git: 46242829baa3 - stable/13 - mld6: Ensure that mld_domifattach() always succeeds
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 28 Apr 2022 00:34:52 UTC
The branch stable/13 has been updated by markj:
URL: https://cgit.FreeBSD.org/src/commit/?id=46242829baa3c822b8e7376a71f1d0fa2be1c5c5
commit 46242829baa3c822b8e7376a71f1d0fa2be1c5c5
Author: Mark Johnston <markj@FreeBSD.org>
AuthorDate: 2022-04-21 17:22:09 +0000
Commit: Mark Johnston <markj@FreeBSD.org>
CommitDate: 2022-04-28 00:34:17 +0000
mld6: Ensure that mld_domifattach() always succeeds
mld_domifattach() does a memory allocation under the global MLD mutex
and so can fail, but no error handling prevents a null pointer
dereference in this case. The mutex is only needed when updating the
global softc list; the allocation and static initialization of the softc
does not require this mutex. So, reduce the scope of the mutex and use
M_WAITOK for the allocation.
PR: 261457
Sponsored by: The FreeBSD Foundation
(cherry picked from commit 5d691ab4f03d436d38f46777c3c117cf5a27f1bc)
---
sys/netinet6/mld6.c | 48 ++++++++++--------------------------------------
1 file changed, 10 insertions(+), 38 deletions(-)
diff --git a/sys/netinet6/mld6.c b/sys/netinet6/mld6.c
index c4948158bba8..1c984db70e93 100644
--- a/sys/netinet6/mld6.c
+++ b/sys/netinet6/mld6.c
@@ -104,8 +104,6 @@ __FBSDID("$FreeBSD$");
#define KTR_MLD KTR_INET6
#endif
-static struct mld_ifsoftc *
- mli_alloc_locked(struct ifnet *);
static void mli_delete_locked(const struct ifnet *);
static void mld_dispatch_packet(struct mbuf *);
static void mld_dispatch_queue(struct mbufq *, int);
@@ -470,45 +468,17 @@ mld_is_addr_reported(const struct in6_addr *addr)
}
/*
- * Attach MLD when PF_INET6 is attached to an interface.
- *
- * SMPng: Normally called with IF_AFDATA_LOCK held.
+ * Attach MLD when PF_INET6 is attached to an interface. Assumes that the
+ * current VNET is set by the caller.
*/
struct mld_ifsoftc *
mld_domifattach(struct ifnet *ifp)
{
struct mld_ifsoftc *mli;
- CTR3(KTR_MLD, "%s: called for ifp %p(%s)",
- __func__, ifp, if_name(ifp));
-
- MLD_LOCK();
-
- mli = mli_alloc_locked(ifp);
- if (!(ifp->if_flags & IFF_MULTICAST))
- mli->mli_flags |= MLIF_SILENT;
- if (mld_use_allow)
- mli->mli_flags |= MLIF_USEALLOW;
-
- MLD_UNLOCK();
-
- return (mli);
-}
-
-/*
- * VIMAGE: assume curvnet set by caller.
- */
-static struct mld_ifsoftc *
-mli_alloc_locked(/*const*/ struct ifnet *ifp)
-{
- struct mld_ifsoftc *mli;
-
- MLD_LOCK_ASSERT();
-
- mli = malloc(sizeof(struct mld_ifsoftc), M_MLD, M_NOWAIT|M_ZERO);
- if (mli == NULL)
- goto out;
+ CTR3(KTR_MLD, "%s: called for ifp %p(%s)", __func__, ifp, if_name(ifp));
+ mli = malloc(sizeof(struct mld_ifsoftc), M_MLD, M_WAITOK | M_ZERO);
mli->mli_ifp = ifp;
mli->mli_version = MLD_VERSION_2;
mli->mli_flags = 0;
@@ -517,13 +487,15 @@ mli_alloc_locked(/*const*/ struct ifnet *ifp)
mli->mli_qri = MLD_QRI_INIT;
mli->mli_uri = MLD_URI_INIT;
mbufq_init(&mli->mli_gq, MLD_MAX_RESPONSE_PACKETS);
+ if ((ifp->if_flags & IFF_MULTICAST) == 0)
+ mli->mli_flags |= MLIF_SILENT;
+ if (mld_use_allow)
+ mli->mli_flags |= MLIF_USEALLOW;
+ MLD_LOCK();
LIST_INSERT_HEAD(&V_mli_head, mli, mli_link);
+ MLD_UNLOCK();
- CTR2(KTR_MLD, "allocate mld_ifsoftc for ifp %p(%s)",
- ifp, if_name(ifp));
-
-out:
return (mli);
}