From 1935ef3d412c9cfcfd75262d4867298c9e959161 Mon Sep 17 00:00:00 2001
From: mvs <mvs@openbsd.org>
Date: Sun, 26 Jun 2022 13:14:37 +0000
Subject: [PATCH] 'pipex_mppe' and 'pipex_session' structures have uint16_t bit
 fields which represent flags. We mix unlocked access to immutable flags with
 protected access to mutable ones. This could be not MP independent on some
 architectures, so convert these fields to u_int `flags' variables.

ok bluhm@
---
 sys/net/if_pppx.c     |  4 ++--
 sys/net/pipex.c       | 47 ++++++++++++++++++++++++-------------------
 sys/net/pipex_local.h | 23 ++++++++++++---------
 3 files changed, 42 insertions(+), 32 deletions(-)

diff --git a/sys/net/if_pppx.c b/sys/net/if_pppx.c
index d64f6b5fc61..36aa942222c 100644
--- a/sys/net/if_pppx.c
+++ b/sys/net/if_pppx.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: if_pppx.c,v 1.114 2022/02/22 01:15:02 guenther Exp $ */
+/*	$OpenBSD: if_pppx.c,v 1.115 2022/06/26 13:14:37 mvs Exp $ */
 
 /*
  * Copyright (c) 2010 Claudio Jeker <claudio@openbsd.org>
@@ -1021,7 +1021,7 @@ pppacopen(dev_t dev, int flags, int mode, struct proc *p)
 
 	/* virtual pipex_session entry for multicast */
 	session = pool_get(&pipex_session_pool, PR_WAITOK | PR_ZERO);
-	session->is_multicast = 1;
+	session->flags |= PIPEX_SFLAGS_MULTICAST;
 	session->ownersc = sc;
 	sc->sc_multicast_session = session;
 
diff --git a/sys/net/pipex.c b/sys/net/pipex.c
index f9a0c98d342..66737529b1b 100644
--- a/sys/net/pipex.c
+++ b/sys/net/pipex.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pipex.c,v 1.136 2022/01/02 22:36:04 jsg Exp $	*/
+/*	$OpenBSD: pipex.c,v 1.137 2022/06/26 13:14:37 mvs Exp $	*/
 
 /*-
  * Copyright (c) 2009 Internet Initiative Japan Inc.
@@ -150,7 +150,7 @@ pipex_destroy_all_sessions(void *ownersc)
 	LIST_FOREACH_SAFE(session, &pipex_session_list, session_list,
 	    session_tmp) {
 		if (session->ownersc == ownersc) {
-			KASSERT(session->is_pppx == 0);
+			KASSERT((session->flags & PIPEX_SFLAGS_PPPX) == 0);
 			pipex_unlink_session(session);
 			pipex_rele_session(session);
 		}
@@ -273,7 +273,7 @@ pipex_init_session(struct pipex_session **rsession,
 	session->ppp_flags = req->pr_ppp_flags;
 	session->ppp_id = req->pr_ppp_id;
 
-	session->ip_forward = 1;
+	session->flags |= PIPEX_SFLAGS_IP_FORWARD;
 
 	session->stat_counters = counters_alloc(pxc_ncounters);
 
@@ -395,9 +395,9 @@ pipex_link_session(struct pipex_session *session, struct ifnet *ifp,
 	session->ownersc = ownersc;
 	session->ifindex = ifp->if_index;
 	if (ifp->if_flags & IFF_POINTOPOINT)
-		session->is_pppx = 1;
+		session->flags |= PIPEX_SFLAGS_PPPX;
 
-	if (session->is_pppx == 0 &&
+	if ((session->flags & PIPEX_SFLAGS_PPPX) == 0 &&
 	    !in_nullhost(session->ip_address.sin_addr)) {
 		if (pipex_lookup_by_ip_address(session->ip_address.sin_addr)
 		    != NULL)
@@ -439,7 +439,7 @@ pipex_unlink_session(struct pipex_session *session)
 	NET_ASSERT_LOCKED();
 	if (session->state == PIPEX_STATE_CLOSED)
 		return;
-	if (session->is_pppx == 0 &&
+	if ((session->flags & PIPEX_SFLAGS_PPPX) == 0 &&
 	    !in_nullhost(session->ip_address.sin_addr)) {
 		KASSERT(pipex_rd_head4 != NULL);
 		rn = rn_delete(&session->ip_address, &session->ip_netmask,
@@ -507,7 +507,11 @@ pipex_config_session(struct pipex_session_config_req *req, void *ownersc)
 		return (EINVAL);
 	if (session->ownersc != ownersc)
 		return (EINVAL);
-	session->ip_forward = req->pcr_ip_forward;
+
+	if (req->pcr_ip_forward != 0)
+		session->flags |= PIPEX_SFLAGS_IP_FORWARD;
+	else
+		session->flags &= ~PIPEX_SFLAGS_IP_FORWARD;
 
