Page MenuHomeFreeBSD

rip6: Fix a lock order reversal in rip6_bind()
ClosedPublic

Authored by markj on Jun 13 2022, 3:56 PM.
Tags
None
Referenced Files
F107031259: D35472.id106866.diff
Thu, Jan 9, 5:58 AM
F107030461: D35472.id106906.diff
Thu, Jan 9, 5:40 AM
Unknown Object (File)
Wed, Jan 8, 11:09 AM
Unknown Object (File)
Nov 27 2024, 11:18 AM
Unknown Object (File)
Nov 7 2024, 4:43 AM
Unknown Object (File)
Nov 7 2024, 3:01 AM
Unknown Object (File)
Oct 20 2024, 12:54 AM
Unknown Object (File)
Oct 20 2024, 12:54 AM
Subscribers

Details

Summary

See also commit 71a1539e3783.

Reported by: syzbot+9b461b6a07a83cc10daa@syzkaller.appspotmail.com
Reported by: syzbot+b6ce0aec16f5fdab3282@syzkaller.appspotmail.com

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Passed
Unit
No Test Coverage
Build Status
Buildable 45957
Build 42845: arc lint + arc unit

Event Timeline

markj requested review of this revision.Jun 13 2022, 3:56 PM

The patch of course brings locking into correct order. However, at a glance I don't see any good reason to lock INP_INFO_WLOCK() for this assignment on a single inp->inp6p_laddr. Maybe this is some feature of IPv6, that I don't know, though.

This revision is now accepted and ready to land.Jun 13 2022, 6:28 PM

The patch of course brings locking into correct order. However, at a glance I don't see any good reason to lock INP_INFO_WLOCK() for this assignment on a single inp->inp6p_laddr. Maybe this is some feature of IPv6, that I don't know, though.

I wondered the same thing. rip6_connect() has the same "feature." I am inclined to leave it alone for now.

This revision was automatically updated to reflect the committed changes.