CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	mmacy <mmacy@FreeBSD.org>
	Wed, 15 Aug 2018 20:23:08 +0000 (20:23 +0000)
committer	mmacy <mmacy@FreeBSD.org>
	Wed, 15 Aug 2018 20:23:08 +0000 (20:23 +0000)
commit	99cec0a00c69bf34c44b008e46eea9df8bd57395
tree	45705a0f9043225c5fdc7acbdfecc7e41625b66b	tree \| snapshot
parent	0086301ab9be1c734d2cf2f9b290cda107631166	commit \| diff

Fix in6_multi double free

This is actually several different bugs:
- The code is not designed to handle inpcb deletion after interface deletion
  - add reference for inpcb membership
- The multicast address has to be removed from interface lists when the refcount
  goes to zero OR when the interface goes away
  - decouple list disconnect from refcount (v6 only for now)
- ifmultiaddr can exist past being on interface lists
  - add flag for tracking whether or not it's enqueued
- deferring freeing moptions makes the incpb cleanup code simpler but opens the
  door wider still to races
  - call inp_gcmoptions synchronously after dropping the the inpcb lock

Fundamentally multicast needs a rewrite - but keep applying band-aids for now.

Tested by: kp
Reported by: novel, kp, lwhsu

sys/net/if.c		diff \| blob \| history
sys/net/if_var.h		diff \| blob \| history
sys/netinet/in_mcast.c		diff \| blob \| history
sys/netinet/in_pcb.c		diff \| blob \| history
sys/netinet/ip_carp.c		diff \| blob \| history
sys/netinet6/in6_ifattach.c		diff \| blob \| history
sys/netinet6/in6_mcast.c		diff \| blob \| history
sys/netinet6/in6_var.h		diff \| blob \| history
sys/netinet6/mld6.c		diff \| blob \| history