From 33aa5105d87e5570263352f07d0968142c866c2f Mon Sep 17 00:00:00 2001 From: claudio Date: Sun, 8 Oct 2023 07:44:52 +0000 Subject: [PATCH] Revert commitid: KtmyJEoS0WWxmlZ5 --- Protect interface queues with read once and mutex. Reading atomic values need at least read once and writing values should have a mutex. This is what mbuf queues already do. Add READ_ONCE() to ifq and ifiq macros for len and empty. Convert ifq_set_maxlen() to a function that grabs ifq_mtx. OK mvs@ --- ifq_set_maxlen() is called before the ifq_mtx is initalized and this at least crashes WITNESS kernels on boot. Reported-by: syzbot+7b218ef53432b5d56d7d@syzkaller.appspotmail.com --- sys/net/ifq.c | 10 +--------- sys/net/ifq.h | 12 ++++++------ 2 files changed, 7 insertions(+), 15 deletions(-) diff --git a/sys/net/ifq.c b/sys/net/ifq.c index 7255f449ba3..fb8dea2c1cf 100644 --- a/sys/net/ifq.c +++ b/sys/net/ifq.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ifq.c,v 1.51 2023/10/05 11:08:56 bluhm Exp $ */ +/* $OpenBSD: ifq.c,v 1.52 2023/10/08 07:44:52 claudio Exp $ */ /* * Copyright (c) 2015 David Gwynne @@ -529,14 +529,6 @@ ifq_hdatalen(struct ifqueue *ifq) return (len); } -void -ifq_set_maxlen(struct ifqueue *ifq, unsigned int maxlen) -{ - mtx_enter(&ifq->ifq_mtx); - ifq->ifq_maxlen = maxlen; - mtx_leave(&ifq->ifq_mtx); -} - unsigned int ifq_purge(struct ifqueue *ifq) { diff --git a/sys/net/ifq.h b/sys/net/ifq.h index d15af37b45f..ac06de454a5 100644 --- a/sys/net/ifq.h +++ b/sys/net/ifq.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ifq.h,v 1.39 2023/10/05 11:08:56 bluhm Exp $ */ +/* $OpenBSD: ifq.h,v 1.40 2023/10/08 07:44:52 claudio Exp $ */ /* * Copyright (c) 2015 David Gwynne @@ -435,7 +435,6 @@ void ifq_deq_commit(struct ifqueue *, struct mbuf *); void ifq_deq_rollback(struct ifqueue *, struct mbuf *); struct mbuf *ifq_dequeue(struct ifqueue *); int ifq_hdatalen(struct ifqueue *); -void ifq_set_maxlen(struct ifqueue *, unsigned int); void ifq_mfreem(struct ifqueue *, struct mbuf *); void ifq_mfreeml(struct ifqueue *, struct mbuf_list *); unsigned int ifq_purge(struct ifqueue *); @@ -449,8 +448,9 @@ int ifq_deq_sleep(struct ifqueue *, struct mbuf **, int, int, const char *, volatile unsigned int *, volatile unsigned int *); -#define ifq_len(_ifq) READ_ONCE((_ifq)->ifq_len) -#define ifq_empty(_ifq) (ifq_len(_ifq) == 0) +#define ifq_len(_ifq) ((_ifq)->ifq_len) +#define ifq_empty(_ifq) (ifq_len(_ifq) == 0) +#define ifq_set_maxlen(_ifq, _l) ((_ifq)->ifq_maxlen = (_l)) static inline int ifq_is_priq(struct ifqueue *ifq) @@ -490,8 +490,8 @@ int ifiq_input(struct ifiqueue *, struct mbuf_list *); int ifiq_enqueue(struct ifiqueue *, struct mbuf *); void ifiq_add_data(struct ifiqueue *, struct if_data *); -#define ifiq_len(_ifiq) READ_ONCE(ml_len(&(_ifiq)->ifiq_ml)) -#define ifiq_empty(_ifiq) (ifiq_len(_ifiq) == 0) +#define ifiq_len(_ifiq) ml_len(&(_ifiq)->ifiq_ml) +#define ifiq_empty(_ifiq) ml_empty(&(_ifiq)->ifiq_ml) #endif /* _KERNEL */ -- 2.20.1