Module Name: src
Committed By: martin
Date: Fri Jun 8 10:14:33 UTC 2018
Modified Files:
src/sys/net [netbsd-8]: route.c
src/sys/netinet [netbsd-8]: ip_icmp.c
src/sys/netinet6 [netbsd-8]: icmp6.c
Log Message:
Pull up following revision(s) (requested by ozaki-r in ticket #852):
sys/netinet6/icmp6.c: revision 1.238
sys/netinet/ip_icmp.c: revision 1.171
sys/net/route.c: revision 1.210
Fix _rt_free via rtrequest(RTM_DELETE) hangs in rt_timer handlers
A rt_timer handler is passed a rtentry with an extra reference that avoids the
rtentry is accidentally released. So rt_timer handers must release
the reference of a passed rtentry by themselves (but they didn't).
To generate a diff of this commit:
cvs rdiff -u -r1.194.6.9 -r1.194.6.10 src/sys/net/route.c
cvs rdiff -u -r1.161.6.1 -r1.161.6.2 src/sys/netinet/ip_icmp.c
cvs rdiff -u -r1.211.6.5 -r1.211.6.6 src/sys/netinet6/icmp6.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/route.c
diff -u src/sys/net/route.c:1.194.6.9 src/sys/net/route.c:1.194.6.10
--- src/sys/net/route.c:1.194.6.9 Sat Apr 14 10:16:19 2018
+++ src/sys/net/route.c Fri Jun 8 10:14:33 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: route.c,v 1.194.6.9 2018/04/14 10:16:19 martin Exp $ */
+/* $NetBSD: route.c,v 1.194.6.10 2018/06/08 10:14:33 martin Exp $ */
/*-
* Copyright (c) 1998, 2008 The NetBSD Foundation, Inc.
@@ -97,7 +97,7 @@
#endif
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: route.c,v 1.194.6.9 2018/04/14 10:16:19 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: route.c,v 1.194.6.10 2018/06/08 10:14:33 martin Exp $");
#include <sys/param.h>
#ifdef RTFLUSH_DEBUG
@@ -1959,7 +1959,12 @@ rt_timer_work(struct work *wk, void *arg
(r->rtt_time + rtq->rtq_timeout) < time_uptime) {
LIST_REMOVE(r, rtt_link);
TAILQ_REMOVE(&rtq->rtq_head, r, rtt_next);
- rt_ref(r->rtt_rt); /* XXX */
+ /*
+ * Take a reference to avoid the rtentry is freed
+ * accidentally after RT_UNLOCK. The callback
+ * (rtt_func) must rt_unref it by itself.
+ */
+ rt_ref(r->rtt_rt);
RT_REFCNT_TRACE(r->rtt_rt);
RT_UNLOCK();
(*r->rtt_func)(r->rtt_rt, r);
Index: src/sys/netinet/ip_icmp.c
diff -u src/sys/netinet/ip_icmp.c:1.161.6.1 src/sys/netinet/ip_icmp.c:1.161.6.2
--- src/sys/netinet/ip_icmp.c:1.161.6.1 Sat Mar 31 10:38:53 2018
+++ src/sys/netinet/ip_icmp.c Fri Jun 8 10:14:33 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_icmp.c,v 1.161.6.1 2018/03/31 10:38:53 martin Exp $ */
+/* $NetBSD: ip_icmp.c,v 1.161.6.2 2018/06/08 10:14:33 martin Exp $ */
/*
* Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
@@ -94,7 +94,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_icmp.c,v 1.161.6.1 2018/03/31 10:38:53 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_icmp.c,v 1.161.6.2 2018/06/08 10:14:33 martin Exp $");
#ifdef _KERNEL_OPT
#include "opt_ipsec.h"
@@ -1310,6 +1310,7 @@ ip_next_mtu(u_int mtu, int dir) /* XXX *
static void
