inet6: protect address manipulation with a lock This is a total hack/bare minimum which follows inet4. Otherwise 2 threads removing the same address can easily crash.
Details
Details
- Reviewers
kp - Group Reviewers
network - Commits
- rGff99bfe3ef73: inet6: protect address manipulation with a lock
rGf5a365e51fee: inet6: protect address manipulation with a lock
#!/bin/sh IFNAME=igc0 INET6ADDR=2001:db8:bdbd::123/48 while true; do ifconfig $IFNAME inet6 $INET6ADDR & ifconfig $IFNAME inet6 $INET6ADDR delete & done
crashes stock kernel with:
--- trap 0xc, rip = 0xffffffff80fd9293, rsp = 0xfffffe00cd68c9d0, rbp = 0xfffffe00cd68ca20 --- in6_unlink_ifa() at in6_unlink_ifa+0x63/frame 0xfffffe00cd68ca20 in6_purgeaddr() at in6_purgeaddr+0x367/frame 0xfffffe00cd68cb40 in6_purgeifaddr() at in6_purgeifaddr+0x13/frame 0xfffffe00cd68cb60 in6_control() at in6_control+0x532/frame 0xfffffe00cd68cbc0 ifioctl() at ifioctl+0x7bc/frame 0xfffffe00cd68ccc0 kern_ioctl() at kern_ioctl+0x26d/frame 0xfffffe00cd68cd30 sys_ioctl() at sys_ioctl+0x101/frame 0xfffffe00cd68ce00 amd64_syscall() at amd64_syscall+0x10c/frame 0xfffffe00cd68cf30 fast_syscall_common() at fast_syscall_common+0xf8/frame 0xfffffe00cd68cf30
Diff Detail
Diff Detail
- Repository
- rG FreeBSD src repository
- Lint
Lint Skipped - Unit
Tests Skipped
Event Timeline
Comment Actions
fwiw, Gleb added the IPv4 lock in https://cgit.freebsd.org/src/commit/?id=f7a39160c259ea83b507b0808418619712572428.
It's a bit of a big hammer, but it's going to be more effective than finding and handling individual races, and it's probably not very important to be able to add/remove millions of addresses per second.
Nit: it should be a per-vnet lock, but the IPv4 one isn't either. Perhaps that's something we should fix in a separate commit.