Module Name: src
Committed By: ozaki-r
Date: Fri Aug 3 09:54:40 UTC 2018
Modified Files:
src/sys/net: if_tun.c
Log Message:
tun: fix locking against myself
filt_tunread is called with tun_lock held from tun_output (via tun_output =>
selnotify => knote), so we must not take tun_lock in filt_tunread. The bug
is triggered only if a tun is used through kqueue.
Found by k-goda@IIJ
To generate a diff of this commit:
cvs rdiff -u -r1.144 -r1.145 src/sys/net/if_tun.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/if_tun.c
diff -u src/sys/net/if_tun.c:1.144 src/sys/net/if_tun.c:1.145
--- src/sys/net/if_tun.c:1.144 Tue Jun 26 06:48:02 2018
+++ src/sys/net/if_tun.c Fri Aug 3 09:54:40 2018
@@ -1,4 +1,4 @@
-/* $NetBSD: if_tun.c,v 1.144 2018/06/26 06:48:02 msaitoh Exp $ */
+/* $NetBSD: if_tun.c,v 1.145 2018/08/03 09:54:40 ozaki-r Exp $ */
/*
* Copyright (c) 1988, Julian Onions <[email protected]>
@@ -19,7 +19,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_tun.c,v 1.144 2018/06/26 06:48:02 msaitoh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_tun.c,v 1.145 2018/08/03 09:54:40 ozaki-r Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -1058,18 +1058,15 @@ filt_tunread(struct knote *kn, long hint
struct ifnet *ifp = &tp->tun_if;
struct mbuf *m;
- mutex_enter(&tp->tun_lock);
+ KASSERT(mutex_owned(&tp->tun_lock));
+
IF_POLL(&ifp->if_snd, m);
- if (m == NULL) {
- mutex_exit(&tp->tun_lock);
+ if (m == NULL)
return 0;
- }
for (kn->kn_data = 0; m != NULL; m = m->m_next)
kn->kn_data += m->m_len;
- mutex_exit(&tp->tun_lock);
-
return 1;
}
