---
- branch: netbsd-8
  date: Mon Apr  2 08:54:35 UTC 2018
  files:
  - new: 1.250.2.8
    old: 1.250.2.7
    path: src/sys/netinet/if_arp.c
    pathrev: src/sys/netinet/if_arp.c@1.250.2.8
    type: modified
  - new: 1.138.6.6
    old: 1.138.6.5
    path: src/sys/netinet6/nd6_nbr.c
    pathrev: src/sys/netinet6/nd6_nbr.c@1.138.6.6
    type: modified
  id: 20180402T085435Z.4ef3880c1ead3c6136cc05a8e432e23eb5661d29
  log: "Pull up following revision(s) (requested by ozaki-r in ticket #686):\n\n\tsys/netinet/if_arp.c:
    revision 1.271\n\tsys/netinet6/nd6_nbr.c: revision 1.151,1.152\n\nAvoid passing
    NULL to nd6_dad_duplicated\nFix PR kern/53075\n\nFix a race condition on DAD destructions
    (again)\n\nThe previous fix to DAD timers was wrong; it avoided a use-after-free
    but\ninstead introduced a memory leak.  The destruction method had delegated\na
    destruction of a DAD timer to the timer itself and told that by setting NULL\nto
    dp->dad_ifa.  However, the previous fix made DAD timers do nothing on\nthe sign.\n\nFixing
    the issue with using callout_stop isn't easy.  One approach is to have\na refcount
    on dp but it introduces extra complexity that we want to avoid.\nThe new fix falls
    back to using callout_halt, which was abandoned because of\nsoftnet_lock.  Fortunately
    now the network stack is protected by KERNEL_LOCK\nso we can remove softnet_lock
    from DAD timers (callout) and use callout_halt\nsafely.\n"
  module: src
  subject: 'CVS commit: [netbsd-8] src/sys'
  unixtime: '1522659275'
  user: martin