From 6ea313b170319aed9e423222b5dfacede227785c Mon Sep 17 00:00:00 2001 From: mvs Date: Fri, 26 Mar 2021 22:40:08 +0000 Subject: [PATCH] Push kernel lock down to rt_setsource() to make `ifa' dereference safe. Netlock doesn't make sense here because ifa_ifwithaddr() holds kernel lock while performs lists walkthrough. This was made to decrease the future diff for PF_ROUTE sockets unlocking. This time kernel lock is still held while we perform rt_setsource(). ok mpi@ --- sys/net/rtsock.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/sys/net/rtsock.c b/sys/net/rtsock.c index 71340f8cfdc..52ccd7f2eb0 100644 --- a/sys/net/rtsock.c +++ b/sys/net/rtsock.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rtsock.c,v 1.308 2021/03/18 15:55:19 claudio Exp $ */ +/* $OpenBSD: rtsock.c,v 1.309 2021/03/26 22:40:08 mvs Exp $ */ /* $NetBSD: rtsock.c,v 1.18 1996/03/29 00:32:10 cgd Exp $ */ /* @@ -2294,6 +2294,7 @@ int rt_setsource(unsigned int rtableid, struct sockaddr *src) { struct ifaddr *ifa; + int error; /* * If source address is 0.0.0.0 or :: * use automatic source selection @@ -2317,14 +2318,20 @@ rt_setsource(unsigned int rtableid, struct sockaddr *src) return (EAFNOSUPPORT); } + KERNEL_LOCK(); /* * Check if source address is assigned to an interface in the * same rdomain */ - if ((ifa = ifa_ifwithaddr(src, rtableid)) == NULL) + if ((ifa = ifa_ifwithaddr(src, rtableid)) == NULL) { + KERNEL_UNLOCK(); return (EINVAL); + } + + error = rtable_setsource(rtableid, src->sa_family, ifa->ifa_addr); + KERNEL_UNLOCK(); - return (rtable_setsource(rtableid, src->sa_family, ifa->ifa_addr)); + return (error); } /* -- 2.20.1