On Wed, May 17, 2023 at 01:02:58PM +0300, Vitaliy Makkoveev wrote:
> mrt_rtwalk_mfcsysctl() performs read-only access to protected data, so
> rtable_walk() could be called with shared netlock.
While I think the NET_LOCK_SHARED() is not sufficent, you can move
the NET_LOCK() into mrt_sysctl_mfc(). Only mrt_rtwalk_mfcsysctl
needs protection.
That diff would be OK bluhm@
> Index: sys/netinet/ip_input.c
> ===================================================================
> RCS file: /cvs/src/sys/netinet/ip_input.c,v
> retrieving revision 1.384
> diff -u -p -r1.384 ip_input.c
> --- sys/netinet/ip_input.c 16 May 2023 19:36:00 -0000 1.384
> +++ sys/netinet/ip_input.c 17 May 2023 09:59:16 -0000
> @@ -1712,10 +1712,7 @@ ip_sysctl(int *name, u_int namelen, void
> case IPCTL_MRTMFC:
> if (newp)
> return (EPERM);
> - NET_LOCK();
> - error = mrt_sysctl_mfc(oldp, oldlenp);
> - NET_UNLOCK();
> - return (error);
> + return (mrt_sysctl_mfc(oldp, oldlenp));
> case IPCTL_MRTVIF:
> if (newp)
> return (EPERM);
> Index: sys/netinet/ip_mroute.c
> ===================================================================
> RCS file: /cvs/src/sys/netinet/ip_mroute.c,v
> retrieving revision 1.138
> diff -u -p -r1.138 ip_mroute.c
> --- sys/netinet/ip_mroute.c 19 Apr 2023 20:03:51 -0000 1.138
> +++ sys/netinet/ip_mroute.c 17 May 2023 09:59:16 -0000
> @@ -479,10 +479,12 @@ mrt_sysctl_mfc(void *oldp, size_t *oldle
> msa.msa_len = *oldlenp;
> msa.msa_needed = 0;
>
> + NET_LOCK_SHARED();
> for (rtableid = 0; rtableid <= RT_TABLEID_MAX; rtableid++) {
> rtable_walk(rtableid, AF_INET, NULL, mrt_rtwalk_mfcsysctl,
> &msa);
> }
> + NET_UNLOCK_SHARED();
>
> if (msa.msa_minfos != NULL && msa.msa_needed > 0 &&
> (error = copyout(msa.msa_minfos, oldp, msa.msa_needed)) != 0) {
