On 03/09/14(Wed) 20:59, Alexander Bluhm wrote:
> On Wed, Sep 03, 2014 at 03:53:34PM +0200, Martin Pieuchot wrote:
> > @@ -1078,7 +1079,7 @@ in6_purgeaddr(struct ifaddr *ifa)
> > void
> > in6_unlink_ifa(struct in6_ifaddr *ia6, struct ifnet *ifp)
> > {
> > - int s = splnet();
> > + splsoftassert(IPL_SOFTNET);
> >
> > ifa_del(ifp, &ia6->ia_ifa);
> >
>
> I think there are code paths that can trigger this assertion
>
> netinet6/in6.c: in6_unlink_ifa()
> netinet6/in6.c: in6_purgeaddr()
> netinet6/nd6_rtr.c: purge_detached()
> netinet6/nd6_rtr.c: nd6_prelist_add()
> netinet6/in6.c: in6_control()
> netinet/tcp_usrreq.c: tcp_usrreq()
> kern/sys_socket.c: soo_ioctl()
>
> netinet6/in6.c: in6_unlink_ifa()
> netinet6/in6.c: in6_purgeaddr()
> netinet6/nd6_rtr.c: purge_detached()
> netinet6/nd6_rtr.c: nd6_prelist_add()
> netinet6/in6_ifattach.c: in6_ifattach_linklocal()
> netinet/ip_carp.c carp_set_enaddr()
> netinet/ip_carp.c carp_ioctl()
> ...
>
> nd6_prelist_add() does some splsoftnet() already. I think you
> should put one around purge_detached() there.
Nice catch, updated diff below.
Index: net/if_loop.c
===================================================================
RCS file: /home/ncvs/src/sys/net/if_loop.c,v
retrieving revision 1.57
diff -u -p -r1.57 if_loop.c
--- net/if_loop.c 22 Jul 2014 11:06:09 -0000 1.57
+++ net/if_loop.c 11 Sep 2014 08:45:29 -0000
@@ -288,15 +288,13 @@ loioctl(struct ifnet *ifp, u_long cmd, c
{
struct ifaddr *ifa;
struct ifreq *ifr;
- int s, error = 0;
+ int error = 0;
switch (cmd) {
case SIOCSIFADDR:
- s = splnet();
ifp->if_flags |= IFF_RUNNING;
if_up(ifp); /* send up RTM_IFINFO */
- splx(s);
ifa = (struct ifaddr *)data;
if (ifa != 0)
Index: netinet/in.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/in.c,v
retrieving revision 1.103
diff -u -p -r1.103 in.c
--- netinet/in.c 3 Sep 2014 08:59:06 -0000 1.103
+++ netinet/in.c 11 Sep 2014 08:45:29 -0000
@@ -612,7 +612,7 @@ in_ifinit(struct ifnet *ifp, struct in_i
{
u_int32_t i = sin->sin_addr.s_addr;
struct sockaddr_in oldaddr;
- int s, error = 0;
+ int error = 0;
splsoftassert(IPL_SOFTNET);
@@ -627,7 +627,6 @@ in_ifinit(struct ifnet *ifp, struct in_i
rt_ifa_delloop(&ia->ia_ifa);
ifa_del(ifp, &ia->ia_ifa);
}
- s = splnet();
oldaddr = ia->ia_addr;
ia->ia_addr = *sin;
@@ -639,10 +638,8 @@ in_ifinit(struct ifnet *ifp, struct in_i
if (ifp->if_ioctl &&
(error = (*ifp->if_ioctl)(ifp, SIOCSIFADDR, (caddr_t)ia))) {
ia->ia_addr = oldaddr;
- splx(s);
goto out;
}
- splx(s);
if (ia->ia_netmask == 0) {
if (IN_CLASSA(i))
Index: netinet/ip_carp.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet/ip_carp.c,v
retrieving revision 1.234
diff -u -p -r1.234 ip_carp.c
--- netinet/ip_carp.c 8 Sep 2014 06:24:13 -0000 1.234
+++ netinet/ip_carp.c 11 Sep 2014 08:45:29 -0000
@@ -2059,10 +2059,11 @@ carp_ioctl(struct ifnet *ifp, u_long cmd
struct ifaddr *ifa = (struct ifaddr *)addr;
struct ifreq *ifr = (struct ifreq *)addr;
struct ifnet *cdev = NULL;
- int i, error = 0;
+ int s, i, error = 0;
switch (cmd) {
case SIOCSIFADDR:
+ s = splnet();
