HomeFreeBSD
Diffusion FreeBSD src repository 4c63ecf5c77c

routing: fix panic triggered by the 'gr_idx != 0' assert in nhg code
4c63ecf5c77c
Actions

Description

routing: fix panic triggered by the 'gr_idx != 0' assert in nhg code

Nexthop groups can be referenced by the external code. The reference
can be released after the VNET destruction. Furthermore, nexthop
groups use a single per-rib lock, which is destroyed during the
VNET desctruction. To eliminate use-after-free problem, each nhg
is marked as "unlinked" during the VNET destruction stage, leaving
nhg_idx intact. Normally there should not be such nexthops, but if
there are any, the kernel will panic on 'gr_idx != 0' when the
last nhg reference is released.

Address this by using the assert checks only when the nexthop group
is destroyed during "valid" VNET lifetime.

MFC after: 3 days

Details

Provenance
melifaroAuthored on May 17 2023, 8:24 AM
Parents
rG848d5bb1abea: net/if_var.h: consistently use if_t over struct ifnet *
Branches
Unknown
Tags
Unknown

Changes (1)

PathSize
sys/
net/
route/

rG4c63ecf5c77c

View Options

sys/net/route/nhgrp_ctl.c

Loading...