Grab the KERNEL_LOCK() around rtm*() functions. Routing sockets globals

aren't protected by the NET_LOCK().

While here change lock assertions in rt_{set,put}gwroute(), the NET_LOCK()
is enough.

Tested by Hrvoje Popovski.

ok jmatthew@, claudio@

diff --git a/sys/net/route.c b/sys/net/route.c
index ac57cc6..c6cc952 100644 (file)
--- a/sys/net/route.c
+++ b/sys/net/route.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: route.c,v 1.357 2017/05/27 09:51:18 claudio Exp $     */
+/*     $OpenBSD: route.c,v 1.358 2017/06/07 13:28:02 mpi Exp $ */
 /*     $NetBSD: route.c,v 1.14 1996/02/13 22:00:46 christos Exp $      */
 
 /*
@@ -385,7 +385,7 @@ rt_setgwroute(struct rtentry *rt, u_int rtableid)
 {
        struct rtentry *nhrt;
 
-       KERNEL_ASSERT_LOCKED();
+       NET_ASSERT_LOCKED();
 
        KASSERT(ISSET(rt->rt_flags, RTF_GATEWAY));
 
@@ -442,7 +442,7 @@ rt_putgwroute(struct rtentry *rt)
 {
        struct rtentry *nhrt = rt->rt_gwroute;
 
-       KERNEL_ASSERT_LOCKED();
+       NET_ASSERT_LOCKED();
 
        if (!ISSET(rt->rt_flags, RTF_GATEWAY) || nhrt == NULL)
                return;
@@ -624,7 +624,9 @@ out:
        info.rti_info[RTAX_DST] = dst;
        info.rti_info[RTAX_GATEWAY] = gateway;
        info.rti_info[RTAX_AUTHOR] = src;
+       KERNEL_LOCK();
        rtm_miss(RTM_REDIRECT, &info, flags, prio, ifidx, error, rdomain);
+       KERNEL_UNLOCK();
 }
 
 /*
@@ -653,8 +655,10 @@ rtdeletemsg(struct rtentry *rt, struct ifnet *ifp, u_int tableid)
        info.rti_flags = rt->rt_flags;
        ifidx = rt->rt_ifidx;
        error = rtrequest_delete(&info, rt->rt_priority, ifp, &rt, tableid);
+       KERNEL_LOCK();
        rtm_miss(RTM_DELETE, &info, info.rti_flags, rt->rt_priority, ifidx,
            error, tableid);
+       KERNEL_UNLOCK();
        if (error == 0)
                rtfree(rt);
        return (error);

diff --git a/sys/netinet/in_pcb.c b/sys/netinet/in_pcb.c
index 68d995f..533ed7f 100644 (file)
--- a/sys/netinet/in_pcb.c
+++ b/sys/netinet/in_pcb.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: in_pcb.c,v 1.220 2017/03/07 16:59:40 bluhm Exp $      */
+/*     $OpenBSD: in_pcb.c,v 1.221 2017/06/07 13:28:02 mpi Exp $        */
 /*     $NetBSD: in_pcb.c,v 1.25 1996/02/13 23:41:53 christos Exp $     */
 
 /*
@@ -716,8 +716,11 @@ in_losing(struct inpcb *inp)
                info.rti_info[RTAX_DST] = &inp->inp_route.ro_dst;
                info.rti_info[RTAX_GATEWAY] = rt->rt_gateway;
                info.rti_info[RTAX_NETMASK] = rt_plen2mask(rt, &sa_mask);
+
+               KERNEL_LOCK();
                rtm_miss(RTM_LOSING, &info, rt->rt_flags, rt->rt_priority,
                    rt->rt_ifidx, 0, inp->inp_rtableid);
+               KERNEL_UNLOCK();
                if (rt->rt_flags & RTF_DYNAMIC)
                        (void)rtrequest(RTM_DELETE, &info, rt->rt_priority,
                            NULL, inp->inp_rtableid);

diff --git a/sys/netinet6/nd6_rtr.c b/sys/netinet6/nd6_rtr.c
index 099a9e2..ec22c1c 100644 (file)
--- a/sys/netinet6/nd6_rtr.c
+++ b/sys/netinet6/nd6_rtr.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: nd6_rtr.c,v 1.159 2017/05/30 08:58:34 florian Exp $   */
+/*     $OpenBSD: nd6_rtr.c,v 1.160 2017/06/07 13:28:02 mpi Exp $       */
 /*     $KAME: nd6_rtr.c,v 1.97 2001/02/07 11:09:13 itojun Exp $        */
 
 /*
@@ -613,7 +613,9 @@ defrouter_addreq(struct nd_defrouter *new)
        error = rtrequest(RTM_ADD, &info, RTP_DEFAULT, &rt,
            new->ifp->if_rdomain);
        if (error == 0) {
+               KERNEL_LOCK();
                rtm_send(rt, RTM_ADD, new->ifp->if_rdomain);
+               KERNEL_UNLOCK();
                rtfree(rt);
                new->installed = 1;
        }
@@ -717,7 +719,9 @@ defrouter_delreq(struct nd_defrouter *dr)
        error = rtrequest(RTM_DELETE, &info, RTP_DEFAULT, &rt,
            dr->ifp->if_rdomain);
        if (error == 0) {
+               KERNEL_LOCK();
                rtm_send(rt, RTM_DELETE, dr->ifp->if_rdomain);
+               KERNEL_UNLOCK();
                rtfree(rt);
        }