
        KASSERT(lctx->refcount == 0,
@@ -230,6 +242,8 @@ free_lctx(struct adapter *sc, struct lis
        CTR4(KTR_CXGBE, "%s: stid %u, lctx %p, inp %p",
            __func__, lctx->stid, lctx, lctx->inp);
 
+       if (lctx->ce)
+               release_lip(td, lctx->ce);
        free_stid(sc, lctx);
        free(lctx, M_CXGBE);
 
@@ -495,6 +509,12 @@ t4_listen_start(struct toedev *tod, stru
 
        INP_WLOCK_ASSERT(inp);
 
+       /* Don't start a hardware listener for any loopback address. */
+       if (inp->inp_vflag & INP_IPV6 && IN6_IS_ADDR_LOOPBACK(&inp->in6p_laddr))
+               return (0);
+       if (!(inp->inp_vflag & INP_IPV6) &&
+           IN_LOOPBACK(ntohl(inp->inp_laddr.s_addr)))
+               return (0);
 #if 0
        ADAPTER_LOCK(sc);
        if (IS_BUSY(sc)) {

Modified: head/sys/dev/cxgbe/tom/t4_tom.h
==============================================================================
--- head/sys/dev/cxgbe/tom/t4_tom.h     Tue Dec 17 21:39:40 2013        
(r259526)
+++ head/sys/dev/cxgbe/tom/t4_tom.h     Tue Dec 17 21:41:23 2013        
(r259527)
@@ -176,6 +176,7 @@ struct listen_ctx {
        struct inpcb *inp;              /* listening socket's inp */
        struct sge_wrq *ctrlq;
        struct sge_ofld_rxq *ofld_rxq;
+       struct clip_entry *ce;
        TAILQ_HEAD(, synq_entry) synq;
 };
 
_______________________________________________
svn-src-head@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/svn-src-head
To unsubscribe, send any mail to "svn-src-head-unsubscr...@freebsd.org"

svn commit: r259527 - head/sys/dev/cxgbe/tom

Reply via email to