 	return (0);
 }
@@ -657,7 +661,7 @@ pipex_timer(void *ignored_arg)
 				continue;
 			/* Release the sessions when timeout */
 			pipex_unlink_session(session);
-			KASSERTMSG(session->is_pppx == 0,
+			KASSERTMSG((session->flags & PIPEX_SFLAGS_PPPX) == 0,
 			    "FIXME session must not be released when pppx");
 			pipex_rele_session(session);
 			break;
@@ -678,11 +682,12 @@ pipex_ip_output(struct mbuf *m0, struct pipex_session *session)
 {
 	int is_idle;
 
-	if (session->is_multicast == 0) {
+	if ((session->flags & PIPEX_SFLAGS_MULTICAST) == 0) {
 		/*
 		 * Multicast packet is a idle packet and it's not TCP.
 		 */
-		if (session->ip_forward == 0 && session->ip6_forward == 0)
+		if ((session->flags & (PIPEX_SFLAGS_IP_FORWARD |
+		    PIPEX_SFLAGS_IP6_FORWARD)) == 0)
 			goto drop;
 		/* reset idle timer */
 		if (session->timeout_sec != 0) {
@@ -712,8 +717,8 @@ pipex_ip_output(struct mbuf *m0, struct pipex_session *session)
 		LIST_FOREACH(session_tmp, &pipex_session_list, session_list) {
 			if (session_tmp->ownersc != session->ownersc)
 				continue;
-			if (session_tmp->ip_forward == 0 &&
-			    session_tmp->ip6_forward == 0)
+			if ((session->flags & (PIPEX_SFLAGS_IP_FORWARD |
+			    PIPEX_SFLAGS_IP6_FORWARD)) == 0)
 				continue;
 			m = m_copym(m0, 0, M_COPYALL, M_NOWAIT);
 			if (m == NULL) {
@@ -838,7 +843,7 @@ pipex_ppp_input(struct mbuf *m0, struct pipex_session *session, int decrypted)
 
 	switch (proto) {
 	case PPP_IP:
-		if (session->ip_forward == 0)
+		if ((session->flags & PIPEX_SFLAGS_IP_FORWARD) == 0)
 			goto drop;
 		if (!decrypted && pipex_session_is_mppe_required(session))
 			/*
@@ -850,7 +855,7 @@ pipex_ppp_input(struct mbuf *m0, struct pipex_session *session, int decrypted)
 		return;
 #ifdef INET6
 	case PPP_IPV6:
-		if (session->ip6_forward == 0)
+		if ((session->flags & PIPEX_SFLAGS_IP6_FORWARD) == 0)
 			goto drop;
 		if (!decrypted && pipex_session_is_mppe_required(session))
 			/*
@@ -2102,7 +2107,7 @@ pipex_mppe_init(struct pipex_mppe *mppe, int stateless, int keylenbits,
 	memset(mppe, 0, sizeof(struct pipex_mppe));
 	mtx_init(&mppe->pxm_mtx, IPL_SOFTNET);
 	if (stateless)
-		mppe->stateless = 1;
+		mppe->flags |= PIPEX_MPPE_STATELESS;
 	if (has_oldkey)
 		mppe->old_session_keys =
 		    pool_get(&mppe_key_pool, PR_WAITOK);
@@ -2273,7 +2278,7 @@ pipex_mppe_input(struct mbuf *m0, struct pipex_session *session)
 	if (coher_cnt < mppe->coher_cnt)
 		coher_cnt0 += 0x1000;
 	if (coher_cnt0 - mppe->coher_cnt > 0x0f00) {
-		if (!mppe->stateless ||
+		if ((mppe->flags & PIPEX_MPPE_STATELESS) == 0 ||
 		    coher_cnt0 - mppe->coher_cnt
 		    <= 0x1000 - PIPEX_MPPE_NOLDKEY) {
 			pipex_session_log(session, LOG_DEBUG,
@@ -2286,7 +2291,7 @@ pipex_mppe_input(struct mbuf *m0, struct pipex_session *session)
 	}
     }
 
