CVS commit: [netbsd-8] src/sys/net

Martin Husemann Thu, 08 Jun 2023 04:19:14 -0700

Module Name:    src
Committed By:   martin
Date:           Thu Jun  8 11:19:05 UTC 2023


Modified Files:
        src/sys/net [netbsd-8]: route.c

Log Message:
Pull up following revision(s) (requested by ozaki-r in ticket #1824):

        sys/net/route.c: revision 1.237

route: run workqueue kthreads with KERNEL_LOCK unless NET_MPSAFE

Without KERNEL_LOCK, rt_timer_work and rt_free_work can run in parallel
with other LWPs running in the network stack, which eventually results
in say use-after-free of a deleted route.


To generate a diff of this commit:
cvs rdiff -u -r1.194.6.16 -r1.194.6.17 src/sys/net/route.c

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: src/sys/net/route.c
diff -u src/sys/net/route.c:1.194.6.16 src/sys/net/route.c:1.194.6.17
--- src/sys/net/route.c:1.194.6.16	Wed Feb 22 18:55:06 2023
+++ src/sys/net/route.c	Thu Jun  8 11:19:05 2023
@@ -1,4 +1,4 @@
-/*	$NetBSD: route.c,v 1.194.6.16 2023/02/22 18:55:06 martin Exp $	*/
+/*	$NetBSD: route.c,v 1.194.6.17 2023/06/08 11:19:05 martin Exp $	*/
 
 /*-
  * Copyright (c) 1998, 2008 The NetBSD Foundation, Inc.
@@ -97,7 +97,7 @@
 #endif
 
 #include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: route.c,v 1.194.6.16 2023/02/22 18:55:06 martin Exp $");
+__KERNEL_RCSID(0, "$NetBSD: route.c,v 1.194.6.17 2023/06/08 11:19:05 martin Exp $");
 
 #include <sys/param.h>
 #ifdef RTFLUSH_DEBUG
@@ -229,12 +229,14 @@ static krwlock_t		rt_lock __cacheline_al
 #define RT_UNLOCK()		rw_exit(&rt_lock)
 #define RT_WLOCKED()		rw_write_held(&rt_lock)
 #define	RT_ASSERT_WLOCK()	KASSERT(rw_write_held(&rt_lock))
+#define RT_WQ_FLAGS		WQ_MPSAFE
 #else
 #define RT_RLOCK()		do {} while (0)
 #define RT_WLOCK()		do {} while (0)
 #define RT_UNLOCK()		do {} while (0)
 #define RT_WLOCKED()		true
 #define	RT_ASSERT_WLOCK()	do {} while (0)
+#define RT_WQ_FLAGS		0
 #endif
 
 static uint64_t rtcache_generation;
@@ -479,7 +481,7 @@ rt_init(void)
 	rt_psref_class = psref_class_create("rtentry", IPL_SOFTNET);
 
 	error = workqueue_create(&rt_free_global.wq, "rt_free",
-	    rt_free_work, NULL, PRI_SOFTNET, IPL_SOFTNET, WQ_MPSAFE);
+	    rt_free_work, NULL, PRI_SOFTNET, IPL_SOFTNET, RT_WQ_FLAGS);
 	if (error)
 		panic("%s: workqueue_create failed (%d)\n", __func__, error);
 
@@ -1802,7 +1804,7 @@ rt_timer_init(void)
 	LIST_INIT(&rttimer_queue_head);
 	callout_init(&rt_timer_ch, CALLOUT_MPSAFE);
 	error = workqueue_create(&rt_timer_wq, "rt_timer",
-	    rt_timer_work, NULL, PRI_SOFTNET, IPL_SOFTNET, WQ_MPSAFE);
+	    rt_timer_work, NULL, PRI_SOFTNET, IPL_SOFTNET, RT_WQ_FLAGS);
 	if (error)
 		panic("%s: workqueue_create failed (%d)\n", __func__, error);
 	callout_reset(&rt_timer_ch, hz, rt_timer_timer, NULL);

CVS commit: [netbsd-8] src/sys/net

Reply via email to