From 1d1ddc94a16aa408cffc7a757d83f7fb4ea0895b Mon Sep 17 00:00:00 2001 From: hselasky Date: Mon, 17 Feb 2020 09:46:32 +0000 Subject: [PATCH] Fix kernel panic while trying to read multicast stream. When VIMAGE is enabled make sure the "m_pkthdr.rcvif" pointer is set for all mbufs being input by the IGMP/MLD6 code. Else there will be a NULL-pointer dereference in the netisr code when trying to set the VNET based on the incoming mbuf. Add an assert to catch this when queueing mbufs on a netisr to make debugging of similar cases easier. Found by: Vladislav V. Prodan PR: 244002 Reviewed by: bz@ MFC after: 1 week Sponsored by: Mellanox Technologies --- sys/net/netisr.c | 2 ++ sys/netinet/igmp.c | 1 + sys/netinet6/mld6.c | 1 + 3 files changed, 4 insertions(+) diff --git a/sys/net/netisr.c b/sys/net/netisr.c index f6ffb5b39bb..870015a487e 100644 --- a/sys/net/netisr.c +++ b/sys/net/netisr.c @@ -1056,6 +1056,8 @@ netisr_queue_src(u_int proto, uintptr_t source, struct mbuf *m) if (m != NULL) { KASSERT(!CPU_ABSENT(cpuid), ("%s: CPU %u absent", __func__, cpuid)); + VNET_ASSERT(m->m_pkthdr.rcvif != NULL, + ("%s:%d rcvif == NULL: m=%p", __func__, __LINE__, m)); error = netisr_queue_internal(proto, m, cpuid); } else error = ENOBUFS; diff --git a/sys/netinet/igmp.c b/sys/netinet/igmp.c index 5ee99dbb91d..2a08e73317a 100644 --- a/sys/netinet/igmp.c +++ b/sys/netinet/igmp.c @@ -303,6 +303,7 @@ igmp_save_context(struct mbuf *m, struct ifnet *ifp) #ifdef VIMAGE m->m_pkthdr.PH_loc.ptr = ifp->if_vnet; #endif /* VIMAGE */ + m->m_pkthdr.rcvif = ifp; m->m_pkthdr.flowid = ifp->if_index; } diff --git a/sys/netinet6/mld6.c b/sys/netinet6/mld6.c index f563bc3133b..144d9be590d 100644 --- a/sys/netinet6/mld6.c +++ b/sys/netinet6/mld6.c @@ -283,6 +283,7 @@ mld_save_context(struct mbuf *m, struct ifnet *ifp) #ifdef VIMAGE m->m_pkthdr.PH_loc.ptr = ifp->if_vnet; #endif /* VIMAGE */ + m->m_pkthdr.rcvif = ifp; m->m_pkthdr.flowid = ifp->if_index; } -- 2.45.0