Index | Thread | Search

From:
Vitaliy Makkoveev <mvs@openbsd.org>
Subject:
Unlock ICMPV6CTL_ND6_DELAY case of icmp6_sysctl()
To:
Alexander Bluhm <bluhm@openbsd.org>, tech@openbsd.org
Date:
Sat, 2 Aug 2025 14:23:25 +0300

Download raw body.

Thread 
`nd6_delay' loaded only once in nd6_resolve().

Index: sys/netinet6/icmp6.c
===================================================================
RCS file: /cvs/src/sys/netinet6/icmp6.c,v
retrieving revision 1.272
diff -u -p -r1.272 icmp6.c
--- sys/netinet6/icmp6.c	2 Aug 2025 09:03:54 -0000	1.272
+++ sys/netinet6/icmp6.c	2 Aug 2025 11:18:33 -0000
@@ -1774,8 +1774,11 @@ icmp6_mtudisc_timeout(struct rtentry *rt
 }
 
 #ifndef SMALL_KERNEL
-const struct sysctl_bounded_args icmpv6ctl_vars[] = {
+const struct sysctl_bounded_args icmpv6ctl_vars_unlocked[] = {
 	{ ICMPV6CTL_ND6_DELAY, &nd6_delay, 0, INT_MAX },
+};
+
+const struct sysctl_bounded_args icmpv6ctl_vars[] = {
 	{ ICMPV6CTL_ND6_UMAXTRIES, &nd6_umaxtries, 0, INT_MAX },
 	{ ICMPV6CTL_ND6_MMAXTRIES, &nd6_mmaxtries, 0, INT_MAX },
 	{ ICMPV6CTL_ERRPPSLIMIT, &icmp6errppslim, -1, 1000 },
@@ -1841,6 +1844,12 @@ icmp6_sysctl(int *name, u_int namelen, v
 	case ICMPV6CTL_ND6_QUEUED:
 		error = sysctl_rdint(oldp, oldlenp, newp,
 		    atomic_load_int(&ln_hold_total));
+		break;
+
+	case ICMPV6CTL_ND6_DELAY:
+		error = sysctl_bounded_arr(icmpv6ctl_vars_unlocked,
+		    nitems(icmpv6ctl_vars_unlocked), name, namelen,
+		    oldp, oldlenp, newp, newlen);
 		break;
 
 	default:
Index: sys/netinet6/nd6.c
===================================================================
RCS file: /cvs/src/sys/netinet6/nd6.c,v
retrieving revision 1.293
diff -u -p -r1.293 nd6.c
--- sys/netinet6/nd6.c	26 Jul 2025 01:16:59 -0000	1.293
+++ sys/netinet6/nd6.c	2 Aug 2025 11:18:33 -0000
@@ -75,7 +75,7 @@
 /* timer values */
 int	nd6_timer_next	= -1;	/* at which uptime nd6_timer runs */
 time_t	nd6_expire_next	= -1;	/* at which uptime nd6_expire runs */
-int	nd6_delay	= 5;	/* delay first probe time 5 second */
+int	nd6_delay	= 5;	/* [a] delay first probe time 5 second */
 int	nd6_umaxtries	= 3;	/* maximum unicast query */
 int	nd6_mmaxtries	= 3;	/* maximum multicast query */
 int	nd6_gctimer	= (60 * 60 * 24); /* 1 day: garbage collection timer */
@@ -1307,7 +1307,7 @@ nd6_resolve(struct ifnet *ifp, struct rt
 	if (ln->ln_state == ND6_LLINFO_STALE) {
 		ln->ln_asked = 0;
 		ln->ln_state = ND6_LLINFO_DELAY;
-		nd6_llinfo_settimer(ln, nd6_delay);
+		nd6_llinfo_settimer(ln, atomic_load_int(&nd6_delay));
 	}
 
 	/*