From: bluhm <bluhm@openbsd.org>
Date: Sun, 24 Jul 2022 22:38:25 +0000 (+0000)
Subject: Fix assertion for write netlock in rip6_input().  ip6_input() has
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=f96d279d4c66be56e70904f46cd640e2da8d669b;p=openbsd

Fix assertion for write netlock in rip6_input().  ip6_input() has
shared net lock.  ip_deliver() needs exclusive net lock.  Instead
of calling ip_deliver() directly, use ip6_ours() to queue the packet.
Move the write lock assertion into ip_deliver() to catch such bugs
earlier.
The assertion was only triggered with IPv6 multicast forwarding or
router alert hop by hop option.  Found by regress test.
OK kn@ mvs@
---

diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c
index e4b18eebfec..081ed006539 100644
--- a/sys/netinet/ip_input.c
+++ b/sys/netinet/ip_input.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip_input.c,v 1.372 2022/06/29 09:01:48 mvs Exp $	*/
+/*	$OpenBSD: ip_input.c,v 1.373 2022/07/24 22:38:25 bluhm Exp $	*/
 /*	$NetBSD: ip_input.c,v 1.30 1996/03/16 23:53:58 christos Exp $	*/
 
 /*
@@ -556,8 +556,6 @@ ip_local(struct mbuf **mp, int *offp, int nxt, int af)
 	struct ipqent *ipqe;
 	int mff, hlen;
 
-	NET_ASSERT_WLOCKED();
-
 	hlen = ip->ip_hl << 2;
 
 	/*
@@ -674,6 +672,8 @@ ip_deliver(struct mbuf **mp, int *offp, int nxt, int af)
 	int nest = 0;
 #endif /* INET6 */
 
+	NET_ASSERT_WLOCKED();
+
 	/* pf might have modified stuff, might have to chksum */
 	switch (af) {
 	case AF_INET:
diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c
index 2fa634927ad..7f3b8a60934 100644
--- a/sys/netinet6/ip6_input.c
+++ b/sys/netinet6/ip6_input.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: ip6_input.c,v 1.248 2022/06/29 22:45:24 bluhm Exp $	*/
+/*	$OpenBSD: ip6_input.c,v 1.249 2022/07/24 22:38:25 bluhm Exp $	*/
 /*	$KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $	*/
 
 /*
@@ -448,8 +448,7 @@ ip6_input_if(struct mbuf **mp, int *offp, int nxt, int af, struct ifnet *ifp)
 
 			if (ours) {
 				if (af == AF_UNSPEC)
-					nxt = ip_deliver(mp, offp, nxt,
-					    AF_INET6);
+					nxt = ip6_ours(mp, offp, nxt, af);
 				goto out;
 			}
 			goto bad;
@@ -550,7 +549,7 @@ ip6_input_if(struct mbuf **mp, int *offp, int nxt, int af, struct ifnet *ifp)
 
 	if (ours) {
 		if (af == AF_UNSPEC)
-			nxt = ip_deliver(mp, offp, nxt, AF_INET6);
+			nxt = ip6_ours(mp, offp, nxt, af);
 		goto out;
 	}
 
@@ -584,8 +583,6 @@ ip6_input_if(struct mbuf **mp, int *offp, int nxt, int af, struct ifnet *ifp)
 int
 ip6_local(struct mbuf **mp, int *offp, int nxt, int af)
 {
-	NET_ASSERT_WLOCKED();
-
 	nxt = ip6_hbhchcheck(mp, offp, NULL);
 	if (nxt == IPPROTO_DONE)
 		return IPPROTO_DONE;