From owner-dev-commits-src-main@freebsd.org Fri Jun 4 17:18:24 2021 Return-Path: Delivered-To: dev-commits-src-main@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id AD7F26516CD; Fri, 4 Jun 2021 17:18:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4FxTxX4FQFz4Tc3; Fri, 4 Jun 2021 17:18:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 79DEF20EF6; Fri, 4 Jun 2021 17:18:24 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 154HIOmC039137; Fri, 4 Jun 2021 17:18:24 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 154HIOgS039136; Fri, 4 Jun 2021 17:18:24 GMT (envelope-from git) Date: Fri, 4 Jun 2021 17:18:24 GMT Message-Id: <202106041718.154HIOgS039136@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Ryan Stone Subject: git: 2290dfb40fce - main - Enter the net epoch before calling ip6_setpktopts MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: rstone X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 2290dfb40fce0ab46d91244282014173c7316e42 Auto-Submitted: auto-generated X-BeenThere: dev-commits-src-main@freebsd.org X-Mailman-Version: 2.1.34 Precedence: list List-Id: Commit messages for the main branch of the src repository List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 04 Jun 2021 17:18:24 -0000 The branch main has been updated by rstone: URL: https://cgit.FreeBSD.org/src/commit/?id=2290dfb40fce0ab46d91244282014173c7316e42 commit 2290dfb40fce0ab46d91244282014173c7316e42 Author: Ryan Stone AuthorDate: 2021-05-19 19:10:03 +0000 Commit: Ryan Stone CommitDate: 2021-06-04 17:18:11 +0000 Enter the net epoch before calling ip6_setpktopts ip6_setpktopts() can look up ifnets via ifnet_by_index(), which is only safe in the net epoch. Ensure that callers are in the net epoch before calling this function. Sponsored by: Dell EMC Isilon MFC after: 4 weeks Reviewed by: donner, kp Differential Revision: https://reviews.freebsd.org/D30630 --- sys/netinet6/ip6_output.c | 10 ++++++++++ sys/netinet6/raw_ip6.c | 8 ++++++-- sys/netinet6/udp6_usrreq.c | 9 ++------- 3 files changed, 18 insertions(+), 9 deletions(-) diff --git a/sys/netinet6/ip6_output.c b/sys/netinet6/ip6_output.c index 2b49a9f7c351..71c5c4e5a501 100644 --- a/sys/netinet6/ip6_output.c +++ b/sys/netinet6/ip6_output.c @@ -2496,6 +2496,7 @@ ip6_pcbopts(struct ip6_pktopts **pktopt, struct mbuf *m, struct ip6_pktopts *opt = *pktopt; int error = 0; struct thread *td = sopt->sopt_td; + struct epoch_tracker et; /* turn off any old options. */ if (opt) { @@ -2523,12 +2524,15 @@ ip6_pcbopts(struct ip6_pktopts **pktopt, struct mbuf *m, } /* set options specified by user. */ + NET_EPOCH_ENTER(et); if ((error = ip6_setpktopts(m, opt, NULL, (td != NULL) ? td->td_ucred : NULL, so->so_proto->pr_protocol)) != 0) { ip6_clearpktopts(opt, -1); /* XXX: discard all options */ free(opt, M_IP6OPT); + NET_EPOCH_EXIT(et); return (error); } + NET_EPOCH_EXIT(et); *pktopt = opt; return (0); } @@ -2824,6 +2828,12 @@ ip6_setpktopts(struct mbuf *control, struct ip6_pktopts *opt, if (control == NULL || opt == NULL) return (EINVAL); + /* + * ip6_setpktopt can call ifnet_by_index(), so it's imperative that we are + * in the net epoch here. + */ + NET_EPOCH_ASSERT(); + ip6_initpktopts(opt); if (stickyopt) { int error; diff --git a/sys/netinet6/raw_ip6.c b/sys/netinet6/raw_ip6.c index a369abb04bfc..ad64429b5890 100644 --- a/sys/netinet6/raw_ip6.c +++ b/sys/netinet6/raw_ip6.c @@ -417,9 +417,13 @@ rip6_output(struct mbuf *m, struct socket *so, ...) INP_WLOCK(inp); if (control != NULL) { - if ((error = ip6_setpktopts(control, &opt, + NET_EPOCH_ENTER(et); + error = ip6_setpktopts(control, &opt, inp->in6p_outputopts, so->so_cred, - so->so_proto->pr_protocol)) != 0) { + so->so_proto->pr_protocol); + NET_EPOCH_EXIT(et); + + if (error != 0) { goto bad; } optp = &opt; diff --git a/sys/netinet6/udp6_usrreq.c b/sys/netinet6/udp6_usrreq.c index 7c573d095d77..5841988f6113 100644 --- a/sys/netinet6/udp6_usrreq.c +++ b/sys/netinet6/udp6_usrreq.c @@ -810,21 +810,16 @@ udp6_output(struct socket *so, int flags_arg, struct mbuf *m, return (EINVAL); } + NET_EPOCH_ENTER(et); if (control) { if ((error = ip6_setpktopts(control, &opt, inp->in6p_outputopts, td->td_ucred, nxt)) != 0) { - INP_UNLOCK(inp); - ip6_clearpktopts(&opt, -1); - if (control) - m_freem(control); - m_freem(m); - return (error); + goto release; } optp = &opt; } else optp = inp->in6p_outputopts; - NET_EPOCH_ENTER(et); if (sin6) { /* * Since we saw no essential reason for calling in_pcbconnect,