icmp_mtudisc_timeout(struct rtentry *rt, struct rttimer *r)
{
+ struct rtentry *retrt;
KASSERT(rt != NULL);
rt_assert_referenced(rt);
@@ -1317,7 +1318,9 @@ icmp_mtudisc_timeout(struct rtentry *rt,
if ((rt->rt_flags & (RTF_DYNAMIC | RTF_HOST)) ==
(RTF_DYNAMIC | RTF_HOST)) {
rtrequest(RTM_DELETE, rt_getkey(rt),
- rt->rt_gateway, rt_mask(rt), rt->rt_flags, NULL);
+ rt->rt_gateway, rt_mask(rt), rt->rt_flags, &retrt);
+ rt_unref(rt);
+ rt_free(retrt);
} else {
if ((rt->rt_rmx.rmx_locks & RTV_MTU) == 0) {
rt->rt_rmx.rmx_mtu = 0;
@@ -1328,6 +1331,7 @@ icmp_mtudisc_timeout(struct rtentry *rt,
static void
icmp_redirect_timeout(struct rtentry *rt, struct rttimer *r)
{
+ struct rtentry *retrt;
KASSERT(rt != NULL);
rt_assert_referenced(rt);
@@ -1335,7 +1339,9 @@ icmp_redirect_timeout(struct rtentry *rt
if ((rt->rt_flags & (RTF_DYNAMIC | RTF_HOST)) ==
(RTF_DYNAMIC | RTF_HOST)) {
rtrequest(RTM_DELETE, rt_getkey(rt),
- rt->rt_gateway, rt_mask(rt), rt->rt_flags, NULL);
+ rt->rt_gateway, rt_mask(rt), rt->rt_flags, &retrt);
+ rt_unref(rt);
+ rt_free(retrt);
}
}
Index: src/sys/netinet6/icmp6.c
diff -u src/sys/netinet6/icmp6.c:1.211.6.5 src/sys/netinet6/icmp6.c:1.211.6.6
--- src/sys/netinet6/icmp6.c:1.211.6.5 Mon Apr 9 13:34:10 2018
+++ src/sys/netinet6/icmp6.c Fri Jun 8 10:14:33 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: icmp6.c,v 1.211.6.5 2018/04/09 13:34:10 bouyer Exp $ */
+/* $NetBSD: icmp6.c,v 1.211.6.6 2018/06/08 10:14:33 martin Exp $ */
/* $KAME: icmp6.c,v 1.217 2001/06/20 15:03:29 jinmei Exp $ */
/*
@@ -62,7 +62,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: icmp6.c,v 1.211.6.5 2018/04/09 13:34:10 bouyer Exp $");
+__KERNEL_RCSID(0, "$NetBSD: icmp6.c,v 1.211.6.6 2018/06/08 10:14:33 martin Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -2872,6 +2872,7 @@ icmp6_mtudisc_clone(struct sockaddr *dst
static void
icmp6_mtudisc_timeout(struct rtentry *rt, struct rttimer *r)
{
+ struct rtentry *retrt;
KASSERT(rt != NULL);
rt_assert_referenced(rt);
@@ -2879,7 +2880,9 @@ icmp6_mtudisc_timeout(struct rtentry *rt
if ((rt->rt_flags & (RTF_DYNAMIC | RTF_HOST)) ==
(RTF_DYNAMIC | RTF_HOST)) {
rtrequest(RTM_DELETE, rt_getkey(rt),
- rt->rt_gateway, rt_mask(rt), rt->rt_flags, NULL);
+ rt->rt_gateway, rt_mask(rt), rt->rt_flags, &retrt);
+ rt_unref(rt);
+ rt_free(retrt);
} else {
if (!(rt->rt_rmx.rmx_locks & RTV_MTU))
rt->rt_rmx.rmx_mtu = 0;
@@ -2889,14 +2892,18 @@ icmp6_mtudisc_timeout(struct rtentry *rt
static void
icmp6_redirect_timeout(struct rtentry *rt, struct rttimer *r)
{
+ struct rtentry *retrt;
KASSERT(rt != NULL);
rt_assert_referenced(rt);
if ((rt->rt_flags & (RTF_GATEWAY | RTF_DYNAMIC | RTF_HOST)) ==
(RTF_GATEWAY | RTF_DYNAMIC | RTF_HOST)) {
+ printf("%s: RTM_DELETE\n", __func__);
rtrequest(RTM_DELETE, rt_getkey(rt),
- rt->rt_gateway, rt_mask(rt), rt->rt_flags, NULL);
+ rt->rt_gateway, rt_mask(rt), rt->rt_flags, &retrt);
+ rt_unref(rt);
+ rt_free(retrt);
}
}
