Module Name: src
Committed By: riastradh
Date: Tue Mar 15 00:05:18 UTC 2022
Modified Files:
src/sys/net: if_tun.c
Log Message:
tun(4): Fix bug introduced in previous locking change.
Now that tun_lock runs at IPL_NONE, taking it does not have the side
effect of disabling preemption, but pktq_enqueue assumes the caller
has disabled preemption so it can safely schedule a softint.
This isn't a problem in most physical network drivers because the
pktq_enqueue call happens from within the driver's softint context
anyway. But tun(4) is special -- here, the pktq_enqueue is triggered
by a userland write to the device, which is in thread context. So
let's just disable preemption in tunwrite.
Reported-by: syzbot+21c2cb300f1ec2162...@syzkaller.appspotmail.com
To generate a diff of this commit:
cvs rdiff -u -r1.171 -r1.172 src/sys/net/if_tun.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/if_tun.c
diff -u src/sys/net/if_tun.c:1.171 src/sys/net/if_tun.c:1.172
--- src/sys/net/if_tun.c:1.171 Sun Mar 13 21:42:39 2022
+++ src/sys/net/if_tun.c Tue Mar 15 00:05:17 2022
@@ -1,4 +1,4 @@
-/* $NetBSD: if_tun.c,v 1.171 2022/03/13 21:42:39 riastradh Exp $ */
+/* $NetBSD: if_tun.c,v 1.172 2022/03/15 00:05:17 riastradh Exp $ */
/*
* Copyright (c) 1988, Julian Onions <j...@cs.nott.ac.uk>
@@ -19,7 +19,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: if_tun.c,v 1.171 2022/03/13 21:42:39 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: if_tun.c,v 1.172 2022/03/15 00:05:17 riastradh Exp $");
#ifdef _KERNEL_OPT
#include "opt_inet.h"
@@ -987,6 +987,7 @@ tunwrite(dev_t dev, struct uio *uio, int
error = ENXIO;
goto out;
}
+ kpreempt_disable();
if (__predict_false(!pktq_enqueue(pktq, top, 0))) {
if_statinc(ifp, if_collisions);
mutex_exit(&tp->tun_lock);
@@ -994,6 +995,7 @@ tunwrite(dev_t dev, struct uio *uio, int
m_freem(top);
goto out0;
}
+ kpreempt_enable();
if_statadd2(ifp, if_ipackets, 1, if_ibytes, tlen);
out:
mutex_exit(&tp->tun_lock);