switch (ifa->ifa_addr->sa_family) {
#ifdef INET
case AF_INET:
@@ -2087,6 +2088,7 @@ carp_ioctl(struct ifnet *ifp, u_long cmd
break;
}
break;
+ splx(s);
case SIOCSIFFLAGS:
vhe = LIST_FIRST(&sc->carp_vhosts);
Index: netinet6/in6.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet6/in6.c,v
retrieving revision 1.140
diff -u -p -r1.140 in6.c
--- netinet6/in6.c 26 Aug 2014 21:44:29 -0000 1.140
+++ netinet6/in6.c 11 Sep 2014 08:45:29 -0000
@@ -172,7 +172,7 @@ in6_control(struct socket *so, u_long cm
struct in6_ifaddr *ia6 = NULL;
struct in6_aliasreq *ifra = (struct in6_aliasreq *)data;
struct sockaddr_in6 *sa6;
- int privileged;
+ int s, privileged;
privileged = 0;
if ((so->so_state & SS_PRIV) != 0)
@@ -463,7 +463,6 @@ in6_control(struct socket *so, u_long cm
{
int i, error = 0;
struct nd_prefix pr0, *pr;
- int s;
/* reject read-only flags */
if ((ifra->ifra_flags & IN6_IFF_DUPLICATED) != 0 ||
@@ -561,8 +560,10 @@ in6_control(struct socket *so, u_long cm
}
case SIOCDIFADDR_IN6:
+ s = splsoftnet();
in6_purgeaddr(&ia6->ia_ifa);
dohooks(ifp->if_addrhooks, 0);
+ splx(s);
break;
default:
@@ -1078,7 +1079,7 @@ in6_purgeaddr(struct ifaddr *ifa)
void
in6_unlink_ifa(struct in6_ifaddr *ia6, struct ifnet *ifp)
{
- int s = splnet();
+ splsoftassert(IPL_SOFTNET);
ifa_del(ifp, &ia6->ia_ifa);
@@ -1107,8 +1108,6 @@ in6_unlink_ifa(struct in6_ifaddr *ia6, s
* Note that we should decrement the refcnt at least once for all *BSD.
*/
ifafree(&ia6->ia_ifa);
-
- splx(s);
}
/*
@@ -1355,9 +1354,10 @@ int
in6_ifinit(struct ifnet *ifp, struct in6_ifaddr *ia6, int newhost)
{
int error = 0, plen, ifacount = 0;
- int s = splnet();
struct ifaddr *ifa;
+ splsoftassert(IPL_SOFTNET);
+
/*
* Give the interface a chance to initialize
* if this is its first address (or it is a CARP interface)
@@ -1374,10 +1374,8 @@ in6_ifinit(struct ifnet *ifp, struct in6
if ((ifacount <= 1 || ifp->if_type == IFT_CARP ||
(ifp->if_flags & IFF_POINTOPOINT)) && ifp->if_ioctl &&
(error = (*ifp->if_ioctl)(ifp, SIOCSIFADDR, (caddr_t)ia6))) {
- splx(s);
return (error);
}
- splx(s);
ia6->ia_ifa.ifa_metric = ifp->if_metric;
Index: netinet6/nd6_rtr.c
===================================================================
RCS file: /home/ncvs/src/sys/netinet6/nd6_rtr.c,v
retrieving revision 1.87
diff -u -p -r1.87 nd6_rtr.c
--- netinet6/nd6_rtr.c 9 Sep 2014 20:33:24 -0000 1.87
+++ netinet6/nd6_rtr.c 11 Sep 2014 08:45:29 -0000
@@ -990,6 +990,8 @@ purge_detached(struct ifnet *ifp)
struct in6_ifaddr *ia6;
struct ifaddr *ifa, *ifa_next;
+ splsoftassert(IPL_SOFTNET);
+
LIST_FOREACH_SAFE(pr, &nd_prefix, ndpr_entry, pr_next) {
/*
* This function is called when we need to make more room for
@@ -1025,8 +1027,11 @@ nd6_prelist_add(struct nd_prefix *pr, st
struct in6_ifextra *ext = pr->ndpr_ifp->if_afdata[AF_INET6];
if (ip6_maxifprefixes >= 0) {
- if (ext->nprefixes >= ip6_maxifprefixes / 2)
+ if (ext->nprefixes >= ip6_maxifprefixes / 2) {
+ s = splsoftnet();
purge_detached(pr->ndpr_ifp);
+ splx(s);
+ }
if (ext->nprefixes >= ip6_maxifprefixes)
return(ENOMEM);
}
