Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Pull up following revision(s) (requested by ozaki-r in ticket #1642): 

sys/net/route.c: revision 1.237

route: run workqueue kthreads with KERNEL_LOCK unless NET_MPSAFE

Without KERNEL_LOCK, rt_timer_work and rt_free_work can run in parallel
with other LWPs running in the network stack, which eventually results
in say use-after-free of a deleted route.
This commit is contained in:
martin 2023-06-08 11:17:18 +00:00
parent 630aef2236
commit 2a0a3f463a
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
sys/net/route.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: route.c,v 1.219.2.3 2023/02/22 18:53:56 martin Exp $ */
/* $NetBSD: route.c,v 1.219.2.4 2023/06/08 11:17:18 martin Exp $ */
/*-
* Copyright (c) 1998, 2008 The NetBSD Foundation, Inc.
@ -97,7 +97,7 @@
#endif
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: route.c,v 1.219.2.3 2023/02/22 18:53:56 martin Exp $");
__KERNEL_RCSID(0, "$NetBSD: route.c,v 1.219.2.4 2023/06/08 11:17:18 martin Exp $");
#include <sys/param.h>
#ifdef RTFLUSH_DEBUG
@ -229,12 +229,14 @@ static krwlock_t rt_lock __cacheline_aligned;
#define RT_UNLOCK() rw_exit(&rt_lock)
#define RT_WLOCKED() rw_write_held(&rt_lock)
#define RT_ASSERT_WLOCK() KASSERT(rw_write_held(&rt_lock))
#define RT_WQ_FLAGS WQ_MPSAFE
#else
#define RT_RLOCK() do {} while (0)
#define RT_WLOCK() do {} while (0)
#define RT_UNLOCK() do {} while (0)
#define RT_WLOCKED() true
#define RT_ASSERT_WLOCK() do {} while (0)
#define RT_WQ_FLAGS 0
#endif
static uint64_t rtcache_generation;
@ -479,7 +481,7 @@ rt_init(void)
rt_psref_class = psref_class_create("rtentry", IPL_SOFTNET);
error = workqueue_create(&rt_free_global.wq, "rt_free",
rt_free_work, NULL, PRI_SOFTNET, IPL_SOFTNET, WQ_MPSAFE);
rt_free_work, NULL, PRI_SOFTNET, IPL_SOFTNET, RT_WQ_FLAGS);
if (error)
panic("%s: workqueue_create failed (%d)\n", __func__, error);
@ -1802,7 +1804,7 @@ rt_timer_init(void)
LIST_INIT(&rttimer_queue_head);
callout_init(&rt_timer_ch, CALLOUT_MPSAFE);
error = workqueue_create(&rt_timer_wq, "rt_timer",
rt_timer_work, NULL, PRI_SOFTNET, IPL_SOFTNET, WQ_MPSAFE);
rt_timer_work, NULL, PRI_SOFTNET, IPL_SOFTNET, RT_WQ_FLAGS);
if (error)
panic("%s: workqueue_create failed (%d)\n", __func__, error);
callout_reset(&rt_timer_ch, hz, rt_timer_timer, NULL);