Don't start callouts for domains before attaching domains on rump kernels

On rump kernels, the callouts for domains, pffasttimo and pfslowtimo, started before domains were attached. Normally the callouts were dispatched after domain attaches (initializations) finished, however, under load the callouts could be executed prior to the attaches, resulting in that the callouts accessed unallocated or uninitialized resources.
2018-01-10 02:50:26 +00:00 · 2018-01-10 02:50:26 +00:00 · 5f7710ea35
parent 78dff00194
commit 5f7710ea35
3 changed files with 30 additions and 9 deletions
--- a/sys/kern/uipc_domain.c
+++ b/sys/kern/uipc_domain.c
@ -1,4 +1,4 @@
-/*	$NetBSD: uipc_domain.c,v 1.100 2017/09/09 14:41:19 joerg Exp $	*/
+/*	$NetBSD: uipc_domain.c,v 1.101 2018/01/10 02:50:26 ozaki-r Exp $	*/

 /*
 * Copyright (c) 1982, 1986, 1993
@ -32,7 +32,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: uipc_domain.c,v 1.100 2017/09/09 14:41:19 joerg Exp $");
+__KERNEL_RCSID(0, "$NetBSD: uipc_domain.c,v 1.101 2018/01/10 02:50:26 ozaki-r Exp $");

 #include <sys/param.h>
 #include <sys/socket.h>
@ -84,6 +84,17 @@ static void sysctl_net_setup(void);
 static struct domain domain_dummy;
 __link_set_add_rodata(domains,domain_dummy);

+static void
+domain_init_timers(void)
+{
+
+	callout_init(&pffasttimo_ch, CALLOUT_MPSAFE);
+	callout_init(&pfslowtimo_ch, CALLOUT_MPSAFE);
+
+	callout_reset(&pffasttimo_ch, 1, pffasttimo, NULL);
+	callout_reset(&pfslowtimo_ch, 1, pfslowtimo, NULL);
+}
+
 void
 domaininit(bool attach)
 {
@ -108,13 +119,20 @@ domaininit(bool attach)
 		}
 		if (rt_domain)
 			domain_attach(rt_domain);
+
+		domain_init_timers();
 	}
+}

-	callout_init(&pffasttimo_ch, CALLOUT_MPSAFE);
-	callout_init(&pfslowtimo_ch, CALLOUT_MPSAFE);
+/*
+ * Must be called only if domaininit has been called with false and
+ * after all domains have been attached.
+ */
+void
+domaininit_post(void)
+{

-	callout_reset(&pffasttimo_ch, 1, pffasttimo, NULL);
-	callout_reset(&pfslowtimo_ch, 1, pfslowtimo, NULL);
+	domain_init_timers();
 }

 void
--- a/sys/rump/librump/rumpnet/rump_net.c
+++ b/sys/rump/librump/rumpnet/rump_net.c
@ -1,4 +1,4 @@
-/*	$NetBSD: rump_net.c,v 1.20 2017/01/17 02:03:09 christos Exp $	*/
+/*	$NetBSD: rump_net.c,v 1.21 2018/01/10 02:50:26 ozaki-r Exp $	*/

 /*
 * Copyright (c) 2008 Antti Kantee.  All Rights Reserved.
@ -26,7 +26,7 @@
 */

 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: rump_net.c,v 1.20 2017/01/17 02:03:09 christos Exp $");
+__KERNEL_RCSID(0, "$NetBSD: rump_net.c,v 1.21 2018/01/10 02:50:26 ozaki-r Exp $");

 #include <sys/param.h>

@ -56,4 +56,6 @@ RUMP_COMPONENT(RUMP__FACTION_NET)
 	rump_component_init(RUMP_COMPONENT_NET_ROUTE);
 	rump_component_init(RUMP_COMPONENT_NET_IF);
 	rump_component_init(RUMP_COMPONENT_NET_IFCFG);
+
+	domaininit_post();
 }
--- a/sys/sys/domain.h
+++ b/sys/sys/domain.h
@ -1,4 +1,4 @@
-/*	$NetBSD: domain.h,v 1.33 2017/09/21 07:15:35 ozaki-r Exp $	*/
+/*	$NetBSD: domain.h,v 1.34 2018/01/10 02:50:26 ozaki-r Exp $	*/

 /*
 * Copyright (c) 1982, 1986, 1993
@ -103,6 +103,7 @@ STAILQ_HEAD(domainhead,domain);
 extern struct domainhead domains;
 void domain_attach(struct domain *);
 void domaininit(bool);
+void domaininit_post(void);
 #endif

 #endif /* !_SYS_DOMAIN_H_ */