Revert the `rt_lock' rwlock(9) diff to fix the recursive

rwlock(9) acquisition.

Reported-by: syzbot+fbe3acb4886adeef31e0@syzkaller.appspotmail.com

diff --git a/sys/net/route.c b/sys/net/route.c
index d6dcc31..4e9414d 100644 (file)
--- a/sys/net/route.c
+++ b/sys/net/route.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: route.c,v 1.415 2023/01/21 17:35:01 mvs Exp $ */
+/*     $OpenBSD: route.c,v 1.416 2023/01/28 10:17:16 mvs Exp $ */
 /*     $NetBSD: route.c,v 1.14 1996/02/13 22:00:46 christos Exp $      */
 
 /*
@@ -113,7 +113,6 @@
 #include <sys/queue.h>
 #include <sys/pool.h>
 #include <sys/atomic.h>
-#include <sys/rwlock.h>
 
 #include <net/if.h>
 #include <net/if_var.h>
@@ -140,8 +139,6 @@
 
 #define ROUNDUP(a) (a>0 ? (1 + (((a) - 1) | (sizeof(long) - 1))) : sizeof(long))
 
-struct rwlock rt_lock = RWLOCK_INITIALIZER("rtlck");
-
 /* Give some jitter to hash, to avoid synchronization between routers. */
 static uint32_t                rt_hashjitter;
 
@@ -256,10 +253,10 @@ rt_clone(struct rtentry **rtp, struct sockaddr *dst, unsigned int rtableid)
         * It should also be higher to let the ARP layer find
         * cloned routes instead of the cloning one.
         */
-       RT_LOCK();
+       KERNEL_LOCK();
        error = rtrequest(RTM_RESOLVE, &info, rt->rt_priority - 1, &rt,
            rtableid);
-       RT_UNLOCK();
+       KERNEL_UNLOCK();
        if (error) {
                rtm_miss(RTM_MISS, &info, 0, RTP_NONE, 0, error, rtableid);
        } else {

diff --git a/sys/net/route.h b/sys/net/route.h
index 4c0c385..1476ac3 100644 (file)
--- a/sys/net/route.h
+++ b/sys/net/route.h
@@ -1,4 +1,4 @@
-/*     $OpenBSD: route.h,v 1.197 2023/01/21 17:35:01 mvs Exp $ */
+/*     $OpenBSD: route.h,v 1.198 2023/01/28 10:17:16 mvs Exp $ */
 /*     $NetBSD: route.h,v 1.9 1996/02/13 22:00:49 christos Exp $       */
 
 /*
@@ -383,13 +383,6 @@ struct rt_addrinfo {
 #ifdef _KERNEL
 
 #include <sys/percpu.h>
-#include <sys/rwlock.h>
-
-extern struct rwlock rt_lock;
-
-#define RT_LOCK() rw_enter_write(&rt_lock)
-#define RT_UNLOCK() rw_exit_write(&rt_lock)
-#define RT_ASSERT_LOCKED() rw_assert_wrlock(&rt_lock)
 
 enum rtstat_counters {
        rts_badredirect,        /* bogus redirect calls */

diff --git a/sys/netinet/if_ether.c b/sys/netinet/if_ether.c
index 7edc263..f2440ce 100644 (file)
--- a/sys/netinet/if_ether.c
+++ b/sys/netinet/if_ether.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: if_ether.c,v 1.253 2023/01/21 17:35:01 mvs Exp $      */
+/*     $OpenBSD: if_ether.c,v 1.254 2023/01/28 10:17:16 mvs Exp $      */
 /*     $NetBSD: if_ether.c,v 1.31 1996/05/11 12:59:58 mycroft Exp $    */
 
 /*
@@ -412,7 +412,7 @@ arpresolve(struct ifnet *ifp, struct rtentry *rt0, struct mbuf *m,
        if (ifp->if_flags & (IFF_NOARP|IFF_STATICARP))
                goto bad;
 
-       RT_LOCK();
+       KERNEL_LOCK();
        /*
         * Re-check since we grab the route lock after the first check.
         * rtrequest_delete() can be called with shared netlock.  From
@@ -421,7 +421,7 @@ arpresolve(struct ifnet *ifp, struct rtentry *rt0, struct mbuf *m,
         * route lock here and are safe.  XXXSMP
         */
        if (!ISSET(rt->rt_flags, RTF_LLINFO)) {
-               RT_UNLOCK();
+               KERNEL_UNLOCK();
                goto bad;
        }
        la = (struct llinfo_arp *)rt->rt_llinfo;
@@ -471,7 +471,7 @@ arpresolve(struct ifnet *ifp, struct rtentry *rt0, struct mbuf *m,
                }
        }
 
-       RT_UNLOCK();
+       KERNEL_UNLOCK();
        return (EAGAIN);
 
 bad:
@@ -611,9 +611,9 @@ in_arpinput(struct ifnet *ifp, struct mbuf *m)
        } else if (rt != NULL) {
                int error;
 
-               RT_LOCK();
+               KERNEL_LOCK();
                error = arpcache(ifp, ea, rt);
-               RT_UNLOCK();
+               KERNEL_UNLOCK();
                if (error)
                        goto out;
        }
@@ -659,7 +659,7 @@ arpcache(struct ifnet *ifp, struct ether_arp *ea, struct rtentry *rt)
        unsigned int len;
        int changed = 0;
 
-       RT_ASSERT_LOCKED();
+       KERNEL_ASSERT_LOCKED();
        KASSERT(sdl != NULL);
 
        /*