From b2b7a4b2ca3154b46d3db5bb9a7db2f0460c176a Mon Sep 17 00:00:00 2001 From: "Bjoern A. Zeeb" Date: Tue, 19 Nov 2019 14:53:13 +0000 Subject: [PATCH] mld: fix epoch assertion in6ifa_ifpforlinklocal() asserts the net epoch. The test case from r354832 revealed code paths where we call into the function without having acquired the net epoch first and consequently we hit the assert. This happens in certain MLD states during VNET shutdown and most people normaly not notice this. For correctness acquire the net epoch around calls to mld_v1_transmit_report() in all cases to avoid the assertion firing. MFC after: 2 weeks Sponsored by: Netflix --- sys/netinet6/mld6.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/sys/netinet6/mld6.c b/sys/netinet6/mld6.c index fdfe989c74e..e5cb120fbef 100644 --- a/sys/netinet6/mld6.c +++ b/sys/netinet6/mld6.c @@ -1800,6 +1800,7 @@ mld_v1_transmit_report(struct in6_multi *in6m, const int type) struct mbuf *mh, *md; struct mld_hdr *mld; + NET_EPOCH_ASSERT(); IN6_MULTI_LIST_LOCK_ASSERT(); MLD_LOCK_ASSERT(); @@ -1968,6 +1969,7 @@ static int mld_initial_join(struct in6_multi *inm, struct mld_ifsoftc *mli, const int delay) { + struct epoch_tracker et; struct ifnet *ifp; struct mbufq *mq; int error, retval, syncstates; @@ -2035,8 +2037,10 @@ mld_initial_join(struct in6_multi *inm, struct mld_ifsoftc *mli, V_current_state_timers_running6 = 1; } else { inm->in6m_state = MLD_IDLE_MEMBER; + NET_EPOCH_ENTER(et); error = mld_v1_transmit_report(inm, MLD_LISTENER_REPORT); + NET_EPOCH_EXIT(et); if (error == 0) { inm->in6m_timer = odelay; V_current_state_timers_running6 = 1; @@ -2181,6 +2185,7 @@ mld_handle_state_change(struct in6_multi *inm, struct mld_ifsoftc *mli) static void mld_final_leave(struct in6_multi *inm, struct mld_ifsoftc *mli) { + struct epoch_tracker et; int syncstates; #ifdef KTR char ip6tbuf[INET6_ADDRSTRLEN]; @@ -2214,7 +2219,9 @@ mld_final_leave(struct in6_multi *inm, struct mld_ifsoftc *mli) panic("%s: MLDv2 state reached, not MLDv2 mode", __func__); #endif + NET_EPOCH_ENTER(et); mld_v1_transmit_report(inm, MLD_LISTENER_DONE); + NET_EPOCH_EXIT(et); inm->in6m_state = MLD_NOT_MEMBER; V_current_state_timers_running6 = 1; } else if (mli->mli_version == MLD_VERSION_2) { @@ -3194,6 +3201,7 @@ mld_v2_encap_report(struct ifnet *ifp, struct mbuf *m) /* * RFC3590: OK to send as :: or tentative during DAD. */ + NET_EPOCH_ASSERT(); ia = in6ifa_ifpforlinklocal(ifp, IN6_IFF_NOTREADY|IN6_IFF_ANYCAST); if (ia == NULL) CTR1(KTR_MLD, "%s: warning: ia is NULL", __func__);