From f3c8d50914a0d7408be632f4a866925bf1fe4db8 Mon Sep 17 00:00:00 2001 From: mpi Date: Mon, 29 May 2017 14:36:22 +0000 Subject: [PATCH] Per-interface list of addresses, both multicast and unicast, are currently protected by the NET_LOCK(). They are not accessed in the hot path, so protecting them with a mutex could be an option. However since we're now going to run with a NET_LOCK() for some time, assert that it is held. IPsec is not yet ready to run without KERNEL_LOCK(), so assert it is held, even in the forwarding path. Tested by sthen@, ok visa@, claudio@, bluhm@ --- sys/netinet/in.c | 6 +----- sys/netinet/in_var.h | 4 +++- sys/netinet/ip_input.c | 9 ++++----- sys/netinet/ip_output.c | 12 +++--------- sys/netinet6/ip6_input.c | 5 ++--- 5 files changed, 13 insertions(+), 23 deletions(-) diff --git a/sys/netinet/in.c b/sys/netinet/in.c index e2f0ed59b7b..4aa12f06985 100644 --- a/sys/netinet/in.c +++ b/sys/netinet/in.c @@ -1,4 +1,4 @@ -/* $OpenBSD: in.c,v 1.138 2017/05/16 12:24:01 mpi Exp $ */ +/* $OpenBSD: in.c,v 1.139 2017/05/29 14:36:22 mpi Exp $ */ /* $NetBSD: in.c,v 1.26 1996/02/13 23:41:39 christos Exp $ */ /* @@ -798,8 +798,6 @@ in_addmulti(struct in_addr *ap, struct ifnet *ifp) struct in_multi *inm; struct ifreq ifr; - NET_ASSERT_LOCKED(); - /* * See if address already in list. */ @@ -901,10 +899,8 @@ in_hasmulti(struct in_addr *ap, struct ifnet *ifp) struct in_multi *inm; int joined; - KERNEL_LOCK(); IN_LOOKUP_MULTI(*ap, ifp, inm); joined = (inm != NULL); - KERNEL_UNLOCK(); return (joined); } diff --git a/sys/netinet/in_var.h b/sys/netinet/in_var.h index a265580cd43..d1f7d1fcd21 100644 --- a/sys/netinet/in_var.h +++ b/sys/netinet/in_var.h @@ -1,4 +1,4 @@ -/* $OpenBSD: in_var.h,v 1.39 2016/06/15 19:39:34 gerhard Exp $ */ +/* $OpenBSD: in_var.h,v 1.40 2017/05/29 14:36:22 mpi Exp $ */ /* $NetBSD: in_var.h,v 1.16 1996/02/13 23:42:15 christos Exp $ */ /* @@ -86,6 +86,7 @@ struct in_aliasreq { /* struct in_ifaddr *ia; */ \ do { \ struct ifaddr *ifa; \ + NET_ASSERT_LOCKED(); \ TAILQ_FOREACH(ifa, &(ifp)->if_addrlist, ifa_list) { \ if (ifa->ifa_addr->sa_family == AF_INET) \ break; \ @@ -142,6 +143,7 @@ do { \ struct ifmaddr *ifma; \ \ (inm) = NULL; \ + NET_ASSERT_LOCKED(); \ TAILQ_FOREACH(ifma, &(ifp)->if_maddrlist, ifma_list) \ if (ifma->ifma_addr->sa_family == AF_INET && \ ifmatoinm(ifma)->inm_addr.s_addr == (addr).s_addr) {\ diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index 7e79db49813..7eeb83b07c9 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_input.c,v 1.306 2017/05/28 12:22:54 jsg Exp $ */ +/* $OpenBSD: ip_input.c,v 1.307 2017/05/29 14:36:22 mpi Exp $ */ /* $NetBSD: ip_input.c,v 1.30 1996/03/16 23:53:58 christos Exp $ */ /* @@ -441,9 +441,9 @@ ipv4_input(struct mbuf *m) if (ipsec_in_use) { int rv; - KERNEL_LOCK(); + KERNEL_ASSERT_LOCKED(); + rv = ipsec_forward_check(m, hlen, AF_INET); - KERNEL_UNLOCK(); if (rv != 0) { ipstat_inc(ips_cantforward); goto bad; @@ -667,7 +667,7 @@ in_ouraddr(struct mbuf *m, struct ifnet *ifp, struct rtentry **prt) * interface, and that M_BCAST will only be set on a BROADCAST * interface. */ - KERNEL_LOCK(); + NET_ASSERT_LOCKED(); TAILQ_FOREACH(ifa, &ifp->if_addrlist, ifa_list) { if (ifa->ifa_addr->sa_family != AF_INET) continue; @@ -678,7 +678,6 @@ in_ouraddr(struct mbuf *m, struct ifnet *ifp, struct rtentry **prt) break; } } - KERNEL_UNLOCK(); } return (match); diff --git a/sys/netinet/ip_output.c b/sys/netinet/ip_output.c index aa2d3dd2380..3536c450e67 100644 --- a/sys/netinet/ip_output.c +++ b/sys/netinet/ip_output.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_output.c,v 1.339 2017/04/19 15:21:54 bluhm Exp $ */ +/* $OpenBSD: ip_output.c,v 1.340 2017/05/29 14:36:22 mpi Exp $ */ /* $NetBSD: ip_output.c,v 1.28 1996/02/13 23:43:07 christos Exp $ */ /* @@ -192,11 +192,9 @@ reroute: if (ip->ip_src.s_addr == INADDR_ANY) { struct in_ifaddr *ia; - KERNEL_LOCK(); IFP_TO_IA(ifp, ia); if (ia != NULL) ip->ip_src = ia->ia_addr.sin_addr; - KERNEL_UNLOCK(); } } else { struct in_ifaddr *ia; @@ -233,11 +231,10 @@ reroute: #ifdef IPSEC if (ipsec_in_use || inp != NULL) { - KERNEL_LOCK(); + KERNEL_ASSERT_LOCKED(); /* Do we have any pending SAs to apply ? */ tdb = ip_output_ipsec_lookup(m, hlen, &error, inp, ipsecflowinfo); - KERNEL_UNLOCK(); if (error != 0) { /* Should silently drop packet */ if (error == -EINVAL) @@ -307,11 +304,9 @@ reroute: if (ip->ip_src.s_addr == INADDR_ANY) { struct in_ifaddr *ia; - KERNEL_LOCK(); IFP_TO_IA(ifp, ia); if (ia != NULL) ip->ip_src = ia->ia_addr.sin_addr; - KERNEL_UNLOCK(); } if ((imo == NULL || imo->imo_loop) && @@ -407,10 +402,9 @@ sendit: * Check if the packet needs encapsulation. */ if (tdb != NULL) { - KERNEL_LOCK(); + KERNEL_ASSERT_LOCKED(); /* Callee frees mbuf */ error = ip_output_ipsec_send(tdb, m, ifp, ro); - KERNEL_UNLOCK(); goto done; } #endif /* IPSEC */ diff --git a/sys/netinet6/ip6_input.c b/sys/netinet6/ip6_input.c index 00b30139913..183d7807e81 100644 --- a/sys/netinet6/ip6_input.c +++ b/sys/netinet6/ip6_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip6_input.c,v 1.190 2017/05/28 09:25:51 bluhm Exp $ */ +/* $OpenBSD: ip6_input.c,v 1.191 2017/05/29 14:36:22 mpi Exp $ */ /* $KAME: ip6_input.c,v 1.188 2001/03/29 05:34:31 itojun Exp $ */ /* @@ -474,9 +474,8 @@ ip6_input(struct mbuf *m) if (ipsec_in_use) { int rv; - KERNEL_LOCK(); + KERNEL_ASSERT_LOCKED(); rv = ipsec_forward_check(m, off, AF_INET6); - KERNEL_UNLOCK(); if (rv != 0) { ip6stat_inc(ip6s_cantforward); goto bad; -- 2.20.1