Module Name: src Committed By: martin Date: Mon Apr 2 08:54:35 UTC 2018
Modified Files: src/sys/netinet [netbsd-8]: if_arp.c src/sys/netinet6 [netbsd-8]: nd6_nbr.c Log Message: Pull up following revision(s) (requested by ozaki-r in ticket #686): sys/netinet/if_arp.c: revision 1.271 sys/netinet6/nd6_nbr.c: revision 1.151,1.152 Avoid passing NULL to nd6_dad_duplicated Fix PR kern/53075 Fix a race condition on DAD destructions (again) The previous fix to DAD timers was wrong; it avoided a use-after-free but instead introduced a memory leak. The destruction method had delegated a destruction of a DAD timer to the timer itself and told that by setting NULL to dp->dad_ifa. However, the previous fix made DAD timers do nothing on the sign. Fixing the issue with using callout_stop isn't easy. One approach is to have a refcount on dp but it introduces extra complexity that we want to avoid. The new fix falls back to using callout_halt, which was abandoned because of softnet_lock. Fortunately now the network stack is protected by KERNEL_LOCK so we can remove softnet_lock from DAD timers (callout) and use callout_halt safely. To generate a diff of this commit: cvs rdiff -u -r1.250.2.7 -r1.250.2.8 src/sys/netinet/if_arp.c cvs rdiff -u -r1.138.6.5 -r1.138.6.6 src/sys/netinet6/nd6_nbr.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.