diff options
author | Eugene Grosbein <eugen@FreeBSD.org> | 2018-10-27 04:53:25 +0000 |
---|---|---|
committer | Eugene Grosbein <eugen@FreeBSD.org> | 2018-10-27 04:53:25 +0000 |
commit | 4f1e3122ac9ebc4276a83aefcf6b9fbeaa839076 (patch) | |
tree | 3ba36fdf6bc2788bf4c3b0cbb8cbb00ba563ca87 | |
parent | 232485a17e38c9cb8d2cd3c0f317c607e8f13925 (diff) | |
download | src-4f1e3122ac9ebc4276a83aefcf6b9fbeaa839076.tar.gz src-4f1e3122ac9ebc4276a83aefcf6b9fbeaa839076.zip |
Prevent multicast code from panicing due to unprotected access to INADDR_HASH.
PR: 220078
MFC after: 1 month
Differential Revision: https://reviews.freebsd.org/D12457
Tested-by: Cassiano Peixoto and others
Notes
Notes:
svn path=/head/; revision=339807
-rw-r--r-- | sys/netinet/in_mcast.c | 20 |
1 files changed, 15 insertions, 5 deletions
diff --git a/sys/netinet/in_mcast.c b/sys/netinet/in_mcast.c index 0e674e7a188d..982d1f522f0b 100644 --- a/sys/netinet/in_mcast.c +++ b/sys/netinet/in_mcast.c @@ -1444,6 +1444,7 @@ static int inp_block_unblock_source(struct inpcb *inp, struct sockopt *sopt) { struct group_source_req gsr; + struct rm_priotracker in_ifa_tracker; sockunion_t *gsa, *ssa; struct ifnet *ifp; struct in_mfilter *imf; @@ -1481,9 +1482,11 @@ inp_block_unblock_source(struct inpcb *inp, struct sockopt *sopt) ssa->sin.sin_len = sizeof(struct sockaddr_in); ssa->sin.sin_addr = mreqs.imr_sourceaddr; - if (!in_nullhost(mreqs.imr_interface)) + if (!in_nullhost(mreqs.imr_interface)) { + IN_IFADDR_RLOCK(&in_ifa_tracker); INADDR_TO_IFP(mreqs.imr_interface, ifp); - + IN_IFADDR_RUNLOCK(&in_ifa_tracker); + } if (sopt->sopt_name == IP_BLOCK_SOURCE) doblock = 1; @@ -1969,7 +1972,6 @@ inp_getmoptions(struct inpcb *inp, struct sockopt *sopt) * * Returns NULL if no ifp could be found. * - * SMPng: TODO: Acquire the appropriate locks for INADDR_TO_IFP. * FUTURE: Implement IPv4 source-address selection. */ static struct ifnet * @@ -1987,7 +1989,9 @@ inp_lookup_mcast_ifp(const struct inpcb *inp, ifp = NULL; if (!in_nullhost(ina)) { + IN_IFADDR_RLOCK(&in_ifa_tracker); INADDR_TO_IFP(ina, ifp); + IN_IFADDR_RUNLOCK(&in_ifa_tracker); } else { fibnum = inp ? inp->inp_inc.inc_fibnum : 0; if (fib4_lookup_nh_basic(fibnum, gsin->sin_addr, 0, 0, &nh4)==0) @@ -2332,6 +2336,7 @@ inp_leave_group(struct inpcb *inp, struct sockopt *sopt) { struct group_source_req gsr; struct ip_mreq_source mreqs; + struct rm_priotracker in_ifa_tracker; sockunion_t *gsa, *ssa; struct ifnet *ifp; struct in_mfilter *imf; @@ -2390,9 +2395,11 @@ inp_leave_group(struct inpcb *inp, struct sockopt *sopt) * XXX NOTE WELL: The RFC 3678 API is preferred because * using an IPv4 address as a key is racy. */ - if (!in_nullhost(mreqs.imr_interface)) + if (!in_nullhost(mreqs.imr_interface)) { + IN_IFADDR_RLOCK(&in_ifa_tracker); INADDR_TO_IFP(mreqs.imr_interface, ifp); - + IN_IFADDR_RUNLOCK(&in_ifa_tracker); + } CTR3(KTR_IGMPV3, "%s: imr_interface = 0x%08x, ifp = %p", __func__, ntohl(mreqs.imr_interface.s_addr), ifp); @@ -2560,6 +2567,7 @@ out_inp_locked: static int inp_set_multicast_if(struct inpcb *inp, struct sockopt *sopt) { + struct rm_priotracker in_ifa_tracker; struct in_addr addr; struct ip_mreqn mreqn; struct ifnet *ifp; @@ -2598,7 +2606,9 @@ inp_set_multicast_if(struct inpcb *inp, struct sockopt *sopt) if (in_nullhost(addr)) { ifp = NULL; } else { + IN_IFADDR_RLOCK(&in_ifa_tracker); INADDR_TO_IFP(addr, ifp); + IN_IFADDR_RUNLOCK(&in_ifa_tracker); if (ifp == NULL) return (EADDRNOTAVAIL); } |