NetBSD Problem Report #43100

From www@NetBSD.org  Fri Apr  2 03:54:01 2010
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [204.152.190.11])
	by www.NetBSD.org (Postfix) with ESMTP id 9891C63B86C
	for <gnats-bugs@gnats.NetBSD.org>; Fri,  2 Apr 2010 03:54:01 +0000 (UTC)
Message-Id: <20100402035401.5C64763B11D@www.NetBSD.org>
Date: Fri,  2 Apr 2010 03:54:01 +0000 (UTC)
From: shigeru@iij.ad.jp
Reply-To: shigeru@iij.ad.jp
To: gnats-bugs@NetBSD.org
Subject: 'pr->ndpr_refcnt' should be inclemented in in6_ifattach_linklocal()@sys/netinet6/in6_ifattach.c
X-Send-Pr-Version: www-1.0

>Number:         43100
>Category:       kern
>Synopsis:       'pr->ndpr_refcnt' should be inclemented in in6_ifattach_linklocal()@sys/netinet6/in6_ifattach.c
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    kern-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Apr 02 03:55:00 +0000 2010
>Originator:     YAMAMOTO, Shigeru
>Release:        NetBSD 5.0.2
>Organization:
Internet Initiative Japan Inc.
>Environment:
NetBSD triton.iij.ad.jp 5.0.2 NetBSD 5.0.2 (GENERIC) #0: Sat Feb  6 17:53:27 UTC 2010  builds@b7.netbsd.org:/home/builds/ab/netbsd-5-0-2-RELEASE/i386/201002061851Z-obj/home/builds/ab/netbsd-5-0-2-RELEASE/src/sys/arch/i386/compile/GENERIC i386

>Description:
We have 2 way to set IPv6 linklocal address.
One is 'in6_control1()@sys/netinet6/in6.c' which is called by ioctl().
Another is 'in6_ifattach_linklocal()@sys/netinet6/in6_ifattach.c' which is called by in6_ifattach()@sys/netinet6/in6_ifattach.c.

when comparing in6_controll() and in6_ifattach_linklocal(), there is a difference about inclementing 'pr->ndpr_refcnt'.

in6_controll() inclements 'pr->ndpr_refcnt'.
but, in6_ifattach_linklocal() does not inclement 'pr->ndpr_refcnt'.

I think, this difference causes reference count mismatch.


>How-To-Repeat:
1) use IPv6 enabled kernel
2) enable IPv6 on interface
 # ifconfig <if> inet6 up
3) add new IPv6 linklocal address
 # ifconfig <if> inet6 fe80::1
4) check 'fe80::%<if>/64' in routing table
 # netstat -rn -f inet6
5) delete IPv6 linklocal address which is added at step '3)'.
 # ifconfig <if> inet6 delete fe80::1
6) check 'fe80::%<if>/64' in routing table
 # netstat -rn -f inet6

at step '6)', we can see that 'fe80::%<if>/64" is deleted from routing table.

In *BSD, in6_ifattach_linklocal() is same code.
So I think *BSD have same problem.

>Fix:
need fix in6_ifattach_linklocal().

this is a patch.

-------------------------------------------------------------------
--- sys/netinet6/in6_ifattach.c.orig    2008-04-24 20:38:38.000000000 +0900
+++ sys/netinet6/in6_ifattach.c 2010-04-02 11:25:11.000000000 +0900
@@ -534,6 +534,7 @@
        struct in6_ifaddr *ia;
        struct in6_aliasreq ifra;
        struct nd_prefixctl pr0;
+       struct nd_prefix *pr = NULL;
        int i, error;

        /*
@@ -631,9 +632,21 @@
         * address, and then reconfigure another one, the prefix is still
         * valid with referring to the old link-local address.
         */
-       if (nd6_prefix_lookup(&pr0) == NULL) {
-               if ((error = nd6_prelist_add(&pr0, NULL, NULL)) != 0)
-                       return error;
+       if ((pr = nd6_prefix_lookup(&pr0)) == NULL) {
+               if ((error = nd6_prelist_add(&pr0, NULL, &pr)) != 0)
+                       return (error);
+#ifdef DIAGNOSTIC
+               if (pr == NULL) {
+                       panic("pr == NULL in in6_ifattach_linklocal");
+                       /* NOTREACHED */
+               }
+#endif
+       }
+
+       /* relate the address to the prefix */
+       if (ia->ia6_ndpr == NULL) {
+               ia->ia6_ndpr = pr;
+               pr->ndpr_refcnt++;
        }

        return 0;
-------------------------------------------------------------------

NetBSD Home
NetBSD PR Database Search

(Contact us) $NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2007 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.