CVS commit: src/sys/net

[Taylor R Campbell]

Module Name:    src
Committed By:   riastradh
Date:           Mon Aug 31 20:24:19 UTC 2020

Modified Files:
        src/sys/net: if_wg.c

Log Message:
wg: mbuf m_freem audit.

1. wg_handle_msg_data frees m but the other wg_handle_msg_* just take
   a pointer to the mbuf content and not m itself, so free m in those
   cases.

2. Can't trivially prove that the pcq is empty by the time
   wg_destroy_peer runs pcq_destroy, so let's explicitly purge it
   just in case.

3. If wg_send_udp isn't doing udp_send or udp6_output, it still has
   to free m in the !INET6 error branch for IPv6 packets.

4. After rumpuser_wg_send_peer or rumpuser_wg_send_user, we still
   need to free the mbuf.


To generate a diff of this commit:
cvs rdiff -u -r1.37 -r1.38 src/sys/net/if_wg.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/sys/net/if_wg.c
diff -u src/sys/net/if_wg.c:1.37 src/sys/net/if_wg.c:1.38
--- src/sys/net/if_wg.c:1.37	Mon Aug 31 20:23:56 2020
+++ src/sys/net/if_wg.c	Mon Aug 31 20:24:19 2020
@@ -1,4 +1,4 @@
-/*	$NetBSD: if_wg.c,v 1.37 2020/08/31 20:23:56 riastradh Exp $	*/
+/*	$NetBSD: if_wg.c,v 1.38 2020/08/31 20:24:19 riastradh Exp $	*/
 
 /*
  * Copyright (C) Ryota Ozaki <ozaki.ry...@gmail.com>
@@ -41,7 +41,7 @@
  */
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_wg.c,v 1.37 2020/08/31 20:23:56 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_wg.c,v 1.38 2020/08/31 20:24:19 riastradh Exp $");
 
 #ifdef _KERNEL_OPT
 #include "opt_inet.h"
@@ -2683,11 +2683,13 @@ wg_handle_packet(struct wg_softc *wg, st
 		break;
 	case WG_MSG_TYPE_DATA:
 		wg_handle_msg_data(wg, m, src);
-		break;
+		/* wg_handle_msg_data frees m for us */
+		return;
 	default:
-		/* wg_validate_msg_header should already reject this case */
-		break;
+		panic("invalid message type: %d", wgm->wgm_type);
 	}
+
+	m_freem(m);
 }
 
 static void
@@ -3313,6 +3315,9 @@ wg_destroy_peer(struct wg_peer *wgp)
 	}
 	rw_exit(wg->wg_rwlock);
 
+	/* Purge pending packets.  */
+	wg_purge_pending_packets(wgp);
+
 	/* Halt all packet processing and timeouts.  */
 	softint_disestablish(wgp->wgp_si);
 	callout_halt(&wgp->wgp_rekey_timer, NULL);
@@ -3704,6 +3709,7 @@ wg_send_udp(struct wg_peer *wgp, struct 
 		error = udp6_output(sotoin6pcb(so), m, wgsatosin6(wgsa),
 		    NULL, curlwp);
 #else
+		m_freem(m);
 		error = EPROTONOSUPPORT;
 #endif
 	}
@@ -4653,6 +4659,8 @@ wg_send_user(struct wg_peer *wgp, struct
 
 	wg_put_sa(wgp, wgsa, &psref);
 
+	m_freem(m);
+
 	return error;
 }
 
@@ -4692,6 +4700,8 @@ wg_input_user(struct ifnet *ifp, struct 
 
 	/* Send decrypted packets to users via a tun. */
 	rumpuser_wg_send_user(wg->wg_user, iov, 2);
+
+	m_freem(m);
 }
 
 static int