-	if (mppe->stateless != 0) {
+	if ((mppe->flags & PIPEX_MPPE_STATELESS) != 0) {
 		if (!rewind) {
 			mppe_key_change(mppe);
 			while (mppe->coher_cnt != coher_cnt) {
@@ -2407,16 +2412,16 @@ pipex_mppe_output(struct mbuf *m0, struct pipex_session *session,
 
 	mtx_enter(&mppe->pxm_mtx);
 
-	if (mppe->stateless != 0) {
+	if ((mppe->flags & PIPEX_MPPE_STATELESS) != 0) {
 		flushed = 1;
 		mppe_key_change(mppe);
 	} else {
 		if ((mppe->coher_cnt % 0x100) == 0xff) {
 			flushed = 1;
 			mppe_key_change(mppe);
-		} else if (mppe->resetreq != 0) {
+		} else if ((mppe->flags & PIPEX_MPPE_RESETREQ) != 0) {
 			flushed = 1;
-			mppe->resetreq = 0;
+			mppe->flags &= ~PIPEX_MPPE_RESETREQ;
 		}
 	}
 
@@ -2478,7 +2483,7 @@ pipex_ccp_input(struct mbuf *m0, struct pipex_session *session)
 	case CCP_RESETREQ:
 		PIPEX_DBG((session, LOG_DEBUG, "CCP RecvResetReq"));
 		mtx_enter(&session->mppe_send.pxm_mtx);
-		session->mppe_send.resetreq = 1;
+		session->mppe_send.flags |= PIPEX_MPPE_RESETREQ;
 		mtx_leave(&session->mppe_send.pxm_mtx);
 #ifndef PIPEX_NO_CCP_RESETACK
 		PIPEX_DBG((session, LOG_DEBUG, "CCP SendResetAck"));
diff --git a/sys/net/pipex_local.h b/sys/net/pipex_local.h
index 6d0dc4a5ac5..7431f44487c 100644
--- a/sys/net/pipex_local.h
+++ b/sys/net/pipex_local.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: pipex_local.h,v 1.45 2022/02/15 03:31:17 jsg Exp $	*/
+/*	$OpenBSD: pipex_local.h,v 1.46 2022/06/26 13:14:37 mvs Exp $	*/
 
 /*
  * Copyright (c) 2009 Internet Initiative Japan Inc.
@@ -61,9 +61,10 @@
 /* mppe rc4 key */
 struct pipex_mppe {
 	struct mutex pxm_mtx;
-	int16_t	stateless:1,			/* [I] key change mode */
-		resetreq:1,			/* [m] */
-		reserved:14;
+	u_int flags;				/* [m] flags, see below */
+#define PIPEX_MPPE_STATELESS	0x01		/* [I] key change mode */
+#define PIPEX_MPPE_RESETREQ	0x02		/* [m] */
+
 	int16_t	keylenbits;			/* [I] key length */
 	int16_t keylen;				/* [I] */
 	uint16_t coher_cnt;			/* [m] coherency counter */
@@ -170,11 +171,15 @@ struct pipex_session {
 #define PIPEX_STATE_CLOSED		0x0004
 
 	uint32_t	idle_time;	/* [N] idle time in seconds */
-	uint16_t	ip_forward:1,	/* [N] {en|dis}ableIP forwarding */
-			ip6_forward:1,	/* [I] {en|dis}able IPv6 forwarding */
-			is_multicast:1,	/* [I] virtual entry for multicast */
-			is_pppx:1,	/* [I] interface is point2point(pppx) */
-			reserved:12;
+
+	u_int		flags;		     /* [N] flags, see below */
+#define PIPEX_SFLAGS_IP_FORWARD		0x01 /* [N] enable IP forwarding */
+#define PIPEX_SFLAGS_IP6_FORWARD	0x02 /* [N] enable IPv6 forwarding */
+#define PIPEX_SFLAGS_MULTICAST		0x04 /* [I] virtual entry for
+						multicast */
+#define PIPEX_SFLAGS_PPPX		0x08 /* [I] interface is
+						point2point(pppx) */
+
 	uint16_t	protocol;		/* [I] tunnel protocol (PK) */
 	uint16_t	session_id;		/* [I] session-id (PK) */
 	uint16_t	peer_session_id;	/* [I] peer's session-id */
-- 
2.20.1